mbedtls/tests/scripts/test_config_checks.py

#!/usr/bin/env python3
"""Test the configuration checks generated by generate_config_checks.py.
"""

## Copyright The Mbed TLS Contributors
## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later

import unittest

import scripts_path # pylint: disable=unused-import
from mbedtls_framework import unittest_config_checks


class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
    """Mbed TLS unit tests for checks generated by config_checks_generator."""

    #pylint: disable=invalid-name # uppercase letters make sense here

    PROJECT_CONFIG_C = 'library/mbedtls_config.c'
    PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [
        'tf-psa-crypto/include',
        'tf-psa-crypto/drivers/builtin/include',
    ]

    def test_crypto_config_read(self) -> None:
        """Check that crypto_config.h is read in crypto."""
        self.bad_case('#error witness',
                      None,
                      error='witness')

    def test_mbedtls_config_read(self) -> None:
        """Check that mbedtls_config.h is read in crypto."""
        self.bad_case(''
                      '#error witness',
                      error='witness')

    @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.")
    def test_crypto_undef_MBEDTLS_FS_IO(self) -> None:
        """A sample error expected from crypto's check_config.h."""
        self.bad_case('#undef MBEDTLS_FS_IO',
                      error='MBEDTLS_PSA_ITS_FILE_C')

    def test_mbedtls_no_session_tickets_for_early_data(self) -> None:
        """An error expected from mbedtls_check_config.h based on the TLS configuration."""
        self.bad_case(None,
                      '''
                      #define MBEDTLS_SSL_EARLY_DATA
                      #undef MBEDTLS_SSL_SESSION_TICKETS
                      ''',
                      error='MBEDTLS_SSL_EARLY_DATA')

    def test_mbedtls_no_ecdsa(self) -> None:
        """An error expected from mbedtls_check_config.h based on crypto+TLS configuration."""
        self.bad_case('''
                      #undef PSA_WANT_ALG_ECDSA
                      #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA
                      ''',
                      '''
                      #if defined(PSA_WANT_ALG_ECDSA)
                      #error PSA_WANT_ALG_ECDSA unexpected
                      #endif
                      #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA)
                      #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected
                      #endif
                      ''',
                      error='MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')

    def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
        """Error when setting a removed option."""
        self.bad_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
                      error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed')

    def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None:
        """Bypassed error when setting a removed option."""
        self.good_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED',
                       extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS'])

    def test_define_MBEDTLS_MD5_C_redundant(self) -> None:
        """Error when redundantly setting a subproject internal option."""
        self.bad_case('#define PSA_WANT_ALG_MD5 1',
                      '#define MBEDTLS_MD5_C',
                      error=r'MBEDTLS_MD5_C is an internal macro')

    def test_define_MBEDTLS_MD5_C_added(self) -> None:
        """Error when setting a subproject internal option that was disabled."""
        self.bad_case('''
                      #undef PSA_WANT_ALG_MD5
                      #undef MBEDTLS_MD5_C
                      ''',
                      '#define MBEDTLS_MD5_C',
                      error=r'MBEDTLS_MD5_C is an internal macro')

    def test_define_MBEDTLS_BASE64_C_redundant(self) -> None:
        """Ok to redundantly set a subproject option."""
        self.good_case(None,
                       '#define MBEDTLS_BASE64_C')

    def test_define_MBEDTLS_BASE64_C_added(self) -> None:
        """Error when setting a subproject option that was disabled."""
        self.bad_case('''
                      #undef MBEDTLS_BASE64_C
                      #undef MBEDTLS_PEM_PARSE_C
                      #undef MBEDTLS_PEM_WRITE_C
                      ''',
                      '#define MBEDTLS_BASE64_C',
                      error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h')

    @unittest.skip("Checks for #undef are not implemented yet.")
    def test_define_MBEDTLS_BASE64_C_unset(self) -> None:
        """Error when unsetting a subproject option that was enabled."""
        self.bad_case(None,
                      '#undef MBEDTLS_BASE64_C',
                      error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h')


if __name__ == '__main__':
    unittest.main()