1 /*
2 * Copyright (c) 2025 Espressif Systems (Shanghai) Co., Ltd.
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <zephyr/ztest.h>
8 #include <zephyr/crypto/crypto.h>
9 #include <zephyr/kernel.h>
10 #include <zephyr/device.h>
11 #include <string.h>
12
13 #ifdef CONFIG_CRYPTO_MBEDTLS_SHIM
14 #define CRYPTO_DRV_NAME CONFIG_CRYPTO_MBEDTLS_SHIM_DRV_NAME
15 #elif CONFIG_CRYPTO_ESP32_AES
16 #define CRYPTO_DEV_COMPAT espressif_esp32_aes
17 #else
18 #error "You need to enable one crypto device"
19 #endif
20
21 /* Some crypto drivers require IO buffers to be aligned */
22 #define IO_ALIGNMENT_BYTES 4
23
24 /* Test vectors from FIPS-197 and NIST SP 800-38A */
25
26 /* ECB Mode Test Vectors - FIPS-197 */
27 static uint8_t ecb_key[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
28 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
29
30 static uint8_t ecb_plaintext[16] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
31 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
32
33 static uint8_t ecb_ciphertext[16] = {0x69, 0xC4, 0xE0, 0xD8, 0x6A, 0x7B, 0x04, 0x30,
34 0xD8, 0xCD, 0xB7, 0x80, 0x70, 0xB4, 0xC5, 0x5A};
35
36 /* CBC Mode Test Vectors - Single block (16 bytes, no padding) */
37 static uint8_t cbc_key[16] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
38 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c};
39
40 static uint8_t cbc_iv[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
41 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
42
43 static uint8_t cbc_plaintext[16] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
44 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a};
45
46 static uint8_t cbc_ciphertext[16] = {0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
47 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d};
48
49 /* CTR Mode Test Vectors */
50 static uint8_t ctr_key[16] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
51 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c};
52
53 static uint8_t ctr_iv[12] = {0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5,
54 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb};
55
56 static uint8_t ctr_plaintext[64] = {
57 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73,
58 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7,
59 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4,
60 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45,
61 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10};
62
63 static uint8_t ctr_ciphertext[64] = {
64 0x22, 0xe5, 0x2f, 0xb1, 0x77, 0xd8, 0x65, 0xb2, 0xf7, 0xc6, 0xb5, 0x12, 0x69,
65 0x2d, 0x11, 0x4d, 0xed, 0x6c, 0x1c, 0x72, 0x25, 0xda, 0xf6, 0xa2, 0xaa, 0xd9,
66 0xd3, 0xda, 0x2d, 0xba, 0x21, 0x68, 0x35, 0xc0, 0xaf, 0x6b, 0x6f, 0x40, 0xc3,
67 0xc6, 0xef, 0xc5, 0x85, 0xd0, 0x90, 0x2c, 0xc2, 0x63, 0x12, 0x2b, 0xc5, 0x8e,
68 0x72, 0xde, 0x5c, 0xa2, 0xa3, 0x5c, 0x85, 0x3a, 0xb9, 0x2c, 0x06, 0xbb};
69
70 /* CCM Mode Test Vectors - RFC 3610 test vector #1 */
71 static uint8_t ccm_key[16] = {0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
72 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf};
73
