1 /***
2 * Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
3 * Distributed under the MIT Software License.
4 * See accompanying file LICENSE.txt or copy at
5 * https://opensource.org/licenses/MIT
6 ***/
7
8 #ifndef SHA1DC_NO_STANDARD_INCLUDES
9 #include <string.h>
10 #include <memory.h>
11 #include <stdio.h>
12 #include <stdlib.h>
13 #ifdef __unix__
14 #include <sys/types.h> /* make sure macros like _BIG_ENDIAN visible */
15 #endif
16 #endif
17
18 #ifdef SHA1DC_CUSTOM_INCLUDE_SHA1_C
19 #include SHA1DC_CUSTOM_INCLUDE_SHA1_C
20 #endif
21
22 #ifndef SHA1DC_INIT_SAFE_HASH_DEFAULT
23 #define SHA1DC_INIT_SAFE_HASH_DEFAULT 1
24 #endif
25
26 #include "sha1.h"
27 #include "ubc_check.h"
28
29 #if (defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || \
30 defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__) || \
31 defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || \
32 defined(_X86_) || defined(__THW_INTEL__) || defined(__I86__) || defined(__INTEL__) || \
33 defined(__386) || defined(_M_X64) || defined(_M_AMD64))
34 #define SHA1DC_ON_INTEL_LIKE_PROCESSOR
35 #endif
36
37 /*
38 Because Little-Endian architectures are most common,
39 we only set SHA1DC_BIGENDIAN if one of these conditions is met.
40 Note that all MSFT platforms are little endian,
41 so none of these will be defined under the MSC compiler.
42 If you are compiling on a big endian platform and your compiler does not define one of these,
43 you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
44 */
45
46 #if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
47 /*
48 * Should detect Big Endian under GCC since at least 4.6.0 (gcc svn
49 * rev #165881). See
50 * https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
51 *
52 * This also works under clang since 3.2, it copied the GCC-ism. See
53 * clang.git's 3b198a97d2 ("Preprocessor: add __BYTE_ORDER__
54 * predefined macro", 2012-07-27)
55 */
56 #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
57 #define SHA1DC_BIGENDIAN
58 #endif
59
60 /* Not under GCC-alike */
61 #elif defined(__BYTE_ORDER) && defined(__BIG_ENDIAN)
62 /*
63 * Should detect Big Endian under glibc.git since 14245eb70e ("entered
64 * into RCS", 1992-11-25). Defined in <endian.h> which will have been
65 * brought in by standard headers. See glibc.git and
66 * https://sourceforge.net/p/predef/wiki/Endianness/
67 */
68 #if __BYTE_ORDER == __BIG_ENDIAN
69 #define SHA1DC_BIGENDIAN
70 #endif
71
72 /* Not under GCC-alike or glibc */
73 #elif defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN)
74 /*
75 * *BSD and newlib (embeded linux, cygwin, etc).
76 * the defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN) part prevents
77 * this condition from matching with Solaris/sparc.
78 * (Solaris defines only one endian macro)
79 */
80 #if _BYTE_ORDER == _BIG_ENDIAN
81 #define SHA1DC_BIGENDIAN
82 #endif
83
84 /* Not under GCC-alike or glibc or *BSD or newlib */
85 #elif (defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
86 defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || \
87 defined(__sparc))
88 /*
89 * Should define Big Endian for a whitelist of known processors. See
90 * https://sourceforge.net/p/predef/wiki/Endianness/ and
91 * http://www.oracle.com/technetwork/server-storage/solaris/portingtosolaris-138514.html
92 */
93 #define SHA1DC_BIGENDIAN
94
95 /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> */
96 #elif (defined(_AIX) || defined(__hpux))
97
98 /*
99 * Defines Big Endian on a whitelist of OSs that are known to be Big
100 * Endian-only. See
101 * https://public-inbox.org/git/93056823-2740-d072-1ebd-46b440b33d7e@felt.demon.nl/
102 */
103 #define SHA1DC_BIGENDIAN
104
105 /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> */
106 #elif defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
107 /*
108 * As a last resort before we do anything else we're not 100% sure
109 * about below, we blacklist specific processors here. We could add
110 * more, see e.g. https://wiki.debian.org/ArchitectureSpecificsMemo
111 */
112 #else /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> or <processor blacklist> */
113
114 /* We do nothing more here for now */
115 /*#error "Uncomment this to see if you fall through all the detection"*/
116
117 #endif /* Big Endian detection */
118
119 #if (defined(SHA1DC_FORCE_LITTLEENDIAN) && defined(SHA1DC_BIGENDIAN))
120 #undef SHA1DC_BIGENDIAN
121 #endif
122 #if (defined(SHA1DC_FORCE_BIGENDIAN) && !defined(SHA1DC_BIGENDIAN))
123 #define SHA1DC_BIGENDIAN
124 #endif
125 /*ENDIANNESS SELECTION*/
126
127 #ifndef SHA1DC_FORCE_ALIGNED_ACCESS
128 #if defined(SHA1DC_FORCE_UNALIGNED_ACCESS) || defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
129 #define SHA1DC_ALLOW_UNALIGNED_ACCESS
130 #endif /*UNALIGNED ACCESS DETECTION*/
131 #endif /*FORCE ALIGNED ACCESS*/
132
133 #define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
134 #define rotate_left(x,n) (((x)<<(n))|((x)>>(32-(n))))
135
136 #define sha1_bswap32(x) \
137 {x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}
138
139 #define sha1_mix(W, t) (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
140
141 #ifdef SHA1DC_BIGENDIAN
142 #define sha1_load(m, t, temp) { temp = m[t]; }
143 #else
144 #define sha1_load(m, t, temp) { temp = m[t]; sha1_bswap32(temp); }
145 #endif
146
147 #define sha1_store(W, t, x) *(volatile uint32_t *)&W[t] = x
148
149 #define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
150 #define sha1_f2(b,c,d) ((b)^(c)^(d))
151 #define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
152 #define sha1_f4(b,c,d) ((b)^(c)^(d))
153
154 #define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
155 { e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
156 #define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
157 { e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
158 #define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
159 { e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
160 #define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
161 { e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }
162
163 #define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
164 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
165 #define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
166 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
167 #define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
168 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
169 #define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
170 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }
171
172 #define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
173 {sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
174
175 #define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
176 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
177
178 #define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
179 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
180
181 #define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
182 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
183
184 #define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
185 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }
186
187
188 #define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
189
190 #ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
sha1_compression(uint32_t ihv[5],const uint32_t m[16])191 void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
