TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 8a98090edf5925e3e46dee8e7859fceae62e4b42 / . / tests / scripts / components.sh
blob: 8766d6a797b8573a9f37798aa227b411f0f2a440 [file] [log] [blame]
Minos Galanakis6aab5b72024-07-25 14:24:37 +0100[diff] [blame]1# components.sh
2#
3# Copyright The Mbed TLS Contributors
4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
5
6# This file contains the test components that are executed by all.sh
7
8# The functions below are named as follows:
9# * component_XXX: independent components. They can be run in any order.
10# * component_check_XXX: quick tests that aren't worth parallelizing.
11# * component_build_XXX: build things but don't run them.
12# * component_test_XXX: build and test.
13# * component_release_XXX: tests that the CI should skip during PR testing.
14# * support_XXX: if support_XXX exists and returns false then
15# component_XXX is not run by default.
16
17# Each component must start by invoking `msg` with a short informative message.
18#
19# Warning: due to the way bash detects errors, the failure of a command
20# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
21#
22# Each component is executed in a separate shell process. The component
23# fails if any command in it returns a non-zero status.
24#
25# The framework in all.sh performs some cleanup tasks after each component.
26# This means that components can assume that the working directory is in a
27# cleaned-up state, and don't need to perform the cleanup themselves.
28# * Run `make clean`.
29# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
30# the component.
31# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
32# `tests/Makefile` and `programs/fuzz/Makefile` from git.
33# This cleans up after an in-tree use of CMake.
34#
35# The tests are roughly in order from fastest to slowest. This doesn't
36# have to be exact, but in general you should add slower tests towards
37# the end and fast checks near the beginning.
38
39
40################################################################
41#### Build and test many configurations and targets
42################################################################
Minos Galanakisada21b02024-07-26 12:34:19 +0100[diff] [blame]43
44# Helper function for controlling (start & stop) the psasim server.
45helper_psasim_server() {
46 OPERATION=$1
47 if [ "$OPERATION" == "start" ]; then
48 (
49 cd tests
50 msg "start server in tests"
51 psa-client-server/psasim/test/start_server.sh
52 msg "start server in tf-psa-crypto/tests"
53 cd ../tf-psa-crypto/tests
54 ../../tests/psa-client-server/psasim/test/start_server.sh
55 )
56 else
57 (
58 msg "terminate servers and cleanup"
59 tests/psa-client-server/psasim//test/kill_servers.sh
60
61 # Remove temporary files and logs
62 cd tests
63 rm -f psa_notify_*
64 rm -f psa_service_*
65 rm -f psa_server.log
66
67 cd ../tf-psa-crypto/tests
68 rm -f psa_notify_*
69 rm -f psa_service_*
70 rm -f psa_server.log
71 )
72 fi
73}
74
Minos Galanakisada21b02024-07-26 12:34:19 +0100[diff] [blame]75component_test_no_rsa_key_pair_generation() {
76 msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
77 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
78 scripts/config.py unset MBEDTLS_GENPRIME
79 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
80 make
81
82 msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
83 make test
84}
85
Minos Galanakisada21b02024-07-26 12:34:19 +0100[diff] [blame]86component_test_full_no_cipher () {
87 msg "build: full no CIPHER"
88
89 scripts/config.py full
90 scripts/config.py unset MBEDTLS_CIPHER_C
91
92 # The built-in implementation of the following algs/key-types depends
93 # on CIPHER_C so we disable them.
94 # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
95 # so we keep them enabled.
96 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
97 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
98 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
99 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
100 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
101 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
102 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
103 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
104 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
105 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
106 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
107
108 # The following modules directly depends on CIPHER_C
109 scripts/config.py unset MBEDTLS_CMAC_C
110 scripts/config.py unset MBEDTLS_NIST_KW_C
111
112 make
113
114 # Ensure that CIPHER_C was not re-enabled
115 not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o
116
117 msg "test: full no CIPHER"
118 make test
119}
120
Minos Galanakisada21b02024-07-26 12:34:19 +0100[diff] [blame]121
Minos Galanakisada21b02024-07-26 12:34:19 +0100[diff] [blame]122
123skip_suites_without_constant_flow () {
124 # Skip the test suites that don't have any constant-flow annotations.
125 # This will need to be adjusted if we ever start declaring things as
126 # secret from macros or functions inside tests/include or tests/src.