74 static uint8_t ccm_nonce[13] = {0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00,
75 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5};
76
77 static uint8_t ccm_hdr[8] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
78
79 static uint8_t ccm_plaintext[23] = {0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
80 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
81 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e};
82
83 static uint8_t ccm_ciphertext[31] = {0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
84 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
85 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0x17,
86 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0};
87
88 /* GCM Mode Test Vectors - MACsec GCM-AES test vector 2.4.1 */
89 static uint8_t gcm_key[16] = {0x07, 0x1b, 0x11, 0x3b, 0x0c, 0xa7, 0x43, 0xfe,
90 0xcc, 0xcf, 0x3d, 0x05, 0x1f, 0x73, 0x73, 0x82};
91
92 static uint8_t gcm_nonce[12] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d,
93 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed};
94
95 static uint8_t gcm_hdr[20] = {0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d,
96 0xcd, 0x3d, 0x88, 0xe5, 0x4c, 0x2a, 0x76, 0xd4, 0x57, 0xed};
97
98 static uint8_t gcm_plaintext[42] = {
99 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a,
100 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
101 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x04};
102
103 static uint8_t gcm_ciphertext[58] = {
104 0x13, 0xb4, 0xc7, 0x2b, 0x38, 0x9d, 0xc5, 0x01, 0x8e, 0x72, 0xa1, 0x71, 0xdd, 0x85, 0xa5,
105 0xd3, 0x75, 0x22, 0x74, 0xd3, 0xa0, 0x19, 0xfb, 0xca, 0xed, 0x09, 0xa4, 0x25, 0xcd, 0x9b,
106 0x2e, 0x1c, 0x9b, 0x72, 0xee, 0xe7, 0xc9, 0xde, 0x7d, 0x52, 0xb3, 0xf3, 0xd6, 0xa5, 0x28,
107 0x4f, 0x4a, 0x6d, 0x3f, 0xe2, 0x2a, 0x5d, 0x6c, 0x2b, 0x96, 0x04, 0x94, 0xc3};
108
get_crypto_dev(void)109 static inline const struct device *get_crypto_dev(void)
110 {
111 #ifdef CRYPTO_DRV_NAME
112 const struct device *dev = device_get_binding(CRYPTO_DRV_NAME);
113 #else
114 const struct device *dev = DEVICE_DT_GET_ONE(CRYPTO_DEV_COMPAT);
115 #endif
116 return dev;
117 }
118
119 static const struct device *crypto_dev;
120
crypto_aes_setup(void)121 static void *crypto_aes_setup(void)
122 {
123 crypto_dev = get_crypto_dev();
124 zassert_true(crypto_dev && device_is_ready(crypto_dev), "Crypto device is not ready");
125 return NULL;
126 }
127
crypto_aes_before(void * fixture)128 static void crypto_aes_before(void *fixture)
129 {
130 ARG_UNUSED(fixture);
131
132 /* Add delay between tests to ensure cleanup */
133 k_msleep(10);
134 }
135
136 /* ECB Mode Tests */
ZTEST(crypto_aes,test_ecb_encrypt)137 ZTEST(crypto_aes, test_ecb_encrypt)
138 {
139 uint8_t encrypted[16] __aligned(IO_ALIGNMENT_BYTES) = {0};
140 struct cipher_ctx ctx = {
141 .keylen = sizeof(ecb_key),
142 .key.bit_stream = ecb_key,
143 .flags = CAP_RAW_KEY | CAP_SYNC_OPS | CAP_SEPARATE_IO_BUFS,
144 };
145
146 struct cipher_pkt pkt = {
147 .in_buf = (uint8_t *)ecb_plaintext,
148 .in_len = sizeof(ecb_plaintext),
149 .out_buf_max = sizeof(encrypted),
150 .out_buf = encrypted,
151 };
152
