1 /***
2 * Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
3 * Distributed under the MIT Software License.
4 * See accompanying file LICENSE.txt or copy at
5 * https://opensource.org/licenses/MIT
6 ***/
7
8 #ifndef SHA1DC_NO_STANDARD_INCLUDES
9 #include <string.h>
10 #include <memory.h>
11 #include <stdio.h>
12 #include <stdlib.h>
13 #ifdef __unix__
14 #include <sys/types.h> /* make sure macros like _BIG_ENDIAN visible */
15 #endif
16 #endif
17
18 #ifdef SHA1DC_CUSTOM_INCLUDE_SHA1_C
19 #include SHA1DC_CUSTOM_INCLUDE_SHA1_C
20 #endif
21
22 #ifndef SHA1DC_INIT_SAFE_HASH_DEFAULT
23 #define SHA1DC_INIT_SAFE_HASH_DEFAULT 1
24 #endif
25
26 #include "sha1.h"
27 #include "ubc_check.h"
28
29 #if (defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || \
30 defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__) || \
31 defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || \
32 defined(_X86_) || defined(__THW_INTEL__) || defined(__I86__) || defined(__INTEL__) || \
33 defined(__386) || defined(_M_X64) || defined(_M_AMD64))
34 #define SHA1DC_ON_INTEL_LIKE_PROCESSOR
35 #endif
36
37 /*
38 Because Little-Endian architectures are most common,
39 we only set SHA1DC_BIGENDIAN if one of these conditions is met.
40 Note that all MSFT platforms are little endian,
41 so none of these will be defined under the MSC compiler.
42 If you are compiling on a big endian platform and your compiler does not define one of
43 these, you will have to add whatever macros your tool chain defines to indicate
44 Big-Endianness.
45 */
46
47 #if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
48 /*
49 * Should detect Big Endian under GCC since at least 4.6.0 (gcc svn
50 * rev #165881). See
51 * https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
52 *
53 * This also works under clang since 3.2, it copied the GCC-ism. See
54 * clang.git's 3b198a97d2 ("Preprocessor: add __BYTE_ORDER__
55 * predefined macro", 2012-07-27)
56 */
57 #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
58 #define SHA1DC_BIGENDIAN
59 #endif
60
61 /* Not under GCC-alike */
62 #elif defined(__BYTE_ORDER) && defined(__BIG_ENDIAN)
63 /*
64 * Should detect Big Endian under glibc.git since 14245eb70e ("entered
65 * into RCS", 1992-11-25). Defined in <endian.h> which will have been
66 * brought in by standard headers. See glibc.git and
67 * https://sourceforge.net/p/predef/wiki/Endianness/
68 */
69 #if __BYTE_ORDER == __BIG_ENDIAN
70 #define SHA1DC_BIGENDIAN
71 #endif
72
73 /* Not under GCC-alike or glibc */
74 #elif defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN)
75 /*
76 * *BSD and newlib (embedded linux, cygwin, etc).
77 * the defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN) part prevents
78 * this condition from matching with Solaris/sparc.
