Hi Summer,

Thanks for the information! I wanted to report that after “b11b0675 Crypto: Fix psa arch test failures” was merged in, we are still seeing PSA Crypto test 244 failing on PSoC64.

TEST: 244 | DESCRIPTION: Testing crypto key management APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_copy_key - 16 Byte AES

[Check 2] Test psa_copy_key - without copy usage

[Check 3] Test psa_copy_key - invalid lifetime

Failed at Checkpoint: 4

Actual: -136

Expected: -135

TEST RESULT: FAILED (Error Code=0x1)

Our 6 other tests which regressed are back to passing now (206, 207, 208, 211, 237, 243).

Thanks,

Alex

From: Summer Qin <Summer.Qin@arm.com>
Sent: Wednesday, March 24, 2021 7:48 PM
To: David Hu <David.Hu@arm.com>; Moore Alexander (CSCA CSS ICW SW PSW 1) <Alexander.Moore@infineon.com>
Cc: nd <nd@arm.com>; tf-m@lists.trustedfirmware.org
Subject: Re: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

Hi Alexander,

Thanks for your information.

For current TF-Mv1.3.0-RC1, yes, we have some extra failed test cases for crypto psa arch tests. They are 208, 211, 237, 243, and 244. We are now trying to fix them.

206 and 207 are our know issues. Details can be found in our tfm release failure analysis:

https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.3_release/

https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.2_release/

Thanks,

Summer

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> on behalf of Alexander.Moore--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Wednesday, March 24, 2021 3:55 PM
To: David Hu <David.Hu@arm.com>
Cc: nd <nd@arm.com>; tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>
Subject: Re: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25

What’s the build configuration on PSoC 64 with PSA Arch test:

+ BUILD_OPTS='-DTEST_PSA_API=CRYPTO -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2'

+ cmake -S . -B build_clang_psoc64 -DTFM_PLATFORM=cypress/psoc64 -DTFM_TOOLCHAIN_FILE=toolchain_ARMCLANG.cmake -DCMAKE_BUILD_TYPE=Release -DTEST_PSA_API=CRYPTO -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2

-- The C compiler identification is ARMClang 6.12.1

-- The ASM compiler identification is ARMCC

We build both debug/release, and also use gcc/armclang, all four combinations give the same PSA Crypto test results.

What’s the version of TF-M? Have you tried the latest one in master branch:

We are using the latest master (v1.2.0) and isolated the problem commit to be 28659c498c3bdbbc610959e7518bece5aaf72a19.

What’s the version of PSA Arch test:

We are using the default tagged version associated with TF-M master branch, which is “8644bd0 musca_s1 support”

Can you share more log of the failure test case:

TEST: 206 | DESCRIPTION: Testing crypto hash functions APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_hash_compute with SHA224 algorithm

[Check 2] Test psa_hash_compute with SHA256 algorithm

[Check 3] Test psa_hash_compute with SHA384 algorithm

[Check 4] Test psa_hash_compute with SHA512 algorithm

[Check 5] Test psa_hash_compute with small buffer size

[Check 6] Test psa_hash_compute with invalid algorithm

Failed at Checkpoint: 3

Actual: -135

Expected: -134

TEST RESULT: FAILED (Error Code=0x1)

TEST: 207 | DESCRIPTION: Testing crypto hash functions APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_hash_compare - SHA224 algorithm

[Check 2] Test psa_hash_compare - SHA256 algorithm

[Check 3] Test psa_hash_compare - SHA384 algorithm

[Check 4] Test psa_hash_compare - SHA512 algorithm

[Check 5] Test psa_hash_compare - incorrect hash

[Check 6] Test psa_hash_compare - incorrect hash length

[Check 7] Test psa_hash_compare - invalid algorithm

Failed at Checkpoint: 3

Actual: -135

Expected: -134

TEST RESULT: FAILED (Error Code=0x1)

TEST: 208 | DESCRIPTION: Testing crypto key derivation APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_key_derivation_setup - ECDH + HKDF-SHA-256

[Check 2] Test psa_key_derivation_setup - ECDH, unknown KDF

[Check 3] Test psa_key_derivation_setup - bad key derivation algorithm

Failed at Checkpoint: 3

Actual: -134

Expected: -135

TEST RESULT: FAILED (Error Code=0x1)

TEST: 211 | DESCRIPTION: Testing crypto hash functions APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_hash_setup with SHA224 algorithm

[Check 2] Test psa_hash_setup with SHA256 algorithm

[Check 3] Test psa_hash_setup with SHA384 algorithm

[Check 4] Test psa_hash_setup with SHA512 algorithm

[Check 5] Test psa_hash_setup with Invalid hash algorithm

Failed at Checkpoint: 3

Actual: -135

Expected: -134

TEST RESULT: FAILED (Error Code=0x1)

TEST: 237 | DESCRIPTION: Testing crypto symmetric cipher APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING

[Check 2] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING (Short in)

[Check 3] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7

[Check 4] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 (Short input)

[Check 5] Test psa_cipher_finish - Encrypt - AES CTR

[Check 6] Test psa_cipher_finish - Encrypt - AES CTR (short input)

[Check 7] Test psa_cipher_finish - Encrypt - small output buffer size

[Check 8] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING

[Check 9] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING (Short in)

Failed at Checkpoint: 8

Actual: -135

Expected: -137

TEST RESULT: FAILED (Error Code=0x1)

TEST: 243 | DESCRIPTION: Testing crypto key derivation APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_raw_key_agreement - ECDH SECP256R1

[Check 2] Test psa_raw_key_agreement - Small buffer size

[Check 3] Test psa_raw_key_agreement - ECDH SECP384R1

[Check 4] Test psa_raw_key_agreement - Invalid usage

[Check 5] Test psa_raw_key_agreement - Unknown KDF

Failed at Checkpoint: 4

Actual: -134

Expected: -135

TEST RESULT: FAILED (Error Code=0x1)

TEST: 244 | DESCRIPTION: Testing crypto key management APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_copy_key - 16 Byte AES

[Check 2] Test psa_copy_key - without copy usage

[Check 3] Test psa_copy_key - invalid lifetime

Failed at Checkpoint: 4

Actual: -136

Expected: -135

TEST RESULT: FAILED (Error Code=0x1)

Thanks,

Alex

From: David Hu <David.Hu@arm.com>
Sent: Monday, March 22, 2021 7:56 PM
To: Moore Alexander (CSCA CSS ICW SW PSW 1) <Alexander.Moore@infineon.com>
Cc: tf-m@lists.trustedfirmware.org; nd <nd@arm.com>
Subject: RE: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

Hi Alexander,

Thanks for reporting this issue.

Can I ask for more details of the failures?

What’s the build configuration on PSoC 64 with PSA Arch test?
What’s the version of TF-M? Have you tried the latest one in master branch?
What’s the version of PSA Arch test?
Can you share more log of the failure test case?

Thanks.

Best regards,

Hu Ziji

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Alexander.Moore--- via TF-M
Sent: Tuesday, March 23, 2021 6:42 AM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25

Hello,

After “28659c49 Crypto: Upgrade Mbed TLS to 2.25” we see the following 7 PSA Crypto test failures on PSoC64 which were passing before this commit:

TEST: 206

TEST: 207

TEST: 208

TEST: 211

TEST: 237

TEST: 243

TEST: 244

Are these failures expected? As far as we can tell, there is nothing else to be done associated with the 2.25 upgrade, i.e. the build automatically pulls 2.25 down, and there are no corresponding commits to psa-arch-tests to support the upgrade or any other changes necessary.

Thanks,

Alex