Work on the stringly typed KNOWN_TASKS by classes for each category
of tasks, with a structure that matches the behavior.
This commit migrates the data for driver-vs-reference analysis and gets rid
of the transitional code that was using the old form of the data.
No intended behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Work on the stringly typed KNOWN_TASKS by classes for each category
of tasks, with a structure that matches the behavior.
This commit migrates the code for driver-vs-reference analysis. To
facilitate review, this commit preserves the layout of the data that
parametrizes each task. The next commit will migrate the data.
No intended behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Work on replacing the stringly typed KNOWN_TASKS by classes for each category
of tasks, with a structure that matches the behavior.
This commit migrates test coverage analysis.
No intended behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Start replacing the stringly typed KNOWN_TASKS by classes for each category
of tasks, with a structure that matches the behavior.
This commit introduces some transition code.
No intended behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the components migrated from test-ref-configs.pl, we don't need to
activate PSA: it's always on. Also, since there is no "_legacy" component to
contrast with, drop "_psa" from the component names.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove the components migrated from test-ref-configs.pl that use legacy
crypto (no enabling of MBEDTLS_USE_PSA_CRYPTO). In the 4.0 preparation
branch, we are no longer interested in such configurations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER has been compatible with
MBEDTLS_USE_PSA_CRYPTO since https://github.com/Mbed-TLS/mbedtls/pull/5380.
We still don't want to enable it in the full config because it's a behavior
change, even an interface change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the Setting, Config, ConfigFile and ConfigTool classes to config_common.
Also update the referencies to the moved classes.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Make the include directory check relative to the source file in case not called
from the project root.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Due to the forward declaration issues, move the common descendant functions
and configfile handling to the `Config` base class.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Rename the existing component_test_tfm_config which tests a modified version
of config-tfm.h for the sake of driver-vs-reference comparison.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This also suffices for compat.sh.
Include the sample programs in this build. They aren't tested by ssl-opt.sh
yet, but they soon will be.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This also suffices for compat.sh.
Include the sample programs in this build. They aren't tested by ssl-opt.sh
yet, but they soon will be.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When checking whether the build supports certificate authentication, check
the key exchange modes enabled in the default protocol version. This is TLS
1.3 when it's enabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The point of PSK-only mode is to transform certificate-based command lines
into PSK-based command lines, when the certificates are not relevant to what
is being tested. So it makes sense to do that in with PSK-ephemeral key
exchanges too.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
requires_certificate_authentication was called in more places, but did not
do fine-grained analysis of key exchanges and so gave the wrong results in
some builds.
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled gave the correct
result but was only used in some test cases, not in the automatic detection
code.
Remove all uses of requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
because they are in fact covered by automated detection that calls
requires_certificate_authentication.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
