tf_fuzz: fix key import and export simulation
Fix the simulation of psa_import_key() and psa_export_key(). This fixes
demo/28.test.
* This patch moves the existing simulation code for these calls from
code generation methods to a new simulate() method, as described in
ub52d00b (tf_fuzz: add new crypto key generation model, 2024-08-02).
* Extend the simulation code for `import_key_call` to check whether the
key policy is valid when calculating the expected result of the call.
This uses the new crypto simulation methods introduced in b52d00b
(tf_fuzz: add new crypto key generation model, 2024-08-02).
* Extend the simulation code for `read_key_call` (the call for
`psa_export_key()`).
* Allow `copy_policy_to_call` to fetch policy information from key
assets as well as policy assets.
Previously if a call used the policy of another policy or key asset,
the details of that policy was not stored in the call at all. To fix
this, b52d00b (tf_fuzz: add new crypto key generation model,
2024-08-02) added `copy_policy_to_call`, which copies policy
information into a call at simulation time from a named policy asset.
To correctly calculate the expected result of `read_key_call`, the
keys policy needs to be checked for the exportable usage flag. This
patch makes `copy_policy_to_call` able to fetch the policy of both a
key asset and a policy asset and copy it into the call, providing the
information necessary to do this check.
* Since the `create_key_call` was named, psa_create_key() has been
removed from PSA Crypto, and replaced with psa_import_key(). Rename
`create_key_call` to `import_key_call` to reflect this.
* In tests that use import (demo/28 and demo/32), set policy key size to
0.
In a key policy, size=0 means that the size of the key does not
matter. This change is necessary for the functioning of
psa_import_key, as the size of the data to be imported to the key is
unknown at policy-creation time.
Change-Id: I49ca3a6fa2d7d2e0deb958a15f9671f3d7c1365c
Signed-off-by: Nik Dewally <Nik.Dewally@arm.com>
diff --git a/tf_fuzz/tfz-cpp/utility/data_blocks.hpp b/tf_fuzz/tfz-cpp/utility/data_blocks.hpp
index 03b1294..5294de0 100644
--- a/tf_fuzz/tfz-cpp/utility/data_blocks.hpp
+++ b/tf_fuzz/tfz-cpp/utility/data_blocks.hpp
@@ -211,80 +211,89 @@
class key_policy_info
{
public:
- // Data members:
- // Digested info:
- /* if true, then we must get policy info from a stated key; the asset
- here is a key that uses the policy, and not the policy itself. */
- bool get_policy_from_key;
+ /* if true, then we must get generate a call to get policy info from a stated
+ key. */
+ bool generate_get_policy_from_key_call;
- // If set, the policy asset specified should be used to fill in the policy
- // at simulation time. This overwrites the other values in the object.
- //
- // If blank, the values in the object are used as-is.
- //
- // See `psa_call::copy_policy_to_call`
- string get_policy_from_policy;
+ // If set, the policy or key asset specified should be used to fill in the
+ // policy at simulation time. This overwrites the other values in the object.
+ //
+ // If blank, the values in the object are used as-is.
+ //
+ // See `psa_call::copy_policy_to_call`
+ string get_policy_info_from;
- /* if true, then the key was defined with policy specifications, but not
- a named policy, meaning that we have to create an implicit policy. */
- bool implicit_policy;
- bool copy_key = false; // true to indicate copying one key to another
- bool exportable=false; // key data can be exported (viewed - fail exports if not).
- bool copyable=false; // can be copied (fail key-copies if not).
- bool can_encrypt=false; // OK for encryption (fail other uses).
- bool can_decrypt=false; // OK for decryption (fail other uses).
- bool can_sign=false; // OK for signing (fail other operations).
- bool can_verify=false; // OK for verifying a message signature (fail other uses).
- bool derivable=false; // OK for derive other keys (fail other uses).
- bool persistent=false; // must be deleted at the end of test.
+ /* if true, then the key was defined with policy specifications, but not
+ a named policy, meaning that we have to create an implicit policy. */
+ bool implicit_policy;
+ bool copy_key = false; // true to indicate copying one key to another
+ bool exportable =
+ false; // key data can be exported (viewed - fail exports if not).
+ bool copyable = false; // can be copied (fail key-copies if not).
+ bool can_encrypt = false; // OK for encryption (fail other uses).
+ bool can_decrypt = false; // OK for decryption (fail other uses).
+ bool can_sign = false; // OK for signing (fail other operations).
+ bool can_verify =
+ false; // OK for verifying a message signature (fail other uses).
+ bool derivable = false; // OK for derive other keys (fail other uses).
+ bool persistent = false; // must be deleted at the end of test.
+ // no_<flag> denotes that <flag> must not be set in the key.
