Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector

PSA: ChaCha20: add RFC 7539 test vector with counter=1
2025-08-07 06:42:56 +03:00 · 2022-05-12 12:34:20 +02:00
parent 9bc53a2e84 c50dec07b2
commit 4014a0408e
3 changed files with 30 additions and 2 deletions
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -489,8 +489,12 @@
 *
 * ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.
 *
- * Implementations must support 12-byte nonces, may support 8-byte nonces,
- * and should reject other sizes.
+ * \note For ChaCha20 and ChaCha20_Poly1305, Mbed TLS only supports
+ *       12-byte nonces.
+ *
+ * \note For ChaCha20, the initial counter value is 0. To encrypt or decrypt
+ *       with the initial counter value 1, you can process and discard a
+ *       64-byte block before the real data.
 */
 #define PSA_KEY_TYPE_CHACHA20                       ((psa_key_type_t)0x2004)