79 * (Solaris defines only one endian macro)
80 */
81 #if _BYTE_ORDER == _BIG_ENDIAN
82 #define SHA1DC_BIGENDIAN
83 #endif
84
85 /* Not under GCC-alike or glibc or *BSD or newlib */
86 #elif (defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
87 defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(__sparc))
88 /*
89 * Should define Big Endian for a whitelist of known processors. See
90 * https://sourceforge.net/p/predef/wiki/Endianness/ and
91 * http://www.oracle.com/technetwork/server-storage/solaris/portingtosolaris-138514.html
92 */
93 #define SHA1DC_BIGENDIAN
94
95 /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> */
96 #elif (defined(_AIX) || defined(__hpux))
97
98 /*
99 * Defines Big Endian on a whitelist of OSs that are known to be Big
100 * Endian-only. See
101 * https://public-inbox.org/git/93056823-2740-d072-1ebd-46b440b33d7e@felt.demon.nl/
102 */
103 #define SHA1DC_BIGENDIAN
104
105 /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> */
106 #elif defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
107 /*
108 * As a last resort before we do anything else we're not 100% sure
109 * about below, we blacklist specific processors here. We could add
110 * more, see e.g. https://wiki.debian.org/ArchitectureSpecificsMemo
111 */
112 #else /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os \
113 whitelist> or <processor blacklist> */
114
115 /* We do nothing more here for now */
116 /*#error "Uncomment this to see if you fall through all the detection"*/
117
118 #endif /* Big Endian detection */
119
120 #if (defined(SHA1DC_FORCE_LITTLEENDIAN) && defined(SHA1DC_BIGENDIAN))
121 #undef SHA1DC_BIGENDIAN
122 #endif
123 #if (defined(SHA1DC_FORCE_BIGENDIAN) && !defined(SHA1DC_BIGENDIAN))
124 #define SHA1DC_BIGENDIAN
125 #endif
126 /*ENDIANNESS SELECTION*/
127
128 #ifndef SHA1DC_FORCE_ALIGNED_ACCESS
129 #if defined(SHA1DC_FORCE_UNALIGNED_ACCESS) || defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
130 #define SHA1DC_ALLOW_UNALIGNED_ACCESS
131 #endif /*UNALIGNED ACCESS DETECTION*/
132 #endif /*FORCE ALIGNED ACCESS*/
133
134 #define rotate_right(x, n) (((x) >> (n)) | ((x) << (32 - (n))))
135 #define rotate_left(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
136
137 #define sha1_bswap32(x) \
138 { \
139 x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); \
140 x = (x << 16) | (x >> 16); \
141 }
142
143 #define sha1_mix(W, t) (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
144
145 #ifdef SHA1DC_BIGENDIAN
146 #define sha1_load(m, t, temp) \
147 { \
148 temp = m[t]; \
149 }
150 #else
151 #define sha1_load(m, t, temp) \
152 { \
153 temp = m[t]; \
154 sha1_bswap32(temp); \
155 }
156 #endif
157
158 #define sha1_store(W, t, x) *(volatile uint32_t *) &W[t] = x
159
160 #define sha1_f1(b, c, d) ((d) ^ ((b) & ((c) ^ (d))))
161 #define sha1_f2(b, c, d) ((b) ^ (c) ^ (d))
162 #define sha1_f3(b, c, d) (((b) & (c)) + ((d) & ((b) ^ (c))))
163 #define sha1_f4(b, c, d) ((b) ^ (c) ^ (d))
164
165 #define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
166 { \
167 e += rotate_left(a, 5) + sha1_f1(b, c, d) + 0x5A827999 + m[t]; \
168 b = rotate_left(b, 30); \
169 }
170 #define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
171 { \
172 e += rotate_left(a, 5) + sha1_f2(b, c, d) + 0x6ED9EBA1 + m[t]; \
173 b = rotate_left(b, 30); \
174 }
175 #define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
176 { \
177 e += rotate_left(a, 5) + sha1_f3(b, c, d) + 0x8F1BBCDC + m[t]; \
178 b = rotate_left(b, 30); \
179 }
180 #define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
181 { \
182 e += rotate_left(a, 5) + sha1_f4(b, c, d) + 0xCA62C1D6 + m[t]; \
183 b = rotate_left(b, 30); \
184 }
185
186 #define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
187 { \
188 b = rotate_right(b, 30); \
189 e -= rotate_left(a, 5) + sha1_f1(b, c, d) + 0x5A827999 + m[t]; \
190 }
191 #define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
192 { \
193 b = rotate_right(b, 30); \
194 e -= rotate_left(a, 5) + sha1_f2(b, c, d) + 0x6ED9EBA1 + m[t]; \
195 }
196 #define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
197 { \
198 b = rotate_right(b, 30); \
199 e -= rotate_left(a, 5) + sha1_f3(b, c, d) + 0x8F1BBCDC + m[t]; \
200 }
201 #define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
202 { \
203 b = rotate_right(b, 30); \
204 e -= rotate_left(a, 5) + sha1_f4(b, c, d) + 0xCA62C1D6 + m[t]; \
205 }
206
207 #define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
208 { \
209 sha1_load(m, t, temp); \
210 sha1_store(W, t, temp); \
211 e += temp + rotate_left(a, 5) + sha1_f1(b, c, d) + 0x5A827999; \
212 b = rotate_left(b, 30); \
213 }
214
215 #define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
216 { \
217 temp = sha1_mix(W, t); \
218 sha1_store(W, t, temp); \
219 e += temp + rotate_left(a, 5) + sha1_f1(b, c, d) + 0x5A827999; \
220 b = rotate_left(b, 30); \
221 }
222
223 #define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
224 { \
225 temp = sha1_mix(W, t); \
226 sha1_store(W, t, temp); \
227 e += temp + rotate_left(a, 5) + sha1_f2(b, c, d) + 0x6ED9EBA1; \
228 b = rotate_left(b, 30); \
229 }
230
231 #define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
232 { \
233 temp = sha1_mix(W, t); \
234 sha1_store(W, t, temp); \
235 e += temp + rotate_left(a, 5) + sha1_f3(b, c, d) + 0x8F1BBCDC; \
236 b = rotate_left(b, 30); \
237 }
238
239 #define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
240 { \
241 temp = sha1_mix(W, t); \
242 sha1_store(W, t, temp); \
243 e += temp + rotate_left(a, 5) + sha1_f4(b, c, d) + 0xCA62C1D6; \
244 b = rotate_left(b, 30); \
245 }
246
247 #define SHA1_STORE_STATE(i) \
248 states[i][0] = a; \
249 states[i][1] = b; \
250 states[i][2] = c; \
251 states[i][3] = d; \
252 states[i][4] = e;
253
254 #ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
255 void
sha1_compression(uint32_t ihv[5],const uint32_t m[16])256 sha1_compression(uint32_t ihv[5], const uint32_t m[16])
