mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard

code size: Merge psa_core_key_attributes_t back into psa_key_attributes_t

Open yanrayw opened this issue 2 years ago • 13 comments

Note: https://github.com/Mbed-TLS/mbedtls/pull/8840 changes the deal significantly.

Fix: #6496

This PR merge psa_core_key_attributes_t back into psa_key_attributes_t by making a condition to have RSA in the build.

As for previous implementation, we only keep core in key slot from psa_start_key_creation. Since now we use same structure to keep core and domain_parameters. To keep identical with previous implementation, slot_number, domain_parameters and domain_parameters_size are cleared in key slot.

Code size measurement:

command: ./scripts/code_size_compare.py -o 92a55bf5ea1a7237ff37e0416efccc45072e3cc1 -n 8be56e20d8f353fecbebe3fdca1ab5407f1718f0 -c tfm-medium -a armv8-m

result: (saved 300 bytes in total)

File Name Old Size New Size Change (Bytes) Change (%)
psa_crypto.o 19206 19056 -150 -0.78%
psa_crypto_client.o 150 18 -132 -88%
psa_crypto_ecp.o 1702 1684 -18 -1.01%

PR checklist

Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")

  • [ ] changelog provided, or not required
  • [x] backport not required, it's a refactor for psa_key_attributes_t.
  • [x] tests not required

yanrayw avatar Jun 13 '23 02:06 yanrayw

The failure of ABI-API-checking is expected as we removed psa_core_key_attributes_t and merged attributes inside it into psa_key_attributes_t.

yanrayw avatar Jun 15 '23 08:06 yanrayw

Can you rebase onto latest development please?

After doing this I get a compile failure in psa_crypto.c:

psa_crypto.c:1284:17: error: no member named 'domain_parameters' in 'struct psa_key_attributes_s'
    attributes->domain_parameters = buffer;
    ~~~~~~~~~~  ^
psa_crypto.c:1285:17: error: no member named 'domain_parameters_size' in 'struct psa_key_attributes_s'
    attributes->domain_parameters_size = buflen;
    ~~~~~~~~~~  ^
2 errors generated.

when building with the default config with +MBEDTLS_NO_PLATFORM_ENTROPY -MBEDTLS_FS_IO -MBEDTLS_PSA_ITS_FILE_C -MBEDTLS_TIMING_C -MBEDTLS_HAVE_TIME -MBEDTLS_HAVE_TIME_DATE -MBEDTLS_PSA_CRYPTO_STORAGE_C -MBEDTLS_NET_C -MBEDTLS_VERSION_FEATURES -MBEDTLS_VERSION_C -MBEDTLS_SELF_TEST

tom-cosgrove-arm avatar Jun 28 '23 17:06 tom-cosgrove-arm

After doing this I get a compile failure in psa_crypto.c:

Thanks Tom. Take a look into this error, it happens because we didn't define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR anymore after #7641.

yanrayw avatar Jun 29 '23 05:06 yanrayw

So, had a thorough look now and this generally LGTM however I have that one question in the comment above. Once resolved I will be ready to approve.

tom-daubney-arm avatar Jul 03 '23 17:07 tom-daubney-arm

@tom-daubney-arm @tom-cosgrove-arm Do you mind I rebase on head of development to re-trigger CI as 7870 has been merged?

yanrayw avatar Jul 04 '23 09:07 yanrayw

Fine by me - go ahead

tom-cosgrove-arm avatar Jul 04 '23 09:07 tom-cosgrove-arm

@tom-daubney-arm @tom-cosgrove-arm Do you mind I rebase on head of development to re-trigger CI as 7870 has been merged?

Please do!

tom-daubney-arm avatar Jul 04 '23 09:07 tom-daubney-arm

There is no conflict in rebase, but I added an extra commit 4f4d3c4 to remove core which is added in recent PR.

yanrayw avatar Jul 04 '23 09:07 yanrayw

I found it's highly possible to break CI or cause new failure after I rebase. So I marked needs-ci to make sure we remember to rebase on head of development before merge this PR.

yanrayw avatar Jul 04 '23 09:07 yanrayw

@yanrayw @tom-cosgrove-arm please progress this PR, it's a good size win that seems to have stalled

daverodgman avatar Aug 15 '23 15:08 daverodgman

Although there is a merge conflict, as @tom-daubney-arm has approved this PR, i think it should be reasonable to wait until @tom-cosgrove-arm finishes his review. (It's highly possible to have merge conflicts in this PR, let me know if anyone has other suggestions.)

yanrayw avatar Aug 16 '23 01:08 yanrayw

@daverodgman Do we want this one in 3.6 release?

yanrayw avatar Nov 10 '23 08:11 yanrayw

@daverodgman Do we want this one in 3.6 release?

@minosgalanakis probably nice to have?

daverodgman avatar Nov 10 '23 18:11 daverodgman

Superseded by https://github.com/Mbed-TLS/mbedtls/pull/8867

gilles-peskine-arm avatar Feb 28 '24 01:02 gilles-peskine-arm