1 /*
2  *  Copyright The Mbed TLS Contributors
3  *  SPDX-License-Identifier: Apache-2.0
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
6  *  not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  *  This file is part of mbed TLS (https://tls.mbed.org)
18  */
19 
20 /**
21  * \file mps_common.h
22  *
23  * \brief Common functions and macros used by MPS
24  */
25 
26 #ifndef MBEDTLS_MPS_COMMON_H
27 #define MBEDTLS_MPS_COMMON_H
28 
29 #include "mps_error.h"
30 
31 #include <stdio.h>
32 
33 /**
34  * \name SECTION:       MPS Configuration
35  *
36  * \{
37  */
38 
39 /*! This flag controls whether the MPS-internal components
40  *  (reader, writer, Layer 1-3) perform validation of the
41  *  expected abstract state at the entry of API calls.
42  *
43  *  Context: All MPS API functions impose assumptions/preconditions on the
44  *  context on which they operate. For example, every structure has a notion of
45  *  state integrity which is established by `xxx_init()` and preserved by any
46  *  calls to the MPS API which satisfy their preconditions and either succeed,
47  *  or fail with an error code which is explicitly documented to not corrupt
48  *  structure integrity (such as WANT_READ and WANT_WRITE);
49  *  apart from `xxx_init()` any function assumes state integrity as a
50  *  precondition (but usually more). If any of the preconditions is violated,
51  *  the function's behavior is entirely undefined.
52  *  In addition to state integrity, all MPS structures have a more refined
53  *  notion of abstract state that the API operates on. For example, all layers
54  *  have a notion of 'abstract read state' which indicates if incoming data has
55  *  been passed to the user, e.g. through mps_l2_read_start() for Layer 2
56  *  or mps_l3_read() in Layer 3. After such a call, it doesn't make sense to
57  *  call these reading functions again until the incoming data has been
58  *  explicitly 'consumed', e.g. through mps_l2_read_consume() for Layer 2 or
59  *  mps_l3_read_consume() on Layer 3. However, even if it doesn't make sense,
60  *  it's a design choice whether the API should fail gracefully on such
61  *  non-sensical calls or not, and that's what this option is about:
62  *
63  *  This option determines whether the expected abstract state
64  *  is part of the API preconditions or not: If the option is set,
65  *  then the abstract state is not part of the precondition and is
66  *  thus required to be validated by the implementation. If an unexpected
67  *  abstract state is encountered, the implementation must fail gracefully
68  *  with error #MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED.
69  *  Conversely, if this option is not set, then the expected abstract state
70  *  is included in the preconditions of the respective API calls, and
71  *  an implementation's behaviour is undefined if the abstract state is
72  *  not as expected.
73  *
74  *  For example: Enabling this makes mps_l2_read_done() fail if
75  *  no incoming record is currently open; disabling this would
76  *  lead to undefined behavior in this case.
77  *
78  *  Comment this to remove state validation.
79  */
80 #define MBEDTLS_MPS_STATE_VALIDATION
81 
82 /*! This flag enables/disables assertions on the internal state of MPS.
83  *
84  *  Assertions are sanity checks that should never trigger when MPS
85  *  is used within the bounds of its API and preconditions.
86  *
87  *  Enabling this increases security by limiting the scope of
88  *  potential bugs, but comes at the cost of increased code size.
89  *
90  *  Note: So far, there is no guiding principle as to what
91  *  expected conditions merit an assertion, and which don't.
92  *
93  *  Comment this to disable assertions.
94  */
95 #define MBEDTLS_MPS_ENABLE_ASSERTIONS
96 
97 /*! This flag controls whether tracing for MPS should be enabled. */
98 //#define MBEDTLS_MPS_ENABLE_TRACE
99 
100 #if defined(MBEDTLS_MPS_STATE_VALIDATION)
101 
102 #define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string )                         \
103     do                                                                         \
104     {                                                                          \
105         if( !(cond) )                                                          \
106         {                                                                      \
107             MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, string );         \
108             MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED );  \
109         }                                                                      \
110     } while( 0 )
111 
112 #else /* MBEDTLS_MPS_STATE_VALIDATION */
113 
114 #define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string )           \
115     do                                                           \
116     {                                                            \
117         ( cond );                                                \
118     } while( 0 )
119 
120 #endif /* MBEDTLS_MPS_STATE_VALIDATION */
121 
122 #if defined(MBEDTLS_MPS_ENABLE_ASSERTIONS)
123 
124 #define MBEDTLS_MPS_ASSERT_RAW( cond, string )                          \
125     do                                                                  \
126     {                                                                   \
127         if( !(cond) )                                                   \
128         {                                                               \
129             MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, string );  \
130             MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_INTERNAL_ERROR ); \
131         }                                                               \
132     } while( 0 )
133 
134 #else /* MBEDTLS_MPS_ENABLE_ASSERTIONS */
135 
136 #define MBEDTLS_MPS_ASSERT_RAW( cond, string ) do {} while( 0 )
137 
138 #endif /* MBEDTLS_MPS_ENABLE_ASSERTIONS */
139 
140 
141 /* \} name SECTION: MPS Configuration */
142 
143 /**
144  * \name SECTION:       Common types
145  *
146  * Various common types used throughout MPS.
147  * \{
148  */
149 
150 /** \brief   The type of buffer sizes and offsets used in MPS structures.
151  *
152  *           This is an unsigned integer type that should be large enough to
153  *           hold the length of any buffer or message processed by MPS.
154  *
155  *           The reason to pick a value as small as possible here is
156  *           to reduce the size of MPS structures.
157  *
158  * \warning  Care has to be taken when using a narrower type
159  *           than ::mbedtls_mps_size_t here because of
160  *           potential truncation during conversion.
161  *
162  * \warning  Handshake messages in TLS may be up to 2^24 ~ 16Mb in size.
163  *           If mbedtls_mps_[opt_]stored_size_t is smaller than that, the
164  *           maximum handshake message is restricted accordingly.
165  *
166  * For now, we use the default type of size_t throughout, and the use of
167  * smaller types or different types for ::mbedtls_mps_size_t and
168  * ::mbedtls_mps_stored_size_t is not yet supported.
169  *
170  */
171 typedef size_t mbedtls_mps_stored_size_t;
172 #define MBEDTLS_MPS_STORED_SIZE_MAX  ( (mbedtls_mps_stored_size_t) -1 )
173 
174 /** \brief The type of buffer sizes and offsets used in the MPS API
175  *         and implementation.
176  *
177  *         This must be at least as wide as ::mbedtls_stored_size_t but
178  *         may be chosen to be strictly larger if more suitable for the
179  *         target architecture.
180  *
181  *         For example, in a test build for ARM Thumb, using uint_fast16_t
182  *         instead of uint16_t reduced the code size from 1060 Byte to 962 Byte,
183  *         so almost 10%.
184  */
185 typedef size_t mbedtls_mps_size_t;
186 #define MBEDTLS_MPS_SIZE_MAX  ( (mbedtls_mps_size_t) -1 )
187 
188 #if MBEDTLS_MPS_STORED_SIZE_MAX > MBEDTLS_MPS_SIZE_MAX
189 #error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t."
190 #endif
191 
192 /* \} SECTION: Common types */
193 
194 
195 #endif /* MBEDTLS_MPS_COMMON_H */
196