Hi Alexander,

Thanks for your information.
For current TF-Mv1.3.0-RC1, yes, we have some extra failed test cases for crypto psa arch tests. They are 208, 211, 237, 243, and 244. We are now trying to fix them.
206 and 207 are our know issues. Details can be found in our tfm release failure analysis: 
https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.3_release/
https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.2_release/

Thanks,
Summer

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> on behalf of Alexander.Moore--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Wednesday, March 24, 2021 3:55 PM
To: David Hu <David.Hu@arm.com>
Cc: nd <nd@arm.com>; tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>
Subject: Re: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25
 

What’s the build configuration on PSoC 64 with PSA Arch test:

+ BUILD_OPTS='-DTEST_PSA_API=CRYPTO -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2'

+ cmake -S . -B build_clang_psoc64 -DTFM_PLATFORM=cypress/psoc64 -DTFM_TOOLCHAIN_FILE=toolchain_ARMCLANG.cmake -DCMAKE_BUILD_TYPE=Release -DTEST_PSA_API=CRYPTO -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2

-- The C compiler identification is ARMClang 6.12.1

-- The ASM compiler identification is ARMCC

 

We build both debug/release, and also use gcc/armclang, all four combinations give the same PSA Crypto test results.

 

What’s the version of TF-M? Have you tried the latest one in master branch:

 

What’s the version of PSA Arch test:

 

Can you share more log of the failure test case:

 

TEST: 206 | DESCRIPTION: Testing crypto hash functions APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_hash_compute with SHA224 algorithm

[Check 2] Test psa_hash_compute with SHA256 algorithm

[Check 3] Test psa_hash_compute with SHA384 algorithm

[Check 4] Test psa_hash_compute with SHA512 algorithm

[Check 5] Test psa_hash_compute with small buffer size

[Check 6] Test psa_hash_compute with invalid algorithm

      Failed at Checkpoint: 3

      Actual: -135

      Expected: -134

TEST RESULT: FAILED (Error Code=0x1)

 

TEST: 207 | DESCRIPTION: Testing crypto hash functions APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_hash_compare - SHA224 algorithm

[Check 2] Test psa_hash_compare - SHA256 algorithm

[Check 3] Test psa_hash_compare - SHA384 algorithm

[Check 4] Test psa_hash_compare - SHA512 algorithm

[Check 5] Test psa_hash_compare - incorrect hash

[Check 6] Test psa_hash_compare - incorrect hash length

[Check 7] Test psa_hash_compare - invalid algorithm

      Failed at Checkpoint: 3

      Actual: -135

      Expected: -134

TEST RESULT: FAILED (Error Code=0x1)

 

TEST: 208 | DESCRIPTION: Testing crypto key derivation APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_key_derivation_setup - ECDH + HKDF-SHA-256

[Check 2] Test psa_key_derivation_setup - ECDH, unknown KDF

[Check 3] Test psa_key_derivation_setup - bad key derivation algorithm

      Failed at Checkpoint: 3

      Actual: -134

      Expected: -135

TEST RESULT: FAILED (Error Code=0x1)

 

TEST: 211 | DESCRIPTION: Testing crypto hash functions APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_hash_setup with SHA224 algorithm

[Check 2] Test psa_hash_setup with SHA256 algorithm

[Check 3] Test psa_hash_setup with SHA384 algorithm

[Check 4] Test psa_hash_setup with SHA512 algorithm

[Check 5] Test psa_hash_setup with Invalid hash algorithm

      Failed at Checkpoint: 3

      Actual: -135

      Expected: -134

TEST RESULT: FAILED (Error Code=0x1)

 

TEST: 237 | DESCRIPTION: Testing crypto symmetric cipher APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING

[Check 2] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING (Short in)

[Check 3] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7

[Check 4] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 (Short input)

[Check 5] Test psa_cipher_finish - Encrypt - AES CTR

[Check 6] Test psa_cipher_finish - Encrypt - AES CTR (short input)

[Check 7] Test psa_cipher_finish - Encrypt - small output buffer size

[Check 8] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING

[Check 9] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING (Short in)

      Failed at Checkpoint: 8

      Actual: -135

      Expected: -137

TEST RESULT: FAILED (Error Code=0x1)

 

TEST: 243 | DESCRIPTION: Testing crypto key derivation APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_raw_key_agreement - ECDH SECP256R1

[Check 2] Test psa_raw_key_agreement - Small buffer size

[Check 3] Test psa_raw_key_agreement - ECDH SECP384R1

[Check 4] Test psa_raw_key_agreement - Invalid usage

[Check 5] Test psa_raw_key_agreement - Unknown KDF

      Failed at Checkpoint: 4

      Actual: -134

      Expected: -135

TEST RESULT: FAILED (Error Code=0x1)

 

TEST: 244 | DESCRIPTION: Testing crypto key management APIs

[Info] Executing tests from non-secure

[Check 1] Test psa_copy_key - 16 Byte AES

[Check 2] Test psa_copy_key - without copy usage

[Check 3] Test psa_copy_key - invalid lifetime

      Failed at Checkpoint: 4

      Actual: -136

      Expected: -135

TEST RESULT: FAILED (Error Code=0x1)

 

 

Thanks,

Alex

 

From: David Hu <David.Hu@arm.com>
Sent: Monday, March 22, 2021 7:56 PM
To: Moore Alexander (CSCA CSS ICW SW PSW 1) <Alexander.Moore@infineon.com>
Cc: tf-m@lists.trustedfirmware.org; nd <nd@arm.com>
Subject: RE: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25

 

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

 

Hi Alexander,

 

Thanks for reporting this issue.

Can I ask for more details of the failures?

  • What’s the build configuration on PSoC 64 with PSA Arch test?
  • What’s the version of TF-M? Have you tried the latest one in master branch?
  • What’s the version of PSA Arch test?
  • Can you share more log of the failure test case?

 

Thanks.

 

Best regards,

Hu Ziji

 

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Alexander.Moore--- via TF-M
Sent: Tuesday, March 23, 2021 6:42 AM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25

 

Hello,

 

After “28659c49 Crypto: Upgrade Mbed TLS to 2.25” we see the following 7 PSA Crypto test failures on PSoC64 which were passing before this commit:

 

TEST: 206

TEST: 207

TEST: 208

TEST: 211

TEST: 237

TEST: 243

TEST: 244

 

Are these failures expected? As far as we can tell, there is nothing else to be done associated with the 2.25 upgrade, i.e. the build automatically pulls 2.25 down, and there are no corresponding commits to psa-arch-tests to support the upgrade or any other changes necessary.

 

Thanks,

Alex