TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ac267f3485b19e3dcee59f8a7ab0aaeb4a2398d5 / . / library / mps / common.h
blob: 37a4cefe540e6a7fbdf0d21f91acd2db57e49507 [file] [log] [blame]
Hanno Becker108fc842021-01-12 06:39:43 +0000[diff] [blame]1/*
2 * Copyright The Mbed TLS Contributors
3 * SPDX-License-Identifier: Apache-2.0
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License"); you may
6 * not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 * This file is part of mbed TLS (https://tls.mbed.org)
18 */
19
20/**
21 * \file common.h
22 *
23 * \brief Common functions and macros used by MPS
24 */
25
26#ifndef MBEDTLS_MPS_COMMON_H
27#define MBEDTLS_MPS_COMMON_H
28
Hanno Beckerd2f9f532021-01-12 07:11:11 +0000[diff] [blame]29#include <stdio.h>
30
Hanno Becker6ed183c2021-01-12 06:42:16 +0000[diff] [blame]31/**
32 * \name SECTION: MPS Configuration
33 *
34 * \{
35 */
36
Hanno Beckerac267f32021-01-12 07:25:41 +0000[diff] [blame^]37/*! This flag controls whether the MPS-internal components
38 * (reader, writer, Layer 1-3) perform validation of the
39 * expected abstract state at the entry of API calls.
40 *
41 * Context: All MPS API functions impose assumptions/preconditions on the
42 * context on which they operate. For example, every structure has a notion of
43 * state integrity which is established by `xxx_init()` and preserved by any
44 * calls to the MPS API which satisfy their preconditions and either succeed,
45 * or fail with an error code which is explicitly documented to not corrupt
46 * structure integrity (such as WANT_READ and WANT_WRITE);
47 * apart from `xxx_init()` any function assumes state integrity as a
48 * precondition (but usually more). If any of the preconditions is violated,
49 * the function's behavior is entirely undefined.
50 * In addition to state integrity, all MPS structures have a more refined
51 * notion of abstract state that the API operates on. For example, all layers
52 * have a notion of 'abtract read state' which indicates if incoming data has
53 * been passed to the user, e.g. through mps_l2_read_start() for Layer 2
54 * or mps_l3_read() in Layer 3. After such a call, it doesn't make sense to
55 * call these reading functions again until the incoming data has been
56 * explicitly 'consumed', e.g. through mps_l2_read_consume() for Layer 2 or
57 * mps_l3_read_consume() on Layer 3. However, even if it doesn't make sense,
58 * it's a design choice whether the API should fail gracefully on such
59 * non-sensical calls or not, and that's what this option is about:
60 *
61 * This option determines whether the expected abstract state
62 * is part of the API preconditions or not. If it is, the function's
63 * behavior is undefined if the abstract state is not as expected.
64 * If it is set, API is required to fail gracefully with error
65 * #MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED, and without changing the abstract
66 * state of the input context, if the abstract state is unexpected but
67 * all other preconditions are satisfied.
68 *
69 * For example: Enabling this makes mps_l2_read_done() fail if
70 * no incoming record is currently open; disabling this would
71 * lead to undefined behavior in this case.
72 *
73 * Comment this to remove state validation.
74 */
75#define MBEDTLS_MPS_STATE_VALIDATION
76
Hanno Becker6ed183c2021-01-12 06:42:16 +0000[diff] [blame]77/*! This flag enables/disables assertions on the internal state of MPS.
78 *
79 * Assertions are sanity checks that should never trigger when MPS
80 * is used within the bounds of its API and preconditions.
81 *
82 * Enabling this increases security by limiting the scope of
83 * potential bugs, but comes at the cost of increased code size.
84 *
85 * Note: So far, there is no guiding principle as to what
86 * expected conditions merit an assertion, and which don't.
87 *
88 * Comment this to disable assertions.