+ //
+ // For the above flags, truth means "must be set" and false means "don't
+ // care". Setting no_<flag> means "must not be set". no_<flag> takes
+ // presedence over <flag>.
- // no_<flag> denotes that <flag> must not be set in the key.
- //
- // For the above flags, truth means "must be set" and false means "don't care".
- // Setting no_<flag> means "must not be set". no_<flag> takes presedence over <flag>.
+ bool no_exportable = false; // true to indicate that exportable must not be
+ // set during randomisation
+ bool no_copyable = false; // true to indicate that copyable must not be set
+ // during randomisation
+ bool no_can_encrypt = false; // true to indicate that can_encrypt must not be
+ // set during randomisation
+ bool no_can_decrypt = false; // true to indicate that can_decrypt must not be
+ // set during randomisation
+ bool no_can_sign = false; // true to indicate that can_sign must not be set
+ // during randomisation
+ bool no_can_verify = false; // true to indicate that can_verify must not be
+ // set during randomisation
+ bool no_derivable = false; // true to indicate that derivable must not be set
+ // during randomisation
+ bool no_persistent = false; // true to indicate that persistent must not be
+ // set during randomisation
- bool no_exportable=false; // true to indicate that exportable must not be set during randomisation
- bool no_copyable=false; // true to indicate that copyable must not be set during randomisation
- bool no_can_encrypt=false; // true to indicate that can_encrypt must not be set during randomisation
- bool no_can_decrypt=false; // true to indicate that can_decrypt must not be set during randomisation
- bool no_can_sign=false; // true to indicate that can_sign must not be set during randomisation
- bool no_can_verify=false; // true to indicate that can_verify must not be set during randomisation
- bool no_derivable=false; // true to indicate that derivable must not be set during randomisation
- bool no_persistent=false; // true to indicate that persistent must not be set during randomisation
+ string usage_string;
+ /* This string is set to a PSA_KEY_USAGE_* value in the template
+ immediately prior to making define_call<add_policy_usage_call>.
+ The copy_template_to_call() therein sets the corresponding string
+ in the call, and that is copied into the code in the
+ fill_in_command() invocation. */
+ string print_usage_true_string;
+ /* For printing out policy usage, this states how to describe the usage
+ if it can be used this way. This is managed similarly with, and
+ used in conjunction with usage_string above. NOTE: THIS ALSO SERVES AS AN
+ INDICATOR WHETHER OR NOT TO PRINT ON A GET-USAGE CALL. "" means
+ not to print. */
+ string print_usage_false_string;
+ /* Also for printing out policy usage, this is how to describe usage if
+ it cannot be used this way. */
+ string key_type; // AES, DES, RSA pair, DS public, etc.
+ string key_algorithm;
- string usage_string;
- /* This string is set to a PSA_KEY_USAGE_* value in the template
- immediately prior to making define_call<add_policy_usage_call>.
- The copy_template_to_call() therein sets the corresponding string
- in the call, and that is copied into the code in the fill_in_command()
- invocation. */
- string print_usage_true_string;
- /* For printing out policy usage, this states how to describe the usage
- if it can be used this way. This is managed similarly with, and used
- in conjunction with usage_string above. NOTE: THIS ALSO SERVES AS AN
- INDICATOR WHETHER OR NOT TO PRINT ON A GET-USAGE CALL. "" means not
- to print. */
- string print_usage_false_string;
- /* Also for printing out policy usage, this is how to describe usage if
- it cannot be used this way. */
- string key_type; // AES, DES, RSA pair, DS public, etc.
- string key_algorithm;
- int n_bits;
- // for get_key_info call (possibly others) exected key size in bits
- string handle_str; // the text name of the key's "handle"
- string key_data; // the key data as best we can know it.
- string asset_2_name;
- // if there's a 2nd asset, such as policy on key call, this is its name
- string asset_3_name; // if there's a 3rd asset, then this is its name
+ // The key size. If <0, this will be re-generated by fill_in_policy.
+ int n_bits=-1;
+ // for get_key_info call (possibly others) exected key size in bits
+ string handle_str; // the text name of the key's "handle"
+ string key_data; // the key data as best we can know it.
+ string asset_2_name;
+ // if there's a 2nd asset, such as policy on key call, this is its name
+ string asset_3_name; // if there's a 3rd asset, then this is its name
- // Methods:
- key_policy_info (void); // (default constructor)
- ~key_policy_info (void); // (destructor)
+ // Methods:
+ key_policy_info(void); // (default constructor)
+ ~key_policy_info(void); // (destructor)
-
- /** Creates a random, but not necessarily valid, policy */
- static key_policy_info create_random();
+ /** Creates a random, but not necessarily valid, policy */
+ static key_policy_info create_random();
protected: