155 void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx)  in mbedtls_chacha20_init()  argument
157     mbedtls_platform_zeroize(ctx->state, sizeof(ctx->state));  in mbedtls_chacha20_init()
158     mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8));  in mbedtls_chacha20_init()
161     ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;  in mbedtls_chacha20_init()
164 void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx)  in mbedtls_chacha20_free()  argument
166     if (ctx != NULL) {  in mbedtls_chacha20_free()
167         mbedtls_platform_zeroize(ctx, sizeof(mbedtls_chacha20_context));  in mbedtls_chacha20_free()
171 int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx,  in mbedtls_chacha20_setkey()  argument
175     ctx->state[0] = 0x61707865;  in mbedtls_chacha20_setkey()
176     ctx->state[1] = 0x3320646e;  in mbedtls_chacha20_setkey()
177     ctx->state[2] = 0x79622d32;  in mbedtls_chacha20_setkey()
178     ctx->state[3] = 0x6b206574;  in mbedtls_chacha20_setkey()
181     ctx->state[4]  = MBEDTLS_GET_UINT32_LE(key, 0);  in mbedtls_chacha20_setkey()
182     ctx->state[5]  = MBEDTLS_GET_UINT32_LE(key, 4);  in mbedtls_chacha20_setkey()
183     ctx->state[6]  = MBEDTLS_GET_UINT32_LE(key, 8);  in mbedtls_chacha20_setkey()
184     ctx->state[7]  = MBEDTLS_GET_UINT32_LE(key, 12);  in mbedtls_chacha20_setkey()
185     ctx->state[8]  = MBEDTLS_GET_UINT32_LE(key, 16);  in mbedtls_chacha20_setkey()
186     ctx->state[9]  = MBEDTLS_GET_UINT32_LE(key, 20);  in mbedtls_chacha20_setkey()
187     ctx->state[10] = MBEDTLS_GET_UINT32_LE(key, 24);  in mbedtls_chacha20_setkey()
188     ctx->state[11] = MBEDTLS_GET_UINT32_LE(key, 28);  in mbedtls_chacha20_setkey()
193 int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,  in mbedtls_chacha20_starts()  argument
198     ctx->state[12] = counter;  in mbedtls_chacha20_starts()
201     ctx->state[13] = MBEDTLS_GET_UINT32_LE(nonce, 0);  in mbedtls_chacha20_starts()
202     ctx->state[14] = MBEDTLS_GET_UINT32_LE(nonce, 4);  in mbedtls_chacha20_starts()
203     ctx->state[15] = MBEDTLS_GET_UINT32_LE(nonce, 8);  in mbedtls_chacha20_starts()
205     mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8));  in mbedtls_chacha20_starts()
208     ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;  in mbedtls_chacha20_starts()
213 int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,  in mbedtls_chacha20_update()  argument
221     while (size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES) {  in mbedtls_chacha20_update()
223                          ^ ctx->keystream8[ctx->keystream_bytes_used];  in mbedtls_chacha20_update()
225         ctx->keystream_bytes_used++;  in mbedtls_chacha20_update()
233         chacha20_block(ctx->state, ctx->keystream8);  in mbedtls_chacha20_update()
234         ctx->state[CHACHA20_CTR_INDEX]++;  in mbedtls_chacha20_update()
236         mbedtls_xor(output + offset, input + offset, ctx->keystream8, 64U);  in mbedtls_chacha20_update()
245         chacha20_block(ctx->state, ctx->keystream8);  in mbedtls_chacha20_update()
246         ctx->state[CHACHA20_CTR_INDEX]++;  in mbedtls_chacha20_update()
248         mbedtls_xor(output + offset, input + offset, ctx->keystream8, size);  in mbedtls_chacha20_update()
250         ctx->keystream_bytes_used = size;  in mbedtls_chacha20_update()
264     mbedtls_chacha20_context ctx;  in mbedtls_chacha20_crypt()  local
267     mbedtls_chacha20_init(&ctx);  in mbedtls_chacha20_crypt()
269     ret = mbedtls_chacha20_setkey(&ctx, key);  in mbedtls_chacha20_crypt()
274     ret = mbedtls_chacha20_starts(&ctx, nonce, counter);  in mbedtls_chacha20_crypt()
279     ret = mbedtls_chacha20_update(&ctx, data_len, input, output);  in mbedtls_chacha20_crypt()
282     mbedtls_chacha20_free(&ctx);  in mbedtls_chacha20_crypt()