143 void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx)  in mbedtls_chacha20_init()  argument
145     mbedtls_platform_zeroize(ctx->state, sizeof(ctx->state));  in mbedtls_chacha20_init()
146     mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8));  in mbedtls_chacha20_init()
149     ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;  in mbedtls_chacha20_init()
152 void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx)  in mbedtls_chacha20_free()  argument
154     if (ctx != NULL) {  in mbedtls_chacha20_free()
155         mbedtls_platform_zeroize(ctx, sizeof(mbedtls_chacha20_context));  in mbedtls_chacha20_free()
159 int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx,  in mbedtls_chacha20_setkey()  argument
163     ctx->state[0] = 0x61707865;  in mbedtls_chacha20_setkey()
164     ctx->state[1] = 0x3320646e;  in mbedtls_chacha20_setkey()
165     ctx->state[2] = 0x79622d32;  in mbedtls_chacha20_setkey()
166     ctx->state[3] = 0x6b206574;  in mbedtls_chacha20_setkey()
169     ctx->state[4]  = MBEDTLS_GET_UINT32_LE(key, 0);  in mbedtls_chacha20_setkey()
170     ctx->state[5]  = MBEDTLS_GET_UINT32_LE(key, 4);  in mbedtls_chacha20_setkey()
171     ctx->state[6]  = MBEDTLS_GET_UINT32_LE(key, 8);  in mbedtls_chacha20_setkey()
172     ctx->state[7]  = MBEDTLS_GET_UINT32_LE(key, 12);  in mbedtls_chacha20_setkey()
173     ctx->state[8]  = MBEDTLS_GET_UINT32_LE(key, 16);  in mbedtls_chacha20_setkey()
174     ctx->state[9]  = MBEDTLS_GET_UINT32_LE(key, 20);  in mbedtls_chacha20_setkey()
175     ctx->state[10] = MBEDTLS_GET_UINT32_LE(key, 24);  in mbedtls_chacha20_setkey()
176     ctx->state[11] = MBEDTLS_GET_UINT32_LE(key, 28);  in mbedtls_chacha20_setkey()
181 int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,  in mbedtls_chacha20_starts()  argument
186     ctx->state[12] = counter;  in mbedtls_chacha20_starts()
189     ctx->state[13] = MBEDTLS_GET_UINT32_LE(nonce, 0);  in mbedtls_chacha20_starts()
190     ctx->state[14] = MBEDTLS_GET_UINT32_LE(nonce, 4);  in mbedtls_chacha20_starts()
191     ctx->state[15] = MBEDTLS_GET_UINT32_LE(nonce, 8);  in mbedtls_chacha20_starts()
193     mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8));  in mbedtls_chacha20_starts()
196     ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;  in mbedtls_chacha20_starts()
201 int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,  in mbedtls_chacha20_update()  argument
209     while (size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES) {  in mbedtls_chacha20_update()
211                          ^ ctx->keystream8[ctx->keystream_bytes_used];  in mbedtls_chacha20_update()
213         ctx->keystream_bytes_used++;  in mbedtls_chacha20_update()
221         chacha20_block(ctx->state, ctx->keystream8);  in mbedtls_chacha20_update()
222         ctx->state[CHACHA20_CTR_INDEX]++;  in mbedtls_chacha20_update()
224         mbedtls_xor(output + offset, input + offset, ctx->keystream8, 64U);  in mbedtls_chacha20_update()
233         chacha20_block(ctx->state, ctx->keystream8);  in mbedtls_chacha20_update()
234         ctx->state[CHACHA20_CTR_INDEX]++;  in mbedtls_chacha20_update()
236         mbedtls_xor(output + offset, input + offset, ctx->keystream8, size);  in mbedtls_chacha20_update()
238         ctx->keystream_bytes_used = size;  in mbedtls_chacha20_update()
252     mbedtls_chacha20_context ctx;  in mbedtls_chacha20_crypt()  local
255     mbedtls_chacha20_init(&ctx);  in mbedtls_chacha20_crypt()
257     ret = mbedtls_chacha20_setkey(&ctx, key);  in mbedtls_chacha20_crypt()
262     ret = mbedtls_chacha20_starts(&ctx, nonce, counter);  in mbedtls_chacha20_crypt()
267     ret = mbedtls_chacha20_update(&ctx, data_len, input, output);  in mbedtls_chacha20_crypt()
270     mbedtls_chacha20_free(&ctx);  in mbedtls_chacha20_crypt()