tests/sys: add psa_crypto aes ccm test

Update tests/sys/psa_crypto_aead/example_aead_aes_128.c

Co-authored-by: mguetschow <[email protected]>

Update tests/sys/psa_crypto_aead/example_aead_aes_128.c

Co-authored-by: mguetschow <[email protected]>

Update tests/sys/psa_crypto_aead/example_aead_aes_128.c

Co-authored-by: mguetschow <[email protected]>

Update tests/sys/psa_crypto_aead/example_aead_aes_128.c

Update tests/sys/psa_crypto_aead/example_aead_aes_128.c

Author: Lukas-Luger

tests/sys/psa_crypto_aead/Makefile

@@ -0,0 +1,12 @@
+include ../Makefile.sys_common
+
+USEMODULE += ztimer
+USEMODULE += ztimer_usec
+USEMODULE += psa_crypto
+
+USEMODULE += psa_aead
+USEMODULE += psa_aead_aes_128_ccm
+
+CFLAGS += -DCONFIG_PSA_SINGLE_KEY_COUNT=2
+
+include $(RIOTBASE)/Makefile.include

tests/sys/psa_crypto_aead/example_aead_aes_128.c

@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2025 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     tests
+ * @{
+ *
+ * @brief       Tests the PSA aead configurations
+ *
+ * @author      Lukas Luger <[email protected]>
+ *
+ * @}
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include "od.h"
+#include "psa/crypto.h"
+
+#define AES_128_KEY_SIZE (16)
+
+static const uint8_t KEY_128[] = {
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
+};
+/* certain PSA backends require the data to be in RAM rather than ROM
+ * so these values cannot be `const` */
+static uint8_t NONCE[] = {
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16
+};
+
+static uint8_t ADDITIONAL_DATA[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+};
+
+static uint8_t PLAINTEXT[] = {
+    0x20, 0x21, 0x22, 0x23
+};
+
+static uint8_t CIPHERTEXT[] = {
+    0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d
+};
+
+/**
+ * @brief   Example function to perform an AES-128 CCM encryption and decryption
+ *          with the PSA Crypto API.
+ *
+ * @return  psa_status_t
+ */
+psa_status_t example_aead_aes_128_ccm(void)
+{
+    psa_status_t status = PSA_ERROR_DOES_NOT_EXIST;
+    psa_key_id_t key_id = 0;
+    psa_key_attributes_t attr = psa_key_attributes_init();
+    psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
+    psa_algorithm_t algo = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 4);
+    size_t encr_output_size = PSA_AEAD_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_AES,
+                                                           algo, sizeof(PLAINTEXT));
+
+    uint8_t cipher_out[encr_output_size];
+    uint8_t plain_out[sizeof(PLAINTEXT)];
+    size_t output_len = 0;
+
+    psa_set_key_algorithm(&attr, algo);
+    psa_set_key_usage_flags(&attr, usage);
+    psa_set_key_bits(&attr, 128);
+    psa_set_key_type(&attr, PSA_KEY_TYPE_AES);
+
+    status = psa_import_key(&attr, KEY_128, AES_128_KEY_SIZE, &key_id);
+    if (status != PSA_SUCCESS) {
+        psa_destroy_key(key_id);
+        return status;
+    }
+
+    status = psa_aead_encrypt(key_id, algo, NONCE, sizeof(NONCE), ADDITIONAL_DATA, sizeof(ADDITIONAL_DATA),
+                              PLAINTEXT, sizeof(PLAINTEXT), cipher_out, encr_output_size, &output_len);
+    if (status != PSA_SUCCESS) {
+        psa_destroy_key(key_id);
+        return status;
+    }
+
+    if (memcmp(CIPHERTEXT, cipher_out, sizeof(CIPHERTEXT))) {
+        printf("AES 128 CCM: wrong ciphertext on encryption\n");
+        psa_destroy_key(key_id);
+        return -1;
+    }
+
+    status = psa_aead_decrypt(key_id, algo, NONCE, sizeof(NONCE), ADDITIONAL_DATA, sizeof(ADDITIONAL_DATA),
+                              cipher_out, sizeof(cipher_out), plain_out, sizeof(plain_out),
+                              &output_len);
+    psa_destroy_key(key_id);
+    if (status == PSA_SUCCESS && memcmp(PLAINTEXT, plain_out, sizeof(plain_out))) {
+        printf("AES 128 CCM: wrong plaintext on decryption\n");
+        return -1;
+    }
+    return status;
+}

tests/sys/psa_crypto_aead/main.c

@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2025 TU Dresden
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     tests
+ * @{
+ *
+ * @brief       Tests the PSA aead configurations
+ *
+ * @author      Lukas Luger <[email protected]>
+ *
+ * @}
+ */
+
+#include <stdio.h>
+#include "psa/crypto.h"
+#include "ztimer.h"
+
+extern psa_status_t example_aead_aes_128_ccm(void);
+
+int main(void)
+{
+    bool failed = false;
+    psa_status_t status;
+
+    psa_crypto_init();
+
+    ztimer_acquire(ZTIMER_USEC);
+    ztimer_now_t start = ztimer_now(ZTIMER_USEC);
+
+    start = ztimer_now(ZTIMER_USEC);
+    status = example_aead_aes_128_ccm();
+    printf("Authenticated encryption with associated data AES 128 CCM took %d us\n",
+            (int)(ztimer_now(ZTIMER_USEC) - start));
+    if (status != PSA_SUCCESS) {
+        failed = true;
+        printf("Authenticated encryption with associated data AES 128 CCM failed: %s\n",
+                psa_status_to_humanly_readable(status));
+    }
+
+    ztimer_release(ZTIMER_USEC);
+
+    if (failed) {
+        puts("Tests failed...");
+    }
+    else {
+        puts("All Done");
+    }
+    return 0;
+}

tests/sys/psa_crypto_aead/tests/01-run.py

@@ -0,0 +1,13 @@
+#!/usr/bin/env python3
+
+import sys
+from testrunner import run
+
+
+def testfunc(child):
+    child.expect_exact('All Done')
+    print("[TEST PASSED]")
+
+
+if __name__ == "__main__":
+    sys.exit(run(testfunc))