sys/psa_crypto: Implement persistent key storage

[Einhornhool]

Contribution description

This is an implementation of persistent key storage in PSA Crypto. It uses VFS with littlefs2 and MTD.
PSA keys are encoded in CBOR, written to files and stored in flash (or emulated flash, depending on the MTD implementation).

So far this works on native and the nRF52840dk and it requires that the board supports MTD. This is why it is optional and must be enabled explicitly when building PSA Crypto.

Testing procedure

tests/sys/psa_crypto_persistent_storage and tests/sys/psa_crypto_cbor_encoder should pass successfully on the supported platforms.
examples/psa_crypto should still build and run without problems.

Issues/PRs references

Probably needs to be updated once #19992 is merged, since this does not yet include the module separation.

[mguetschow]

Nice job, thank you! 🎉

I've finally taken the time to do a partial review (excluding the test applications and without actually running the code). A few first comments below.

[mguetschow]

Some more comments below on the tests. Thanks again for your work!

[Einhornhool]

@mguetschow thank you for the nice and detailed feedback! I didn't finish everything today, but I'm working on it =)

[mguetschow]

Two more things I thought about:

1. The keys are stored in plain-text on the (external) flash memory and could be easily read out by anyone getting their hands on the flash module. Securing this is out of scope for this PR, I'd say, but at least it should be mentioned in the documentation (maybe in a warning box?).
2. CONFIG_PSA_SINGLE_KEY_COUNT and friends only refers to in-memory key slots, this PR supports a virtually unlimited number of (additional) persistent keys, right? Maybe that should be explicitly mentioned in the docs, too.

[mguetschow]

Thanks for adapting to my feedback. The CBOR format and code is much more concise now, I like!

Second round of review below. It's quite an extensive PR, so I'd expect some more.

Just a small comment: Could you maybe avoid rebasing before pushing the changes so that Github can show me a nice diff of the actual new changes?

[Einhornhool]

Just a small comment: Could you maybe avoid rebasing before pushing the changes so that Github can show me a nice diff of the actual new changes?

Sorry, I did a rebase, because the first version of this PR was still based on the code before the changes we made in #19992 and I wanted to have most current version. But I will consider this in the future =)

[riot-ci]

Murdock results

✔️ PASSED

cbadc4f sys/psa_crypto: implement persistent key storage

Success	Failures	Total	Runtime
10065	0	10066	13m:57s

Artifacts

• Documentation preview

[mguetschow]

I'm sorry that I didn't think of this before, but keys marked as persistent should really be stored to flash unconditionally, right?

Edit: Alright, scratch that, just had another look and found the call to persist the key in psa_finish_key_creation.

[mguetschow]

Thanks again for your work! LGTM :)

@Teufelchen1 are we allowed to merge this for the next release? 👉👈

[mguetschow]

Great, congrats! 🎉

[Ollrogge]

Hey, short question: Why does this only work on the nrf52840dk and native ?

[mguetschow]

I think™ the implementation should work on all boards supporting MTD, but has only been tested on native and nrf52840dk for now. @Einhornhool could correct me if I'm wrong, and you should be able to test it on a suitable board using USEMODULE += psa_persistent_storage.

[Einhornhool]

Hey, short question: Why does this only work on the nrf52840dk and native ?

As Mikolai said, it should work with Boards that support MTD. I just haven't tested it with all of them and can't guarantee that it works.
Of course you can try it.