On 02/03/2020 12:00, Andrej Butok via TF-M wrote:
Hi,
So, I have submitted the mbedCrypto� issue https://github.com/ARMmbed/mbed-crypto/issues/380
Several missed functions were implemented in the latest mbedCrypto. Please read the comment.
Hi Andrej, I will try to answer some of the questions. TF-M currently uses 3.0.1 tag of mbed-crypto and it has all the functions implemented in that version.
We certainly need to be able to migrate to newer versions of mbed-crypto quicker and more easily. This is one of the things I will be looking into as part of the improving the crypto service implementation in TF-M.
My current thoughts are that once mbed-crypto implements more of the other PSA crypto APIs, we could sync up TF-M to expose those APIs.
They also need clarification about the PSA failed test:
1)�psa_asymmetric_encrypt does not have support for ECC keys� � that's true, the specification currently does not define any algorithm for psa_asymmetric_encrypt�that uses ECC keys. What's the problem there?
The PSA-ACK test need to fix this. I will highlight this issue to them.
- For the incorrect key derivation error codes, what are the
problematic inputs?
There is an issue raised with mbed-crypto team discussing this issue here : https://github.com/ARMmbed/mbed-crypto/issues/175
As I understand, this needs to be fixed by mbed-crypto.
- For �psa_generate_key generates incorrect key length for RSA�, what
are the problematic inputs?
Could you clarify or this is the PSA-Test-Suite task?
The problematic input can be seen here : https://github.com/ARM-software/psa-arch-tests/blob/master/api-tests/dev_api...
This is a mismatch between the test and the crypto implementation. PSA ACK test project had been notified. I will be following up with them.
BTW:
- �mbedCrypto does not use the PSA test suite for testing (they have
own tests).
Yes, that is true.
- PSA Test Suite does not inform mbedCrypto about found PSA issues.
There is some communication as seen by the issues referenced above, but can be better
- TFM updates to the latest mbedCrypto have to be more often (ideally
after each mbedCrypto release).
- Better synchronization between the PSA Projects is needed.
Yes, certainly. Although syncing to every mbed-crypto release is too much of an overhead for TF-M and the current plan is to sync up once mbed-crypto has resolved a sizeable amount of unimplemented APIs. We are open to contributions in this regard.
Currently, all of them are moving targets, the PSA ACK tests, TF-M, mbed-crypto and the PSA specification. The mbed-crypto is moving towards PSA 1.0 whereas the PSA-ACK tests are targeting PSA 1.0 Beta3. This creates some of the mismatches.
Once the APIs have stabilized, it should be a matter of picking up the latest mbed-crypto tag and everything should work as expected.
Best Regards Soby Mathew
Thanks,
Andrej Butok
*From:* TF-M tf-m-bounces@lists.trustedfirmware.org *On Behalf Of *Andrej Butok via TF-M *Sent:* Friday, February 28, 2020 1:20 PM *To:* Anton Komlev Anton.Komlev@arm.com *Cc:* tf-m@lists.trustedfirmware.org *Subject:* Re: [TF-M] PSA-Test Suite, 23 Crypto Tests failed
Hi Anton,
OK. So this is the known issue. Is there any plan when it should be implemented?
As the test-log is used for a PSA certification, may we disable the failed tests?
BTW: As this is known issue, I did not notice it here https://github.com/ARMmbed/mbed-crypto/issues?page=1&q=is%3Aissue+is%3Ao... https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FARMmbed%2Fmbed-crypto%2Fissues%3Fpage%3D1%26q%3Dis%3Aissue%2Bis%3Aopen%2Bpsa%26utf8%3D%25E2%259C%2593&data=02%7C01%7Candrey.butok%40nxp.com%7Ccef7c65d60ad471a41a208d7bc48863f%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637184892098850312&sdata=Oaqhsl6rEBNEsrii6jDnTd18I37HqBP%2FzmaBtjarbwY%3D&reserved=0
Thanks,
Andrej
*From:* TF-M <tf-m-bounces@lists.trustedfirmware.org mailto:tf-m-bounces@lists.trustedfirmware.org> *On Behalf Of *Anton Komlev via TF-M *Sent:* Friday, February 28, 2020 12:14 PM *To:* tf-m@lists.trustedfirmware.org mailto:tf-m@lists.trustedfirmware.org *Cc:* nd <nd@arm.com mailto:nd@arm.com> *Subject:* Re: [TF-M] PSA-Test Suite, 23 Crypto Tests failed
Hello Andrej,
As you noted, the main reason of test failures is unimplemented PSA functions. Those functions are directly dependent on Embed-Crypto library where they are missed or API is not adjusted.
Recently TF-M was upgraded Embed-Crypto library from v1.0.0 to v3.0.1 and will continue so, increasing test suite coverage.
Best regards,
Anton
*From:* TF-M <tf-m-bounces@lists.trustedfirmware.org mailto:tf-m-bounces@lists.trustedfirmware.org> *On Behalf Of *Andrej Butok via TF-M *Sent:* 28 February 2020 09:46 *To:* tf-m@lists.trustedfirmware.org mailto:tf-m@lists.trustedfirmware.org *Subject:* [TF-M] PSA-Test Suite, 23 Crypto Tests failed
Hello,
After update to the latest TFM and to the latest PSA-Test Suite, 23 Crypto Tests are failed:
************ Crypto Suite Report **********
TOTAL TESTS���� : 61
TOTAL PASSED��� : 37
TOTAL SIM ERROR : 0
TOTAL FAILED��� : 23
TOTAL SKIPPED�� : 1
The main reason is that many of PSA Crypto functions are not implemented by TFM.
Is there a plan to fix it?
Thanks,
Andrej