Move everest headers

[bjwtaylor]

Description

Move everest headers. Depends Mbed-TLS/mbedtls-framework#153

PR checklist

• changelog provided
• framework PR not required
• mbedtls development PR provided Move everest headers mbedtls#10091
• mbedtls 3.6 PR not required because: No Backports
• mbedtls 2.28 PR not required because: No Backports
• tests not required because: No changes

[gilles-peskine-arm]

Looks good to me apart from .gitmodules, and apart from some issues which are at least partly preexisting and I'm not sure whether they're in scope right now or need to be part of some larger fix.

[gilles-peskine-arm]

As in mbedtls, no change to .gitmodules is desirable or necessary.

[bjwtaylor]

This change is temporary, it's just to test the dependent PR. It will be removed prior to the merge.

[gilles-peskine-arm]

I suppose that's out of scope, but I find this line weird: why would users of p256-m be built with any knowledge of Everest? This looks like a global change that shouldn't have been applied to this file. Can you please try just removing this line?

Everest headers do need to be available privately when building p256-m, however. There's no functional dependency, but p256-m.c calls psa_generate_random, which is declared in psa/crypto.h, which indirectly includes the header where Everest defines its ECDH context type. So maybe the line needs to be moved to the PRIVATE section and not removed.

[bjwtaylor]

Ok, I'll give it a go removing it.

[bjwtaylor]

Seems to work without it, so I removed it.

[bjwtaylor]

Interesting, this change seems to cause a failure when MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED is defined. Not sure if it's related to the next issue, I shall investigate.

[ronald-cron-arm]

This caught my eyes as it is indeed strange to have an everest include path for p256-m. Looking at it, it seems it is because p256-m code include psa/crypto.h which when MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED is enabled includes eventually everest/everest.h. It is probably somehow wrong for a driver to include psa/crypto.h but that's not an easy thing to change I'd say. The everest include path should be private though.

[bjwtaylor]

Thanks for the additional info, I've reverted the removal now. I shall look into making the path private.

[gilles-peskine-arm]

This may be preexisting, but the declaration of include paths is wrong here: at least some of these directories need to be public. Note that there's a clash in terminology:

• In the 1.0/4.0 work, I've called APIs “public” if they're documented and meant to be used in application code, and “private” otherwise. Everest is private since it's an implementation detail. However, it needs to be “exposed” because there's an opaque struct that has a field whose type is defined by an Everest header.
• In CMake, a “private” header is one that is only needed when compiling the project, while a “public” header is one that consuming projects need to have access to. At least part of Everest is public in this sense — that's what “exposed” means for a header.

To test that, run cmake --install . --prefix /tmp/235 after building with MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED and try compiling a source file containing just #include <psa/crypto.h> with cc -I /tmp/235/include. This fails because #include "everest/everest.h" cannot be fulfilled. You can also see that it's missing from the log of cmake --install.

Using Mbed TLS from another project is currently broken in other ways and untested, so this may be an issue that we file for later. These issues are critical for the 1.0/4.0 release.

[bjwtaylor]

So, there was another issue with the install path which I have now corrected. I have also moved the header to public as requested. Let me know what you think and lets see if the CI highlights anything though.