Hi Alex,
Yes, test 244 is still failed because Mbed TLS library returns an incorrect value for psa_copy_key() when an invalid key identifier or lifetime is passed. We report this issue to Mbed TLS team. Issue link is here: https://github.com/ARMmbed/mbedtls/issues/4271
And the latest psa arch crypto test analysis is updated: https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_fa...
Thanks, Summer
________________________________ From: Alexander.Moore@infineon.com Alexander.Moore@infineon.com Sent: Tuesday, March 30, 2021 1:36 AM To: Summer Qin Summer.Qin@arm.com; David Hu David.Hu@arm.com Cc: nd nd@arm.com; tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Subject: RE: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25
Hi Summer,
Thanks for the information! I wanted to report that after “b11b0675 Crypto: Fix psa arch test failures” was merged in, we are still seeing PSA Crypto test 244 failing on PSoC64.
TEST: 244 | DESCRIPTION: Testing crypto key management APIs
[Info] Executing tests from non-secure
[Check 1] Test psa_copy_key - 16 Byte AES
[Check 2] Test psa_copy_key - without copy usage
[Check 3] Test psa_copy_key - invalid lifetime
Failed at Checkpoint: 4
Actual: -136
Expected: -135
TEST RESULT: FAILED (Error Code=0x1)
Our 6 other tests which regressed are back to passing now (206, 207, 208, 211, 237, 243).
Thanks,
Alex
From: Summer Qin Summer.Qin@arm.com Sent: Wednesday, March 24, 2021 7:48 PM To: David Hu David.Hu@arm.com; Moore Alexander (CSCA CSS ICW SW PSW 1) Alexander.Moore@infineon.com Cc: nd nd@arm.com; tf-m@lists.trustedfirmware.org Subject: Re: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safehttps://goto.infineon.com/SocialEngineering.
Hi Alexander,
Thanks for your information.
For current TF-Mv1.3.0-RC1, yes, we have some extra failed test cases for crypto psa arch tests. They are 208, 211, 237, 243, and 244. We are now trying to fix them.
206 and 207 are our know issues. Details can be found in our tfm release failure analysis:
https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_fa...
https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_fa...
Thanks,
Summer
________________________________
From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> on behalf of Alexander.Moore--- via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Wednesday, March 24, 2021 3:55 PM To: David Hu <David.Hu@arm.commailto:David.Hu@arm.com> Cc: nd <nd@arm.commailto:nd@arm.com>; tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Subject: Re: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25
What’s the build configuration on PSoC 64 with PSA Arch test:
+ BUILD_OPTS='-DTEST_PSA_API=CRYPTO -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2'
+ cmake -S . -B build_clang_psoc64 -DTFM_PLATFORM=cypress/psoc64 -DTFM_TOOLCHAIN_FILE=toolchain_ARMCLANG.cmake -DCMAKE_BUILD_TYPE=Release -DTEST_PSA_API=CRYPTO -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2
-- The C compiler identification is ARMClang 6.12.1
-- The ASM compiler identification is ARMCC
We build both debug/release, and also use gcc/armclang, all four combinations give the same PSA Crypto test results.
What’s the version of TF-M? Have you tried the latest one in master branch:
* We are using the latest master (v1.2.0) and isolated the problem commit to be 28659c498c3bdbbc610959e7518bece5aaf72a19.