153 int rc = cipher_begin_session(crypto_dev, &ctx, CRYPTO_CIPHER_ALGO_AES,
154 CRYPTO_CIPHER_MODE_ECB, CRYPTO_CIPHER_OP_ENCRYPT);
155
156 if (rc == -ENOTSUP) {
157 ztest_test_skip();
158 return;
159 }
160
161 rc = cipher_block_op(&ctx, &pkt);
162 if (rc != 0) {
163 cipher_free_session(crypto_dev, &ctx);
164 zassert_equal(rc, 0, "ECB encrypt failed (rc=%d)", rc);
165 return;
166 }
167
168 rc = memcmp(encrypted, ecb_ciphertext, sizeof(ecb_ciphertext));
169 cipher_free_session(crypto_dev, &ctx);
170 zassert_equal(rc, 0, "ECB encrypt output mismatch");
171 }
172
ZTEST(crypto_aes,test_ecb_decrypt)173 ZTEST(crypto_aes, test_ecb_decrypt)
174 {
175 uint8_t decrypted[16] __aligned(IO_ALIGNMENT_BYTES) = {0};
176 struct cipher_ctx ctx = {
177 .keylen = sizeof(ecb_key),
178 .key.bit_stream = ecb_key,
179 .flags = CAP_RAW_KEY | CAP_SYNC_OPS | CAP_SEPARATE_IO_BUFS,
180 };
181
182 struct cipher_pkt pkt = {
183 .in_buf = (uint8_t *)ecb_ciphertext,
184 .in_len = sizeof(ecb_ciphertext),
185 .out_buf_max = sizeof(decrypted),
186 .out_buf = decrypted,
187 };
188
189 int rc = cipher_begin_session(crypto_dev, &ctx, CRYPTO_CIPHER_ALGO_AES,
190 CRYPTO_CIPHER_MODE_ECB, CRYPTO_CIPHER_OP_DECRYPT);
191
192 if (rc == -ENOTSUP) {
193 ztest_test_skip();
194 return;
195 }
196
197 rc = cipher_block_op(&ctx, &pkt);
198 if (rc != 0) {
199 cipher_free_session(crypto_dev, &ctx);
200 zassert_equal(rc, 0, "ECB decrypt failed (rc=%d)", rc);
201 return;
202 }
203
204 rc = memcmp(decrypted, ecb_plaintext, sizeof(ecb_plaintext));
205 cipher_free_session(crypto_dev, &ctx);
206 zassert_equal(rc, 0, "ECB decrypt output mismatch");
207 }
208
209 /* CBC Mode Tests */
ZTEST(crypto_aes,test_cbc_encrypt)210 ZTEST(crypto_aes, test_cbc_encrypt)
211 {
212 uint8_t encrypted[32] __aligned(IO_ALIGNMENT_BYTES) = {0};
213 uint8_t iv_copy[16];
214
215 memcpy(iv_copy, cbc_iv, sizeof(cbc_iv));
216
217 struct cipher_ctx ctx = {
218 .keylen = sizeof(cbc_key),
219 .key.bit_stream = cbc_key,
220 .flags = CAP_RAW_KEY | CAP_SYNC_OPS | CAP_SEPARATE_IO_BUFS,
221 };
222
223 struct cipher_pkt pkt = {
224 .in_buf = (uint8_t *)cbc_plaintext,
225 .in_len = sizeof(cbc_plaintext),
226 .out_buf_max = sizeof(encrypted),
227 .out_buf = encrypted,
228 };
229
230 int rc = cipher_begin_session(crypto_dev, &ctx, CRYPTO_CIPHER_ALGO_AES,
231 CRYPTO_CIPHER_MODE_CBC, CRYPTO_CIPHER_OP_ENCRYPT);
232
233 if (rc == -ENOTSUP) {
234 ztest_test_skip();
235 return;
236 }
237
238 rc = cipher_cbc_op(&ctx, &pkt, iv_copy);
239 if (rc != 0) {
240 cipher_free_session(crypto_dev, &ctx);
241 zassert_equal(rc, 0, "CBC encrypt failed (rc=%d)", rc);
242 return;
243 }
244
245 /* CBC prepends IV to output, so ciphertext starts at offset 16 */
246 rc = memcmp(encrypted + 16, cbc_ciphertext, sizeof(cbc_ciphertext));
247 cipher_free_session(crypto_dev, &ctx);
248 zassert_equal(rc, 0, "CBC encrypt output mismatch");
249 }
250
ZTEST(crypto_aes,test_cbc_decrypt)251 ZTEST(crypto_aes, test_cbc_decrypt)
252 {
253 /* For decrypt, need to prepend IV to ciphertext input */
254 uint8_t input[32] __aligned(IO_ALIGNMENT_BYTES);
255 uint8_t decrypted[16] __aligned(IO_ALIGNMENT_BYTES) = {0};
256
257 /* Prepend IV to ciphertext */