257 {
258 uint32_t W[80];
259 uint32_t a, b, c, d, e;
260 unsigned i;
261
262 memcpy(W, m, 16 * 4);
263 for (i = 16; i < 80; ++i)
264 W[i] = sha1_mix(W, i);
265
266 a = ihv[0];
267 b = ihv[1];
268 c = ihv[2];
269 d = ihv[3];
270 e = ihv[4];
271
272 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
273 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
274 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
275 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
276 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
277 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
278 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
279 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
280 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
281 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
282 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
283 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
284 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
285 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
286 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
287 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
288 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
289 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
290 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
291 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
292
293 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
294 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
295 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
296 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
297 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
298 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
299 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
300 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
301 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
302 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
303 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
304 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
305 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
306 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
307 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
308 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
309 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
310 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
311 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
312 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
313
314 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
315 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
316 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
317 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
318 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
319 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
320 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
321 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
322 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
323 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
324 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
325 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
326 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
327 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
328 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
329 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
330 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
331 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
332 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
333 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
334
335 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
336 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
337 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
338 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
339 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
340 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
341 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
342 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
343 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
344 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
345 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
346 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
347 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
348 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
349 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
350 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
351 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
352 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
353 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
354 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
355
356 ihv[0] += a;
357 ihv[1] += b;
358 ihv[2] += c;
359 ihv[3] += d;
360 ihv[4] += e;
361 }
362 #endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
363
364 static void
sha1_compression_W(uint32_t ihv[5],const uint32_t W[80])365 sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
366 {
367 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
368
369 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
370 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
371 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
372 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
373 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
374 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
375 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
376 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
377 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
378 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
