13 Sep
2023
13 Sep
'23
6:48 p.m.
On 9/13/2023 12:28 AM, Gilles Peskine via mbed-tls wrote:
Hi Christian,
Mbed TLS doesn't support the 16-byte variant yet. Currently the initial counter value is always 0 with the PSA API and with the legacy cipher API. https://github.com/Mbed-TLS/mbedtls/issues/5616
You can use a different ICV with the low-level mbedtls_chacha20_xxx API.
Best regards,
Thanks, that's what I did.
I have verified that the PSA API work well for AES 128 and 256, ECB and CTR. I also verified that the APIs in chacha20.h for CHACHA20 work. When the 16-byte variant is supported, I will switch to using the PSA API for CHACHA20 as well.
The PSA API appears to work for all the AEAD variants that I need, including with ChaChaPoly.
-- Christian Huitema