Skip to content

Move private headers to a private directory #175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions scripts/check_names.py
Original file line number Diff line number Diff line change
Expand Up @@ -703,6 +703,8 @@ def comprehensive_parse(self):
"include/tf-psa-crypto/*.h",
"include/mbedtls/*.h",
"drivers/builtin/include/mbedtls/*.h",
"include/mbedtls/private/*.h",
"drivers/builtin/include/mbedtls/private/*.h",
"drivers/everest/include/everest/everest.h",
"drivers/everest/include/everest/x25519.h",
"drivers/everest/include/tf-psa-crypto/private/everest/everest.h",
Expand All @@ -722,6 +724,8 @@ def comprehensive_parse(self):
"include/tf-psa-crypto/*.h",
"include/mbedtls/*.h",
"drivers/builtin/include/mbedtls/*.h",
"include/mbedtls/private/*.h",
"drivers/builtin/include/mbedtls/private/*.h",
"core/*.h",
"drivers/builtin/src/*.h",
"core/*.c",
Expand All @@ -736,6 +740,8 @@ def comprehensive_parse(self):
"include/tf-psa-crypto/*.h",
"include/mbedtls/*.h",
"drivers/builtin/include/mbedtls/*.h",
"include/mbedtls/private/*.h",
"drivers/builtin/include/mbedtls/private/*.h",
"core/*.h",
"drivers/builtin/src/*.h",
"drivers/everest/include/everest/everest.h",
Expand All @@ -748,6 +754,8 @@ def comprehensive_parse(self):
"include/tf-psa-crypto/*.h",
"include/mbedtls/*.h",
"drivers/builtin/include/mbedtls/*.h",
"include/mbedtls/private/*.h",
"drivers/builtin/include/mbedtls/private/*.h",
"core/*.h",
"drivers/builtin/src/*.h",
"drivers/everest/include/everest/everest.h",
Expand Down
4 changes: 4 additions & 0 deletions tests/include/test/bignum_helpers.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@

#if defined(MBEDTLS_BIGNUM_C)

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include <mbedtls/private/bignum.h>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is good for development, but the framework needs to keep working with 3.6 as well. I suggest

#if MBEDTLS_VERSION_MAJOR >= 4
#include <mbedtls/private/bignum.h>
#else
#include <mbedtls/bignum.h>
#endif

(Here and in all similar places obviously.) (Edit: MBEDTLS_VERSION_MAJOR is defined by including build_info.h which should already be included everywhere.)

I also suggest you create a "shadow" 3.6 PR where the only thing you do is change the framework pointer to the head of this PR.

Your goal is now to get a green CI both on the mbedtls development PR and the shadow 3.6 PR :)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also suggest you create a "shadow" 3.6 PR where the only thing you do is change the framework pointer to the head of this PR.

Based on the results of CI for this PR it seems to me that:

  1. development of tf-psa-crypto: OK
  2. development of mbedtls repo: FAIL
  3. mbedtls-3.6 of mbedtls: OK

As far as I can tell 3.6 testing should be fine, but then I'm a bit surprised that tf-psa-crypto is also OK with the files being moved while development of mbedtls repo fails. I would expect both to fail for the same reason, i.e. files being moved. This made me think on the proposed suggestion of #if MBEDTLS_VERSION_MAJOR >= 4: shouldn't we also check PSA_CRYPTO_API_VERSION_MAJOR for the case in which tf-psa-crypto repo is built as standalone?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not PSA_CRYPTO_API_VERSION_xxx: that's the API version which is irrelevant. We'd need TF_PSA_CRYPTO_VERSION_xxx (or whatever the name is supposed to be) which doesn't exist yet.

Copy link
Contributor

@valeriosetti valeriosetti Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, thanks for the details!
Therefore I suspect that we might have issues with this PR series as follows. CI tests in this PR for standalone tf-psa-crypto here are passing just because the the current default branch of tf-psa-crypto is used and the old headers' path is picked. But there are tests on Mbed-TLS/TF-PSA-Crypto#318 which are failing due to missing test headers (I didn't check them all, but at least test_tf_psa_crypto_out_of_source does):

[2025-06-24T10:46:42.522Z] [  1%] Building C object CMakeFiles/tf_psa_crypto_test.dir/framework/tests/src/bignum_helpers.c.o
[2025-06-24T10:46:42.522Z] In file included from /var/lib/build/framework/tests/src/bignum_helpers.c:14:
[2025-06-24T10:46:42.522Z] /var/lib/build/framework/tests/include/test/bignum_helpers.h:23:10: fatal error: 'mbedtls/bignum.h' file not found
[2025-06-24T10:46:42.522Z] #include <mbedtls/bignum.h>

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, sorry, my suggestion was not correct, I noticed and discussed it on Slack but failed to report the outcome of the discussion here. I think while waiting for TF_PSA_CRYPTO_VERSION_xxx I suggest

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include <mbedtls/private/bignum.h>
#else
#include <mbedtls/bignum.h>
#endif

In tf-psa-crypto standalone, MBEDTLS_VERSION_MAJOR will not be defined. In mbedtls development, it will be defined and >= 4. Those are the two cases where we want the new path. In mbedtls 3.6, it will be defined and < 4; this is the only case where we want the old path.

(Alternatively, we could make this whole series of PRs depend on c323 but I'd rather not: this is a very conflict-prone series of PR so we should try not to delay it if we can avoid it.

