Introduce scripts automating wrapping structs members with MBEDTLS_PRIVATE macro #4511
Conversation
mstarzyk-mobica
force-pushed
the
mbedtls_private_with_python
branch
from
4c196b9 to
d338698
Compare
mstarzyk-mobica
added
mbedtls-3
needs-design-approval
needs-review
|
Python script is checking the structmbedtls_*.xml files. I assumed that these contain all the data we need. However now I see that not all structs have their xml models, e.g. |
mstarzyk-mobica
force-pushed
the
mbedtls_private_with_python
branch
3 times, most recently
from
e408700 to
e93e28c
Compare
setup_and_run_MBEDTLS_PRIVATE.sh
Outdated
| @@ -0,0 +1,8 @@ | |||
| make clean | |||
| sed -i 's/GENERATE_XML = NO/GENERATE_XML = YES/g' doxygen/mbedtls.doxyfile | |||
| scripts/config.py realfull | |||
There was a problem hiding this comment.
This is why mbedtls_aes_context is missing.
For the purpose of finding private fields, config.py full will get us most of the way. It will miss a handful of cases such as whichever ECDH context is not used in this configuration. I think full is close enough and we can deal with the few remaining cases manually.
mstarzyk-mobica
force-pushed
the
mbedtls_private_with_python
branch
2 times, most recently
from
1eb199c to
30b20a8
Compare
There was a problem hiding this comment.
I've discussed it a bit with Manuel and Gilles and we think that the approach of leveraging the doxygen data to mark the structure fields as private is good. That way you are able to do the job with a relatively short and simple python script. Things to do now:
- In the *.sh move to the full config not the realfull one as Gilles mentioned
- Probably better to put the scripts in the /scripts directory even if they are transient.
- After applying your script we need a specific commit that fix the coding style as we end up with a lot of lines that are too long (more than 80 characters). Adopting the structure:
/*!< Doxygen comment about field foo */
int foo;
rather than
int foo; /*!< Doxygen comment about field foo */
would probably ease the restructuring by limiting the number of line return needed.
@mpg @gilles-peskine-arm what to think about that ?
- Regarding the programs, as discussed with Gilles offline, define
MBEDTLS_ALLOW_PRIVATE_ACCESSin test programs and use MBEDTLS_PRIVATE in sample programs. Not always easy to know if a program is a test or a sample program though. Definitely test: programs/test/*, programs/ssl/ssl_client2, programs/ssl_server2, programs/fuzz/*
Definitely sample: programs/aes/*, programs/hash/*, programs/pkey/*, programs/random/*, programs/x509/*, programs/psa/key_ladder_demo, programs/psa/crypto_examples. If you have to change a file not in this list just ask we will try to figure out.
Otherwise to check for completeness, we plan to scan the header files resulting from your script with some sed/awk/grep/... magic. The following awk magic prints all the occurrences of set of 3 lines following a "{" line where none of the lines contain MBEDTLS_PRIVATE:
awk '/^{/{{line_number=FNR} for(i=1; i<=3; i++) {getline; lines[i]=$0} for(i=1; i<=3; i++){if(lines[i] ~ /MBEDTLS_PRIVATE/){next}} {printf "--- %s line %d\n", FILENAME, line_number}; for(i=1; i<=3; i++){ print lines[i]} }' *.h
With this I can see that we are probably missing something at line 319 of ecp.h, mbedtls_ecp_restart_ctx structure (locally I've run your script with the full configuration, not realfull).
Can be left over for after 3.0. If you reorganize Doxygen comments, note that they have to start with a different prefix depending on whether they are before or after the field. Our convention is that Doxygen comments go before unless they're on the same line (or at least start on the same line), and being inconsistent about this would be very confusing to source code readers, so please make sure that you don't break this convention. Regarding |
I thought that this script was supposed to be used once, is there any benefit of keeping it in the repo? If we want to keep it,
I was hoping that maybe we have a clang-tidy or something similar that would do the job. If not, then perhaps it would best to alter the script so that it takes the long comment lines into account and restructures them if needed.
I am a bit confused by this. The doxygen comments are fine both above and in the same line, as long as comment prefixes are correct?
Alright. We don't have a doxyfile for those, do we? I am not sure how much effort is need to manually apply MBEDTLS_PRIVATE to sample programs, but if it turns out be tedious work, perhaps we could generate doxygen xml for the programs and just reuse (with slight adjustment) the python script used for the library. |
No. Clang-tidy doesn't understand our peculiar whitespace style. One Day™ we'll change to a more standard style. Please do not reformat lines in the same commit as other code changes. As far as I'm concerned, if a few lines become too long, it doesn't matter. We'll fix it later (preferably after we change the coding style, which will alter line lengths anyway).