379 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
380 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
381 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
382 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
383 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
384 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
385 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
386 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
387 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
388 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
389
390 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
391 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
392 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
393 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
394 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
395 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
396 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
397 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
398 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
399 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
400 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
401 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
402 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
403 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
404 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
405 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
406 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
407 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
408 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
409 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
410
411 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
412 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
413 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
414 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
415 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
416 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
417 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
418 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
419 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
420 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
421 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
422 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
423 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
424 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
425 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
426 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
427 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
428 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
429 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
430 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
431
432 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
433 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
434 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
435 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
436 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
437 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
438 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
439 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
440 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
441 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
442 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
443 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
444 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
445 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
446 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
447 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
448 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
449 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
450 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
451 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
452
453 ihv[0] += a;
454 ihv[1] += b;
455 ihv[2] += c;
456 ihv[3] += d;
457 ihv[4] += e;
458 }
459
460 void
sha1_compression_states(uint32_t ihv[5],const uint32_t m[16],uint32_t W[80],uint32_t states[80][5])461 sha1_compression_states(uint32_t ihv[5],
462 const uint32_t m[16],
463 uint32_t W[80],
464 uint32_t states[80][5])
465 {
466 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
467 uint32_t temp;
468
469 #ifdef DOSTORESTATE00
470 SHA1_STORE_STATE(0)
471 #endif
472 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
473
474 #ifdef DOSTORESTATE01
475 SHA1_STORE_STATE(1)
476 #endif
477 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
478
479 #ifdef DOSTORESTATE02
480 SHA1_STORE_STATE(2)
481 #endif
482 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
483
484 #ifdef DOSTORESTATE03
485 SHA1_STORE_STATE(3)
486 #endif
487 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
488
489 #ifdef DOSTORESTATE04
490 SHA1_STORE_STATE(4)
491 #endif
492 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
493
494 #ifdef DOSTORESTATE05
495 SHA1_STORE_STATE(5)
496 #endif
497 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
498
499 #ifdef DOSTORESTATE06
500 SHA1_STORE_STATE(6)
501 #endif
502 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
503
504 #ifdef DOSTORESTATE07
505 SHA1_STORE_STATE(7)
506 #endif
507 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
508
509 #ifdef DOSTORESTATE08
510 SHA1_STORE_STATE(8)
511 #endif
512 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
513
514 #ifdef DOSTORESTATE09
515 SHA1_STORE_STATE(9)
516 #endif
517 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
518
519 #ifdef DOSTORESTATE10
520 SHA1_STORE_STATE(10)
521 #endif
522 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
523
524 #ifdef DOSTORESTATE11
525 SHA1_STORE_STATE(11)
526 #endif
