1#!/usr/bin/env perl
2
3# test-ref-configs.pl
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7#
8# Purpose
9#
10# For each reference configuration file in the configs directory, build the
11# configuration, run the test suites and compat.sh
12#
13# Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
14
15use warnings;
16use strict;
17
18my %configs = (
19    'config-ccm-psk-tls1_2.h' => {
20        'compat' => '-m tls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
21        'test_again_with_use_psa' => 1
22    },
23    'config-ccm-psk-dtls1_2.h' => {
24        'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
25        'opt' => ' ',
26        'opt_needs_debug' => 1,
27        'test_again_with_use_psa' => 1
28    },
29    'config-no-entropy.h' => {
30    },
31    'config-suite-b.h' => {
32        'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
33        'test_again_with_use_psa' => 1,
34        'opt' => ' ',
35        'opt_needs_debug' => 1,
36    },
37    'config-symmetric-only.h' => {
38        'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
39    },
40    'config-tfm.h' => {
41        'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
42    },
43    'config-thread.h' => {
44        'opt' => '-f ECJPAKE.*nolog',
45        'test_again_with_use_psa' => 1,
46    },
47);
48
49# If no config-name is provided, use all known configs.
50# Otherwise, use the provided names only.
51my @configs_to_test = sort keys %configs;
52if ($#ARGV >= 0) {
53    foreach my $conf_name ( @ARGV ) {
54        if( ! exists $configs{$conf_name} ) {
55            die "Unknown configuration: $conf_name\n";
56        }
57    }
58    @configs_to_test = @ARGV;
59}
60
61-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
62
63my $config_h = 'include/mbedtls/mbedtls_config.h';
64
65system( "cp $config_h $config_h.bak" ) and die;
66sub abort {
67    system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
68    # use an exit code between 1 and 124 for git bisect (die returns 255)
69    warn $_[0];
70    exit 1;
71}
72
73# Create a seedfile for configurations that enable MBEDTLS_ENTROPY_NV_SEED.
74# For test purposes, this doesn't have to be cryptographically random.
75if (!-e "tests/seedfile" || -s "tests/seedfile" < 64) {
76    local *SEEDFILE;
77    open SEEDFILE, ">tests/seedfile" or die;
78    print SEEDFILE "*" x 64 or die;
79    close SEEDFILE or die;
80}
81
82sub perform_test {
83    my $conf_file = $_[0];
84    my $data = $_[1];
85    my $test_with_psa = $_[2];
86
87    my $conf_name = $conf_file;
88    if ( $test_with_psa )
89    {
90        $conf_name .= "+PSA";
91    }
92
93    system( "cp $config_h.bak $config_h" ) and die;
94    system( "make clean" ) and die;
95
96    print "\n******************************************\n";
97    print "* Testing configuration: $conf_name\n";
98    print "******************************************\n";
99
100    $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name;
101
102    system( "cp configs/$conf_file $config_h" )
103        and abort "Failed to activate $conf_file\n";
104
105    if ( $test_with_psa )
106    {
107        system( "scripts/config.py set MBEDTLS_PSA_CRYPTO_C" );
108        system( "scripts/config.py set MBEDTLS_USE_PSA_CRYPTO" );
109    }
110
111    system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n";
112    system( "make test" ) and abort "Failed test suite: $conf_name\n";
113
114    my $compat = $data->{'compat'};
115    if( $compat )
116    {
117        print "\nrunning compat.sh $compat ($conf_name)\n";
118        system( "tests/compat.sh $compat" )
119            and abort "Failed compat.sh: $conf_name\n";
120    }
121    else
122    {
123        print "\nskipping compat.sh ($conf_name)\n";
124    }
125
126    my $opt = $data->{'opt'};
127    if( $opt )
128    {
129        if( $data->{'opt_needs_debug'} )
130        {
131            print "\nrebuilding with debug traces for ssl-opt ($conf_name)\n";
132            $conf_name .= '+DEBUG';
133            $ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name;
134            system( "make clean" );
135            system( "scripts/config.py set MBEDTLS_DEBUG_C" );
136            system( "scripts/config.py set MBEDTLS_ERROR_C" );
137            system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n";
138        }
139
140        print "\nrunning ssl-opt.sh $opt ($conf_name)\n";
141        system( "tests/ssl-opt.sh $opt" )
142            and abort "Failed ssl-opt.sh: $conf_name\n";
143    }
144    else
145    {
146        print "\nskipping ssl-opt.sh ($conf_name)\n";
147    }
148}
149
150foreach my $conf ( @configs_to_test ) {
151    my $test_with_psa = $configs{$conf}{'test_again_with_use_psa'};
152    if ( $test_with_psa )
153    {
154        perform_test( $conf, $configs{$conf}, $test_with_psa );
155    }
156    perform_test( $conf, $configs{$conf}, 0 );
157}
158
159system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
160system( "make clean" );
161exit 0;
162