From f61fb1b86c28225353ee67802b512c8529d21fb0 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 20 Sep 2018 16:31:01 +0200
Subject: chacha20-arm: go with Ard's version to optimize for Cortex-A7

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 src/crypto/include/zinc/chacha20.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src/crypto/include')

diff --git a/src/crypto/include/zinc/chacha20.h b/src/crypto/include/zinc/chacha20.h
index 455c431..276bdba 100644
--- a/src/crypto/include/zinc/chacha20.h
+++ b/src/crypto/include/zinc/chacha20.h
@@ -20,7 +20,16 @@ enum {
 	HCHACHA20_NONCE_SIZE = 16
 };
 
+enum {
+	/* expand 32-byte k */
+	CHACHA20_CONSTANT_EXPA = 0x61707865U,
+	CHACHA20_CONSTANT_ND_3 = 0x3320646eU,
+	CHACHA20_CONSTANT_2_BY = 0x79622d32U,
+	CHACHA20_CONSTANT_TE_K = 0x6b206574U
+};
+
 struct chacha20_ctx {
+	u32 constant[4];
 	u32 key[8];
 	u32 counter[4];
 } __aligned(32);
@@ -29,6 +38,10 @@ static inline void chacha20_init(struct chacha20_ctx *state,
 				 const u8 key[CHACHA20_KEY_SIZE],
 				 const u64 nonce)
 {
+	state->constant[0] = CHACHA20_CONSTANT_EXPA;
+	state->constant[1] = CHACHA20_CONSTANT_ND_3;
+	state->constant[2] = CHACHA20_CONSTANT_2_BY;
+	state->constant[3] = CHACHA20_CONSTANT_TE_K;
 	state->key[0] = get_unaligned_le32(key + 0);
 	state->key[1] = get_unaligned_le32(key + 4);
 	state->key[2] = get_unaligned_le32(key + 8);
-- 
cgit v1.2.3