Support key file IDs encoding the key owner #59
Conversation
gilles-peskine-arm
added
enhancement
| { | ||
| int32_t owner; | ||
| uint32_t key_id; | ||
| } psa_key_file_id_t; |
There was a problem hiding this comment.
Not super important, but maybe the compiler will generate slightly more efficient code if this struct has the same binary representation as the UID we send to ITS.
There was a problem hiding this comment.
Indeed, putting the key id first saves a few instructions. From make CC=arm-linux-gnueabi-gcc CFLAGS='-Os -mthumb' (not exactly v7m but should be close enough):
-rw-rw-r-- 1 gilpes01 gilpes01 1948 Feb 18 20:43 library.spm/key_owner/psa_crypto_storage_its.o
-rw-rw-r-- 1 gilpes01 gilpes01 1964 Feb 18 20:44 library.spm/owner_key/psa_crypto_storage_its.o
I'm not fluent enough in arm assembly to explain the difference without spending more time than I care to right now.
There was a problem hiding this comment.
I don't think it's so Arm specific. If the binary representation is the same, the program doesn't have to swap the order around before passing the 64-bit value on to ITS and may be able to use the binary representation as-is, assuming alignment works out and so forth.
There was a problem hiding this comment.
I put key_id first in the rebased version. It's likely to be neutral or a tiny improvement on any little-endian platform. How much it saves depends on the ABI and of course on what the compiler makes of the code.
library/psa_crypto_storage_its.c
Outdated
| /* Encode the owner in the upper 32 bits. This means that if | ||
| * owner values are nonzero (as they are on a PSA platform), | ||
| * key files don't clash with file names such as the random seed | ||
| file which have an identifier in the range 0..0xffffffff. */ |
There was a problem hiding this comment.
Style: Add leasing * on this line.
There was a problem hiding this comment.
Fixed in the new history.
library/psa_crypto_storage_its.c
Outdated
| /* Encode the owner in the upper 32 bits. This means that if | ||
| * owner values are nonzero (as they are on a PSA platform), | ||
| * key files don't clash with file names such as the random seed | ||
| file which have an identifier in the range 0..0xffffffff. */ |
There was a problem hiding this comment.
"the random seed file which have an identifier" parsing error. This should be "has"? But, that doesn't seem to have the right meaning. I don't believe the random seed file has an identifier in the range 0 through 0xffffffff.
Suggest adding commas and "for" like so:
key files don't clash with file names, such as for the random seed file, which have an identifier in the range 0..0xffffffff.
There was a problem hiding this comment.
Reworded in the new history.
| @@ -236,7 +244,7 @@ static psa_status_t psa_internal_make_key_persistent( psa_key_handle_t handle, | |||
| } | |||
|
|
|||
| static psa_status_t persistent_key_setup( psa_key_lifetime_t lifetime, | |||
| psa_key_id_t id, | |||
| psa_key_file_id_t id, | |||
There was a problem hiding this comment.
Is changing psa_key_id_t to psa_key_file_id_t everywhere really the best option?
If we keep this PR as-is and then do the following, we wouldn't require changing to psa_key_file_id_t everywhere. Would this be a workable improvement?
- Remove
typedef uint32_t psa_key_id_t;from crypto_types.h - Add
typedef psa_app_key_id_t psa_key_id_tto crypto_platform.h for non-SPM platforms
Then we'd have the following situation:
- Using
psa_key_file_id_taspsa_key_id_ton SPM platforms (what we sort of have in this PR now, but don't use it) - Using
psa_app_key_id_taspsa_key_id_ton non-SPM platforms
Maybe there is a reason to keep defining psa_key_id_t in crypto_types.h that I'm not seeing. In which case, we can keep that as-is and actually use that type definition instead of psa_key_file_id_t everywhere.
There was a problem hiding this comment.
Currently, crypto_types.h and crypto.h are used to generate the specification, so they have to use the standard definitions. I wanted to minimize the incursion of MbedCrypto-specific stuff there.
Once the specification and the implementation are fully split (which should take a couple of weeks), I think we should define psa_key_file_id_t in crypto_types.h and use it in crypto.h.
include/psa/crypto_types.h
Outdated
| * used when building Mbed Crypto as a library inside the PSA Cryptography | ||
| * service. Applications that call the service see the standard API with a | ||
| * 32-bit type. */ | ||
| #if !defined(MBEDTLS_PSA_CRYPTO_SPM) |
There was a problem hiding this comment.
MBEDTLS_PSA_CRYPTO_SPM is defined for the entire secure side. This means that if another secure partition will try to communicate with crypto, this client will see psa_key_id_t as the full struct (i.e. psa_key_file_id_t) as not as uint32_t.
There was a problem hiding this comment.
This could work if the ifdefs in the header files are tested for PSA_CRYPTO_SECURE instead of MBEDTLS_PSA_CRYPTO_SPM.
There was a problem hiding this comment.