192 {
193 uint32_t W[80];
194 uint32_t a,b,c,d,e;
195 unsigned i;
196
197 memcpy(W, m, 16 * 4);
198 for (i = 16; i < 80; ++i)
199 W[i] = sha1_mix(W, i);
200
201 a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
202
203 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
204 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
205 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
206 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
207 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
208 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
209 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
210 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
211 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
212 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
213 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
214 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
215 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
216 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
217 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
218 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
219 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
220 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
221 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
222 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
223
224 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
225 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
226 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
227 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
228 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
229 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
230 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
231 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
232 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
233 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
234 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
235 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
236 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
237 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
238 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
239 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
240 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
241 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
242 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
243 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
244
245 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
246 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
247 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
248 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
249 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
250 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
251 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
252 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
253 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
254 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
255 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
256 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
257 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
258 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
259 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
260 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
261 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
262 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
263 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
264 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
265
266 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
267 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
268 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
269 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
270 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
271 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
272 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
273 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
274 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
275 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
276 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
277 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
278 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
279 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
280 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
281 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
282 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
283 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
284 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
285 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
286
287 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
288 }
289 #endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
290
291
sha1_compression_W(uint32_t ihv[5],const uint32_t W[80])292 static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
293 {
294 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
295
296 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
297 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
298 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
299 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
300 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
301 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
302 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
303 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
304 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
305 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
306 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
307 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
308 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
309 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
310 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
311 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
312 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
313 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
314 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
315 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
316
317 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
318 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
319 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
320 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
321 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
322 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
323 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
324 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
325 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
326 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
327 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
328 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
329 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
330 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
331 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
332 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
333 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
334 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
