Test gap: mbedtls_cipher_setup_psa with ECB

[gilles-peskine-arm]

mbedtls_psa_translate_cipher_mode accepts ECB (since #3480), so mbedtls_cipher_setup_psa accepts ECB, but this is not tested. Contrast CBC, CCM and GCM which are tested:

awk -F: '($1=="auth_crypt_tv" || $1=="test_vec_crypt") && $NF {print $1, $2}' tests/suites/test_suite_cipher.*.data

[mprse]

Looking into this one. Will assign it to myself when I get required permission.

[mprse]

I found that mbedtls_cipher_setup_psa is tested by the test_vec_crypt test function in test_suite_cipher.function.

The following test cases refer to AES CBC PSA:
https://github.com/ARMmbed/mbedtls/blob/45cb82fac415bee7bebcacfa6d1ae38578e19dc5/tests/suites/test_suite_cipher.aes.data#L1705-L1799

I wanted to add similar test cases for ECB mode. I started with adding one test case (iv set as empty since it seems that it is not supported by ECB mode, the result has to be also adapted to ECB mode, but I wasn't able to get to this stage):

AES-128-ECB crypt Encrypt NIST KAT #1 PSA
depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_AES_C
test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"80000000000000000000000000000000":"3ad78e726c1ec02b7ebfe92b23d9ec34":0:1

After enabling MBEDTLS_USE_PSA_CRYPTO in mbedtls_config.h the PSA tests were executed and I got failure in added test case because MBEDTLS_CIPHER_AES_128_ECB is not supported here:
https://github.com/ARMmbed/mbedtls/blob/development/include/mbedtls/psa_util.h#L51-L59

After adding MBEDTLS_CIPHER_AES_128_ECB case I end up here (psa_cipher_set_iv returns PSA_ERROR_BAD_STATE because iv is not required):
https://github.com/ARMmbed/mbedtls/blob/development/library/cipher.c#L1271

Probably I'm doing something wrong while adding ECB test case or the ECB mode is not fully supported and also some changes in the code are still required.

[gilles-peskine-arm]

So, my bad, ECB was only partially supported! So it's good that we're getting around to testing it. As you've found, there's a missing case in mbedtls_psa_translate_cipher_type (translate_cipher_mode isn't enough). In addition, mbedtls_cipher_crypt needs to skip the call to psa_cipher_set_iv when the cipher type is ECB (that's not the same thing as passing an empty IV).

Note that for ECB, unlike other modes and unlike psa_cipher_xxx, mbedtls_cipher_crypt for ECB only accepts 128-bit inputs. So for inputs of different lengths, we expect an error (but we still want to have a test, to ensure that we aren't getting garbage output or a crash).