Use more abstractions for protocol version formatting

Signed-off-by: Gilles Peskine <[email protected]>

Author: gilles-peskine-arm

scripts/generate_tls_handshake_tests.py

@@ -64,12 +64,11 @@ def write_tls_handshake_defragmentation_test(
         tc.requirements.append('skip_next_test')
 
     if version is not None:
-        their_args += ' -tls1_' + str(version.value)
+        their_args += ' ' + version.openssl_option()
         # Emit a version requirement, because we're forcing the version via
         # OpenSSL, not via Mbed TLS, and the automatic depdendencies in
         # ssl-opt.sh only handle forcing the version via Mbed TLS.
-        tc.requirements.append('requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_' +
-                               str(version.value))
+        tc.requirements.append(version.requires_command())
         if side == Side.SERVER and version == Version.TLS12 and \
            length is not None and \
            length <= TLS12_CLIENT_HELLO_ASSUMED_MAX_LENGTH:

scripts/mbedtls_framework/tls_test_case.py

@@ -80,5 +80,22 @@ class Side(enum.Enum):
     SERVER = 1
 
 class Version(enum.Enum):
+    """TLS protocol version.
+
+    This class doesn't know about DTLS yet.
+    """
+
     TLS12 = 2
     TLS13 = 3
+
+    def force_version(self) -> str:
+        """Argument to pass to ssl_client2 or ssl_server2 to force this version."""
+        return f'force_version=tls1{self.value}'
+
+    def openssl_option(self) -> str:
+        """Option to pass to openssl s_client or openssl s_server to select this version."""
+        return f'-tls1_{self.value}'
+
+    def requires_command(self) -> str:
+        """Command to require this protocol version in an ssl-opt.sh test case."""
+        return 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_' + str(self.value)