258 memcpy(input, cbc_iv, sizeof(cbc_iv));
259 memcpy(input + 16, cbc_ciphertext, sizeof(cbc_ciphertext));
260
261 struct cipher_ctx ctx = {
262 .keylen = sizeof(cbc_key),
263 .key.bit_stream = cbc_key,
264 .flags = CAP_RAW_KEY | CAP_SYNC_OPS | CAP_SEPARATE_IO_BUFS,
265 };
266 struct cipher_pkt pkt = {
267 .in_buf = (uint8_t *)input,
268 .in_len = sizeof(input),
269 .out_buf_max = sizeof(decrypted),
270 .out_buf = decrypted,
271 };
272
273 int rc = cipher_begin_session(crypto_dev, &ctx, CRYPTO_CIPHER_ALGO_AES,
274 CRYPTO_CIPHER_MODE_CBC, CRYPTO_CIPHER_OP_DECRYPT);
275
276 if (rc == -ENOTSUP) {
277 ztest_test_skip();
278 return;
279 }
280
281 rc = cipher_cbc_op(&ctx, &pkt, input);
282 if (rc != 0) {
283 cipher_free_session(crypto_dev, &ctx);
284 zassert_equal(rc, 0, "CBC decrypt failed (rc=%d)", rc);
285 return;
286 }
287
288 rc = memcmp(decrypted, cbc_plaintext, sizeof(cbc_plaintext));
289 cipher_free_session(crypto_dev, &ctx);
290 zassert_equal(rc, 0, "CBC decrypt output mismatch");
291 }
292
293 /* CTR Mode Tests */
ZTEST(crypto_aes,test_ctr_encrypt)294 ZTEST(crypto_aes, test_ctr_encrypt)
295 {
296 uint8_t encrypted[64] __aligned(IO_ALIGNMENT_BYTES) = {0};
297 uint8_t iv_copy[12];
298
299 memcpy(iv_copy, ctr_iv, sizeof(ctr_iv));
300
301 struct cipher_ctx ctx = {
302 .keylen = sizeof(ctr_key),
303 .key.bit_stream = ctr_key,
304 .flags = CAP_RAW_KEY | CAP_SYNC_OPS | CAP_SEPARATE_IO_BUFS,
305 .mode_params.ctr_info.ctr_len = 32,
306 };
307
308 struct cipher_pkt pkt = {
309 .in_buf = (uint8_t *)ctr_plaintext,
310 .in_len = sizeof(ctr_plaintext),
311 .out_buf_max = sizeof(encrypted),
312 .out_buf = encrypted,
313 };
314
315 int rc = cipher_begin_session(crypto_dev, &ctx, CRYPTO_CIPHER_ALGO_AES,
316 CRYPTO_CIPHER_MODE_CTR, CRYPTO_CIPHER_OP_ENCRYPT);
317
318 if (rc == -ENOTSUP) {
319 ztest_test_skip();
320 return;
321 }
322
323 rc = cipher_ctr_op(&ctx, &pkt, iv_copy);
324 if (rc != 0) {
325 cipher_free_session(crypto_dev, &ctx);
326 zassert_equal(rc, 0, "CTR encrypt failed (rc=%d)", rc);
327 return;
328 }
329
330 rc = memcmp(encrypted, ctr_ciphertext, sizeof(ctr_ciphertext));
331 cipher_free_session(crypto_dev, &ctx);
332 zassert_equal(rc, 0, "CTR encrypt output mismatch");
333 }
334
ZTEST(crypto_aes,test_ctr_decrypt)335 ZTEST(crypto_aes, test_ctr_decrypt)
336 {
337 uint8_t decrypted[64] __aligned(IO_ALIGNMENT_BYTES) = {0};
338 uint8_t iv_copy[12];
339
340 memcpy(iv_copy, ctr_iv, sizeof(ctr_iv));
341
342 struct cipher_ctx ctx = {
343 .keylen = sizeof(ctr_key),
344 .key.bit_stream = ctr_key,
345 .flags = CAP_RAW_KEY | CAP_SYNC_OPS | CAP_SEPARATE_IO_BUFS,
346 .mode_params.ctr_info.ctr_len = 32,
347 };
348
349 struct cipher_pkt pkt = {
350 .in_buf = (uint8_t *)ctr_ciphertext,
351 .in_len = sizeof(ctr_ciphertext),
352 .out_buf_max = sizeof(decrypted),
353 .out_buf = decrypted,
354 };
355
356 int rc = cipher_begin_session(crypto_dev, &ctx, CRYPTO_CIPHER_ALGO_AES,
357 CRYPTO_CIPHER_MODE_CTR, CRYPTO_CIPHER_OP_DECRYPT);
358
359 if (rc == -ENOTSUP) {
360 ztest_test_skip();
361 return;
362 }
363
364 rc = cipher_ctr_op(&ctx, &pkt, iv_copy);
365 if (rc != 0) {
366 cipher_free_session(crypto_dev, &ctx);