335 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
336 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
337
338 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
339 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
340 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
341 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
342 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
343 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
344 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
345 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
346 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
347 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
348 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
349 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
350 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
351 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
352 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
353 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
354 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
355 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
356 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
357 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
358
359 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
360 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
361 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
362 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
363 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
364 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
365 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
366 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
367 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
368 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
369 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
370 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
371 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
372 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
373 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
374 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
375 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
376 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
377 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
378 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
379
380 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
381 }
382
383
384
sha1_compression_states(uint32_t ihv[5],const uint32_t m[16],uint32_t W[80],uint32_t states[80][5])385 void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
386 {
387 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
388 uint32_t temp;
389
390 #ifdef DOSTORESTATE00
391 SHA1_STORE_STATE(0)
392 #endif
393 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
394
395 #ifdef DOSTORESTATE01
396 SHA1_STORE_STATE(1)
397 #endif
398 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
399
400 #ifdef DOSTORESTATE02
401 SHA1_STORE_STATE(2)
402 #endif
403 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
404
405 #ifdef DOSTORESTATE03
406 SHA1_STORE_STATE(3)
407 #endif
408 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
409
410 #ifdef DOSTORESTATE04
411 SHA1_STORE_STATE(4)
412 #endif
413 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
414
415 #ifdef DOSTORESTATE05
416 SHA1_STORE_STATE(5)
417 #endif
418 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
419
420 #ifdef DOSTORESTATE06
421 SHA1_STORE_STATE(6)
422 #endif
423 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
424
425 #ifdef DOSTORESTATE07
426 SHA1_STORE_STATE(7)
427 #endif
428 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
429
430 #ifdef DOSTORESTATE08
431 SHA1_STORE_STATE(8)
432 #endif
433 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
434
435 #ifdef DOSTORESTATE09
436 SHA1_STORE_STATE(9)
437 #endif
438 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
439
440 #ifdef DOSTORESTATE10
441 SHA1_STORE_STATE(10)
442 #endif
443 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
444
445 #ifdef DOSTORESTATE11
446 SHA1_STORE_STATE(11)
447 #endif
448 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
449
450 #ifdef DOSTORESTATE12
451 SHA1_STORE_STATE(12)
452 #endif
453 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
454
455 #ifdef DOSTORESTATE13
456 SHA1_STORE_STATE(13)
457 #endif
458 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
459
460 #ifdef DOSTORESTATE14
461 SHA1_STORE_STATE(14)
462 #endif
463 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
464
465 #ifdef DOSTORESTATE15
466 SHA1_STORE_STATE(15)
467 #endif
468 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
469
470 #ifdef DOSTORESTATE16
471 SHA1_STORE_STATE(16)
472 #endif
473 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
474
475 #ifdef DOSTORESTATE17
476 SHA1_STORE_STATE(17)
477 #endif
478 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
479
480 #ifdef DOSTORESTATE18
481 SHA1_STORE_STATE(18)
482 #endif
483 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
484
485 #ifdef DOSTORESTATE19
486 SHA1_STORE_STATE(19)
487 #endif
488 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
489
490
491
492 #ifdef DOSTORESTATE20
493 SHA1_STORE_STATE(20)
494 #endif
495 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
496
497 #ifdef DOSTORESTATE21
498 SHA1_STORE_STATE(21)
499 #endif
500 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
501
502 #ifdef DOSTORESTATE22
503 SHA1_STORE_STATE(22)
504 #endif
505 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
506
507 #ifdef DOSTORESTATE23
508 SHA1_STORE_STATE(23)
509 #endif
510 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
511
512 #ifdef DOSTORESTATE24
513 SHA1_STORE_STATE(24)
514 #endif
515 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
516
517 #ifdef DOSTORESTATE25
518 SHA1_STORE_STATE(25)
519 #endif
520 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
521
522 #ifdef DOSTORESTATE26
523 SHA1_STORE_STATE(26)
524 #endif
525 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
526
527 #ifdef DOSTORESTATE27
528 SHA1_STORE_STATE(27)
529 #endif
530 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
531
532 #ifdef DOSTORESTATE28
533 SHA1_STORE_STATE(28)
534 #endif
535 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
536
537 #ifdef DOSTORESTATE29
538 SHA1_STORE_STATE(29)
539 #endif
540 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
541
542 #ifdef DOSTORESTATE30
543 SHA1_STORE_STATE(30)
544 #endif
545 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
546
547 #ifdef DOSTORESTATE31
548 SHA1_STORE_STATE(31)
549 #endif
550 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
551
552 #ifdef DOSTORESTATE32
553 SHA1_STORE_STATE(32)
554 #endif
555 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
556
557 #ifdef DOSTORESTATE33
558 SHA1_STORE_STATE(33)
559 #endif
560 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
561
562 #ifdef DOSTORESTATE34
563 SHA1_STORE_STATE(34)
564 #endif
565 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
566
567 #ifdef DOSTORESTATE35
568 SHA1_STORE_STATE(35)
569 #endif
570 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
571
572 #ifdef DOSTORESTATE36
573 SHA1_STORE_STATE(36)
574 #endif
575 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
576
577 #ifdef DOSTORESTATE37
578 SHA1_STORE_STATE(37)
