tf_fuzz: fix key import and export simulation
Fix the simulation of psa_import_key() and psa_export_key(). This fixes
demo/28.test.
* This patch moves the existing simulation code for these calls from
code generation methods to a new simulate() method, as described in
ub52d00b (tf_fuzz: add new crypto key generation model, 2024-08-02).
* Extend the simulation code for `import_key_call` to check whether the
key policy is valid when calculating the expected result of the call.
This uses the new crypto simulation methods introduced in b52d00b
(tf_fuzz: add new crypto key generation model, 2024-08-02).
* Extend the simulation code for `read_key_call` (the call for
`psa_export_key()`).
* Allow `copy_policy_to_call` to fetch policy information from key
assets as well as policy assets.
Previously if a call used the policy of another policy or key asset,
the details of that policy was not stored in the call at all. To fix
this, b52d00b (tf_fuzz: add new crypto key generation model,
2024-08-02) added `copy_policy_to_call`, which copies policy
information into a call at simulation time from a named policy asset.
To correctly calculate the expected result of `read_key_call`, the
keys policy needs to be checked for the exportable usage flag. This
patch makes `copy_policy_to_call` able to fetch the policy of both a
key asset and a policy asset and copy it into the call, providing the
information necessary to do this check.
* Since the `create_key_call` was named, psa_create_key() has been
removed from PSA Crypto, and replaced with psa_import_key(). Rename
`create_key_call` to `import_key_call` to reflect this.
* In tests that use import (demo/28 and demo/32), set policy key size to
0.
In a key policy, size=0 means that the size of the key does not
matter. This change is necessary for the functioning of
psa_import_key, as the size of the data to be imported to the key is
unknown at policy-creation time.
Change-Id: I49ca3a6fa2d7d2e0deb958a15f9671f3d7c1365c
Signed-off-by: Nik Dewally <Nik.Dewally@arm.com>
diff --git a/tf_fuzz/tfz-cpp/template/crypto_template_line.hpp b/tf_fuzz/tfz-cpp/template/crypto_template_line.hpp
index 40218e5..86e866a 100644
--- a/tf_fuzz/tfz-cpp/template/crypto_template_line.hpp
+++ b/tf_fuzz/tfz-cpp/template/crypto_template_line.hpp
@@ -125,10 +125,11 @@
what asset-name barrier to search for. */
bool add_to_end_bool = (random_asset != psa_asset_usage::all);
- if (policy_info.get_policy_from_key) {
+ if (policy_info.generate_get_policy_from_key_call) {
define_call<get_key_policy_call> (set_data, random_data,
fill_in_template, create_call, temLin, rsrc,
add_to_end_bool, yes_set_barrier );
+
}
define_call<get_policy_usage_call> (set_data, random_data,
fill_in_template, create_call, temLin, rsrc,
@@ -220,7 +221,7 @@
add_to_end, yes_set_barrier);
} else if (set_data.string_specified || set_data.random_data) {
// Key data (key material) supplied:
- define_call<create_key_call> (set_info, random_data,
+ define_call<import_key_call> (set_info, random_data,
fill_in_template, create_call, temLin, rsrc,
add_to_end, yes_set_barrier);
} else {
@@ -250,6 +251,8 @@
void setup_call (set_data_info set_info, bool random_data,
bool fill_in_template, bool create_call,
template_line *temLin, tf_fuzz_info *rsrc) {
+
+ temLin->policy_info.get_policy_info_from=temLin->asset_info.get_name();
define_call<read_key_data_call> (set_data, random_data,
fill_in_template, create_call, temLin, rsrc,
add_to_end, yes_set_barrier);