-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport 2.28: Report configuration settings in the outcome file #9316
Merged
ronald-cron-arm
merged 16 commits into
Mbed-TLS:mbedtls-2.28
from
gilles-peskine-arm:test_suite_config-booleans-2.28
Jul 3, 2024
Merged
Changes from 15 commits
Commits
Show all changes
16 commits
Select commit
Hold shift + click to select a range
41ad660
Recognize that a double-inclusion guard is not a config setting
gilles-peskine-arm 14f91c9
New test suite to report configuration options
gilles-peskine-arm ae27ca9
Anchor relative paths
gilles-peskine-arm 693611e
Generate config test cases for single options
gilles-peskine-arm c79ecea
Detect sub-options
gilles-peskine-arm 556249e
Pacify mypy
gilles-peskine-arm c08d5bf
Fix missing negation
gilles-peskine-arm f75c70b
Explain why we require TLS client and server simultaneously
gilles-peskine-arm 5454a84
Terminology: consistently use "setting", not "option"
gilles-peskine-arm 1afb703
Terminology: use "dependencies" for a list of settings
gilles-peskine-arm 744741b
Adjust generate_config_tests.py for 2.28
gilles-peskine-arm cfba247
Remove some settings that don't exist in 2.28
gilles-peskine-arm d33c48b
Add generated config tests
gilles-peskine-arm b19fa4e
Declare the new generated files
gilles-peskine-arm 93708fe
Fix copypasta
gilles-peskine-arm a76a6ff
Adjust TLS protocol cases for 2.28
gilles-peskine-arm File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,163 @@ | ||
#!/usr/bin/env python3 | ||
"""Generate test data for configuration reporting. | ||
""" | ||
|
||
# Copyright The Mbed TLS Contributors | ||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later | ||
|
||
import re | ||
import sys | ||
from typing import Iterable, Iterator, List, Optional, Tuple | ||
|
||
import scripts_path # pylint: disable=unused-import | ||
import config | ||
from mbedtls_dev import test_case | ||
from mbedtls_dev import test_data_generation | ||
|
||
|
||
def single_setting_case(setting: config.Setting, when_on: bool, | ||
dependencies: List[str], | ||
note: Optional[str]) -> test_case.TestCase: | ||
"""Construct a test case for a boolean setting. | ||
|
||
This test case passes if the setting and its dependencies are enabled, | ||
and is skipped otherwise. | ||
|
||
* setting: the setting to be tested. | ||
* when_on: True to test with the setting enabled, or False to test | ||
with the setting disabled. | ||
* dependencies: extra dependencies for the test case. | ||
* note: a note to add after the setting name in the test description. | ||
This is generally a summary of dependencies, and is generally empty | ||
if the given setting is only tested once. | ||
""" | ||
base = setting.name if when_on else '!' + setting.name | ||
tc = test_case.TestCase() | ||
tc.set_function('pass') | ||
description_suffix = ' (' + note + ')' if note else '' | ||
tc.set_description('Config: ' + base + description_suffix) | ||
tc.set_dependencies([base] + dependencies) | ||
return tc | ||
|
||
|
||
# If foo is a setting that is only meaningful when bar is enabled, set | ||
# SIMPLE_DEPENDENCIES[foo]=bar. More generally, bar can be a colon-separated | ||
# list of settings, meaning that all the settings must be enabled. Each setting | ||
# in bar can be prefixed with '!' to negate it. This is the same syntax as a | ||
# depends_on directive in test data. | ||
# See also `dependencies_of_settting`. | ||
SIMPLE_DEPENDENCIES = { | ||
'MBEDTLS_AESNI_C': 'MBEDTLS_AES_C', | ||
'MBEDTLS_ERROR_STRERROR_DUMMY': '!MBEDTLS_ERROR_C', | ||
'MBEDTLS_GENPRIME': 'MBEDTLS_RSA_C', | ||
'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES': 'MBEDTLS_ENTROPY_C', | ||
'MBEDTLS_NO_PLATFORM_ENTROPY': 'MBEDTLS_ENTROPY_C', | ||
'MBEDTLS_PKCS1_V15': 'MBEDTLS_RSA_C', | ||
'MBEDTLS_PKCS1_V21': 'MBEDTLS_RSA_C', | ||
'MBEDTLS_PSA_CRYPTO_CLIENT': '!MBEDTLS_PSA_CRYPTO_C', | ||
'MBEDTLS_PSA_INJECT_ENTROPY': 'MBEDTLS_PSA_CRYPTO_C', | ||
'MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS': 'MBEDTLS_PSA_CRYPTO_C', | ||
} | ||
|
||
def dependencies_of_setting(cfg: config.Config, | ||
setting: config.Setting) -> Optional[str]: | ||
"""Return dependencies without which a setting is not meaningful. | ||
|
||
The dependencies of a setting express when a setting can be enabled and | ||
is relevant. For example, if ``check_config.h`` errors out when | ||
``defined(FOO) && !defined(BAR)``, then ``BAR`` is a dependency of ``FOO``. | ||
If ``FOO`` has no effect when ``CORGE`` is disabled, then ``CORGE`` | ||
is a dependency of ``FOO``. | ||
|
||
The return value can be a colon-separated list of settings, if the setting | ||
is only meaningful when all of these settings are enabled. Each setting can | ||
be negated by prefixing them with '!'. This is the same syntax as a | ||
depends_on directive in test data. | ||
""" | ||
#pylint: disable=too-many-return-statements | ||
