49 static inline void chacha20_quarter_round(uint32_t state[16],  in chacha20_quarter_round()
56     state[a] += state[b];  in chacha20_quarter_round()
57     state[d] ^= state[a];  in chacha20_quarter_round()
58     state[d] = ROTL32(state[d], 16);  in chacha20_quarter_round()
61     state[c] += state[d];  in chacha20_quarter_round()
62     state[b] ^= state[c];  in chacha20_quarter_round()
63     state[b] = ROTL32(state[b], 12);  in chacha20_quarter_round()
66     state[a] += state[b];  in chacha20_quarter_round()
67     state[d] ^= state[a];  in chacha20_quarter_round()
68     state[d] = ROTL32(state[d], 8);  in chacha20_quarter_round()
71     state[c] += state[d];  in chacha20_quarter_round()
72     state[b] ^= state[c];  in chacha20_quarter_round()
73     state[b] = ROTL32(state[b], 7);  in chacha20_quarter_round()
84 static void chacha20_inner_block(uint32_t state[16])  in chacha20_inner_block()
86     chacha20_quarter_round(state, 0, 4, 8,  12);  in chacha20_inner_block()
87     chacha20_quarter_round(state, 1, 5, 9,  13);  in chacha20_inner_block()
88     chacha20_quarter_round(state, 2, 6, 10, 14);  in chacha20_inner_block()
89     chacha20_quarter_round(state, 3, 7, 11, 15);  in chacha20_inner_block()
91     chacha20_quarter_round(state, 0, 5, 10, 15);  in chacha20_inner_block()
92     chacha20_quarter_round(state, 1, 6, 11, 12);  in chacha20_inner_block()
93     chacha20_quarter_round(state, 2, 7, 8,  13);  in chacha20_inner_block()
94     chacha20_quarter_round(state, 3, 4, 9,  14);  in chacha20_inner_block()
145     mbedtls_platform_zeroize(ctx->state, sizeof(ctx->state));  in mbedtls_chacha20_init()
163     ctx->state[0] = 0x61707865;  in mbedtls_chacha20_setkey()
164     ctx->state[1] = 0x3320646e;  in mbedtls_chacha20_setkey()
165     ctx->state[2] = 0x79622d32;  in mbedtls_chacha20_setkey()
166     ctx->state[3] = 0x6b206574;  in mbedtls_chacha20_setkey()
169     ctx->state[4]  = MBEDTLS_GET_UINT32_LE(key, 0);  in mbedtls_chacha20_setkey()
170     ctx->state[5]  = MBEDTLS_GET_UINT32_LE(key, 4);  in mbedtls_chacha20_setkey()
171     ctx->state[6]  = MBEDTLS_GET_UINT32_LE(key, 8);  in mbedtls_chacha20_setkey()
172     ctx->state[7]  = MBEDTLS_GET_UINT32_LE(key, 12);  in mbedtls_chacha20_setkey()
173     ctx->state[8]  = MBEDTLS_GET_UINT32_LE(key, 16);  in mbedtls_chacha20_setkey()
174     ctx->state[9]  = MBEDTLS_GET_UINT32_LE(key, 20);  in mbedtls_chacha20_setkey()
175     ctx->state[10] = MBEDTLS_GET_UINT32_LE(key, 24);  in mbedtls_chacha20_setkey()
176     ctx->state[11] = MBEDTLS_GET_UINT32_LE(key, 28);  in mbedtls_chacha20_setkey()
186     ctx->state[12] = counter;  in mbedtls_chacha20_starts()
189     ctx->state[13] = MBEDTLS_GET_UINT32_LE(nonce, 0);  in mbedtls_chacha20_starts()
190     ctx->state[14] = MBEDTLS_GET_UINT32_LE(nonce, 4);  in mbedtls_chacha20_starts()
191     ctx->state[15] = MBEDTLS_GET_UINT32_LE(nonce, 8);  in mbedtls_chacha20_starts()
221         chacha20_block(ctx->state, ctx->keystream8);  in mbedtls_chacha20_update()
222         ctx->state[CHACHA20_CTR_INDEX]++;  in mbedtls_chacha20_update()
233         chacha20_block(ctx->state, ctx->keystream8);  in mbedtls_chacha20_update()
234         ctx->state[CHACHA20_CTR_INDEX]++;  in mbedtls_chacha20_update()