Hi Alexander,
Thanks for reporting this issue. Can I ask for more details of the failures?
* What's the build configuration on PSoC 64 with PSA Arch test? * What's the version of TF-M? Have you tried the latest one in master branch? * What's the version of PSA Arch test? * Can you share more log of the failure test case?
Thanks.
Best regards, Hu Ziji
From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Alexander.Moore--- via TF-M Sent: Tuesday, March 23, 2021 6:42 AM To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25
Hello,
After "28659c49 Crypto: Upgrade Mbed TLS to 2.25" we see the following 7 PSA Crypto test failures on PSoC64 which were passing before this commit:
TEST: 206 TEST: 207 TEST: 208 TEST: 211 TEST: 237 TEST: 243 TEST: 244
Are these failures expected? As far as we can tell, there is nothing else to be done associated with the 2.25 upgrade, i.e. the build automatically pulls 2.25 down, and there are no corresponding commits to psa-arch-tests to support the upgrade or any other changes necessary.
Thanks, Alex
What's the build configuration on PSoC 64 with PSA Arch test:
+ BUILD_OPTS='-DTEST_PSA_API=CRYPTO -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2'
+ cmake -S . -B build_clang_psoc64 -DTFM_PLATFORM=cypress/psoc64 -DTFM_TOOLCHAIN_FILE=toolchain_ARMCLANG.cmake -DCMAKE_BUILD_TYPE=Release -DTEST_PSA_API=CRYPTO -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2
-- The C compiler identification is ARMClang 6.12.1
-- The ASM compiler identification is ARMCC
We build both debug/release, and also use gcc/armclang, all four combinations give the same PSA Crypto test results.
What's the version of TF-M? Have you tried the latest one in master branch:
* We are using the latest master (v1.2.0) and isolated the problem commit to be 28659c498c3bdbbc610959e7518bece5aaf72a19.
What's the version of PSA Arch test:
* We are using the default tagged version associated with TF-M master branch, which is "8644bd0 musca_s1 support"
Can you share more log of the failure test case:
TEST: 206 | DESCRIPTION: Testing crypto hash functions APIs [Info] Executing tests from non-secure [Check 1] Test psa_hash_compute with SHA224 algorithm [Check 2] Test psa_hash_compute with SHA256 algorithm [Check 3] Test psa_hash_compute with SHA384 algorithm [Check 4] Test psa_hash_compute with SHA512 algorithm [Check 5] Test psa_hash_compute with small buffer size [Check 6] Test psa_hash_compute with invalid algorithm Failed at Checkpoint: 3 Actual: -135 Expected: -134 TEST RESULT: FAILED (Error Code=0x1)
TEST: 207 | DESCRIPTION: Testing crypto hash functions APIs [Info] Executing tests from non-secure [Check 1] Test psa_hash_compare - SHA224 algorithm [Check 2] Test psa_hash_compare - SHA256 algorithm [Check 3] Test psa_hash_compare - SHA384 algorithm [Check 4] Test psa_hash_compare - SHA512 algorithm [Check 5] Test psa_hash_compare - incorrect hash [Check 6] Test psa_hash_compare - incorrect hash length [Check 7] Test psa_hash_compare - invalid algorithm Failed at Checkpoint: 3 Actual: -135 Expected: -134 TEST RESULT: FAILED (Error Code=0x1)
TEST: 208 | DESCRIPTION: Testing crypto key derivation APIs [Info] Executing tests from non-secure [Check 1] Test psa_key_derivation_setup - ECDH + HKDF-SHA-256 [Check 2] Test psa_key_derivation_setup - ECDH, unknown KDF [Check 3] Test psa_key_derivation_setup - bad key derivation algorithm Failed at Checkpoint: 3 Actual: -134 Expected: -135 TEST RESULT: FAILED (Error Code=0x1)
TEST: 211 | DESCRIPTION: Testing crypto hash functions APIs [Info] Executing tests from non-secure [Check 1] Test psa_hash_setup with SHA224 algorithm [Check 2] Test psa_hash_setup with SHA256 algorithm [Check 3] Test psa_hash_setup with SHA384 algorithm [Check 4] Test psa_hash_setup with SHA512 algorithm [Check 5] Test psa_hash_setup with Invalid hash algorithm Failed at Checkpoint: 3 Actual: -135 Expected: -134 TEST RESULT: FAILED (Error Code=0x1)
TEST: 237 | DESCRIPTION: Testing crypto symmetric cipher APIs [Info] Executing tests from non-secure [Check 1] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING [Check 2] Test psa_cipher_finish - Encrypt - AES CBC_NO_PADDING (Short in) [Check 3] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 [Check 4] Test psa_cipher_finish - Encrypt - AES CBC_PKCS7 (Short input) [Check 5] Test psa_cipher_finish - Encrypt - AES CTR [Check 6] Test psa_cipher_finish - Encrypt - AES CTR (short input) [Check 7] Test psa_cipher_finish - Encrypt - small output buffer size [Check 8] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING [Check 9] Test psa_cipher_finish - Decrypt - AES CBC_NO_PADDING (Short in) Failed at Checkpoint: 8 Actual: -135 Expected: -137 TEST RESULT: FAILED (Error Code=0x1)
TEST: 243 | DESCRIPTION: Testing crypto key derivation APIs [Info] Executing tests from non-secure [Check 1] Test psa_raw_key_agreement - ECDH SECP256R1 [Check 2] Test psa_raw_key_agreement - Small buffer size [Check 3] Test psa_raw_key_agreement - ECDH SECP384R1 [Check 4] Test psa_raw_key_agreement - Invalid usage [Check 5] Test psa_raw_key_agreement - Unknown KDF Failed at Checkpoint: 4 Actual: -134 Expected: -135 TEST RESULT: FAILED (Error Code=0x1)
TEST: 244 | DESCRIPTION: Testing crypto key management APIs [Info] Executing tests from non-secure [Check 1] Test psa_copy_key - 16 Byte AES [Check 2] Test psa_copy_key - without copy usage [Check 3] Test psa_copy_key - invalid lifetime Failed at Checkpoint: 4 Actual: -136 Expected: -135 TEST RESULT: FAILED (Error Code=0x1)
Thanks, Alex
From: David Hu David.Hu@arm.com Sent: Monday, March 22, 2021 7:56 PM To: Moore Alexander (CSCA CSS ICW SW PSW 1) Alexander.Moore@infineon.com Cc: tf-m@lists.trustedfirmware.org; nd nd@arm.com Subject: RE: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safehttps://goto.infineon.com/SocialEngineering.
Hi Alexander,
Thanks for reporting this issue. Can I ask for more details of the failures?
* What's the build configuration on PSoC 64 with PSA Arch test? * What's the version of TF-M? Have you tried the latest one in master branch? * What's the version of PSA Arch test? * Can you share more log of the failure test case?
Thanks.
Best regards, Hu Ziji
From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Alexander.Moore--- via TF-M Sent: Tuesday, March 23, 2021 6:42 AM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] Regression observed in PSA Crypto after Mbed TLS upgrade to 2.25
Hello,
After "28659c49 Crypto: Upgrade Mbed TLS to 2.25" we see the following 7 PSA Crypto test failures on PSoC64 which were passing before this commit:
TEST: 206 TEST: 207 TEST: 208 TEST: 211 TEST: 237 TEST: 243 TEST: 244
Are these failures expected? As far as we can tell, there is nothing else to be done associated with the 2.25 upgrade, i.e. the build automatically pulls 2.25 down, and there are no corresponding commits to psa-arch-tests to support the upgrade or any other changes necessary.
Thanks, Alex
tf-m@lists.trustedfirmware.org