527 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
528
529 #ifdef DOSTORESTATE12
530 SHA1_STORE_STATE(12)
531 #endif
532 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
533
534 #ifdef DOSTORESTATE13
535 SHA1_STORE_STATE(13)
536 #endif
537 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
538
539 #ifdef DOSTORESTATE14
540 SHA1_STORE_STATE(14)
541 #endif
542 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
543
544 #ifdef DOSTORESTATE15
545 SHA1_STORE_STATE(15)
546 #endif
547 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
548
549 #ifdef DOSTORESTATE16
550 SHA1_STORE_STATE(16)
551 #endif
552 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
553
554 #ifdef DOSTORESTATE17
555 SHA1_STORE_STATE(17)
556 #endif
557 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
558
559 #ifdef DOSTORESTATE18
560 SHA1_STORE_STATE(18)
561 #endif
562 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
563
564 #ifdef DOSTORESTATE19
565 SHA1_STORE_STATE(19)
566 #endif
567 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
568
569 #ifdef DOSTORESTATE20
570 SHA1_STORE_STATE(20)
571 #endif
572 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
573
574 #ifdef DOSTORESTATE21
575 SHA1_STORE_STATE(21)
576 #endif
577 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
578
579 #ifdef DOSTORESTATE22
580 SHA1_STORE_STATE(22)
581 #endif
582 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
583
584 #ifdef DOSTORESTATE23
585 SHA1_STORE_STATE(23)
586 #endif
587 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
588
589 #ifdef DOSTORESTATE24
590 SHA1_STORE_STATE(24)
591 #endif
592 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
593
594 #ifdef DOSTORESTATE25
595 SHA1_STORE_STATE(25)
596 #endif
597 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
598
599 #ifdef DOSTORESTATE26
600 SHA1_STORE_STATE(26)
601 #endif
602 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
603
604 #ifdef DOSTORESTATE27
605 SHA1_STORE_STATE(27)
606 #endif
607 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
608
609 #ifdef DOSTORESTATE28
610 SHA1_STORE_STATE(28)
611 #endif
612 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
613
614 #ifdef DOSTORESTATE29
615 SHA1_STORE_STATE(29)
616 #endif
617 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
618
619 #ifdef DOSTORESTATE30
620 SHA1_STORE_STATE(30)
621 #endif
622 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
623
624 #ifdef DOSTORESTATE31
625 SHA1_STORE_STATE(31)
626 #endif
627 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
628
629 #ifdef DOSTORESTATE32
630 SHA1_STORE_STATE(32)
631 #endif
632 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
633
634 #ifdef DOSTORESTATE33
635 SHA1_STORE_STATE(33)
636 #endif
637 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
638
639 #ifdef DOSTORESTATE34
640 SHA1_STORE_STATE(34)
641 #endif
642 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
643
644 #ifdef DOSTORESTATE35
645 SHA1_STORE_STATE(35)
646 #endif
647 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
648
649 #ifdef DOSTORESTATE36
650 SHA1_STORE_STATE(36)
651 #endif
652 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
653
654 #ifdef DOSTORESTATE37
655 SHA1_STORE_STATE(37)
656 #endif
657 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
658
659 #ifdef DOSTORESTATE38
660 SHA1_STORE_STATE(38)
661 #endif
662 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
663
664 #ifdef DOSTORESTATE39
665 SHA1_STORE_STATE(39)
666 #endif
667 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
668
669 #ifdef DOSTORESTATE40
670 SHA1_STORE_STATE(40)
671 #endif
672 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
673
674 #ifdef DOSTORESTATE41
675 SHA1_STORE_STATE(41)
676 #endif
677 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
678
679 #ifdef DOSTORESTATE42
680 SHA1_STORE_STATE(42)
681 #endif
682 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
683
684 #ifdef DOSTORESTATE43
685 SHA1_STORE_STATE(43)
686 #endif
687 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
688
689 #ifdef DOSTORESTATE44
690 SHA1_STORE_STATE(44)
691 #endif
692 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
693
694 #ifdef DOSTORESTATE45
695 SHA1_STORE_STATE(45)
696 #endif
697 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
698
699 #ifdef DOSTORESTATE46
700 SHA1_STORE_STATE(46)
701 #endif
702 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
703
704 #ifdef DOSTORESTATE47
705 SHA1_STORE_STATE(47)
706 #endif
707 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
708
709 #ifdef DOSTORESTATE48
710 SHA1_STORE_STATE(48)
711 #endif
712 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
713
714 #ifdef DOSTORESTATE49
715 SHA1_STORE_STATE(49)
716 #endif
717 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
718
719 #ifdef DOSTORESTATE50
720 SHA1_STORE_STATE(50)
721 #endif
722 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
723
724 #ifdef DOSTORESTATE51
725 SHA1_STORE_STATE(51)
726 #endif
727 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
728
729 #ifdef DOSTORESTATE52
730 SHA1_STORE_STATE(52)
731 #endif
732 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
733
734 #ifdef DOSTORESTATE53
735 SHA1_STORE_STATE(53)
736 #endif
737 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
738
739 #ifdef DOSTORESTATE54
740 SHA1_STORE_STATE(54)
741 #endif
742 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
743
744 #ifdef DOSTORESTATE55
745 SHA1_STORE_STATE(55)
746 #endif
747 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
748
749 #ifdef DOSTORESTATE56
750 SHA1_STORE_STATE(56)
751 #endif
752 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
753
754 #ifdef DOSTORESTATE57
755 SHA1_STORE_STATE(57)
756 #endif
757 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
758
759 #ifdef DOSTORESTATE58
760 SHA1_STORE_STATE(58)
761 #endif
762 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
763
764 #ifdef DOSTORESTATE59
