Add the possibility of changing key store location of Mbed Crypto provider

[hug-dev]

Keys are currently stored where the service is run but there should be a configuration parameter to choose where.
Is only possible after #38

[ionut-arm]

Instead of using the "native" mbed crypto storage, we could/should use PSA Trusted Storage: https://github.com/ARMmbed/psa_trusted_storage_linux

https://confluence.arm.com/display/mbedlinux/PSA+Storage+Software+HLD

[ionut-arm]

Managed to link in PTSL with the following steps:

• unset MBEDTLS_PSA_ITS_FILE_C in Mbed Crypto (include/mbedtls/config.h)
• clone PTSL and add a step in the lib Makefile to create libpsastorage.a
• build Mbed Crypto, including the PSA ITS headers and linking to libpsastorage.so (CFLAGS="-I<...>/psa_trusted_storage_linux/inc/" LDFLAGS="-L/usr/local/lib/ -lpsastorage")
• update build.rs to include the path to libpsastorage.a in the link path and to also link statically against the storage library

Thus, if we want to use PTSL, we might require to push an upstream patch to allow for a static library to be built "natively".

[hug-dev]

I guess we should transfer this issue to the psa-crypto repository now? Or is it no longer needed?

[ionut-arm]

No, I think this is Mbed Crypto-specific, for our provider. I think every PSA lib will have its own thing

[hug-dev]

Is this still wanted you think? As the Mbed Crypto is something just for protyping/tests I am wondering if that's worth it. Also feels wrong to add Mbed Crypto specific things in a provider that could maybe be one day PSA generic.

[ionut-arm]

Yeah, I came across the issue a few days ago and was wondering the same. I'd be ok with just closing this, we've not had requests for it.

Also feels wrong to add Mbed Crypto specific things in a provider that could maybe be one day PSA generic.

Well, given that the provider is called Mbed Crypto Provider, I'd say that approach is ok to take. But not today.