Move the Setting, Config, ConfigFile and ConfigTool classes to config_common.
Also update the referencies to the moved classes.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Make the include directory check relative to the source file in case not called
from the project root.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Due to the forward declaration issues, move the common descendant functions
and configfile handling to the `Config` base class.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit moves static functions that are necessary for
mbedtls_oid_get_numeric_string and mbedtls_oid_from_numeric_string from
oid.c to x509.c
Signed-off-by: Sam Berry <sam.berry@arm.com>
This commit moves all related mbedtls_oid_from_numeric_string unit tests
from test_suite_oid to test_suite_x509write.
Signed-off-by: Sam Berry <sam.berry@arm.com>
This commit moves all related mbedtls_oid_get_numeric_string unit tests
from test_suite_oid to test_suite_x509parse.
Signed-off-by: Sam Berry <sam.berry@arm.com>
This commit moves the function declarations for
mbedtls_oid_get_numeric_string and mbedtls_oid_from_numeric_string from
oid.h to x509.h.
Signed-off-by: Sam Berry <sam.berry@arm.com>
Rename the existing component_test_tfm_config which tests a modified version
of config-tfm.h for the sake of driver-vs-reference comparison.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This also suffices for compat.sh.
Include the sample programs in this build. They aren't tested by ssl-opt.sh
yet, but they soon will be.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This also suffices for compat.sh.
Include the sample programs in this build. They aren't tested by ssl-opt.sh
yet, but they soon will be.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When checking whether the build supports certificate authentication, check
the key exchange modes enabled in the default protocol version. This is TLS
1.3 when it's enabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The point of PSK-only mode is to transform certificate-based command lines
into PSK-based command lines, when the certificates are not relevant to what
is being tested. So it makes sense to do that in with PSK-ephemeral key
exchanges too.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
requires_certificate_authentication was called in more places, but did not
do fine-grained analysis of key exchanges and so gave the wrong results in
some builds.
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled gave the correct
result but was only used in some test cases, not in the automatic detection
code.
Remove all uses of requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
because they are in fact covered by automated detection that calls
requires_certificate_authentication.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't add a certificate requirement when PSK is enabled.
Do command line requirement detection after the injection of PSK into the
command line in PSK-only mode. Otherwise certificate requirements would be
added even in PSK-only mode.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When requiring a cryptographic mechanism for the sake of certificate
authentication, also require that certificate authentication is enabled.
Setting auth_mode explicitly means that we're testing something related to
how certificate-based authentication is handled, so require a key exchange
with certificate-based authentication.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