765 SHA1_STORE_STATE(59)
766 #endif
767 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
768
769 #ifdef DOSTORESTATE60
770 SHA1_STORE_STATE(60)
771 #endif
772 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
773
774 #ifdef DOSTORESTATE61
775 SHA1_STORE_STATE(61)
776 #endif
777 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
778
779 #ifdef DOSTORESTATE62
780 SHA1_STORE_STATE(62)
781 #endif
782 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
783
784 #ifdef DOSTORESTATE63
785 SHA1_STORE_STATE(63)
786 #endif
787 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
788
789 #ifdef DOSTORESTATE64
790 SHA1_STORE_STATE(64)
791 #endif
792 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
793
794 #ifdef DOSTORESTATE65
795 SHA1_STORE_STATE(65)
796 #endif
797 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
798
799 #ifdef DOSTORESTATE66
800 SHA1_STORE_STATE(66)
801 #endif
802 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
803
804 #ifdef DOSTORESTATE67
805 SHA1_STORE_STATE(67)
806 #endif
807 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
808
809 #ifdef DOSTORESTATE68
810 SHA1_STORE_STATE(68)
811 #endif
812 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
813
814 #ifdef DOSTORESTATE69
815 SHA1_STORE_STATE(69)
816 #endif
817 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
818
819 #ifdef DOSTORESTATE70
820 SHA1_STORE_STATE(70)
821 #endif
822 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
823
824 #ifdef DOSTORESTATE71
825 SHA1_STORE_STATE(71)
826 #endif
827 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
828
829 #ifdef DOSTORESTATE72
830 SHA1_STORE_STATE(72)
831 #endif
832 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
833
834 #ifdef DOSTORESTATE73
835 SHA1_STORE_STATE(73)
836 #endif
837 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
838
839 #ifdef DOSTORESTATE74
840 SHA1_STORE_STATE(74)
841 #endif
842 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
843
844 #ifdef DOSTORESTATE75
845 SHA1_STORE_STATE(75)
846 #endif
847 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
848
849 #ifdef DOSTORESTATE76
850 SHA1_STORE_STATE(76)
851 #endif
852 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
853
854 #ifdef DOSTORESTATE77
855 SHA1_STORE_STATE(77)
856 #endif
857 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
858
859 #ifdef DOSTORESTATE78
860 SHA1_STORE_STATE(78)
861 #endif
862 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
863
864 #ifdef DOSTORESTATE79
865 SHA1_STORE_STATE(79)
866 #endif
867 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
868
869 ihv[0] += a;
870 ihv[1] += b;
871 ihv[2] += c;
872 ihv[3] += d;
873 ihv[4] += e;
874 }
875
876 #define SHA1_RECOMPRESS(t) \
877 static void sha1recompress_fast_##t( \
878 uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
879 { \
880 uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
881 if (t > 79) \
882 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
883 if (t > 78) \
884 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
885 if (t > 77) \
886 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
887 if (t > 76) \
888 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
889 if (t > 75) \
890 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
891 if (t > 74) \
892 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
893 if (t > 73) \
894 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
895 if (t > 72) \
896 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
897 if (t > 71) \
898 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
899 if (t > 70) \
900 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
901 if (t > 69) \
902 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
903 if (t > 68) \
904 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
905 if (t > 67) \
906 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
907 if (t > 66) \
908 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
909 if (t > 65) \
910 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
911 if (t > 64) \
912 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
913 if (t > 63) \
914 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
915 if (t > 62) \
916 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
917 if (t > 61) \
918 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
919 if (t > 60) \
920 HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
921 if (t > 59) \
922 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
923 if (t > 58) \
924 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
925 if (t > 57) \
926 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
927 if (t > 56) \
928 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
929 if (t > 55) \
930 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
931 if (t > 54) \
932 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
933 if (t > 53) \
934 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
935 if (t > 52) \
936 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
937 if (t > 51) \
938 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
939 if (t > 50) \
940 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
941 if (t > 49) \
942 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
943 if (t > 48) \
944 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
945 if (t > 47) \
946 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
947 if (t > 46) \
948 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
949 if (t > 45) \
950 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
951 if (t > 44) \
952 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
953 if (t > 43) \
954 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
955 if (t > 42) \
956 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
957 if (t > 41) \
958 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
959 if (t > 40) \
960 HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