127 SKIP_TEST_SUITES=$(
128 git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
129 sed 's/test_suite_//; s/\.function$//' |
130 tr '\n' ,),$(
131 git -C tf-psa-crypto/tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
132 sed 's/test_suite_//; s/\.function$//' |
133 tr '\n' ,)
134 export SKIP_TEST_SUITES
135}
136
137skip_all_except_given_suite () {
138 # Skip all but the given test suite
139 SKIP_TEST_SUITES=$(
140 ls -1 tests/suites/test_suite_*.function |
141 grep -v $1.function |
142 sed 's/tests.suites.test_suite_//; s/\.function$//' |
143 tr '\n' ,),$(
144 ls -1 tf-psa-crypto/tests/suites/test_suite_*.function |
145 grep -v $1.function |
146 sed 's/tf-psa-crypto.tests.suites.test_suite_//; s/\.function$//' |
147 tr '\n' ,)
148 export SKIP_TEST_SUITES
149}
150
151component_test_memsan_constant_flow () {
152 # This tests both (1) accesses to undefined memory, and (2) branches or
153 # memory access depending on secret values. To distinguish between those:
154 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
155 # - or alternatively, change the build type to MemSanDbg, which enables
156 # origin tracking and nicer stack traces (which are useful for debugging
157 # anyway), and check if the origin was TEST_CF_SECRET() or something else.
158 msg "build: cmake MSan (clang), full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
159 scripts/config.py full
160 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
161 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
162 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
163 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
164 make
165
166 msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO, Msan + constant flow)"
167 make test
168}
169
170component_test_memsan_constant_flow_psa () {
171 # This tests both (1) accesses to undefined memory, and (2) branches or
172 # memory access depending on secret values. To distinguish between those:
173 # - unset MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN - does the failure persist?
174 # - or alternatively, change the build type to MemSanDbg, which enables
175 # origin tracking and nicer stack traces (which are useful for debugging
176 # anyway), and check if the origin was TEST_CF_SECRET() or something else.
177 msg "build: cmake MSan (clang), full config with constant flow testing"
178 scripts/config.py full
179 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
180 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
181 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
182 make
183
184 msg "test: main suites (Msan + constant flow)"
185 make test
186}
187
188component_release_test_valgrind_constant_flow () {
189 # This tests both (1) everything that valgrind's memcheck usually checks
190 # (heap buffer overflows, use of uninitialized memory, use-after-free,
191 # etc.) and (2) branches or memory access depending on secret values,
192 # which will be reported as uninitialized memory. To distinguish between
193 # secret and actually uninitialized:
194 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
195 # - or alternatively, build with debug info and manually run the offending
196 # test suite with valgrind --track-origins=yes, then check if the origin
197 # was TEST_CF_SECRET() or something else.
198 msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO with constant flow testing"
199 scripts/config.py full
200 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
201 scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
202 skip_suites_without_constant_flow
203 cmake -D CMAKE_BUILD_TYPE:String=Release .
204 make
205
206 # this only shows a summary of the results (how many of each type)
207 # details are left in Testing/<date>/DynamicAnalysis.xml
208 msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, valgrind + constant flow)"
209 make memcheck
210
211 # Test asm path in constant time module - by default, it will test the plain C
212 # path under Valgrind or Memsan. Running only the constant_time tests is fast (<1s)
213 msg "test: valgrind asm constant_time"
214 scripts/config.py --force set MBEDTLS_TEST_CONSTANT_FLOW_ASM
215 skip_all_except_given_suite test_suite_constant_time
216 cmake -D CMAKE_BUILD_TYPE:String=Release .
217 make clean
218 make
219 make memcheck
220}
221
222component_release_test_valgrind_constant_flow_psa () {
223 # This tests both (1) everything that valgrind's memcheck usually checks
224 # (heap buffer overflows, use of uninitialized memory, use-after-free,
225 # etc.) and (2) branches or memory access depending on secret values,
226 # which will be reported as uninitialized memory. To distinguish between
227 # secret and actually uninitialized:
228 # - unset MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND - does the failure persist?
229 # - or alternatively, build with debug info and manually run the offending
230 # test suite with valgrind --track-origins=yes, then check if the origin
231 # was TEST_CF_SECRET() or something else.
232 msg "build: cmake release GCC, full config with constant flow testing"
233 scripts/config.py full
234 scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
235 skip_suites_without_constant_flow
236 cmake -D CMAKE_BUILD_TYPE:String=Release .
237 make
238
239 # this only shows a summary of the results (how many of each type)
240 # details are left in Testing/<date>/DynamicAnalysis.xml
241 msg "test: some suites (valgrind + constant flow)"
242 make memcheck
243}
244
245component_test_tsan () {
246 msg "build: TSan (clang)"
247 scripts/config.py full
248 scripts/config.py set MBEDTLS_THREADING_C
249 scripts/config.py set MBEDTLS_THREADING_PTHREAD
250 # Self-tests do not currently use multiple threads.