Ok, I'll change that.
gilles-peskine-arm
added
needs: work
|
I'm going to update this PR with a new commit history that splits up the original large commit that both renames |
include/psa/crypto_platform.h
Outdated
| @@ -63,7 +63,6 @@ typedef struct | |||
| } psa_key_file_id_t; | |||
| typedef psa_key_file_id_t psa_key_id_t; | |||
| #define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id ) | |||
| #endif | |||
There was a problem hiding this comment.
Stray leftover from a partial commit, I'll fix this in a rebase.
…g ITS" This reverts commit 7b6f37f. This revert is due to PR ARMmbed#59.
…g ITS" This reverts commit 7b6f37f. This revert is due to PR ARMmbed#59.
gilles-peskine-arm
force-pushed
the
psa-its-64_bit_internal_key_id
branch
2 times, most recently
from
9a01397 to
bf7c8a3
Compare
|
I have pushed an updated version with a new, more granular history. The differences:
|
gilles-peskine-arm
added
needs: review
gilles-peskine-arm
force-pushed
the
psa-its-64_bit_internal_key_id
branch
from
bf7c8a3 to
ec19596
Compare
|
I made another, minor rebase to fix some issues reported by the CI:
Previous history at https://github.com/gilles-peskine-arm/mbed-crypto/tree/psa-its-64_bit_internal_key_id-3 |
|
This needs CI to pass before we can merge it. |
Patater
added
needs: ci
gilles-peskine-arm
dismissed stale reviews from Patater, dgreen-arm, and itayzafrir
via
eda4ffd
gilles-peskine-arm
force-pushed
the
psa-its-64_bit_internal_key_id
branch
from
ec19596 to
eda4ffd
Compare
|
I fixed a typo in “Support encoding an owner in key file IDs” which should let the CI do its job. |
Neither am I, but I'm even less a fan of writing
Actually, at that point, we'll change more occurrences of |
gilles-peskine-arm
force-pushed
the
psa-its-64_bit_internal_key_id
branch
from
eda4ffd to
8ee2669
Compare
|
I fixed another typo in “Support encoding an owner in key file IDs” which should let the CI do its job this time. |
|
Minor style: Now the alignment is off, since library/psa_crypto_slot_management.c:192 |
|
Since I've been rebasing anyway, I'll rebase again to fix the alignment. |
PSA_MAX_PERSISTENT_KEY_IDENTIFIER was actually one plus the maximum key identifier. Change it to be the maximum value, and change the code that uses it accordingly. There is no semantic change here (the maximum value hasn't changed). This commit only makes the implementation clearer.
gilles-peskine-arm
force-pushed
the
psa-its-64_bit_internal_key_id
branch
from
8ee2669 to
572f067
Compare
Differentiate between _key identifiers_, which are always `uint32_t`,
and _key file identifiers_, which are platform-dependent. Normally,
the two are the same.
In `psa/crypto_platform.h`, define `psa_app_key_id_t` (which is always
32 bits, the standard key identifier type) and
`psa_key_file_id_t` (which will be different in some service builds).
A subsequent commit will introduce a platform where the two are different.
It would make sense for the function declarations in `psa/crypto.h` to
use `psa_key_file_id_t`. However this file is currently part of the
PSA Crypto API specification, so it must stick to the standard type
`psa_key_id_t`. Hence, as long as the specification and Mbed Crypto
are not separate, use the implementation-specific file
`psa/crypto_platform.h` to define `psa_key_id_t` as `psa_key_file_id_t`.
In the library, systematically use `psa_key_file_id_t`.
perl -i -pe 's/psa_key_id_t/psa_key_file_id_t/g' library/*.[hc]
Declare the owner as psa_key_owner_id_t, of which an implementation must be provided separately. Make this a configuration option MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER, to make the conditional compilation flow easier to follow. Declare it in config.h to pacify check_names.sh. Support for a specific implementation of psa_key_owner_id_t in storage backends will come in a subsequent commit.
When building for the PSA crypto service (defined(PSA_CRYPTO_SECURE)), define psa_key_owner_id_t as int32_t, which is how a PSA platform encodes partition identity. Note that this only takes effect when the build option MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is active. Support this configuration in the ITS backend.
|
Aligned. |
Add support for key file identifier that encode the key owner. Use the type
psa_key_file_id_tto refer to key files, as opposed topsa_key_id_twhich is the key identifier specified by the application. The two types are identical except when building the library for a multi-client service (currently: only the PSA crypto service, under the build optionMBEDTLS_PSA_CRYPTO_SPM).Because
psa/crypto.handpsa/crypto_types.hare part of the source of the PSA Crypto API specification, use the standard types there. Definepsa_key_file_id_tinpsa/crypto_platform.hdepending on whetherMBEDTLS_PSA_CRYPTO_SPMis defined. We can make this cleaner by usingpsa_key_file_id_tinpsa/crypto.honce the specification is separated from the implementation.The file storage backend, and all of the tests, do not support
MBEDTLS_PSA_CRYPTO_SPM. I have manually checked that the build withMBEDTLS_PSA_CRYPTO_SPMandMBEDTLS_PSA_STORAGE_ITS_Cworks with dummypsa/error.handpsa/internal_trusted_storage.h. Testing without a board would require updating and mergin https://github.com/ARMmbed/mbedtls-psa/pull/204 .