f-2708: Add test cases for KeyUsage

[miyazakh]

Test: Add key usage policy enforcement tests for AES CTR/ECB/GCM and all DMA handlers

Background

wh_Server_KeystoreEnforceKeyUsage is called in every AES cipher handler on the server
side to prevent a cached key from being used in an operation its policy does not permit
(e.g., an ENCRYPT-only key being used to decrypt). However, the existing positive tests
in whTestCrypto_Aes always cache keys with both WH_NVM_FLAGS_USAGE_ENCRYPT and
WH_NVM_FLAGS_USAGE_DECRYPT set, so the enforcement logic is never actually exercised.

Problem

Three gaps were identified:

1. No negative tests for CTR, ECB, or GCM — only _HandleAesCbc had rejection tests
   (lines 5101–5214 of wh_test_crypto.c). Deleting the enforcement call from any of
   the other three handlers caused zero test failures.

2. No tests at all for the DMA handlers — _HandleAesCtrDma, _HandleAesEcbDma,
   _HandleAesCbcDma, and _HandleAesGcmDma each contain enforcement code but had no
   test coverage of any kind.

Fix

Added negative tests to whTest_CryptoKeyUsagePolicies in test/wh_test_crypto.c.
Each test caches a key with restricted flags, then attempts the forbidden operation and
asserts that the server returns WH_ERROR_USAGE.

Non-DMA handlers

Mode	Test	Key flags cached
AES-CTR	encrypt (enc=1) without ENCRYPT flag	WH_NVM_FLAGS_NONE
AES-CTR	decrypt (enc=0) without DECRYPT flag	WH_NVM_FLAGS_USAGE_ENCRYPT
AES-ECB	encrypt without ENCRYPT flag	WH_NVM_FLAGS_NONE
AES-ECB	decrypt without DECRYPT flag	WH_NVM_FLAGS_USAGE_ENCRYPT
AES-GCM	encrypt without ENCRYPT flag	WH_NVM_FLAGS_NONE
AES-GCM	decrypt without DECRYPT flag	WH_NVM_FLAGS_USAGE_ENCRYPT

DMA handlers (active when built with DMA=1)

Mode	Test
AES-CTR DMA	encrypt / decrypt rejection
AES-ECB DMA	encrypt / decrypt rejection
AES-CBC DMA	encrypt / decrypt rejection
AES-GCM DMA	encrypt / decrypt rejection

Notes

• AES-CTR uses wh_Client_AesCtr directly (with enc=0 / enc=1) because
  wc_AesCtrEncrypt is symmetric and always sends enc=1 through the wolfcrypt
  crypto callback.
• AES-ECB and AES-GCM use the standard wolfcrypt functions (wc_AesEcbEncrypt,
  wc_AesGcmDecrypt, etc.), which set the direction flag correctly through the callback.
• For GCM DMA decrypt, dec_tag is passed as a non-NULL zero buffer to satisfy the
  client-side BADARGS guard; the server rejects the request at the key usage check
  before any cryptographic operation or DMA address processing occurs.

Files Changed

File	Change
test/wh_test_crypto.c	Add 14 rejection tests (6 non-DMA + 8 DMA) to whTest_CryptoKeyUsagePolicies

[Copilot]

Pull request overview

This PR expands whTest_CryptoKeyUsagePolicies to exercise server-side key usage enforcement (wh_Server_KeystoreEnforceKeyUsage) across AES CTR/ECB/GCM as well as the DMA cipher handlers, ensuring that keys cached without the appropriate usage flags are rejected with WH_ERROR_USAGE.

Changes:

• Add negative (rejection) tests for AES-CTR, AES-ECB, and AES-GCM non-DMA handlers when ENCRYPT/DECRYPT usage flags are missing.
• Add negative (rejection) tests for AES CTR/ECB/CBC/GCM DMA handlers (when WOLFHSM_CFG_DMA is enabled).
• Use wh_Client_AesCtr{Dma} directly for CTR direction testing to ensure enc is exercised as intended.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #380

No scan targets match the changed files in this PR. Review skipped.