Crypto Service - keys access control

[itayzafrir]

Description

Access control for crypto keys in crypto service.

This is in continuation of PR #9575 which ensured that only the key creator is allowed to open a key & obtain a handle to it.

This PR, validates that the psa_key_handle_t argument (passed in as an input argument to the crypto APIs) is associated with the calling partition, i.e. that the API caller is also the key owner/creator.

Please do not merge or run CI - needs preceding PR #9575

Reviewers, reviews should start from c9130428951d60d865826e431eb400d92223b163, previous commits are from #9575 and are being reviewed there.

Pull request type

[ ] Fix
[ ] Refactor
[ ] Target update
[X] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

@avolinski

[ciarmcom]

@itayzafrir, thank you for your changes.
@avolinski @ARMmbed/mbed-os-crypto @ARMmbed/mbed-os-maintainers please review.

[alekshex]

part 0.5

[0xc0170]

license header files in each file

[itayzafrir]

@0xc0170 these files were introduced in PR #9575, the commits relevant to this PR start from c913042. I've added the license in #9575 (3bc5f90), this branch will be rebased once 9575 goes through.

[cmonr]

this branch will be rebased once #9575 goes through.

Just leaving a more visible note.

[NirSonnenschein]

@0xc0170 your review comment seems to be fixed, please re-review.
@ARMmbed/mbed-os-crypto - this PR has been opened for a while, please review or comment on why you aren't going to.

Will be rereviewed once rebased

[itayzafrir]

@avolinski rebased on master, please take another look

[0xc0170]

these functions should contain documentation?

[itayzafrir]

I don't think so, this is internal only. These could have been implemented as static functions in psa_crypto_partition.c...

[0xc0170]

we could use \internal or using _internal suffix in the header or at least a comment in this header file.

Even internal functions should have documentation, hidden from public (using #if !defined(DOXYGEN_ONLY)). IF you look at some drivers headers like SPI.h

[itayzafrir]

Added in 5ac58b84dfa06f1c6cd76293dd4f01a5511124a0

[itayzafrir]

PSA spec suggests abort() should be called

@alzix it's been used like that repeatedly as of cf3fd85

[alekshex]

isn't it
psa_crypto_access_control_reset();?

[itayzafrir]

The macro was removed in 6475bc65d818fc9ff4fc6c2c02de3d1b7ecde24a in favor of the static inline function.

[itayzafrir]

Rebased on master

[NirSonnenschein]

@0xc0170 @alzix @ARMmbed/mbed-os-crypto please review/re-review (rebased and comments addressed).

[NirSonnenschein]

removing @ARMmbed/mbed-os-crypto as a reviewer. if you would still like to review please do so ASAP

[NirSonnenschein]

@0xc0170 @alzix , please re-review after the rebase

[0xc0170]

Please do not merge or run CI - needs preceding PR #9575

Merged, this should be ready for review and CI

[itayzafrir]

Merged, this should be ready for review and CI

Yes this is unblocked now

[0xc0170]

CI started

[mbed-ci]

Test run: SUCCESS

Summary: 12 of 12 test jobs passed
Build number : 1
Build artifacts

[0xc0170]

@alzix Happy with the latest update? This is ready to land otherwise

[itayzafrir]

Not sure about the availability of @alzix, he might be OOO for a while...