#else
#include <mbedtls/bignum.h>
#endif
#include <bignum_mod.h>

/** Allocate and populate a core MPI from a test case argument.
Expand Down
4 changes: 4 additions & 0 deletions tests/include/test/drivers/cipher.h
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,11 @@
#include <psa/crypto_driver_common.h>
#include <psa/crypto.h>

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include "mbedtls/private/cipher.h"
#else
#include "mbedtls/cipher.h"
#endif

typedef struct {
/* If non-null, on success, copy this to the output. */
Expand Down
6 changes: 6 additions & 0 deletions tests/include/test/helpers.h
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,15 @@
#include <stdint.h>

#if defined(MBEDTLS_BIGNUM_C)

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include "mbedtls/private/bignum.h"
#else
#include "mbedtls/bignum.h"
#endif

#endif

/** The type of test case arguments that contain binary data. */
typedef struct data_tag {
uint8_t *x;
Expand Down
5 changes: 5 additions & 0 deletions tests/include/test/psa_crypto_helpers.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,12 @@
#endif

#include <psa/crypto.h>

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include <mbedtls/private/ctr_drbg.h>
#else
#include <mbedtls/ctr_drbg.h>
#endif

#if defined(MBEDTLS_PSA_CRYPTO_C)
/** Initialize the PSA Crypto subsystem. */
Expand Down
5 changes: 5 additions & 0 deletions tests/src/bignum_helpers.c
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,12 @@
#include <stdlib.h>
#include <string.h>

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include <mbedtls/private/bignum.h>
#else
#include <mbedtls/bignum.h>
#endif

#include <bignum_core.h>
#include <bignum_mod.h>
#include <bignum_mod_raw.h>
Expand Down
6 changes: 6 additions & 0 deletions tests/src/drivers/test_driver_asymmetric_encryption.c
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,13 @@

#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include "mbedtls/private/rsa.h"
#else
#include "mbedtls/rsa.h"
#endif

#include "psa_crypto_rsa.h"
#include "string.h"
#include "test/drivers/asymmetric_encryption.h"
Expand Down
5 changes: 5 additions & 0 deletions tests/src/drivers/test_driver_cipher.c
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,12 @@
#include "psa/crypto.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include "mbedtls/private/cipher.h"
#else
#include "mbedtls/cipher.h"
#endif

#include "test/drivers/cipher.h"

Expand Down
6 changes: 6 additions & 0 deletions tests/src/drivers/test_driver_key_management.c
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,13 @@
#include "psa_crypto_ecp.h"
#include "psa_crypto_rsa.h"
#include "psa_crypto_ffdh.h"

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include "mbedtls/private/ecp.h"
#else
#include "mbedtls/ecp.h"
#endif

#include "mbedtls/error.h"

#include "test/drivers/key_management.h"
Expand Down
9 changes: 9 additions & 0 deletions tests/src/drivers/test_driver_signature.c
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,22 @@
#include "psa_crypto_ecp.h"
#include "psa_crypto_hash.h"
#include "psa_crypto_rsa.h"

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include "mbedtls/private/ecp.h"
#else
#include "mbedtls/ecp.h"
#endif

#include "test/drivers/hash.h"
#include "test/drivers/signature.h"
#include "test/drivers/hash.h"

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include "mbedtls/private/ecdsa.h"
#else
#include "mbedtls/ecdsa.h"
#endif

#include "test/random.h"

Expand Down
5 changes: 5 additions & 0 deletions tests/src/fake_external_rng_for_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,12 @@ psa_status_t mbedtls_psa_external_get_random(
#if defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT)

#include <test/random.h>

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include <mbedtls/private/entropy.h>
#else
#include <mbedtls/entropy.h>
#endif

static int platform_get_entropy_force_failure;
static size_t platform_get_entropy_forced_entropy_content = SIZE_MAX;
Expand Down
9 changes: 9 additions & 0 deletions tests/src/psa_crypto_helpers.c
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,12 @@
#include <test/psa_crypto_helpers.h>

#if defined(MBEDTLS_CTR_DRBG_C)
#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include <mbedtls/private/ctr_drbg.h>
#else
#include <mbedtls/ctr_drbg.h>
#endif
#endif

#if defined(MBEDTLS_PSA_CRYPTO_C)

Expand Down Expand Up @@ -249,7 +253,12 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string)

#if defined(MBEDTLS_PSA_INJECT_ENTROPY)

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include <mbedtls/private/entropy.h>
#else
#include <mbedtls/entropy.h>
#endif

#include <psa_crypto_its.h>

int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len)
Expand Down
6 changes: 6 additions & 0 deletions tests/src/psa_exercise_key.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,13 @@
#include <pk_internal.h>
#endif
#if defined(MBEDTLS_ECP_C)

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include <mbedtls/private/ecp.h>
#else
#include <mbedtls/ecp.h>
#endif

#endif
#if defined(MBEDTLS_RSA_C)
#include <rsa_internal.h>
Expand Down
4 changes: 4 additions & 0 deletions tests/src/random.c
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,11 @@
#include <test/random.h>
#include <string.h>

#if !defined(MBEDTLS_VERSION_MAJOR) || MBEDTLS_VERSION_MAJOR >= 4
#include <mbedtls/private/entropy.h>
#else
#include <mbedtls/entropy.h>
#endif
#include <alignment.h>

int mbedtls_test_rnd_std_rand(void *rng_state,
Expand Down