AES Test and Benchmark improvements

Frauschi · Frauschi · commit 64007c06411b · 2026-02-10T15:01:42.000+01:00
diff --git a/benchmark/wh_bench.c b/benchmark/wh_bench.c
@@ -259,9 +259,6 @@ typedef enum BenchModuleIdx {
     BENCH_MODULE_IDX_COUNT
 } BenchModuleIdx;
 
-/* Ensure we have enough space for all modules in the context */
-WH_UTILS_STATIC_ASSERT(MAX_BENCH_OPS > BENCH_MODULE_IDX_COUNT,
-                       "More modules expected than MAX_BENCH_OPS");
 
 /* clang-format off */
 static BenchModule g_benchModules[] = {
@@ -481,7 +478,7 @@ static int _runClientBenchmarks(whClientContext* client, int transport,
     WH_BENCH_PRINTF("Running benchmarks...\n");
 
     /* Initialize benchmark context */
-    ret = wh_Bench_Init(&benchCtx);
+    ret = wh_Bench_Init(&benchCtx, BENCH_MODULE_IDX_COUNT);
     if (ret != 0) {
         WH_BENCH_PRINTF("Failed to initialize benchmark context: %d\n", ret);
         return ret;
diff --git a/benchmark/wh_bench_ops.c b/benchmark/wh_bench_ops.c
@@ -54,25 +54,36 @@ static uint64_t _benchGetTimeUs(void)
 }
 
 /* Initialize benchmark context */
-int wh_Bench_Init(whBenchOpContext* ctx)
+int wh_Bench_Init(whBenchOpContext* ctx, int opMaxCount)
 {
     int i;
 
     if (ctx == NULL) {
         return WH_ERROR_BADARGS;
     }
 
+    if (opMaxCount <= 0) {
+        return WH_ERROR_BADARGS;
+    }
+
     /* Clear all benchmark operations */
     memset(ctx, 0, sizeof(whBenchOpContext));
 
+    ctx->ops = XMALLOC(opMaxCount * sizeof(whBenchOp), NULL,
+                       DYNAMIC_TYPE_TMP_BUFFER);
+    if (ctx->ops == NULL) {
+        return WH_ERROR_ABORTED;
+    }
+
     /* Initialize each operation entry */
-    for (i = 0; i < MAX_BENCH_OPS; i++) {
+    for (i = 0; i < opMaxCount; i++) {
         ctx->ops[i].valid      = 0;
         ctx->ops[i].inProgress = 0;
         ctx->ops[i].minTimeUs =
             (uint64_t)-1; /* Set to maximum possible value */
     }
 
+    ctx->opMaxCount = opMaxCount;
     ctx->opCount = 0;
 
     return WH_ERROR_OK;
@@ -98,7 +109,7 @@ int wh_Bench_RegisterOp(whBenchOpContext* ctx, const char* name,
     }
 
     /* Check if we have room for a new operation */
-    if (ctx->opCount >= MAX_BENCH_OPS) {
+    if (ctx->opCount == ctx->opMaxCount) {
         return WH_ERROR_BADARGS;
     }
 
diff --git a/benchmark/wh_bench_ops.h b/benchmark/wh_bench_ops.h
@@ -25,8 +25,6 @@
 
 #include <stdint.h>
 
-/* Maximum number of operations that can be registered */
-#define MAX_BENCH_OPS 103
 /* Maximum length of operation name */
 #define MAX_OP_NAME 64
 
@@ -74,17 +72,18 @@ typedef struct whBenchOp {
 } whBenchOp;
 
 typedef struct whBenchOpContext {
-    whBenchOp ops[MAX_BENCH_OPS]; /* Array of operations */
-    int       opCount;            /* Number of registered operations */
-    whBenchTransportType transportType;      /* Type of transport */
+    whBenchOp* ops;                     /* Pointer to array of operations */
+    int        opCount;                 /* Number of registered operations */
+    int        opMaxCount;              /* Maximum number of operations */
+    whBenchTransportType transportType; /* Type of transport */
 } whBenchOpContext;
 
 /*
  * Benchmark Timing API
  */
 
 /* Initialize benchmark context */
-int wh_Bench_Init(whBenchOpContext* ctx);
+int wh_Bench_Init(whBenchOpContext* ctx, int opMaxCount);
 
 /* Register a new benchmark operation with a name, returns ID via pointer */
 int wh_Bench_RegisterOp(whBenchOpContext* ctx, const char* name,
diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c
@@ -3101,7 +3101,7 @@ static int whTest_NonExportableKeystore(whClientContext* ctx, int devId,
 static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng)
 {
 #define WH_TEST_AES_KEYSIZE 16
-#define WH_TEST_AES_TEXTSIZE 16
+#define WH_TEST_AES_TEXTSIZE 64
     int ret = 0;
     Aes aes[1];
     uint8_t iv[AES_BLOCK_SIZE];
@@ -3112,7 +3112,7 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng)
     whKeyId keyId = WH_KEYID_ERASED;
     uint8_t labelIn[WH_NVM_LABEL_LEN] = "AES Key Label";
 
-    memcpy(plainIn, PLAINTEXT, sizeof(plainIn));
+    memset(plainIn, 0xAA, sizeof(plainIn));
 