251 scripts/config.py unset MBEDTLS_SELF_TEST
252
253 # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe.
254 scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
255
256 CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
257 make
258
259 msg "test: main suites (TSan)"
260 make test
261}
262
Minos Galanakisada21b02024-07-26 12:34:19 +0100[diff] [blame]263component_test_memsan () {
264 msg "build: MSan (clang)" # ~ 1 min 20s
265 scripts/config.py unset MBEDTLS_AESNI_C # memsan doesn't grok asm
266 CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
267 make
268
269 msg "test: main suites (MSan)" # ~ 10s
270 make test
271
272 msg "test: metatests (MSan)"
273 tests/scripts/run-metatests.sh any msan
274
275 msg "program demos (MSan)" # ~20s
276 tests/scripts/run_demos.py
277
278 msg "test: ssl-opt.sh (MSan)" # ~ 1 min
279 tests/ssl-opt.sh
280
281 # Optional part(s)
282
283 if [ "$MEMORY" -gt 0 ]; then
284 msg "test: compat.sh (MSan)" # ~ 6 min 20s
285 tests/compat.sh
286 fi
287}
288
289component_release_test_valgrind () {
290 msg "build: Release (clang)"
291 # default config, in particular without MBEDTLS_USE_PSA_CRYPTO
292 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
293 make
294
295 msg "test: main suites, Valgrind (default config)"
296 make memcheck
297
298 # Optional parts (slow; currently broken on OS X because programs don't
299 # seem to receive signals under valgrind on OS X).
300 # These optional parts don't run on the CI.
301 if [ "$MEMORY" -gt 0 ]; then
302 msg "test: ssl-opt.sh --memcheck (default config)"
303 tests/ssl-opt.sh --memcheck
304 fi
305
306 if [ "$MEMORY" -gt 1 ]; then
307 msg "test: compat.sh --memcheck (default config)"
308 tests/compat.sh --memcheck
309 fi
310
311 if [ "$MEMORY" -gt 0 ]; then
312 msg "test: context-info.sh --memcheck (default config)"
313 tests/context-info.sh --memcheck
314 fi
315}
316
317component_release_test_valgrind_psa () {
318 msg "build: Release, full (clang)"
319 # full config, in particular with MBEDTLS_USE_PSA_CRYPTO
320 scripts/config.py full
321 CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
322 make
323
324 msg "test: main suites, Valgrind (full config)"
325 make memcheck
326}
327
Minos Galanakisdb7b1bb2024-07-26 13:39:09 +0100[diff] [blame]328component_test_psasim () {
Minos Galanakisada21b02024-07-26 12:34:19 +0100[diff] [blame]329 msg "build server library and application"
330 scripts/config.py crypto
331 helper_psasim_config server
332 helper_psasim_build server
333
334 helper_psasim_cleanup_before_client
335
336 msg "build library for client"
337 helper_psasim_config client
338 helper_psasim_build client
339
340 msg "build basic psasim client"
341 make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base
342 msg "test basic psasim client"
343 tests/psa-client-server/psasim/test/run_test.sh psa_client_base
344
345 msg "build full psasim client"
346 make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_full
347 msg "test full psasim client"
348 tests/psa-client-server/psasim/test/run_test.sh psa_client_full
349
350 make -C tests/psa-client-server/psasim clean
351}
352
Minos Galanakisdb7b1bb2024-07-26 13:39:09 +0100[diff] [blame]353component_test_suite_with_psasim () {
Minos Galanakisada21b02024-07-26 12:34:19 +0100[diff] [blame]354 msg "build server library and application"
355 helper_psasim_config server
356 # Modify server's library configuration here (if needed)
357 helper_psasim_build server
358
359 helper_psasim_cleanup_before_client
360
361 msg "build client library"
362 helper_psasim_config client
363 # PAKE functions are still unsupported from PSASIM
364 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
365 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
366 helper_psasim_build client
367
368 msg "build test suites"
369 make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests
370
371 helper_psasim_server kill
372 helper_psasim_server start
373
374 # psasim takes an extremely long execution time on some test suites so we
375 # exclude them from the list.
376 SKIP_TEST_SUITES="constant_time_hmac,lmots,lms"
377 export SKIP_TEST_SUITES
378
379 msg "run test suites"
380 make PSASIM=1 test
381
382 helper_psasim_server kill
Minos Galanakis85c78f52024-07-26 14:11:08 +0100[diff] [blame]383}