Previously, the semantics of mbedtls_mps_reader_commit() was to invalidate
all buffers previously fetched via mbedtls_mps_reader_get(), forbidding
any further use by the 'consumer'. This was in fact a necessary constraint
for the current implementation, which did some memory moving in
mbedtls_mps_reader_commit().
This commit simplifies the reader's semantics and implementation in
the following way:
- API: A call to mbedtls_mps_reader_commit() does no longer invalidate
the buffers previously obtained via mbedtls_mps_reader_get().
Instead, they can continue to be used until
mbedtls_mps_reader_reclaim() is called.
Calling mbedtls_mps_reader_commit() now only sets a marker
indicating which parts of the data received through
mbedtls_mps_reader_get() need not be backed up once
mbedtls_mps_reader_reclaim() is called. Allowing the user
to call mbedtls_mbedtls_reader_commit() multiple times
before mbedtls_mps_reader_reclaim() is mere convenience:
We'd get exactly the same functionality if instead of
mbedtls_mps_reader_commit(), there was an additional argument
to mbedtls_mps_reader_reclaim() indicating how much data
to retain. However, the present design is more convenient
for the user and doesn't appear to introduce any unnecessary
complexity (anymore), so we stick with it for now.
- Implementation: mbedtls_mps_reader_commit() is now a 1-liner,
setting the 'commit-marker', but doing nothing else.
Instead, the complexity of mbedtls_mp_reader_reclaim()
slightly increases because it has to deal with creating
backups from both the accumulator and the current
fragment. In the previous implementation, which shifted
the accumulator content with every call to
mbedtls_mps_reader_commit(), only the backup from the
fragment was necessary; with the new implementation
which doesn't shift anything in
mbedtls_mps_reader_commit(), we need to do the
accumulator shift in mbedtls_mps_reader_reclaim().
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit adds an implementation of the MPS trace module
based on `printf()`.
The enabling macro MBEDTLS_MPS_TRACE remains unset by default
because MPS tracing is very verbose and consumes unnecessary
space in the CI.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit adds a test exercising the reader in a random way
and comparing the outcomes against what we expect based on the
abstract model of the reader from the producer's and consumer's
perspective.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit adds an MPS unit test suite `test_suite_mps` which will
subsequently be populated with unit tests for all components of MPS.
As a start, a test case
```
mbedtls_mps_reader_no_pausing_single_step_single_round()
```
is added which exercises the most basic usage of the MPS reader
component; see the test case description for more details.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit adds an internal header `library/mps/error.h` related
to error codes in MPS.
For now, those error codes can be considered internal and thus we
don't have to avoid clashes with other Mbed TLS error codes. This
is OK as long as it's true that MPS isn't public API, and its error
codes are never forwarded to the return values of public API calls.
The error code allocation of MPS will likely need revisiting over time.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Most buffers that MPS deals with are small and representable
with integer types of width 16-bit or more.
For highly memory constrained systems, it is therefore a potential
for significant memory savings to use 16-bit types for buffer sizes
throughout MPS.
In prepraration for this, this commit introduces typdefs
```
mbedtls_mps_size_t
mbedtls_mps_stored_size_t
```
for buffer sizes in the MPS implementation and the MPS structures,
respectively.
So far, those MUST be defined as `size_t`: While an effort has been made
to write most of MPS code in terms of `mbedtls_mps_[stored_]size_t` in a
way that would allow narrower types, those aren't yet supported. Still,
we retain the typedefs in order to avoid unnecessary rewriting of a large
body of the MPS codebase.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit adds the interface fo the MPS reader component as
`library/mps/reader.h`.
Please see the file itself for extensive documentation.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
MPS' tracing module uses four macros:
1) TRACE( type, fmt, ... )
This acts like `printf( fmt, ... )` but also allows
the specification of a type of trace output (comment,
warning, error, ...)
2) TRACE_INIT
This acts like TRACE() but increases the level of
indentation. It will be used at the beginning of
function calls.
3) RETURN( val )
Equivalent to `return( val )` plus a decrement in the
level of indentation. This should be used at the end of
functions that have been started with TRACE_INIT.
4) TRACE_END
This combines a trace output with a decrement of the
level of indentation. It's necessary prior to leaving
functions which have been started with TRACE_INIT
but which don't have a return value.
This commit defines those macros as no-op dummies in
`library/mps/trace.h` for now.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit adds an MPS-specific compile-time option
`MBEDTLS_MPS_TRACE` to the internal MPS header `mps/common.h`.
So far -- this may need revisiting -- MPS comes with its own
internal tracing module which allows to track the operation of
MPS' various layers for the purpose of understanding of it workings
as well as for debugging.
The reasons for the introduction of a module separate from SSL debug
are the following:
1) The SSL debug module requires an SSL context to function because
debug callbacks are part of the runtime configuration of the SSL
module.
The MPS tracing module, in contrast, is not supposed to be used
in production environments, and there is no need for a runtime
configuration. Instead, a compile-time defined tracing callback
is used.
2) In the interest of modularity, MPS' tracing module shouldn't
require having an SSL context around.
3) Purely visually, MPS' tracing module adds support for indentation
according to call-depth and coloring according to which module is
being used, which makes it very useful for what's going on; however,
those features aren't available in the SSL debug module (and they
shouldn't be).
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