579 #endif
580 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
581
582 #ifdef DOSTORESTATE38
583 SHA1_STORE_STATE(38)
584 #endif
585 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
586
587 #ifdef DOSTORESTATE39
588 SHA1_STORE_STATE(39)
589 #endif
590 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
591
592
593
594 #ifdef DOSTORESTATE40
595 SHA1_STORE_STATE(40)
596 #endif
597 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
598
599 #ifdef DOSTORESTATE41
600 SHA1_STORE_STATE(41)
601 #endif
602 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
603
604 #ifdef DOSTORESTATE42
605 SHA1_STORE_STATE(42)
606 #endif
607 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
608
609 #ifdef DOSTORESTATE43
610 SHA1_STORE_STATE(43)
611 #endif
612 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
613
614 #ifdef DOSTORESTATE44
615 SHA1_STORE_STATE(44)
616 #endif
617 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
618
619 #ifdef DOSTORESTATE45
620 SHA1_STORE_STATE(45)
621 #endif
622 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
623
624 #ifdef DOSTORESTATE46
625 SHA1_STORE_STATE(46)
626 #endif
627 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
628
629 #ifdef DOSTORESTATE47
630 SHA1_STORE_STATE(47)
631 #endif
632 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
633
634 #ifdef DOSTORESTATE48
635 SHA1_STORE_STATE(48)
636 #endif
637 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
638
639 #ifdef DOSTORESTATE49
640 SHA1_STORE_STATE(49)
641 #endif
642 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
643
644 #ifdef DOSTORESTATE50
645 SHA1_STORE_STATE(50)
646 #endif
647 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
648
649 #ifdef DOSTORESTATE51
650 SHA1_STORE_STATE(51)
651 #endif
652 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
653
654 #ifdef DOSTORESTATE52
655 SHA1_STORE_STATE(52)
656 #endif
657 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
658
659 #ifdef DOSTORESTATE53
660 SHA1_STORE_STATE(53)
661 #endif
662 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
663
664 #ifdef DOSTORESTATE54
665 SHA1_STORE_STATE(54)
666 #endif
667 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
668
669 #ifdef DOSTORESTATE55
670 SHA1_STORE_STATE(55)
671 #endif
672 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
673
674 #ifdef DOSTORESTATE56
675 SHA1_STORE_STATE(56)
676 #endif
677 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
678
679 #ifdef DOSTORESTATE57
680 SHA1_STORE_STATE(57)
681 #endif
682 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
683
684 #ifdef DOSTORESTATE58
685 SHA1_STORE_STATE(58)
686 #endif
687 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
688
689 #ifdef DOSTORESTATE59
690 SHA1_STORE_STATE(59)
691 #endif
692 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
693
694
695
696
697 #ifdef DOSTORESTATE60
698 SHA1_STORE_STATE(60)
699 #endif
700 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
701
702 #ifdef DOSTORESTATE61
703 SHA1_STORE_STATE(61)
704 #endif
705 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
706
707 #ifdef DOSTORESTATE62
708 SHA1_STORE_STATE(62)
709 #endif
710 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
711
712 #ifdef DOSTORESTATE63
713 SHA1_STORE_STATE(63)
714 #endif
715 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
716
717 #ifdef DOSTORESTATE64
718 SHA1_STORE_STATE(64)
719 #endif
720 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
721
722 #ifdef DOSTORESTATE65
723 SHA1_STORE_STATE(65)
724 #endif
725 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
726
727 #ifdef DOSTORESTATE66
728 SHA1_STORE_STATE(66)
729 #endif
730 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
731
732 #ifdef DOSTORESTATE67
733 SHA1_STORE_STATE(67)
734 #endif
735 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
736
737 #ifdef DOSTORESTATE68
738 SHA1_STORE_STATE(68)
739 #endif
740 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
741
742 #ifdef DOSTORESTATE69
743 SHA1_STORE_STATE(69)
744 #endif
745 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
746
747 #ifdef DOSTORESTATE70
748 SHA1_STORE_STATE(70)
749 #endif
750 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
751
752 #ifdef DOSTORESTATE71
753 SHA1_STORE_STATE(71)
754 #endif
755 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
756
757 #ifdef DOSTORESTATE72
758 SHA1_STORE_STATE(72)
759 #endif
760 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
761
762 #ifdef DOSTORESTATE73
763 SHA1_STORE_STATE(73)
764 #endif
765 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
766
767 #ifdef DOSTORESTATE74
768 SHA1_STORE_STATE(74)
769 #endif
770 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
771
772 #ifdef DOSTORESTATE75
773 SHA1_STORE_STATE(75)
774 #endif
775 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
776
777 #ifdef DOSTORESTATE76
778 SHA1_STORE_STATE(76)
779 #endif
780 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
781
782 #ifdef DOSTORESTATE77
783 SHA1_STORE_STATE(77)
784 #endif
785 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
786
787 #ifdef DOSTORESTATE78
788 SHA1_STORE_STATE(78)
789 #endif
790 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
791
792 #ifdef DOSTORESTATE79
793 SHA1_STORE_STATE(79)
794 #endif
795 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
796
797
798
799 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
800 }
801
802
803
804
805 #define SHA1_RECOMPRESS(t) \
806 static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
807 { \
808 uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
809 if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
810 if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
811 if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
812 if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
813 if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
814 if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
815 if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
816 if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
817 if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
818 if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
819 if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
820 if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
821 if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
822 if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
823 if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
824 if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
825 if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
826 if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
827 if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
828 if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
829 if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
830 if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
831 if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
832 if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
833 if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
834 if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
835 if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
836 if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
837 if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
838 if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
839 if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