367 zassert_equal(rc, 0, "CTR decrypt failed (rc=%d)", rc);
368 return;
369 }
370
371 rc = memcmp(decrypted, ctr_plaintext, sizeof(ctr_plaintext));
372 cipher_free_session(crypto_dev, &ctx);
373 zassert_equal(rc, 0, "CTR decrypt output mismatch");
374 }
375
376 /* CCM Mode Tests */
ZTEST(crypto_aes,test_ccm_encrypt)377 ZTEST(crypto_aes, test_ccm_encrypt)
378 {
379 uint8_t encrypted[50] __aligned(IO_ALIGNMENT_BYTES) = {0};
380 uint8_t nonce_copy[13];
381
382 memcpy(nonce_copy, ccm_nonce, sizeof(ccm_nonce));
383
384 struct cipher_ctx ctx = {
385 .keylen = sizeof(ccm_key),
386 .key.bit_stream = ccm_key,
387 .mode_params.ccm_info = {
388 .nonce_len = sizeof(ccm_nonce),
389 .tag_len = 8,
390 },
391 .flags = CAP_RAW_KEY | CAP_SYNC_OPS | CAP_SEPARATE_IO_BUFS,
392 };
393
394 struct cipher_pkt pkt = {
395 .in_buf = (uint8_t *)ccm_plaintext,
396 .in_len = sizeof(ccm_plaintext),
397 .out_buf_max = sizeof(encrypted),
398 .out_buf = encrypted,
399 };
400
401 struct cipher_aead_pkt aead_pkt = {
402 .ad = (uint8_t *)ccm_hdr,
403 .ad_len = sizeof(ccm_hdr),
404 .pkt = &pkt,
405 .tag = encrypted + sizeof(ccm_plaintext),
406 };
407
408 int rc = cipher_begin_session(crypto_dev, &ctx, CRYPTO_CIPHER_ALGO_AES,
409 CRYPTO_CIPHER_MODE_CCM, CRYPTO_CIPHER_OP_ENCRYPT);
410
411 if (rc == -ENOTSUP) {
412 ztest_test_skip();
413 return;
414 }
415
416 rc = cipher_ccm_op(&ctx, &aead_pkt, nonce_copy);
417 if (rc != 0) {
418 cipher_free_session(crypto_dev, &ctx);
419 zassert_equal(rc, 0, "CCM encrypt failed (rc=%d)", rc);
420 return;
421 }
422
423 rc = memcmp(encrypted, ccm_ciphertext, sizeof(ccm_ciphertext));
424 cipher_free_session(crypto_dev, &ctx);
425 zassert_equal(rc, 0, "CCM encrypt output mismatch");
426 }
427
ZTEST(crypto_aes,test_ccm_decrypt)428 ZTEST(crypto_aes, test_ccm_decrypt)
429 {
430 uint8_t decrypted[32] __aligned(IO_ALIGNMENT_BYTES) = {0};
431 uint8_t nonce_copy[13];
432 uint8_t ciphertext_copy[31];
433
434 memcpy(nonce_copy, ccm_nonce, sizeof(ccm_nonce));
435 memcpy(ciphertext_copy, ccm_ciphertext, sizeof(ccm_ciphertext));
436
437 struct cipher_ctx ctx = {
438 .keylen = sizeof(ccm_key),
439 .key.bit_stream = ccm_key,
440 .mode_params.ccm_info = {
441 .nonce_len = sizeof(ccm_nonce),
442 .tag_len = 8,
443 },
444 .flags = CAP_RAW_KEY | CAP_SYNC_OPS | CAP_SEPARATE_IO_BUFS,
445 };
446
447 struct cipher_pkt pkt = {
448 .in_buf = (uint8_t *)ciphertext_copy,
449 .in_len = sizeof(ccm_plaintext),
450 .out_buf_max = sizeof(decrypted),
451 .out_buf = decrypted,
452 };
453
454 struct cipher_aead_pkt aead_pkt = {
455 .ad = (uint8_t *)ccm_hdr,
456 .ad_len = sizeof(ccm_hdr),
457 .pkt = &pkt,
458 .tag = ciphertext_copy + sizeof(ccm_plaintext),
459 };
460
461 int rc = cipher_begin_session(crypto_dev, &ctx, CRYPTO_CIPHER_ALGO_AES,
462 CRYPTO_CIPHER_MODE_CCM, CRYPTO_CIPHER_OP_DECRYPT);
463
464 if (rc == -ENOTSUP) {
465 ztest_test_skip();
466 return;
467 }
468
469 rc = cipher_ccm_op(&ctx, &aead_pkt, nonce_copy);
470 if (rc != 0) {
471 cipher_free_session(crypto_dev, &ctx);
472 zassert_equal(rc, 0, "CCM decrypt failed (rc=%d)", rc);
473 return;
474 }
475
476 rc = memcmp(decrypted, ccm_plaintext, sizeof(ccm_plaintext));
477 cipher_free_session(crypto_dev, &ctx);
