search

zephyrproject-rtos / zephyr

Primary Git Repository for the Zephyr Project. Zephyr is a new generation, scalable, optimized, secure RTOS for multiple hardware architectures.
https://docs.zephyrproject.org
Apache License 2.0
10.95k stars 6.66k forks source link

tests: subsys: jwt: libraries.encoding.jwt.rsa.psa fails #79864

Open katgiadla opened 1 month ago

katgiadla commented 1 month ago

Describe the bug The test tests/subsys/jwt/libraries.encoding.jwt.rsa.psa fails

Observed for:

To Reproduce Steps to reproduce the behavior:

  1. have nrf9160dk/nrf9160/ns connected
  2. go to your zephyr dir
  3. call ./scripts/twister -T tests/subsys/jwt -p nrf9160dk/nrf9160/ns --device-testing --device-serial /dev/ttyACM0 -v --inline-logs --west-flash="--erase"
  4. See console output with error

Expected behavior Valid console output

Impact Not clear

Logs and console output

*** Booting Zephyr OS build v3.7.0-4339-g1ec5ce05f9f8 ***
Running TESTSUITE jwt_tests
===================================================================
START - test_jwt

    Assertion failed at zephyr/tests/subsys/jwt/src/main.c:48: jwt_tests_test_jwt: (res not equal to 0)
Signing payload
 FAIL - test_jwt in 0.022 seconds
===================================================================
TESTSUITE jwt_tests failed.

------ TESTSUITE SUMMARY START ------

SUITE FAIL -   0.00% [jwt_tests]: pass = 0, fail = 1, skip = 0, total = 1 duration = 0.022 seconds
 - FAIL - [jwt_tests.test_jwt] duration = 0.022 seconds

------ TESTSUITE SUMMARY END ------

===================================================================
RunID: 8cf83447ecd64014499884f8a73d7731
PROJECT EXECUTION FAILED

Environment (please complete the following information):

Additional context Probably introduced by 29e82d2f23b099ead21a045a869818e24552de87

jukkar commented 4 days ago

Does not seem to be network related so re-assigning. PSA mentioned, so @tomi-font can you take a look at this?

tomi-font commented 4 days ago

@valeriosetti touched this, so passing the hot potato to him.

tomi-font commented 4 days ago

Curious to know, @katgiadla how did you come up with the "probably introduced by" commit?

katgiadla commented 4 days ago

Curious to know, @katgiadla how did you come up with the "probably introduced by" commit?

I've used bisection to get probably reason of the bug. It is important to confirm, if the marked commit is real cause of the bug.

valeriosetti commented 4 days ago

Short answer

I still haven't found a solution for this, but my suspects are that builds with TF-M does not fully support RSA signature. I need to investigate further.

Explanation

I checked that:

In both cases I tested on a real device flashing it with west flash --runner nrfutil and then looking at the console. The only difference between the 2 devices is that the 1st one does not have TF-M, while the 2nd one yes.

The same issue happens also if I replace the NRF9160 board with a mps2/an521/cpu0 one (this is another board that has both the TF-M and non-TF-M images available in Zephyr) and I can test it with QEMU.

valeriosetti commented 1 day ago

After digging a bit more on this issue, it turned out to be a TF-M limitation: it did not allocate enough heap memory to the crypto partition in order to allow RSA 2048-bit signatures. This should be fixed by #81869

valeriosetti commented 1 day ago

@katgiadla once #81869 has CI green (a part from the dnm label, of course), can you please:

Edit: I tried the PR locally on a nrf9160dk board with twister -c -p nrf9160dk/nrf9160/ns -T tests/subsys/jwt --device-testing --device-serial /dev/ttyACM0 -v --inline-logs --west-flash="--erase" --west-runner nrfutil and it worked just fine.