840 if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
841 if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
842 if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
843 if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
844 if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
845 if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
846 if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
847 if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
848 if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
849 if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
850 if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
851 if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
852 if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
853 if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
854 if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
855 if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
856 if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
857 if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
858 if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
859 if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
860 if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
861 if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
862 if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
863 if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
864 if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
865 if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
866 if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
867 if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
868 if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
869 if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
870 if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
871 if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
872 if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
873 if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
874 if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
875 if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
876 if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
877 if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
878 if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
879 if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
880 if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
881 if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
882 if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
883 if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
884 if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
885 if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
886 if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
887 if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
888 if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
889 ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
890 a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
891 if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
892 if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
893 if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
894 if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
895 if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
896 if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
897 if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
898 if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
899 if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
900 if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
901 if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
902 if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
903 if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
904 if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
905 if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
906 if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
907 if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
908 if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
909 if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
910 if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
911 if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
912 if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
913 if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
914 if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
915 if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
916 if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
917 if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
918 if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
919 if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
920 if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
921 if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
922 if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
923 if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
924 if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
925 if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
926 if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
927 if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
928 if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
929 if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
930 if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
931 if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
932 if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
933 if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
934 if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
935 if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
936 if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
937 if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
938 if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
939 if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
940 if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
941 if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
942 if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
943 if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
944 if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
945 if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
946 if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
947 if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
948 if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
949 if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
950 if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
951 if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
952 if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
953 if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
954 if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
955 if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
956 if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
957 if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
958 if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
959 if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
960 if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
961 if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
962 if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
963 if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