478 zassert_equal(rc, 0, "CCM decrypt output mismatch");
479 }
480
481 /* GCM Mode Tests */
ZTEST(crypto_aes,test_gcm_encrypt)482 ZTEST(crypto_aes, test_gcm_encrypt)
483 {
484 uint8_t encrypted[60] __aligned(IO_ALIGNMENT_BYTES) = {0};
485 uint8_t nonce_copy[12];
486
487 memcpy(nonce_copy, gcm_nonce, sizeof(gcm_nonce));
488
489 struct cipher_ctx ctx = {
490 .keylen = sizeof(gcm_key),
491 .key.bit_stream = gcm_key,
492 .mode_params.gcm_info = {
493 .nonce_len = sizeof(gcm_nonce),
494 .tag_len = 16,
495 },
496 .flags = CAP_RAW_KEY | CAP_SYNC_OPS | CAP_SEPARATE_IO_BUFS,
497 };
498
499 struct cipher_pkt pkt = {
500 .in_buf = (uint8_t *)gcm_plaintext,
501 .in_len = sizeof(gcm_plaintext),
502 .out_buf_max = sizeof(encrypted),
503 .out_buf = encrypted,
504 };
505
506 struct cipher_aead_pkt aead_pkt = {
507 .ad = (uint8_t *)gcm_hdr,
508 .ad_len = sizeof(gcm_hdr),
509 .pkt = &pkt,
510 .tag = encrypted + sizeof(gcm_plaintext),
511 };
512
513 int rc = cipher_begin_session(crypto_dev, &ctx, CRYPTO_CIPHER_ALGO_AES,
514 CRYPTO_CIPHER_MODE_GCM, CRYPTO_CIPHER_OP_ENCRYPT);
515
516 if (rc == -ENOTSUP) {
517 ztest_test_skip();
518 return;
519 }
520
521 rc = cipher_gcm_op(&ctx, &aead_pkt, nonce_copy);
522 if (rc != 0) {
523 cipher_free_session(crypto_dev, &ctx);
524 zassert_equal(rc, 0, "GCM encrypt failed (rc=%d)", rc);
525 return;
526 }
527
528 rc = memcmp(encrypted, gcm_ciphertext, sizeof(gcm_ciphertext));
529 cipher_free_session(crypto_dev, &ctx);
530 zassert_equal(rc, 0, "GCM encrypt output mismatch");
531 }
532
ZTEST(crypto_aes,test_gcm_decrypt)533 ZTEST(crypto_aes, test_gcm_decrypt)
534 {
535 uint8_t decrypted[44] __aligned(IO_ALIGNMENT_BYTES) = {0};
536 uint8_t nonce_copy[12];
537 uint8_t ciphertext_copy[58];
538
539 memcpy(nonce_copy, gcm_nonce, sizeof(gcm_nonce));
540 memcpy(ciphertext_copy, gcm_ciphertext, sizeof(gcm_ciphertext));
541
542 struct cipher_ctx ctx = {
543 .keylen = sizeof(gcm_key),
544 .key.bit_stream = gcm_key,
545 .mode_params.gcm_info = {
546 .nonce_len = sizeof(gcm_nonce),
547 .tag_len = 16,
548 },
549 .flags = CAP_RAW_KEY | CAP_SYNC_OPS | CAP_SEPARATE_IO_BUFS,
550 };
551
552 struct cipher_pkt pkt = {
553 .in_buf = (uint8_t *)ciphertext_copy,
554 .in_len = sizeof(gcm_plaintext),
555 .out_buf_max = sizeof(decrypted),
556 .out_buf = decrypted,
557 };
558 struct cipher_aead_pkt aead_pkt = {
559 .ad = (uint8_t *)gcm_hdr,
560 .ad_len = sizeof(gcm_hdr),
561 .pkt = &pkt,
562 .tag = ciphertext_copy + sizeof(gcm_plaintext),
563 };
564
565 int rc = cipher_begin_session(crypto_dev, &ctx, CRYPTO_CIPHER_ALGO_AES,
566 CRYPTO_CIPHER_MODE_GCM, CRYPTO_CIPHER_OP_DECRYPT);
567
568 if (rc == -ENOTSUP) {
569 ztest_test_skip();
570 return;
571 }
572
573 rc = cipher_gcm_op(&ctx, &aead_pkt, nonce_copy);
574 if (rc != 0) {
575 cipher_free_session(crypto_dev, &ctx);
576 zassert_equal(rc, 0, "GCM decrypt failed (rc=%d)", rc);
577 return;
578 }
579
580 rc = memcmp(decrypted, gcm_plaintext, sizeof(gcm_plaintext));
581 cipher_free_session(crypto_dev, &ctx);
582 zassert_equal(rc, 0, "GCM decrypt output mismatch");
583 }
584
585 ZTEST_SUITE(crypto_aes, NULL, crypto_aes_setup, crypto_aes_before, NULL, NULL);
586
