tf_fuzz: fix key import and export simulation
Fix the simulation of psa_import_key() and psa_export_key(). This fixes
demo/28.test.
* This patch moves the existing simulation code for these calls from
code generation methods to a new simulate() method, as described in
ub52d00b (tf_fuzz: add new crypto key generation model, 2024-08-02).
* Extend the simulation code for `import_key_call` to check whether the
key policy is valid when calculating the expected result of the call.
This uses the new crypto simulation methods introduced in b52d00b
(tf_fuzz: add new crypto key generation model, 2024-08-02).
* Extend the simulation code for `read_key_call` (the call for
`psa_export_key()`).
* Allow `copy_policy_to_call` to fetch policy information from key
assets as well as policy assets.
Previously if a call used the policy of another policy or key asset,
the details of that policy was not stored in the call at all. To fix
this, b52d00b (tf_fuzz: add new crypto key generation model,
2024-08-02) added `copy_policy_to_call`, which copies policy
information into a call at simulation time from a named policy asset.
To correctly calculate the expected result of `read_key_call`, the
keys policy needs to be checked for the exportable usage flag. This
patch makes `copy_policy_to_call` able to fetch the policy of both a
key asset and a policy asset and copy it into the call, providing the
information necessary to do this check.
* Since the `create_key_call` was named, psa_create_key() has been
removed from PSA Crypto, and replaced with psa_import_key(). Rename
`create_key_call` to `import_key_call` to reflect this.
* In tests that use import (demo/28 and demo/32), set policy key size to
0.
In a key policy, size=0 means that the size of the key does not
matter. This change is necessary for the functioning of
psa_import_key, as the size of the data to be imported to the key is
unknown at policy-creation time.
Change-Id: I49ca3a6fa2d7d2e0deb958a15f9671f3d7c1365c
Signed-off-by: Nik Dewally <Nik.Dewally@arm.com>
diff --git a/tf_fuzz/tfz-cpp/crypto_model/crypto_model.cpp b/tf_fuzz/tfz-cpp/crypto_model/crypto_model.cpp
index e6b8caf..beec424 100644
--- a/tf_fuzz/tfz-cpp/crypto_model/crypto_model.cpp
+++ b/tf_fuzz/tfz-cpp/crypto_model/crypto_model.cpp
@@ -417,6 +417,7 @@
}
bool key_type::is_valid_key_size(uint size) {
+
// (MbedTLS): size is always byte aligned
if (size % 8 != 0) {
return false;
diff --git a/tf_fuzz/tfz-cpp/crypto_model/fill_in_policy.cpp b/tf_fuzz/tfz-cpp/crypto_model/fill_in_policy.cpp
index 306d93a..e3b7181 100644
--- a/tf_fuzz/tfz-cpp/crypto_model/fill_in_policy.cpp
+++ b/tf_fuzz/tfz-cpp/crypto_model/fill_in_policy.cpp
@@ -17,7 +17,7 @@
// in this scenario, the policy cant be filled out now, and the information
// should be copied over later.
- if (!policy_info.get_policy_from_policy.empty()) {
+ if (!policy_info.get_policy_info_from.empty()) {
return;
}
@@ -38,7 +38,9 @@
policy_info.key_type = kt.get_string();
}
- if (policy_info.n_bits == 0) {
+ // key size of 0 tells psa crypto that we don't care.
+ // this is useful, for example, when importing data into a key.
+ if (policy_info.n_bits < 0) {
policy_info.n_bits = kt.get_random_valid_key_size();
}
@@ -51,7 +53,7 @@
policy_info.key_algorithm= crypto_model::get_random_algorithm().get_string_with_hash();
}
- if (policy_info.n_bits == 0) {
+ if (policy_info.n_bits < 0) {
policy_info.n_bits = crypto_model::get_random_key_size();
}
}