964 if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
965 if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
966 if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
967 if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
968 if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
969 if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
970 if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
971 ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
972 }
973
974 #ifdef _MSC_VER
975 #pragma warning(push)
976 #pragma warning(disable: 4127) /* Compiler complains about the checks in the above macro being constant. */
977 #endif
978
979 #ifdef DOSTORESTATE0
980 SHA1_RECOMPRESS(0)
981 #endif
982
983 #ifdef DOSTORESTATE1
984 SHA1_RECOMPRESS(1)
985 #endif
986
987 #ifdef DOSTORESTATE2
988 SHA1_RECOMPRESS(2)
989 #endif
990
991 #ifdef DOSTORESTATE3
992 SHA1_RECOMPRESS(3)
993 #endif
994
995 #ifdef DOSTORESTATE4
996 SHA1_RECOMPRESS(4)
997 #endif
998
999 #ifdef DOSTORESTATE5
1000 SHA1_RECOMPRESS(5)
1001 #endif
1002
1003 #ifdef DOSTORESTATE6
1004 SHA1_RECOMPRESS(6)
1005 #endif
1006
1007 #ifdef DOSTORESTATE7
1008 SHA1_RECOMPRESS(7)
1009 #endif
1010
1011 #ifdef DOSTORESTATE8
1012 SHA1_RECOMPRESS(8)
1013 #endif
1014
1015 #ifdef DOSTORESTATE9
1016 SHA1_RECOMPRESS(9)
1017 #endif
1018
1019 #ifdef DOSTORESTATE10
1020 SHA1_RECOMPRESS(10)
1021 #endif
1022
1023 #ifdef DOSTORESTATE11
1024 SHA1_RECOMPRESS(11)
1025 #endif
1026
1027 #ifdef DOSTORESTATE12
1028 SHA1_RECOMPRESS(12)
1029 #endif
1030
1031 #ifdef DOSTORESTATE13
1032 SHA1_RECOMPRESS(13)
1033 #endif
1034
1035 #ifdef DOSTORESTATE14
1036 SHA1_RECOMPRESS(14)
1037 #endif
1038
1039 #ifdef DOSTORESTATE15
1040 SHA1_RECOMPRESS(15)
1041 #endif
1042
1043 #ifdef DOSTORESTATE16
1044 SHA1_RECOMPRESS(16)
1045 #endif
1046
1047 #ifdef DOSTORESTATE17
1048 SHA1_RECOMPRESS(17)
1049 #endif
1050
1051 #ifdef DOSTORESTATE18
1052 SHA1_RECOMPRESS(18)
1053 #endif
1054
1055 #ifdef DOSTORESTATE19
1056 SHA1_RECOMPRESS(19)
1057 #endif
1058
1059 #ifdef DOSTORESTATE20
1060 SHA1_RECOMPRESS(20)
1061 #endif
1062
1063 #ifdef DOSTORESTATE21
1064 SHA1_RECOMPRESS(21)
1065 #endif
1066
1067 #ifdef DOSTORESTATE22
1068 SHA1_RECOMPRESS(22)
1069 #endif
1070
1071 #ifdef DOSTORESTATE23
1072 SHA1_RECOMPRESS(23)
1073 #endif
1074
1075 #ifdef DOSTORESTATE24
1076 SHA1_RECOMPRESS(24)
1077 #endif
1078
1079 #ifdef DOSTORESTATE25
1080 SHA1_RECOMPRESS(25)
1081 #endif
1082
1083 #ifdef DOSTORESTATE26
1084 SHA1_RECOMPRESS(26)
1085 #endif
1086
1087 #ifdef DOSTORESTATE27
1088 SHA1_RECOMPRESS(27)
1089 #endif
1090
1091 #ifdef DOSTORESTATE28
1092 SHA1_RECOMPRESS(28)
1093 #endif
1094
1095 #ifdef DOSTORESTATE29
1096 SHA1_RECOMPRESS(29)
1097 #endif
1098
1099 #ifdef DOSTORESTATE30
1100 SHA1_RECOMPRESS(30)
1101 #endif
1102
1103 #ifdef DOSTORESTATE31
1104 SHA1_RECOMPRESS(31)
1105 #endif
1106
1107 #ifdef DOSTORESTATE32
1108 SHA1_RECOMPRESS(32)
1109 #endif
1110
1111 #ifdef DOSTORESTATE33
1112 SHA1_RECOMPRESS(33)
1113 #endif
1114
1115 #ifdef DOSTORESTATE34
1116 SHA1_RECOMPRESS(34)
1117 #endif
1118
1119 #ifdef DOSTORESTATE35
1120 SHA1_RECOMPRESS(35)
1121 #endif
1122
1123 #ifdef DOSTORESTATE36
1124 SHA1_RECOMPRESS(36)
1125 #endif
1126
1127 #ifdef DOSTORESTATE37
1128 SHA1_RECOMPRESS(37)
1129 #endif
1130
1131 #ifdef DOSTORESTATE38
1132 SHA1_RECOMPRESS(38)
1133 #endif
1134
1135 #ifdef DOSTORESTATE39
1136 SHA1_RECOMPRESS(39)
1137 #endif
1138
1139 #ifdef DOSTORESTATE40
1140 SHA1_RECOMPRESS(40)
1141 #endif
1142
1143 #ifdef DOSTORESTATE41
1144 SHA1_RECOMPRESS(41)
1145 #endif
1146
1147 #ifdef DOSTORESTATE42
1148 SHA1_RECOMPRESS(42)
1149 #endif
1150
1151 #ifdef DOSTORESTATE43
1152 SHA1_RECOMPRESS(43)
1153 #endif
1154
1155 #ifdef DOSTORESTATE44
1156 SHA1_RECOMPRESS(44)
1157 #endif
1158
1159 #ifdef DOSTORESTATE45
1160 SHA1_RECOMPRESS(45)
1161 #endif
1162
1163 #ifdef DOSTORESTATE46
1164 SHA1_RECOMPRESS(46)
1165 #endif
1166
1167 #ifdef DOSTORESTATE47
1168 SHA1_RECOMPRESS(47)
1169 #endif
1170
1171 #ifdef DOSTORESTATE48
1172 SHA1_RECOMPRESS(48)
1173 #endif
1174
1175 #ifdef DOSTORESTATE49
1176 SHA1_RECOMPRESS(49)
1177 #endif
1178
1179 #ifdef DOSTORESTATE50
1180 SHA1_RECOMPRESS(50)
1181 #endif
1182
1183 #ifdef DOSTORESTATE51
1184 SHA1_RECOMPRESS(51)
1185 #endif
1186
1187 #ifdef DOSTORESTATE52
1188 SHA1_RECOMPRESS(52)
1189 #endif
1190
1191 #ifdef DOSTORESTATE53
1192 SHA1_RECOMPRESS(53)
1193 #endif
1194
1195 #ifdef DOSTORESTATE54
1196 SHA1_RECOMPRESS(54)
1197 #endif
1198
1199 #ifdef DOSTORESTATE55
1200 SHA1_RECOMPRESS(55)
1201 #endif
1202
1203 #ifdef DOSTORESTATE56
1204 SHA1_RECOMPRESS(56)
1205 #endif
1206
1207 #ifdef DOSTORESTATE57
1208 SHA1_RECOMPRESS(57)
1209 #endif
1210
1211 #ifdef DOSTORESTATE58
1212 SHA1_RECOMPRESS(58)
1213 #endif
1214
1215 #ifdef DOSTORESTATE59
1216 SHA1_RECOMPRESS(59)
1217 #endif
1218
1219 #ifdef DOSTORESTATE60
1220 SHA1_RECOMPRESS(60)
1221 #endif
1222
1223 #ifdef DOSTORESTATE61
1224 SHA1_RECOMPRESS(61)
1225 #endif
1226
1227 #ifdef DOSTORESTATE62
1228 SHA1_RECOMPRESS(62)
1229 #endif
1230
1231 #ifdef DOSTORESTATE63
1232 SHA1_RECOMPRESS(63)
1233 #endif
1234
1235 #ifdef DOSTORESTATE64
1236 SHA1_RECOMPRESS(64)
1237 #endif
1238
1239 #ifdef DOSTORESTATE65
1240 SHA1_RECOMPRESS(65)
1241 #endif
1242
1243 #ifdef DOSTORESTATE66
1244 SHA1_RECOMPRESS(66)
1245 #endif
1246
1247 #ifdef DOSTORESTATE67
1248 SHA1_RECOMPRESS(67)
1249 #endif
1250
1251 #ifdef DOSTORESTATE68
1252 SHA1_RECOMPRESS(68)
1253 #endif
1254
1255 #ifdef DOSTORESTATE69
1256 SHA1_RECOMPRESS(69)
1257 #endif
1258
1259 #ifdef DOSTORESTATE70
1260 SHA1_RECOMPRESS(70)
1261 #endif
1262
1263 #ifdef DOSTORESTATE71
1264 SHA1_RECOMPRESS(71)
1265 #endif
1266
1267 #ifdef DOSTORESTATE72
1268 SHA1_RECOMPRESS(72)
1269 #endif
1270
1271 #ifdef DOSTORESTATE73
1272 SHA1_RECOMPRESS(73)
1273 #endif
1274
1275 #ifdef DOSTORESTATE74
1276 SHA1_RECOMPRESS(74)
1277 #endif
1278
1279 #ifdef DOSTORESTATE75
1280 SHA1_RECOMPRESS(75)
1281 #endif
1282
1283 #ifdef DOSTORESTATE76
1284 SHA1_RECOMPRESS(76)
1285 #endif
1286
1287 #ifdef DOSTORESTATE77
1288 SHA1_RECOMPRESS(77)
1289 #endif
1290
1291 #ifdef DOSTORESTATE78
1292 SHA1_RECOMPRESS(78)
1293 #endif
1294
1295 #ifdef DOSTORESTATE79
1296 SHA1_RECOMPRESS(79)
1297 #endif
1298
1299 #ifdef _MSC_VER
1300 #pragma warning(pop)
1301 #endif
1302
sha1_recompression_step(uint32_t step,uint32_t ihvin[5],uint32_t ihvout[5],const uint32_t me2[80],const uint32_t state[5])1303 static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
1304 {
1305 switch (step)
1306 {
1307 #ifdef DOSTORESTATE0
1308 case 0:
1309 sha1recompress_fast_0(ihvin, ihvout, me2, state);
1310 break;
1311 #endif
1312 #ifdef DOSTORESTATE1
1313 case 1:
1314 sha1recompress_fast_1(ihvin, ihvout, me2, state);
1315 break;
1316 #endif
1317 #ifdef DOSTORESTATE2
1318 case 2:
1319 sha1recompress_fast_2(ihvin, ihvout, me2, state);
1320 break;
1321 #endif
1322 #ifdef DOSTORESTATE3
1323 case 3:
1324 sha1recompress_fast_3(ihvin, ihvout, me2, state);
1325 break;
1326 #endif
1327 #ifdef DOSTORESTATE4
1328 case 4:
1329 sha1recompress_fast_4(ihvin, ihvout, me2, state);
1330 break;
1331 #endif
1332 #ifdef DOSTORESTATE5
1333 case 5:
1334 sha1recompress_fast_5(ihvin, ihvout, me2, state);
1335 break;
1336 #endif
1337 #ifdef DOSTORESTATE6
1338 case 6:
1339 sha1recompress_fast_6(ihvin, ihvout, me2, state);
1340 break;
1341 #endif
1342 #ifdef DOSTORESTATE7
1343 case 7:
1344 sha1recompress_fast_7(ihvin, ihvout, me2, state);
1345 break;
1346 #endif
1347 #ifdef DOSTORESTATE8
1348 case 8:
