Skip to content

Crypto IPC 64 bit key ids for ITS #9575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 27, 2019
Merged

Crypto IPC 64 bit key ids for ITS #9575

merged 4 commits into from
Feb 27, 2019

Conversation

itayzafrir
Copy link
Contributor

@itayzafrir itayzafrir commented Jan 31, 2019
edited
Loading

Description

Support 64 bit crypto key ids for TARGET_PSA systems.

Crypto type psa_key_id_t is defined differently between client and server, this PR is here to provide the key owner (i.e. the calling partition) for use by the crypto library.

This PR assures that a crypto key can be opened only by the key owner/creator, i.e. the partition which created the key in the first place.

Please do not merge or run CI - depends on ARMmbed/mbed-crypto#32 and also ARMmbed/mbed-crypto#59.
Once 32 and 59 have been merged to mbed-crypto this PR will need to be re-imported via crypto importer into Mbed OS.

Pull request type

[ ] Fix
[ ] Refactor
[ ] Target update
[x] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

@avolinski @Patater

@itayzafrir itayzafrir changed the title Crypto IPC 64 bit key ids Crypto IPC 64 bit key ids for ITS Jan 31, 2019
@ciarmcom ciarmcom requested review from alekshex, Patater and a team January 31, 2019 16:00
@ciarmcom
Copy link
Member

@itayzafrir, thank you for your changes.
@Patater @avolinski @ARMmbed/mbed-os-core @ARMmbed/mbed-os-tools @ARMmbed/mbed-os-maintainers @ARMmbed/mbed-os-test @ARMmbed/mbed-os-crypto @ARMmbed/mbed-os-tls please review.

@itayzafrir itayzafrir force-pushed the crypto-64-bit-key-ids branch 5 times, most recently from ef3f6aa to 636086f Compare February 5, 2019 08:43
@itayzafrir
Copy link
Contributor Author

Rebased on master, please take a look guys.

@itayzafrir itayzafrir force-pushed the crypto-64-bit-key-ids branch from 636086f to 44df786 Compare February 5, 2019 08:51
alekshex
alekshex suggested changes Feb 5, 2019
View reviewed changes
alekshex
alekshex suggested changes Feb 5, 2019
View reviewed changes
@itayzafrir itayzafrir force-pushed the crypto-64-bit-key-ids branch from 44df786 to d2947e0 Compare February 5, 2019 16:39
@itayzafrir
Copy link
Contributor Author

@avolinski I've rebased and addressed your comments so far. Old branch @ https://github.com/itayzafrir/mbed-os/tree/crypto-64-bit-key-ids-1

@itayzafrir itayzafrir mentioned this pull request Feb 6, 2019
Merged
@NirSonnenschein
Copy link
Contributor

@ARMmbed/mbed-os-core @ARMmbed/mbed-os-tls @ARMmbed/mbed-os-tools @ARMmbed/mbed-os-test @ARMmbed/mbed-os-crypto please review or comment if you don't wish to review.

bridadan
bridadan reviewed Feb 6, 2019
View reviewed changes
Copy link
Contributor

@bridadan bridadan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are no tool changes in this PR

@itayzafrir itayzafrir mentioned this pull request Feb 7, 2019
Merged
@NirSonnenschein
Copy link
Contributor

Second reminder: This PR has been open for 18 days, and has still not been reviewed.
@ARMmbed/mbed-os-core @ARMmbed/mbed-os-tls @ARMmbed/mbed-os-test @ARMmbed/mbed-os-crypto @Patater please review or comment if you don't wish to review.

cc: @0xc0170 @adbridge @cmonr

@NirSonnenschein
Copy link
Contributor

@Patater @ARMmbed/mbed-os-crypto @ARMmbed/mbed-os-tls would you still like to review this PR (if so please do so) or can it go through.

@mbed-ci
Copy link

mbed-ci commented Feb 24, 2019

Test run: SUCCESS

Summary: 12 of 12 test jobs passed
Build number : 1
Build artifacts

@0xc0170
Copy link
Contributor

0xc0170 commented Feb 25, 2019

This PR is waiting for reviewers to complete their reviews.

@cmonr
Copy link
Contributor

cmonr commented Feb 25, 2019

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

This will need a rebase.

@Patater @ARMmbed/mbed-os-crypto @ARMmbed/mbed-os-tls Please re-review.

itayzafrir added 4 commits February 26, 2019 12:27
crypto service: Remove unused IPC argument and unneeded casts
2b9b294
crypto service: Assemble bit crypto key ids
3992b83
Define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
ca94dc8 
This enables crypto encoding an owner in key file IDs.
Added a static assert check in client side proxy.
Remove duplicate inclusion of header files
fc2b072 
Remove duplicate inclusion of psa/client.h and psa/service.h
@itayzafrir itayzafrir force-pushed the crypto-64-bit-key-ids branch from 7d7cc46 to fc2b072 Compare February 26, 2019 10:30
@itayzafrir
Copy link
Contributor Author

Rebased to resolve merge confilcts in components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

Patater
Patater approved these changes Feb 26, 2019
View reviewed changes
Copy link
Contributor

@Patater Patater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

bytes_read = psa_read(msg.handle, 1, &id, msg.in_size[1]);
bytes_read = psa_read(msg.handle, 1, &(id.key_id), msg.in_size[1]);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using PSA_KEY_FILE_GET_KEY_ID to get the key ID.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That wouldn't work here. PSA_KEY_FILE_GET_KEY_ID returns the value of key_id, here we're reading from the incoming message into key_id.

Copy link
Contributor

@Patater Patater Feb 26, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

&PSA_KEY_FILE_GET_KEY_ID(id) wouldn't work?

The downside to how this is written now is it doesn't get the advantage of the macro abstraction and may be depending on more implementation detail than it needs to. This isn't a super strong downside now, but you should be aware of and consider it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My bad, it would work. However I'd like to leave it as is for now, since there's no abstraction for the owner.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK

@cmonr
Copy link
Contributor

cmonr commented Feb 26, 2019

CI started

@mbed-ci
Copy link

mbed-ci commented Feb 27, 2019

Test run: SUCCESS

Summary: 12 of 12 test jobs passed
Build number : 2
Build artifacts

@cmonr
Copy link
Contributor

cmonr commented Feb 27, 2019

Holding for merge.

@itayzafrir @Patater Is this comment resolved? #9575

@Patater
Copy link
Contributor

Patater commented Feb 27, 2019

Is this comment resolved?

Yup, it's fine as-is: was just a suggestion of something to consider.

@0xc0170 0xc0170 merged commit 5ab69d5 into ARMmbed:master Feb 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Patater Patater Patater approved these changes

@bridadan bridadan bridadan left review comments

@alekshex alekshex alekshex approved these changes

@0xc0170 0xc0170 0xc0170 approved these changes

Assignees
No one assigned
Labels
release-version: 5.12.0-rc1 risk: G
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@itayzafrir @ciarmcom @NirSonnenschein @0xc0170 @Patater @cmonr @mbed-ci @bridadan @alekshex