Hi,

 

ECB mode means that the block cipher is applied block by block to the message directly. This is indeed insecure. However, all modes, CBC/CMAC/CTR etc apply the block cipher to blocks that might be related to individual message blocks but are constructed in a way that the result is safe.

 

When Mbed TLS uses ECB mode internally, it means that the block cipher is applied to a block of data (not to the message directly) in order to implement a secure operation mode. This is why ECB is in the API as well and how users should use it (to implement a secure standard operation mode that is not supplied by Mbed TLS):
https://arm-software.github.io/psa-api/crypto/1.2/api/ops/ciphers.html#c.PSA_ALG_ECB_NO_PADDING

When we say PSA_ALG_ECB_NO_PADDING, we mean a single application of the block cipher to a single block of data and not the actual ECB mode (which means slicing up the message to blocks and applying the block cipher to each block directly).

 

This is why the code you linked is as expected, why using “ECB” to implement CMAC correct and why we can’t remove “ECB” mode.

 

Cheers,

Janos

 

 

From: Chaitanya Tata via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Date: Thursday, 15 August 2024 at 09:55
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] Usage of ECB in AES mode

Hi,

ECB is unsecure, see
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB)
and shouldn't be used in production.

So, I have switched to one of CBC/CMAC/CTR modes, but in
`mbedtls_cipher_cmac_starts`
I see that it only accepts ECB variants, and also doesn't seem to be
using the `type`.

From https://github.com/Mbed-TLS/mbedtls/issues/8617 I see that ECB
for AES was intentional,
even for the CMAC API.

Is this expected?

1. Is using ECB for CMAC API correct?
2.Shouldn't we remove the ECB altogether?

Appreciate any clarifications.

Cheers,
Chaitanya.
--
mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org
To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org