1349 sha1recompress_fast_8(ihvin, ihvout, me2, state);
1350 break;
1351 #endif
1352 #ifdef DOSTORESTATE9
1353 case 9:
1354 sha1recompress_fast_9(ihvin, ihvout, me2, state);
1355 break;
1356 #endif
1357 #ifdef DOSTORESTATE10
1358 case 10:
1359 sha1recompress_fast_10(ihvin, ihvout, me2, state);
1360 break;
1361 #endif
1362 #ifdef DOSTORESTATE11
1363 case 11:
1364 sha1recompress_fast_11(ihvin, ihvout, me2, state);
1365 break;
1366 #endif
1367 #ifdef DOSTORESTATE12
1368 case 12:
1369 sha1recompress_fast_12(ihvin, ihvout, me2, state);
1370 break;
1371 #endif
1372 #ifdef DOSTORESTATE13
1373 case 13:
1374 sha1recompress_fast_13(ihvin, ihvout, me2, state);
1375 break;
1376 #endif
1377 #ifdef DOSTORESTATE14
1378 case 14:
1379 sha1recompress_fast_14(ihvin, ihvout, me2, state);
1380 break;
1381 #endif
1382 #ifdef DOSTORESTATE15
1383 case 15:
1384 sha1recompress_fast_15(ihvin, ihvout, me2, state);
1385 break;
1386 #endif
1387 #ifdef DOSTORESTATE16
1388 case 16:
1389 sha1recompress_fast_16(ihvin, ihvout, me2, state);
1390 break;
1391 #endif
1392 #ifdef DOSTORESTATE17
1393 case 17:
1394 sha1recompress_fast_17(ihvin, ihvout, me2, state);
1395 break;
1396 #endif
1397 #ifdef DOSTORESTATE18
1398 case 18:
1399 sha1recompress_fast_18(ihvin, ihvout, me2, state);
1400 break;
1401 #endif
1402 #ifdef DOSTORESTATE19
1403 case 19:
1404 sha1recompress_fast_19(ihvin, ihvout, me2, state);
1405 break;
1406 #endif
1407 #ifdef DOSTORESTATE20
1408 case 20:
1409 sha1recompress_fast_20(ihvin, ihvout, me2, state);
1410 break;
1411 #endif
1412 #ifdef DOSTORESTATE21
1413 case 21:
1414 sha1recompress_fast_21(ihvin, ihvout, me2, state);
1415 break;
1416 #endif
1417 #ifdef DOSTORESTATE22
1418 case 22:
1419 sha1recompress_fast_22(ihvin, ihvout, me2, state);
1420 break;
1421 #endif
1422 #ifdef DOSTORESTATE23
1423 case 23:
1424 sha1recompress_fast_23(ihvin, ihvout, me2, state);
1425 break;
1426 #endif
1427 #ifdef DOSTORESTATE24
1428 case 24:
1429 sha1recompress_fast_24(ihvin, ihvout, me2, state);
1430 break;
1431 #endif
1432 #ifdef DOSTORESTATE25
1433 case 25:
1434 sha1recompress_fast_25(ihvin, ihvout, me2, state);
1435 break;
1436 #endif
1437 #ifdef DOSTORESTATE26
1438 case 26:
1439 sha1recompress_fast_26(ihvin, ihvout, me2, state);
1440 break;
1441 #endif
1442 #ifdef DOSTORESTATE27
1443 case 27:
1444 sha1recompress_fast_27(ihvin, ihvout, me2, state);
1445 break;
1446 #endif
1447 #ifdef DOSTORESTATE28
1448 case 28:
1449 sha1recompress_fast_28(ihvin, ihvout, me2, state);
1450 break;
1451 #endif
1452 #ifdef DOSTORESTATE29
1453 case 29:
1454 sha1recompress_fast_29(ihvin, ihvout, me2, state);
1455 break;
1456 #endif
1457 #ifdef DOSTORESTATE30
1458 case 30:
1459 sha1recompress_fast_30(ihvin, ihvout, me2, state);
1460 break;
1461 #endif
1462 #ifdef DOSTORESTATE31
1463 case 31:
1464 sha1recompress_fast_31(ihvin, ihvout, me2, state);
1465 break;
1466 #endif
1467 #ifdef DOSTORESTATE32
1468 case 32:
1469 sha1recompress_fast_32(ihvin, ihvout, me2, state);
1470 break;
1471 #endif
1472 #ifdef DOSTORESTATE33
1473 case 33:
1474 sha1recompress_fast_33(ihvin, ihvout, me2, state);
1475 break;
1476 #endif
1477 #ifdef DOSTORESTATE34
1478 case 34:
1479 sha1recompress_fast_34(ihvin, ihvout, me2, state);
1480 break;
1481 #endif
1482 #ifdef DOSTORESTATE35
1483 case 35:
1484 sha1recompress_fast_35(ihvin, ihvout, me2, state);
1485 break;
1486 #endif
1487 #ifdef DOSTORESTATE36
1488 case 36:
1489 sha1recompress_fast_36(ihvin, ihvout, me2, state);
1490 break;
1491 #endif
1492 #ifdef DOSTORESTATE37
1493 case 37:
1494 sha1recompress_fast_37(ihvin, ihvout, me2, state);
1495 break;
1496 #endif
1497 #ifdef DOSTORESTATE38
1498 case 38:
1499 sha1recompress_fast_38(ihvin, ihvout, me2, state);
1500 break;
1501 #endif
1502 #ifdef DOSTORESTATE39
1503 case 39:
1504 sha1recompress_fast_39(ihvin, ihvout, me2, state);
1505 break;
1506 #endif
1507 #ifdef DOSTORESTATE40
1508 case 40:
1509 sha1recompress_fast_40(ihvin, ihvout, me2, state);
1510 break;
1511 #endif
1512 #ifdef DOSTORESTATE41
1513 case 41:
1514 sha1recompress_fast_41(ihvin, ihvout, me2, state);
1515 break;
1516 #endif
1517 #ifdef DOSTORESTATE42
1518 case 42:
1519 sha1recompress_fast_42(ihvin, ihvout, me2, state);
1520 break;
1521 #endif
1522 #ifdef DOSTORESTATE43
1523 case 43:
1524 sha1recompress_fast_43(ihvin, ihvout, me2, state);
1525 break;
1526 #endif
1527 #ifdef DOSTORESTATE44
1528 case 44:
1529 sha1recompress_fast_44(ihvin, ihvout, me2, state);
1530 break;
1531 #endif
1532 #ifdef DOSTORESTATE45
1533 case 45:
1534 sha1recompress_fast_45(ihvin, ihvout, me2, state);
1535 break;
1536 #endif
1537 #ifdef DOSTORESTATE46
1538 case 46:
1539 sha1recompress_fast_46(ihvin, ihvout, me2, state);
1540 break;
1541 #endif
1542 #ifdef DOSTORESTATE47
1543 case 47:
1544 sha1recompress_fast_47(ihvin, ihvout, me2, state);
1545 break;
1546 #endif
1547 #ifdef DOSTORESTATE48
1548 case 48:
1549 sha1recompress_fast_48(ihvin, ihvout, me2, state);
1550 break;
1551 #endif
1552 #ifdef DOSTORESTATE49
1553 case 49:
1554 sha1recompress_fast_49(ihvin, ihvout, me2, state);
1555 break;
1556 #endif
1557 #ifdef DOSTORESTATE50
1558 case 50:
1559 sha1recompress_fast_50(ihvin, ihvout, me2, state);
1560 break;
1561 #endif
1562 #ifdef DOSTORESTATE51
1563 case 51:
1564 sha1recompress_fast_51(ihvin, ihvout, me2, state);
1565 break;
1566 #endif
1567 #ifdef DOSTORESTATE52
1568 case 52:
1569 sha1recompress_fast_52(ihvin, ihvout, me2, state);
1570 break;
1571 #endif
1572 #ifdef DOSTORESTATE53
1573 case 53:
1574 sha1recompress_fast_53(ihvin, ihvout, me2, state);
1575 break;
1576 #endif
1577 #ifdef DOSTORESTATE54
1578 case 54:
1579 sha1recompress_fast_54(ihvin, ihvout, me2, state);
1580 break;
1581 #endif
1582 #ifdef DOSTORESTATE55
1583 case 55:
1584 sha1recompress_fast_55(ihvin, ihvout, me2, state);
1585 break;
1586 #endif
1587 #ifdef DOSTORESTATE56
1588 case 56:
1589 sha1recompress_fast_56(ihvin, ihvout, me2, state);
1590 break;
1591 #endif
1592 #ifdef DOSTORESTATE57
1593 case 57:
1594 sha1recompress_fast_57(ihvin, ihvout, me2, state);
1595 break;
1596 #endif
1597 #ifdef DOSTORESTATE58
1598 case 58:
1599 sha1recompress_fast_58(ihvin, ihvout, me2, state);
1600 break;
1601 #endif
1602 #ifdef DOSTORESTATE59
1603 case 59:
1604 sha1recompress_fast_59(ihvin, ihvout, me2, state);
1605 break;
1606 #endif
1607 #ifdef DOSTORESTATE60
1608 case 60:
1609 sha1recompress_fast_60(ihvin, ihvout, me2, state);
1610 break;
1611 #endif
1612 #ifdef DOSTORESTATE61
1613 case 61:
1614 sha1recompress_fast_61(ihvin, ihvout, me2, state);
1615 break;
1616 #endif
1617 #ifdef DOSTORESTATE62
1618 case 62:
1619 sha1recompress_fast_62(ihvin, ihvout, me2, state);
1620 break;
1621 #endif
1622 #ifdef DOSTORESTATE63
1623 case 63:
1624 sha1recompress_fast_63(ihvin, ihvout, me2, state);
1625 break;
1626 #endif
1627 #ifdef DOSTORESTATE64
1628 case 64:
1629 sha1recompress_fast_64(ihvin, ihvout, me2, state);
1630 break;
1631 #endif
1632 #ifdef DOSTORESTATE65
1633 case 65:
1634 sha1recompress_fast_65(ihvin, ihvout, me2, state);
1635 break;
1636 #endif
1637 #ifdef DOSTORESTATE66
1638 case 66:
1639 sha1recompress_fast_66(ihvin, ihvout, me2, state);
1640 break;
1641 #endif
1642 #ifdef DOSTORESTATE67
1643 case 67:
1644 sha1recompress_fast_67(ihvin, ihvout, me2, state);
1645 break;
1646 #endif
1647 #ifdef DOSTORESTATE68
1648 case 68:
1649 sha1recompress_fast_68(ihvin, ihvout, me2, state);
1650 break;
1651 #endif
1652 #ifdef DOSTORESTATE69
1653 case 69:
1654 sha1recompress_fast_69(ihvin, ihvout, me2, state);
1655 break;