name = setting.name | ||
if name in SIMPLE_DEPENDENCIES: | ||
return SIMPLE_DEPENDENCIES[name] | ||
if name.startswith('MBEDTLS_') and not name.endswith('_C'): | ||
if name.startswith('MBEDTLS_CIPHER_PADDING_'): | ||
return 'MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC' | ||
if name.startswith('MBEDTLS_PK_PARSE_EC_'): | ||
return 'MBEDTLS_PK_C:MBEDTLS_PK_HAVE_ECC_KEYS' | ||
# For TLS settings, insist on having them once off and once on in | ||
# a configuration where both client support and server support are | ||
# enabled. The settings are also meaningful when only one side is | ||
# enabled, but there isn't much point in having separate records | ||
# for client-side and server-side, so we keep things simple. | ||
# Requiring both sides to be enabled also means we know we'll run | ||
# tests that only run Mbed TLS against itself, which only run in | ||
# configurations with both sides enabled. | ||
if name.startswith('MBEDTLS_SSL_TLS1_3_'): | ||
return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3' | ||
if name.startswith('MBEDTLS_SSL_DTLS_'): | ||
return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_DTLS' | ||
if name.startswith('MBEDTLS_SSL_'): | ||
return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C' | ||
for pos in re.finditer(r'_', name): | ||
super_name = name[:pos.start()] + '_C' | ||
if cfg.known(super_name): | ||
return super_name | ||
return None | ||
|
||
def conditions_for_setting(cfg: config.Config, | ||
setting: config.Setting | ||
) -> Iterator[Tuple[List[str], str]]: | ||
"""Enumerate the conditions under which to test the given setting. | ||
|
||
* cfg: all configuration settings. | ||
* setting: the setting to be tested. | ||
|
||
Generate a stream of conditions, i.e. extra dependencies to test with | ||
together with a human-readable explanation of each dependency. Some | ||
typical cases: | ||
|
||
* By default, generate a one-element stream with no extra dependencies. | ||
* If the setting is ignored unless some other setting is enabled, generate | ||
a one-element stream with that other setting as an extra dependency. | ||
* If the setting is known to interact with some other setting, generate | ||
a stream with one element where this setting is on and one where it's off. | ||
* To skip the setting altogether, generate an empty stream. | ||
""" | ||
name = setting.name | ||
if name.endswith('_ALT') and not config.is_seamless_alt(name): | ||
# We don't test alt implementations, except (most) platform alts | ||
return | ||
dependencies = dependencies_of_setting(cfg, setting) | ||
if dependencies: | ||
yield [dependencies], '' | ||
return | ||
yield [], '' | ||
|
||
|
||
def enumerate_boolean_setting_cases(cfg: config.Config | ||
) -> Iterable[test_case.TestCase]: | ||
"""Emit test cases for all boolean settings.""" | ||
for name in sorted(cfg.settings.keys()): | ||
setting = cfg.settings[name] | ||
if not name.startswith('PSA_WANT_') and setting.value: | ||
continue # non-boolean setting | ||
for when_on in True, False: | ||
for deps, note in conditions_for_setting(cfg, setting): | ||
yield single_setting_case(setting, when_on, deps, note) | ||
|
||
|
||
|
||
class ConfigTestGenerator(test_data_generation.TestGenerator): | ||
"""Generate test cases for configuration reporting.""" | ||
|
||
def __init__(self, settings): | ||
self.mbedtls_config = config.ConfigFile() | ||
self.targets['test_suite_config.mbedtls_boolean'] = \ | ||
lambda: enumerate_boolean_setting_cases(self.mbedtls_config) | ||
self.psa_config = config.ConfigFile('include/psa/crypto_config.h') | ||
self.targets['test_suite_config.psa_boolean'] = \ | ||
lambda: enumerate_boolean_setting_cases(self.psa_config) | ||
super().__init__(settings) | ||
|
||
|
||
if __name__ == '__main__': | ||
test_data_generation.main(sys.argv[1:], __doc__, ConfigTestGenerator) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# Interesting combinations of low-level crypto options | ||
|
||
Config: ECC: Weierstrass curves only | ||
depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:!MBEDTLS_ECP_MONTGOMERY_ENABLED | ||
pass: | ||
|
||
Config: ECC: Montgomery curves only | ||
depends_on:!MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:MBEDTLS_ECP_MONTGOMERY_ENABLED | ||
pass: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
/* BEGIN_HEADER */ | ||
|
||
/* END_HEADER */ | ||
|
||
/* BEGIN_CASE */ | ||
/* This test case always passes. It is intended solely for configuration | ||
* reporting in the outcome file. Write test cases using this function | ||
* with dependencies to record in which configurations the dependencies | ||
* are met. */ | ||
void pass() | ||
{ | ||
goto exit; | ||
} | ||
/* END_CASE */ |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TLS 1.3 is actually not supported in 2.28 thus we could probably just remove this case.