The following are fine ( The following is also fine, but shouldn't be mixed with the other style in the same structure to avoid confusing the reader. The following is almost never used in Mbed TLS, even though it is accepted by Doxygen, and please do not introduce any new occurrences to avoid confusion:
Doxygen only parses headers. You can find the places that need |
|
As Gilles suggested, let's forget about the reformatting of lines that are too long.
Yes only used once, thus ok to keep it in the root directory. Please add a commit that remove them though. Otherwise in my previous comment I forgot to mention the most important regarding the output of the awk script. The script does not output a lot of items thus it can be processed manually. Most items are false positive (inline function code, enumeration values) meaning that your script does by far most of the job. Please run the awk script, find the revealed blind spots (mbedtls_ecp_restart_ctx and a few others I think) of your script and do a commit to fix them. |
|
I need your clarification on following files: Which are tests and which are programs? |
|
In principle, this should be clear from https://github.com/ARMmbed/mbedtls/blob/development/programs/README.md but |
mstarzyk-mobica
force-pushed
the
mbedtls_private_with_python
branch
from
30b20a8 to
fdabeb9
Compare
|
I used awk script to find remaining structs members. |
|
Still getting few error during build. |
mstarzyk-mobica
force-pushed
the
mbedtls_private_with_python
branch
3 times, most recently
from
7c228ba to
4ccbddb
Compare
| @@ -88,41 +89,41 @@ extern "C" { | |||
| */ | |||
| typedef struct mbedtls_rsa_context | |||
| { | |||
| int ver; /*!< Reserved for internal purposes. | |||
| int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes. | |||
There was a problem hiding this comment.
Note: now that each field is explicitly marked as private, I think we should remove the \note above - direct manipulation is now more than deprecated, it's forbidden.
Conflicts:
include/mbedtls/ecp.h
Conflict resolved by using the code from development branch
and manually applying the MBEDTLS_PRIVATE wrapping.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
| @@ -52,7 +52,7 @@ struct mbedtls_timing_hr_time | |||
| */ | |||
| typedef struct mbedtls_timing_delay_context | |||
| { | |||
| struct mbedtls_timing_hr_time timer; | |||
| struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer); | |||
There was a problem hiding this comment.
This was missed by python script.
I checked the doxygen xml files: Doxygen claims this variable is defined at line 47. I don't know why this happens. However, since all other 'missed' variables were covered by adjusting library configuration, I don't see any value in looking into this any further.
There was a problem hiding this comment.
The script I posted in my previous review) now only finds the _pms_xxx fields in union mbedtls_ssl_premaster_secret in ssl.h, and some false positives. Since this union is described as “Dummy type used only for its size”, it's clear that it's not a useful part of the public API, so let's not spend more time on it.
We should now remove the scripts from the root directory. I'm ok with doing that in a follow-up.
| @@ -47,11 +48,11 @@ | |||
| typedef struct | |||
| { | |||
| /** The HMAC algorithm in use */ | |||
| psa_algorithm_t alg; | |||
| psa_algorithm_t MBEDTLS_PRIVATE(alg); | |||
| /** The hash context. */ | |||
| struct psa_hash_operation_s hash_ctx; | |||
There was a problem hiding this comment.
To clarify, does this need changing, or is it okay how it is? I'll approve anyway.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
…te_with_python
Conflicts:
include/mbedtls/ssl.h
include/psa/crypto_struct.h
Conflicts fixed by using the code from development branch
and manually re-applying the MBEDTLS_PRIVATE wrapping.
ronald-cron-arm
dismissed stale reviews from davidhorstmann-arm and gilles-peskine-arm
via
c4c761e
ronald-cron-arm
force-pushed
the
mbedtls_private_with_python
branch
from
0b6c4f8 to
c4c761e
Compare
ronald-cron-arm
requested review from
gilles-peskine-arm and
davidhorstmann-arm
and removed request for
ronald-cron-arm
There was a problem hiding this comment.
I did a merge locally starting from my previous approval of 0b6c4f8 and removed the temporary scripts, and I ended up with the same result.
We forgot those in Mbed-TLS#4511. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We forgot those in Mbed-TLS#4511. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
python scripts relies on doxygen to generate xml files.
shell script prepares configuration, enables xml generation in doxyfile and runs the python script