1656 #endif
1657 #ifdef DOSTORESTATE70
1658 case 70:
1659 sha1recompress_fast_70(ihvin, ihvout, me2, state);
1660 break;
1661 #endif
1662 #ifdef DOSTORESTATE71
1663 case 71:
1664 sha1recompress_fast_71(ihvin, ihvout, me2, state);
1665 break;
1666 #endif
1667 #ifdef DOSTORESTATE72
1668 case 72:
1669 sha1recompress_fast_72(ihvin, ihvout, me2, state);
1670 break;
1671 #endif
1672 #ifdef DOSTORESTATE73
1673 case 73:
1674 sha1recompress_fast_73(ihvin, ihvout, me2, state);
1675 break;
1676 #endif
1677 #ifdef DOSTORESTATE74
1678 case 74:
1679 sha1recompress_fast_74(ihvin, ihvout, me2, state);
1680 break;
1681 #endif
1682 #ifdef DOSTORESTATE75
1683 case 75:
1684 sha1recompress_fast_75(ihvin, ihvout, me2, state);
1685 break;
1686 #endif
1687 #ifdef DOSTORESTATE76
1688 case 76:
1689 sha1recompress_fast_76(ihvin, ihvout, me2, state);
1690 break;
1691 #endif
1692 #ifdef DOSTORESTATE77
1693 case 77:
1694 sha1recompress_fast_77(ihvin, ihvout, me2, state);
1695 break;
1696 #endif
1697 #ifdef DOSTORESTATE78
1698 case 78:
1699 sha1recompress_fast_78(ihvin, ihvout, me2, state);
1700 break;
1701 #endif
1702 #ifdef DOSTORESTATE79
1703 case 79:
1704 sha1recompress_fast_79(ihvin, ihvout, me2, state);
1705 break;
1706 #endif
1707 default:
1708 abort();
1709 }
1710
1711 }
1712
1713
1714
sha1_process(SHA1_CTX * ctx,const uint32_t block[16])1715 static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
1716 {
1717 unsigned i, j;
1718 uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
1719 uint32_t ihvtmp[5];
1720
1721 ctx->ihv1[0] = ctx->ihv[0];
1722 ctx->ihv1[1] = ctx->ihv[1];
1723 ctx->ihv1[2] = ctx->ihv[2];
1724 ctx->ihv1[3] = ctx->ihv[3];
1725 ctx->ihv1[4] = ctx->ihv[4];
1726
1727 sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
1728
1729 if (ctx->detect_coll)
1730 {
1731 if (ctx->ubc_check)
1732 {
1733 ubc_check(ctx->m1, ubc_dv_mask);
1734 }
1735
1736 if (ubc_dv_mask[0] != 0)
1737 {
1738 for (i = 0; sha1_dvs[i].dvType != 0; ++i)
1739 {
1740 if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
1741 {
1742 for (j = 0; j < 80; ++j)
1743 ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1744
1745 sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);
1746
1747 /* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
1748 if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
1749 || (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
1750 {
1751 ctx->found_collision = 1;
1752
1753 if (ctx->safe_hash)
1754 {
1755 sha1_compression_W(ctx->ihv, ctx->m1);
1756 sha1_compression_W(ctx->ihv, ctx->m1);
1757 }
1758
1759 break;
1760 }
1761 }
1762 }
1763 }
1764 }
1765 }
1766
SHA1DCInit(SHA1_CTX * ctx)1767 void SHA1DCInit(SHA1_CTX* ctx)
1768 {
1769 ctx->total = 0;
1770 ctx->ihv[0] = 0x67452301;
1771 ctx->ihv[1] = 0xEFCDAB89;
1772 ctx->ihv[2] = 0x98BADCFE;
1773 ctx->ihv[3] = 0x10325476;
1774 ctx->ihv[4] = 0xC3D2E1F0;
1775 ctx->found_collision = 0;
1776 ctx->safe_hash = SHA1DC_INIT_SAFE_HASH_DEFAULT;
1777 ctx->ubc_check = 1;
1778 ctx->detect_coll = 1;
1779 ctx->reduced_round_coll = 0;
1780 ctx->callback = NULL;
1781 }
1782
SHA1DCSetSafeHash(SHA1_CTX * ctx,int safehash)1783 void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
1784 {
1785 if (safehash)
1786 ctx->safe_hash = 1;
1787 else
1788 ctx->safe_hash = 0;
1789 }
1790
1791
SHA1DCSetUseUBC(SHA1_CTX * ctx,int ubc_check)1792 void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
1793 {
1794 if (ubc_check)
1795 ctx->ubc_check = 1;
1796 else
1797 ctx->ubc_check = 0;
1798 }
1799
SHA1DCSetUseDetectColl(SHA1_CTX * ctx,int detect_coll)1800 void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
1801 {
1802 if (detect_coll)
1803 ctx->detect_coll = 1;
1804 else
1805 ctx->detect_coll = 0;
1806 }
1807
SHA1DCSetDetectReducedRoundCollision(SHA1_CTX * ctx,int reduced_round_coll)1808 void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
1809 {
1810 if (reduced_round_coll)
1811 ctx->reduced_round_coll = 1;
1812 else
1813 ctx->reduced_round_coll = 0;
1814 }
1815
SHA1DCSetCallback(SHA1_CTX * ctx,collision_block_callback callback)1816 void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
1817 {
1818 ctx->callback = callback;
1819 }
1820
SHA1DCUpdate(SHA1_CTX * ctx,const char * buf,size_t len)1821 void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
1822 {
1823 unsigned left, fill;
1824
1825 if (len == 0)
1826 return;
1827
1828 left = ctx->total & 63;
1829 fill = 64 - left;
1830
1831 if (left && len >= fill)
1832 {
1833 ctx->total += fill;
1834 memcpy(ctx->buffer + left, buf, fill);
1835 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1836 buf += fill;
1837 len -= fill;
1838 left = 0;
1839 }
1840 while (len >= 64)
1841 {
1842 ctx->total += 64;
1843
1844 #if defined(SHA1DC_ALLOW_UNALIGNED_ACCESS)
1845 sha1_process(ctx, (uint32_t*)(buf));
1846 #else
1847 memcpy(ctx->buffer, buf, 64);
1848 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1849 #endif /* defined(SHA1DC_ALLOW_UNALIGNED_ACCESS) */
1850 buf += 64;
1851 len -= 64;
1852 }
1853 if (len > 0)
1854 {
1855 ctx->total += len;
1856 memcpy(ctx->buffer + left, buf, len);
1857 }
1858 }
1859
1860 static const unsigned char sha1_padding[64] =
1861 {
1862 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1863 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1864 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1865 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1866 };
1867
SHA1DCFinal(unsigned char output[20],SHA1_CTX * ctx)1868 int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
1869 {
1870 uint32_t last = ctx->total & 63;
1871 uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
1872 uint64_t total;
1873 SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
1874
1875 total = ctx->total - padn;
1876 total <<= 3;
1877 ctx->buffer[56] = (unsigned char)(total >> 56);
1878 ctx->buffer[57] = (unsigned char)(total >> 48);
1879 ctx->buffer[58] = (unsigned char)(total >> 40);
1880 ctx->buffer[59] = (unsigned char)(total >> 32);
1881 ctx->buffer[60] = (unsigned char)(total >> 24);
1882 ctx->buffer[61] = (unsigned char)(total >> 16);
1883 ctx->buffer[62] = (unsigned char)(total >> 8);
1884 ctx->buffer[63] = (unsigned char)(total);
1885 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1886 output[0] = (unsigned char)(ctx->ihv[0] >> 24);
1887 output[1] = (unsigned char)(ctx->ihv[0] >> 16);
1888 output[2] = (unsigned char)(ctx->ihv[0] >> 8);
1889 output[3] = (unsigned char)(ctx->ihv[0]);
1890 output[4] = (unsigned char)(ctx->ihv[1] >> 24);
1891 output[5] = (unsigned char)(ctx->ihv[1] >> 16);
1892 output[6] = (unsigned char)(ctx->ihv[1] >> 8);
1893 output[7] = (unsigned char)(ctx->ihv[1]);
1894 output[8] = (unsigned char)(ctx->ihv[2] >> 24);
1895 output[9] = (unsigned char)(ctx->ihv[2] >> 16);
1896 output[10] = (unsigned char)(ctx->ihv[2] >> 8);
1897 output[11] = (unsigned char)(ctx->ihv[2]);
1898 output[12] = (unsigned char)(ctx->ihv[3] >> 24);
1899 output[13] = (unsigned char)(ctx->ihv[3] >> 16);
1900 output[14] = (unsigned char)(ctx->ihv[3] >> 8);
1901 output[15] = (unsigned char)(ctx->ihv[3]);
1902 output[16] = (unsigned char)(ctx->ihv[4] >> 24);
1903 output[17] = (unsigned char)(ctx->ihv[4] >> 16);
1904 output[18] = (unsigned char)(ctx->ihv[4] >> 8);
1905 output[19] = (unsigned char)(ctx->ihv[4]);
1906 return ctx->found_collision;
1907 }
1908
1909 #ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1910 #include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1911 #endif
1912