1#!/usr/bin/env perl
2
3# test-ref-configs.pl
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7#
8# Purpose
9#
10# For each reference configuration file in the configs directory, build the
11# configuration, run the test suites and compat.sh
12#
13# Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
14
15use warnings;
16use strict;
17
18my %configs = (
19    'config-ccm-psk-tls1_2.h' => {
20        'compat' => '-m tls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
21        'test_again_with_use_psa' => 1
22    },
23    'config-ccm-psk-dtls1_2.h' => {
24        'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
25        'opt' => ' ',
26        'opt_needs_debug' => 1,
27        'test_again_with_use_psa' => 1
28    },
29    'config-no-entropy.h' => {
30    },
31    'config-suite-b.h' => {
32        'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
33        'test_again_with_use_psa' => 1,
34        'opt' => ' ',
35        'opt_needs_debug' => 1,
36    },
37    'config-symmetric-only.h' => {
38        'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
39    },
40    'config-thread.h' => {
41        'opt' => '-f ECJPAKE.*nolog',
42        'test_again_with_use_psa' => 1,
43    },
44);
45
46# If no config-name is provided, use all known configs.
47# Otherwise, use the provided names only.
48my @configs_to_test = sort keys %configs;
49if ($#ARGV >= 0) {
50    foreach my $conf_name ( @ARGV ) {
51        if( ! exists $configs{$conf_name} ) {
52            die "Unknown configuration: $conf_name\n";
53        }
54    }
55    @configs_to_test = @ARGV;
56}
57
58-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
59
60my $config_h = 'include/mbedtls/mbedtls_config.h';
61
62system( "cp $config_h $config_h.bak" ) and die;
63sub abort {
64    system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
65    # use an exit code between 1 and 124 for git bisect (die returns 255)
66    warn $_[0];
67    exit 1;
68}
69
70# Create a seedfile for configurations that enable MBEDTLS_ENTROPY_NV_SEED.
71# For test purposes, this doesn't have to be cryptographically random.
72if (!-e "tests/seedfile" || -s "tests/seedfile" < 64) {
73    local *SEEDFILE;
74    open SEEDFILE, ">tests/seedfile" or die;
75    print SEEDFILE "*" x 64 or die;
76    close SEEDFILE or die;
77}
78
79sub perform_test {
80    my $conf_file = $_[0];
81    my $data = $_[1];
82    my $test_with_psa = $_[2];
83
84    my $conf_name = $conf_file;
85    if ( $test_with_psa )
86    {
87        $conf_name .= "+PSA";
88    }
89
90    system( "cp $config_h.bak $config_h" ) and die;
91    system( "make clean" ) and die;
92
93    print "\n******************************************\n";
94    print "* Testing configuration: $conf_name\n";
95    print "******************************************\n";
96
97    $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name;
98
99    system( "cp configs/$conf_file $config_h" )
100        and abort "Failed to activate $conf_file\n";
101
102    if ( $test_with_psa )
103    {
104        system( "scripts/config.py set MBEDTLS_PSA_CRYPTO_C" );
105        system( "scripts/config.py set MBEDTLS_USE_PSA_CRYPTO" );
106    }
107
108    system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n";
109    system( "make test" ) and abort "Failed test suite: $conf_name\n";
110
111    my $compat = $data->{'compat'};
112    if( $compat )
113    {
114        print "\nrunning compat.sh $compat ($conf_name)\n";
115        system( "tests/compat.sh $compat" )
116            and abort "Failed compat.sh: $conf_name\n";
117    }
118    else
119    {
120        print "\nskipping compat.sh ($conf_name)\n";
121    }
122
123    my $opt = $data->{'opt'};
124    if( $opt )
125    {
126        if( $data->{'opt_needs_debug'} )
127        {
128            print "\nrebuilding with debug traces for ssl-opt ($conf_name)\n";
129            $conf_name .= '+DEBUG';
130            $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name;
131            system( "make clean" );
132            system( "scripts/config.py set MBEDTLS_DEBUG_C" );
133            system( "scripts/config.py set MBEDTLS_ERROR_C" );
134            system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n";
135        }
136
137        print "\nrunning ssl-opt.sh $opt ($conf_name)\n";
138        system( "tests/ssl-opt.sh $opt" )
139            and abort "Failed ssl-opt.sh: $conf_name\n";
140    }
141    else
142    {
143        print "\nskipping ssl-opt.sh ($conf_name)\n";
144    }
145}
146
147foreach my $conf ( @configs_to_test ) {
148    my $test_with_psa = $configs{$conf}{'test_again_with_use_psa'};
149    if ( $test_with_psa )
150    {
151        perform_test( $conf, $configs{$conf}, $test_with_psa );
152    }
153    perform_test( $conf, $configs{$conf}, 0 );
154}
155
156system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
157system( "make clean" );
158exit 0;
159