Hi Soby,
Thank you for that fix! It does indeed fix this particular issue when using IPC.
On another note, I’ve been running Musca-B1 and the results differ from what you sent out in the past for AN521. Specifically, Musca-B1 fails 219, 241, 242, and 243. Is this something you can have a look at on the Musca-B1 side?
With that said, I’ve been running on PSoC64 and I can reproduce the AN521 results. I needed the patch you provided below but I was still running into memory issues and I had to bump the following (both of them).
#define TFM_CRYPTO_IOVEC_BUFFER_SIZE (8120)
#define TFM_CRYPTO_ENGINE_BUF_SIZE (0x5040) /* >8KB for EC signing in attest */
If I do not bump these, I would see 239 to 244 fail. Might you have any comments on the larger size requirements for these? Possibly when running in IPC mode?
Thank you,
Ray
From: Soby Mathew <Soby.Mathew@arm.com>
Sent: Wednesday, October 14, 2020 8:52 AM
To: Raymond Ngun <Raymond.Ngun@cypress.com>
Cc: nd <nd@arm.com>; tf-m@lists.trustedfirmware.org
Subject: RE: Behavior difference in Crypto IPC vs Library modes
Hi Raymond,
After further analysis, it seems to me that having separate checks for Library mode and IPC mode is the easiest way to go. The current design was done in such a way that both Library and IPC mode can reuse the same crypto service API involving IOVECs. Any change to how the API is invoked from the tfm_crypto_call_sfn() will have ramifications for Library mode.
I have done a patch with different checks for IPC and Library mode here: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/6432 . The patch relaxes the checks for IPC mode to allow empty buffers and hardens the checks for Library mode. Hopefully this should resolve the issue.
Best Regards
Soby Mathew
From: Soby Mathew <Soby.Mathew@arm.com>
Sent: 12 October 2020 17:17
To: Soby Mathew <Soby.Mathew@arm.com>; Raymond Ngun <Raymond.Ngun@cypress.com>
Cc: nd <nd@arm.com>;
tf-m@lists.trustedfirmware.org
Subject: RE: Behavior difference in Crypto IPC vs Library modes
Hi Raymond,
As you pointed out, the difference in this case basically boils down to how the 2 models handles empty buffers. In the library mode, the empty buffers are passed down to the target API whereas the IPC mode optimizes the empty buffer from the IOVEC by reducing the buffer length. This results in different error codes in the 2 modes.
The sanity check of IOVEC in incoming sizes is needed and I less inclined to remove it or enhance it. The error code certainly seems to be one way to resolve this problem. The other option is to make the IPC mode IOVEC less aggressive in optimizing away zero buffers from IOVEC (Need more investigation) thus attaining parity with library mode.
Best Regards
Soby Mathew
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Soby Mathew via TF-M
Sent: 12 October 2020 11:50
To: Raymond Ngun <Raymond.Ngun@cypress.com>
Cc: nd <nd@arm.com>;
tf-m@lists.trustedfirmware.org
Subject: Re: [TF-M] Behavior difference in Crypto IPC vs Library modes
Hi Raymond
Thanks for the detailed report. This issue was reported here https://developer.trustedfirmware.org/T822 previously but I didn’t get time to look into it further due to other priorities. Your analysis seems right and I will look further into this.
Best Regards
Soby Mathew
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Raymond Ngun via TF-M
Sent: 10 October 2020 00:59
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] Behavior difference in Crypto IPC vs Library modes
Hi all,
I’m seeking some assistance in determining the correct fix for a difference in behavior between IPC and Library modes that cause the Crypto PSA Arch Tests to fail when using IPC. Specifically, I’ve been testing on a PSoC64 for IPC mode and Musca-B1 for Library mode. The problem I am encountering is related to this check in crypto (e.g. crypto_aead.c in secure_fw/partitions/crypto).
if ( !((in_len == 2) || (in_len == 3)) || (out_len > 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
This is true for direct function call since in_len and out_len are sizes of in_vec[] and out_vec[]. However, in library mode, in_len and out_len is not based on the size of in_vec[] and out_vec[] but based on the contents. Specifically, out_len is determined via the following in tfm_crypto_call_sfn().
/* Check the number of out_vec filled */
while ((out_len > 0) && (msg->out_size[out_len - 1] == 0)) {
out_len--;
}
>From the above, if out_size (which is passed in by the user) is 0, the resultant out_len will be 0. The out_len is passed into the crypto function and PSA_ERROR_CONNECTION_REFUSED is returned due to the check above. PSA, on the other hand, expects PSA_ERROR_NOT_SUPPORTED to be returned. Btw, in_len suffers from the same issue.
I’m not sure if the check above is valid for IPC mode. I’ve removed the check temporarily to avoid the problem. However, if the check still makes sense, possibly it should return PSA_ERROR_NOT_SUPPORTED instead of PSA_ERROR_CONNECTION_REFUSED.
Thank you. I look forward to comments.
Ray
This message and any attachments may contain confidential information from Cypress or its subsidiaries. If it has been received in error, please advise the sender and immediately delete this message.
This message and any attachments may contain confidential information from Cypress or its subsidiaries. If it has been received in error, please advise the sender and immediately delete this message.