961 if (t > 39) \
962 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
963 if (t > 38) \
964 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
965 if (t > 37) \
966 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
967 if (t > 36) \
968 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
969 if (t > 35) \
970 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
971 if (t > 34) \
972 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
973 if (t > 33) \
974 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
975 if (t > 32) \
976 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
977 if (t > 31) \
978 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
979 if (t > 30) \
980 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
981 if (t > 29) \
982 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
983 if (t > 28) \
984 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
985 if (t > 27) \
986 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
987 if (t > 26) \
988 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
989 if (t > 25) \
990 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
991 if (t > 24) \
992 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
993 if (t > 23) \
994 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
995 if (t > 22) \
996 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
997 if (t > 21) \
998 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
999 if (t > 20) \
1000 HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
1001 if (t > 19) \
1002 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
1003 if (t > 18) \
1004 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
1005 if (t > 17) \
1006 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
1007 if (t > 16) \
1008 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
1009 if (t > 15) \
1010 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
1011 if (t > 14) \
1012 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
1013 if (t > 13) \
1014 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
1015 if (t > 12) \
1016 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
1017 if (t > 11) \
1018 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
1019 if (t > 10) \
1020 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
1021 if (t > 9) \
1022 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
1023 if (t > 8) \
1024 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
1025 if (t > 7) \
1026 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
1027 if (t > 6) \
1028 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
1029 if (t > 5) \
1030 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
1031 if (t > 4) \
1032 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
1033 if (t > 3) \
1034 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
1035 if (t > 2) \
1036 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
1037 if (t > 1) \
1038 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
1039 if (t > 0) \
1040 HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
1041 ihvin[0] = a; \
1042 ihvin[1] = b; \
1043 ihvin[2] = c; \
1044 ihvin[3] = d; \
1045 ihvin[4] = e; \
1046 a = state[0]; \
1047 b = state[1]; \
1048 c = state[2]; \
1049 d = state[3]; \
1050 e = state[4]; \
1051 if (t <= 0) \
1052 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
1053 if (t <= 1) \
1054 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
1055 if (t <= 2) \
1056 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
1057 if (t <= 3) \
1058 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
1059 if (t <= 4) \
1060 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
1061 if (t <= 5) \
1062 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
1063 if (t <= 6) \
1064 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
1065 if (t <= 7) \
1066 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
1067 if (t <= 8) \
1068 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
1069 if (t <= 9) \
1070 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
1071 if (t <= 10) \
1072 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
1073 if (t <= 11) \
1074 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
1075 if (t <= 12) \
1076 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
1077 if (t <= 13) \
1078 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
1079 if (t <= 14) \
1080 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
1081 if (t <= 15) \
1082 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
1083 if (t <= 16) \
1084 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
1085 if (t <= 17) \
1086 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
1087 if (t <= 18) \
1088 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
1089 if (t <= 19) \
1090 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
1091 if (t <= 20) \
1092 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
1093 if (t <= 21) \
1094 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
1095 if (t <= 22) \
1096 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
1097 if (t <= 23) \
1098 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
1099 if (t <= 24) \
1100 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
1101 if (t <= 25) \
1102 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
1103 if (t <= 26) \
1104 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
1105 if (t <= 27) \
1106 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
1107 if (t <= 28) \
1108 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
1109 if (t <= 29) \
1110 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
1111 if (t <= 30) \
1112 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
1113 if (t <= 31) \
1114 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
1115 if (t <= 32) \
1116 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
