tf_fuzz: fix key import and export simulation
Fix the simulation of psa_import_key() and psa_export_key(). This fixes
demo/28.test.
* This patch moves the existing simulation code for these calls from
code generation methods to a new simulate() method, as described in
ub52d00b (tf_fuzz: add new crypto key generation model, 2024-08-02).
* Extend the simulation code for `import_key_call` to check whether the
key policy is valid when calculating the expected result of the call.
This uses the new crypto simulation methods introduced in b52d00b
(tf_fuzz: add new crypto key generation model, 2024-08-02).
* Extend the simulation code for `read_key_call` (the call for
`psa_export_key()`).
* Allow `copy_policy_to_call` to fetch policy information from key
assets as well as policy assets.
Previously if a call used the policy of another policy or key asset,
the details of that policy was not stored in the call at all. To fix
this, b52d00b (tf_fuzz: add new crypto key generation model,
2024-08-02) added `copy_policy_to_call`, which copies policy
information into a call at simulation time from a named policy asset.
To correctly calculate the expected result of `read_key_call`, the
keys policy needs to be checked for the exportable usage flag. This
patch makes `copy_policy_to_call` able to fetch the policy of both a
key asset and a policy asset and copy it into the call, providing the
information necessary to do this check.
* Since the `create_key_call` was named, psa_create_key() has been
removed from PSA Crypto, and replaced with psa_import_key(). Rename
`create_key_call` to `import_key_call` to reflect this.
* In tests that use import (demo/28 and demo/32), set policy key size to
0.
In a key policy, size=0 means that the size of the key does not
matter. This change is necessary for the functioning of
psa_import_key, as the size of the data to be imported to the key is
unknown at policy-creation time.
Change-Id: I49ca3a6fa2d7d2e0deb958a15f9671f3d7c1365c
Signed-off-by: Nik Dewally <Nik.Dewally@arm.com>
diff --git a/tf_fuzz/tfz-cpp/parser/tf_fuzz_grammar.y b/tf_fuzz/tfz-cpp/parser/tf_fuzz_grammar.y
index 9b93df5..41889a9 100644
--- a/tf_fuzz/tfz-cpp/parser/tf_fuzz_grammar.y
+++ b/tf_fuzz/tfz-cpp/parser/tf_fuzz_grammar.y
@@ -99,7 +99,7 @@
get_key_policy_call *getKeyPolCal = nullptr;
key_call *keyCal = nullptr;
generate_key_call *genKeyCal = nullptr;
- create_key_call *creKeyCal = nullptr;
+ import_key_call *creKeyCal = nullptr;
copy_key_call *copKeyCal = nullptr;
read_key_data_call *reaKeyDatCal = nullptr;
remove_key_call *remKeyCal = nullptr;
@@ -1139,6 +1139,13 @@
policy_info.n_bits = num;
IVM(cout << yytext << "\"" << endl;)
}
+
+ | SIZE STAR{
+ IVM(cout << "Policy-Size: random \"" << flush;)
+ int num = atol(yytext);
+ policy_info.n_bits = -1;
+ IVM(cout << yytext << "\"" << endl;)
+ }
policy_specs:
%empty /* nothing */
| policy_spec policy_specs {
@@ -1176,7 +1183,7 @@
NAME IDENTIFIER {
IVM(cout << "policy-asset identifier list: \"" << flush;)
random_name = false;
- policy_info.get_policy_from_key = false;
+ policy_info.generate_get_policy_from_key_call = false;
asset_name = identifier; /* TODO: Not sure this ultimately has any effect... */
parsed_asset.asset_name_vector.push_back (identifier);
random_asset = psa_asset_usage::all; /* don't randomly choose existing asset */
@@ -1185,21 +1192,21 @@
}
| STAR ACTIVE {
IVM(cout << "policy-asset random active: \"" << flush;)
- policy_info.get_policy_from_key = false;
+ policy_info.generate_get_policy_from_key_call = false;
random_asset = psa_asset_usage::active;
parsed_asset.id_n_not_name = false;
IVM(cout << yytext << "\"" << endl;)
}
| STAR DELETED {
IVM(cout << "policy-asset random deleted: \"" << flush;)
- policy_info.get_policy_from_key = false;
+ policy_info.generate_get_policy_from_key_call = false;
random_asset = psa_asset_usage::deleted;
parsed_asset.id_n_not_name = false;
IVM(cout << yytext << "\"" << endl;)
}
| KEY IDENTIFIER {
IVM(cout << "policy-asset specified by key: \"" << flush;)
- policy_info.get_policy_from_key = true;
+ policy_info.generate_get_policy_from_key_call = true;
random_name = false;
asset_name.assign (identifier); /* ask this key what it's policy is */
random_asset = psa_asset_usage::all; /* don't randomly choose existing asset */
@@ -1245,7 +1252,7 @@
| POLICY IDENTIFIER {
IVM(cout << "Key-set sources, explicitly-specified policy name: "
<< flush;)
- policy_info.get_policy_from_policy = identifier;
+ policy_info.get_policy_info_from = identifier;
policy_info.asset_2_name = identifier; /* policy */
/* Make note that key data (key material) was not specified: */
IVM(cout << yytext << "\"" << endl;)