What’s the version of PSA Arch test:
* We are using the default tagged version associated with TF-M master branch, which is “8644bd0 musca_s1 support”
Can you share more log of the failure test case:
TEST: 206 | DESCRIPTION: Testing crypto hash functions APIs
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_compute with SHA224 algorithm
[Check 2] Test psa_hash_compute with SHA256 algorithm
[Check 3] Test psa_hash_compute with SHA384 algorithm
[Check 4] Test psa_hash_compute with SHA512 algorithm
[Check 5] Test psa_hash_compute with small buffer size
[Check 6] Test psa_hash_compute with invalid algorithm
Failed at Checkpoint: 3
Actual: -135
Expected: -134
TEST RESULT: FAILED (Error Code=0x1)
TEST: 207 | DESCRIPTION: Testing crypto hash functions APIs
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_compare - SHA224 algorithm
[Check 2] Test psa_hash_compare - SHA256 algorithm
[Check 3] Test psa_hash_compare - SHA384 algorithm
[Check 4] Test psa_hash_compare - SHA512 algorithm
[Check 5] Test psa_hash_compare - incorrect hash
[Check 6] Test psa_hash_compare - incorrect hash length
[Check 7] Test psa_hash_compare - invalid algorithm
Failed at Checkpoint: 3
Actual: -135
Expected: -134
TEST RESULT: FAILED (Error Code=0x1)
TEST: 208 | DESCRIPTION: Testing crypto key derivation APIs
[Info] Executing tests from non-secure
[Check 1] Test psa_key_derivation_setup - ECDH + HKDF-SHA-256
[Check 2] Test psa_key_derivation_setup - ECDH, unknown KDF
[Check 3] Test psa_key_derivation_setup - bad key derivation algorithm
Failed at Checkpoint: 3
Actual: -134
Expected: -135
TEST RESULT: FAILED (Error Code=0x1)
TEST: 211 | DESCRIPTION: Testing crypto hash functions APIs
[Info] Executing tests from non-secure
[Check 1] Test psa_hash_setup with SHA224 algorithm
[Check 2] Test psa_hash_setup with SHA256 algorithm
[Check 3] Test psa_hash_setup with SHA384 algorithm
[Check 4] Test psa_hash_setup with SHA512 algorithm
[Check 5] Test psa_hash_setup with Invalid hash algorithm
Failed at Checkpoint: 3
Actual: -135
Expected: -134
TEST RESULT: FAILED (Error Code=0x1)
TEST: 237 | DESCRIPTION: Testing crypto symmetric cipher APIs
[Info] Executing tests from non-secure
[Check 1] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING
[Check 2] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING (Short in)
[Check 3] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7
[Check 4] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 (Short input)
[Check 5] Test psa_cipher_finish - Encrypt - AES CTR
[Check 6] Test psa_cipher_finish - Encrypt - AES CTR (short input)
[Check 7] Test psa_cipher_finish - Encrypt - small output buffer size
[Check 8] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING
[Check 9] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING (Short in)
Failed at Checkpoint: 8
Actual: -135
Expected: -137
TEST RESULT: FAILED (Error Code=0x1)
TEST: 243 | DESCRIPTION: Testing crypto key derivation APIs
[Info] Executing tests from non-secure
[Check 1] Test psa_raw_key_agreement - ECDH SECP256R1
[Check 2] Test psa_raw_key_agreement - Small buffer size
[Check 3] Test psa_raw_key_agreement - ECDH SECP384R1
[Check 4] Test psa_raw_key_agreement - Invalid usage
[Check 5] Test psa_raw_key_agreement - Unknown KDF
Failed at Checkpoint: 4
Actual: -134
Expected: -135
TEST RESULT: FAILED (Error Code=0x1)
TEST: 244 | DESCRIPTION: Testing crypto key management APIs
[Info] Executing tests from non-secure
[Check 1] Test psa_copy_key - 16 Byte AES
[Check 2] Test psa_copy_key - without copy usage
[Check 3] Test psa_copy_key - invalid lifetime
Failed at Checkpoint: 4
Actual: -136
Expected: -135
TEST RESULT: FAILED (Error Code=0x1)
Thanks,
Alex
From: David Hu <David.Hu@arm.commailto:David.Hu@arm.com> Sent: Monday, March 22, 2021 7:56 PM To: Moore Alexander (CSCA CSS ICW SW PSW 1) <Alexander.Moore@infineon.commailto:Alexander.Moore@infineon.com> Cc: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; nd <nd@arm.commailto:nd@arm.com> Subject: RE: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safehttps://goto.infineon.com/SocialEngineering.
Hi Alexander,
Thanks for reporting this issue.
Can I ask for more details of the failures?
* What’s the build configuration on PSoC 64 with PSA Arch test? * What’s the version of TF-M? Have you tried the latest one in master branch? * What’s the version of PSA Arch test? * Can you share more log of the failure test case?
Thanks.
Best regards,
Hu Ziji
From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Alexander.Moore--- via TF-M Sent: Tuesday, March 23, 2021 6:42 AM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25
Hello,
After “28659c49 Crypto: Upgrade Mbed TLS to 2.25” we see the following 7 PSA Crypto test failures on PSoC64 which were passing before this commit:
TEST: 206
TEST: 207
TEST: 208
TEST: 211
TEST: 237
TEST: 243
TEST: 244
Are these failures expected? As far as we can tell, there is nothing else to be done associated with the 2.25 upgrade, i.e. the build automatically pulls 2.25 down, and there are no corresponding commits to psa-arch-tests to support the upgrade or any other changes necessary.
Thanks,
Alex