89 */
90#define MBEDTLS_MPS_ENABLE_ASSERTIONS
91
Hanno Becker1ae9f752021-01-12 06:43:17 +0000[diff] [blame]92/*! This flag controls whether tracing for MPS should be enabled. */
Hanno Beckerc809ff62021-01-12 06:54:04 +0000[diff] [blame]93//#define MBEDTLS_MPS_TRACE
Hanno Becker1ae9f752021-01-12 06:43:17 +0000[diff] [blame]94
Hanno Beckerac267f32021-01-12 07:25:41 +0000[diff] [blame^]95#if defined(MBEDTLS_MPS_STATE_VALIDATION)
96
97#define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string ) \
98 do \
99 { \
100 if( !(cond) ) \
101 { \
102 TRACE( trace_error, string ); \
103 RETURN( MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED ); \
104 } \
105 } while( 0 )
106
107#else /* MBEDTLS_MPS_STATE_VALIDATION */
108
109#define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string ) \
110 do \
111 { \
112 ( cond ); \
113 } while( 0 )
114
115#endif /* MBEDTLS_MPS_STATE_VALIDATION */
116
Hanno Becker75ac1f72021-01-12 07:25:26 +0000[diff] [blame]117#if defined(MBEDTLS_MPS_ENABLE_ASSERTIONS)
118
119#define MBEDTLS_MPS_ASSERT_RAW( cond, string ) \
120 do \
121 { \
122 if( !(cond) ) \
123 { \
124 TRACE( trace_error, string ); \
125 RETURN( MBEDTLS_ERR_MPS_INTERNAL_ERROR ); \
126 } \
127 } while( 0 )
128
129#else /* MBEDTLS_MPS_ENABLE_ASSERTIONS */
130
131#define MBEDTLS_MPS_ASSERT_RAW( cond, string ) do {} while( 0 )
132
133#endif /* MBEDTLS_MPS_ENABLE_ASSERTIONS */
134
Hanno Beckerac267f32021-01-12 07:25:41 +0000[diff] [blame^]135
Hanno Becker6ed183c2021-01-12 06:42:16 +0000[diff] [blame]136/* \} name SECTION: MPS Configuration */
Hanno Becker108fc842021-01-12 06:39:43 +0000[diff] [blame]137
Hanno Beckerd2f9f532021-01-12 07:11:11 +0000[diff] [blame]138/**
139 * \name SECTION: Common types
140 *
141 * Various common types used throughout MPS.
142 * \{
143 */
144
145/** \brief The type of buffer sizes and offsets used in MPS structures.
146 *
147 * This is an unsigned integer type that should be large enough to
148 * hold the length of any buffer resp. message processed by MPS.
149 *
150 * The reason to pick a value as small as possible here is
151 * to reduce the size of MPS structures.
152 *
153 * \warning Care has to be taken when using a narrower type
154 * than ::mbedtls_mps_size_t here because of
155 * potential truncation during conversion.
156 *
157 * \warning Handshake messages in TLS may be up to 2^24 ~ 16Mb in size.
158 * If mbedtls_mps_[opt_]stored_size_t is smaller than that, the
159 * maximum handshake message is restricted accordingly.
160 *
161 * For now, we use the default type of size_t throughout, and the use of
162 * smaller types or different types for ::mbedtls_mps_size_t and
163 * ::mbedtls_mps_stored_size_t is not yet supported.
164 *
165 */
166typedef size_t mbedtls_mps_stored_size_t;
167#define MBEDTLS_MPS_SIZE_MAX ( (mbedtls_mps_size_t) -1 )
168
169/** \brief The type of buffer sizes and offsets used in the MPS API
170 * and implementation.
171 *
172 * This must be at least as wide as ::mbedtls_stored_size_t but
173 * may be chosen to be strictly larger if more suitable for the
174 * target architecture.
175 *
176 * For example, in a test build for ARM Thumb, using uint_fast16_t
177 * instead of uint16_t reduced the code size from 1060 Byte to 962 Byte,
178 * so almost 10%.
179 */
180typedef size_t mbedtls_mps_size_t;
181
182#if (mbedtls_mps_size_t) -1 > (mbedtls_mps_stored_size_t) -1
183#error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t."
184#endif
185
186/* \} SECTION: Common types */
187
188
Hanno Becker108fc842021-01-12 06:39:43 +0000[diff] [blame]189#endif /* MBEDTLS_MPS_COMMON_H */