Skip to content

Inline check_pair functions #580

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bjwtaylor wants to merge 11 commits into
base: development
Choose a base branch
from
Open

Inline check_pair functions #580

bjwtaylor wants to merge 11 commits into from
+51 −62

Conversation

@bjwtaylor
Copy link
Contributor

@bjwtaylor bjwtaylor commented Nov 21, 2025

Description

Inline check_pair functions resolves #521

PR checklist

  • changelog not required because: No public changes
  • framework PR not required
  • mbedtls development PR not required because: No changes
  • mbedtls 3.6 PRnot required because: No changes
  • tests provided

@bjwtaylor bjwtaylor force-pushed the inline-check_pair branch 3 times, most recently from 1e12dba to 22b0400 Compare December 1, 2025 09:00
@bjwtaylor bjwtaylor marked this pull request as ready for review December 1, 2025 14:06
@bjwtaylor bjwtaylor added needs-review Every commit must be reviewed by at least two team members needs-reviewer This PR needs someone to pick it up for review size-s Estimated task size: small (~2d) priority-high High priority - will be reviewed soon labels Dec 1, 2025
@bjwtaylor bjwtaylor added needs-ci Needs to pass CI tests needs-work labels Dec 3, 2025
@bjwtaylor bjwtaylor added needs-review Every commit must be reviewed by at least two team members needs-reviewer This PR needs someone to pick it up for review and removed needs-review Every commit must be reviewed by at least two team members needs-reviewer This PR needs someone to pick it up for review labels Dec 5, 2025
@valeriosetti valeriosetti self-requested a review December 5, 2025 13:18
@valeriosetti valeriosetti removed needs-work needs-ci Needs to pass CI tests labels Dec 5, 2025
@davidhorstmann-arm davidhorstmann-arm self-requested a review December 8, 2025 09:42
@davidhorstmann-arm davidhorstmann-arm removed the needs-reviewer This PR needs someone to pick it up for review label Dec 8, 2025
davidhorstmann-arm
davidhorstmann-arm requested changes Dec 10, 2025
View reviewed changes
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few small things and questions, but looks good otherwise!

tests/suites/test_suite_pk.function Outdated
TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv), ret);
} else {
TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv), MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv), MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did this need changing? Was this code path not exercised before this change?

Copy link
Contributor Author

@bjwtaylor bjwtaylor Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, this was because the previous implementation was able to check the function pointer to check_pair in the structure to see if it was supported. With the new architecture this isn't available, so it progresses further before failing with a different error. You make a good point though, so I've added additional logic to return the same error as before.

drivers/builtin/src/pk.c Outdated

return prv->pk_info->check_pair_func((mbedtls_pk_context *) pub,
(mbedtls_pk_context *) prv);
if ((prv->pk_info->type == MBEDTLS_PK_RSA) || (prv->pk_info->type == MBEDTLS_PK_RSASSA_PSS)) {
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since #532 has now been merged, could you change this to use mbedtls_pk_get_key_type()?

Suggested change
if ((prv->pk_info->type == MBEDTLS_PK_RSA) || (prv->pk_info->type == MBEDTLS_PK_RSASSA_PSS)) {
if (PSA_KEY_TYPE_IS_RSA(mbedtls_pk_get_key_type(prv))) {

Copy link
Contributor Author

@bjwtaylor bjwtaylor Jan 8, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've replaced these calls with the new mbedtls_pk_get_key_type function.

drivers/builtin/src/pk.c Outdated
if ((prv->pk_info->type != MBEDTLS_PK_OPAQUE) &&
(pub->pk_info != prv->pk_info)) {
(pub->pk_info != prv->pk_info) &&
(pub->pk_info->type != prv->pk_info->type)) {
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was this check for originally and why does it need a new explicit check for the type?

Are there cases where the pk_info pointers are different but the types are the same? My understanding was that this could not happen as all of the possible pk_info structs are initialized statically (I think it's in pk_wrap.c).

Copy link
Contributor Author

@bjwtaylor bjwtaylor Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is a good point. I've removed the type check.

@davidhorstmann-arm
Copy link
Contributor

davidhorstmann-arm commented Dec 10, 2025
edited
Loading

Module Base This PR Delta % Delta
pk 3963 4043 +80 +2.02%
pk_wrap 2090 1958 -132 -6.32%
TOTAL 209749 209697 -52 -0.02%

52B code size reduction, thanks!

Ben Taylor added 5 commits January 8, 2026 15:23
Add additional tests for check_pair
23dc4ed 
Add additional tests for the check_pair functionality, as some test cases are currently not
covered. This is done first to validate that the refactoring and inline in future commits
is correct.

Signed-off-by: Ben Taylor <[email protected]>
Add new check_pair functionality
37d21b0 
Add the new check pair functionality, this is a refactored and inlined version of all of the
original check pair functions. It therefore provides the same functionality with a smaller
code size.

Signed-off-by: Ben Taylor <[email protected]>
Remove legacy functions and pointers
19a518d 
Remove the legacy functions and pointers as these are now replaced by the new inlined check_pair
functionality. Thisis functionaly equivelent to the original code with the exception of some error
codes.

Signed-off-by: Ben Taylor <[email protected]>
restore PSA_WANT_ECC_SECP_R1_512
df8b90f 
Signed-off-by: Ben Taylor <[email protected]>
Corrected typo in definitions for check pair tests in pk
2810786 
Signed-off-by: Ben Taylor <[email protected]>
Ben Taylor added 2 commits January 8, 2026 15:33
Add check for key size
0321a06 
Signed-off-by: Ben Taylor <[email protected]>
Correcting code style
c99c4f4 
Signed-off-by: Ben Taylor <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidhorstmann-arm davidhorstmann-arm davidhorstmann-arm requested changes

@valeriosetti valeriosetti Awaiting requested review from valeriosetti

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

needs-review Every commit must be reviewed by at least two team members needs-work priority-high High priority - will be reviewed soon size-s Estimated task size: small (~2d)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

PK: inline & simplify check_pair functions

3 participants

@bjwtaylor @davidhorstmann-arm @valeriosetti