     /* Randomize inputs */
     ret = wc_RNG_GenerateBlock(rng, key, sizeof(key));
@@ -3236,6 +3236,119 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng)
             WH_TEST_PRINT("AES CTR DEVID=0x%X SUCCESS\n", devId);
         }
     }
+    if (ret == 0) {
+        /* test aes CTR with incremental steps (block size multiple) */
+        ret = wc_AesInit(aes, NULL, devId);
+        if (ret != 0) {
+            WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret);
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesSetKeyDirect(aes, key, sizeof(key), iv, AES_ENCRYPTION);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesSetKeyDirect %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCtrEncrypt(aes, cipher, plainIn, sizeof(plainIn)/2);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCtrEncrypt(aes, cipher+(sizeof(plainIn)/2),
+                                   plainIn+(sizeof(plainIn)/2),
+                                   sizeof(plainIn)/2);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesSetKeyDirect(aes, key, sizeof(key), iv, AES_DECRYPTION);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesSetKeyDirect %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCtrEncrypt(aes, plainOut, cipher, sizeof(cipher)/2);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCtrEncrypt(aes, plainOut+sizeof(plainOut)/2,
+                                   cipher+sizeof(cipher)/2, sizeof(cipher)/2);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            if (memcmp(plainIn, plainOut, sizeof(plainIn)) != 0) {
+                WH_ERROR_PRINT("Failed to match AES-CTR\n");
+                ret = -1;
+            }
+        }
+
+        (void)wc_AesFree(aes);
+        memset(cipher, 0, sizeof(cipher));
+        memset(plainOut, 0, sizeof(plainOut));
+    }
+    if (ret == 0) {
+        /* test aes CTR with incremental steps (non block size multiple) */
+        ret = wc_AesInit(aes, NULL, devId);
+        if (ret != 0) {
+            WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret);
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesSetKeyDirect(aes, key, sizeof(key), iv, AES_ENCRYPTION);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesSetKeyDirect %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCtrEncrypt(aes, cipher, plainIn, (sizeof(plainIn)/2)-1);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCtrEncrypt(aes, cipher+((sizeof(plainIn)/2)-1),
+                                   plainIn+((sizeof(plainIn)/2)-1),
+                                   (sizeof(plainIn)/2)+1);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesSetKeyDirect(aes, key, sizeof(key), iv, AES_DECRYPTION);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesSetKeyDirect %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCtrEncrypt(aes, plainOut, cipher, (sizeof(cipher)/2)+1);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCtrEncrypt(aes, plainOut+((sizeof(plainOut)/2)+1),
+                                   cipher+((sizeof(cipher)/2)+1),
+                                   (sizeof(cipher)/2)-1);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            if (memcmp(plainIn, plainOut, sizeof(plainIn)) != 0) {
+                WH_ERROR_PRINT("Failed to match AES-CTR\n");
+                ret = -1;
+            }
+        }
+
+        (void)wc_AesFree(aes);
+        memset(cipher, 0, sizeof(cipher));
+        memset(plainOut, 0, sizeof(plainOut));
+    }
 #endif
 
 #ifdef HAVE_AES_ECB
@@ -3351,6 +3464,8 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng)
             WH_TEST_PRINT("AES ECB DEVID=0x%X SUCCESS\n", devId);
         }
     }
+    /* AES ECB doesn't need a test with incremental steps as each block is
+     * processed independently. */
 #endif /* HAVE_AES_ECB */
 
 #ifdef HAVE_AES_CBC
@@ -3453,6 +3568,62 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng)
             WH_TEST_PRINT("AES CBC DEVID=0x%X SUCCESS\n", devId);
         }
     }
+    if (ret == 0) {
+        /* test aes CBC with incremental steps (block size multiple) */
+        ret = wc_AesInit(aes, NULL, devId);
+        if (ret != 0) {
+            WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret);
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesSetKey(aes, key, sizeof(key), iv, AES_ENCRYPTION);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCbcEncrypt(aes, cipher, plainIn, sizeof(plainIn)/2);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCbcEncrypt(aes, cipher+(sizeof(plainIn)/2),
+                                   plainIn+(sizeof(plainIn)/2),
+                                   sizeof(plainIn)/2);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesSetKey(aes, key, sizeof(key), iv, AES_DECRYPTION);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCbcDecrypt(aes, plainOut, cipher, sizeof(cipher)/2);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            ret = wc_AesCbcDecrypt(aes, plainOut+sizeof(plainOut)/2,
+                                   cipher+sizeof(cipher)/2, sizeof(cipher)/2);
+            if (ret != 0) {
+                WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret);
+            }
+        }
+        if (ret == WH_ERROR_OK) {
+            if (memcmp(plainIn, plainOut, sizeof(plainIn)) != 0) {
+                WH_ERROR_PRINT("Failed to match AES-CBC\n");
+                ret = -1;
+            }
+        }
+
+        (void)wc_AesFree(aes);
+        memset(cipher, 0, sizeof(cipher));
+        memset(plainOut, 0, sizeof(plainOut));
+    }
 #endif /* HAVE_AES_CBC */
 
 #ifdef HAVE_AESGCM