1117 if (t <= 33) \
1118 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
1119 if (t <= 34) \
1120 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
1121 if (t <= 35) \
1122 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
1123 if (t <= 36) \
1124 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
1125 if (t <= 37) \
1126 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
1127 if (t <= 38) \
1128 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
1129 if (t <= 39) \
1130 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
1131 if (t <= 40) \
1132 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
1133 if (t <= 41) \
1134 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
1135 if (t <= 42) \
1136 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
1137 if (t <= 43) \
1138 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
1139 if (t <= 44) \
1140 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
1141 if (t <= 45) \
1142 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
1143 if (t <= 46) \
1144 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
1145 if (t <= 47) \
1146 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
1147 if (t <= 48) \
1148 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
1149 if (t <= 49) \
1150 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
1151 if (t <= 50) \
1152 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
1153 if (t <= 51) \
1154 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
1155 if (t <= 52) \
1156 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
1157 if (t <= 53) \
1158 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
1159 if (t <= 54) \
1160 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
1161 if (t <= 55) \
1162 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
1163 if (t <= 56) \
1164 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
1165 if (t <= 57) \
1166 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
1167 if (t <= 58) \
1168 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
1169 if (t <= 59) \
1170 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
1171 if (t <= 60) \
1172 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
1173 if (t <= 61) \
1174 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
1175 if (t <= 62) \
1176 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
1177 if (t <= 63) \
1178 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
1179 if (t <= 64) \
1180 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
1181 if (t <= 65) \
1182 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
1183 if (t <= 66) \
1184 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
1185 if (t <= 67) \
1186 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
1187 if (t <= 68) \
1188 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
1189 if (t <= 69) \
1190 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
1191 if (t <= 70) \
1192 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
1193 if (t <= 71) \
1194 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
1195 if (t <= 72) \
1196 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
1197 if (t <= 73) \
1198 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
1199 if (t <= 74) \
1200 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
1201 if (t <= 75) \
1202 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
1203 if (t <= 76) \
1204 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
1205 if (t <= 77) \
1206 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
1207 if (t <= 78) \
1208 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
1209 if (t <= 79) \
1210 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
1211 ihvout[0] = ihvin[0] + a; \
1212 ihvout[1] = ihvin[1] + b; \
1213 ihvout[2] = ihvin[2] + c; \
1214 ihvout[3] = ihvin[3] + d; \
1215 ihvout[4] = ihvin[4] + e; \
1216 }
1217
1218 #ifdef _MSC_VER
1219 #pragma warning(push)
1220 #pragma warning(disable : 4127) /* Compiler complains about the checks in the above macro \
1221 being constant. */
1222 #endif
1223
1224 #ifdef DOSTORESTATE0
1225 SHA1_RECOMPRESS(0)
1226 #endif
1227
1228 #ifdef DOSTORESTATE1
1229 SHA1_RECOMPRESS(1)
1230 #endif
1231
1232 #ifdef DOSTORESTATE2
1233 SHA1_RECOMPRESS(2)
1234 #endif
1235
1236 #ifdef DOSTORESTATE3
1237 SHA1_RECOMPRESS(3)
1238 #endif
1239
1240 #ifdef DOSTORESTATE4
1241 SHA1_RECOMPRESS(4)
1242 #endif
1243
1244 #ifdef DOSTORESTATE5
1245 SHA1_RECOMPRESS(5)
1246 #endif
1247
1248 #ifdef DOSTORESTATE6
1249 SHA1_RECOMPRESS(6)
1250 #endif
1251
1252 #ifdef DOSTORESTATE7
1253 SHA1_RECOMPRESS(7)
1254 #endif
1255
1256 #ifdef DOSTORESTATE8
1257 SHA1_RECOMPRESS(8)
1258 #endif
1259
1260 #ifdef DOSTORESTATE9
1261 SHA1_RECOMPRESS(9)
1262 #endif
1263
1264 #ifdef DOSTORESTATE10
1265 SHA1_RECOMPRESS(10)
1266 #endif
1267
1268 #ifdef DOSTORESTATE11
1269 SHA1_RECOMPRESS(11)
1270 #endif
1271
1272 #ifdef DOSTORESTATE12
1273 SHA1_RECOMPRESS(12)
1274 #endif
1275
1276 #ifdef DOSTORESTATE13
1277 SHA1_RECOMPRESS(13)
1278 #endif
1279
1280 #ifdef DOSTORESTATE14
1281 SHA1_RECOMPRESS(14)
1282 #endif
1283
1284 #ifdef DOSTORESTATE15
1285 SHA1_RECOMPRESS(15)
1286 #endif
1287
1288 #ifdef DOSTORESTATE16
1289 SHA1_RECOMPRESS(16)
1290 #endif
1291
1292 #ifdef DOSTORESTATE17
1293 SHA1_RECOMPRESS(17)
1294 #endif
1295
1296 #ifdef DOSTORESTATE18
1297 SHA1_RECOMPRESS(18)
1298 #endif
1299
1300 #ifdef DOSTORESTATE19
1301 SHA1_RECOMPRESS(19)
1302 #endif
1303
1304 #ifdef DOSTORESTATE20
1305 SHA1_RECOMPRESS(20)
1306 #endif
1307
1308 #ifdef DOSTORESTATE21
1309 SHA1_RECOMPRESS(21)
1310 #endif
1311
1312 #ifdef DOSTORESTATE22
1313 SHA1_RECOMPRESS(22)
1314 #endif
1315
1316 #ifdef DOSTORESTATE23
1317 SHA1_RECOMPRESS(23)
1318 #endif
1319
1320 #ifdef DOSTORESTATE24
1321 SHA1_RECOMPRESS(24)
1322 #endif
1323
1324 #ifdef DOSTORESTATE25
1325 SHA1_RECOMPRESS(25)
1326 #endif
1327
1328 #ifdef DOSTORESTATE26
1329 SHA1_RECOMPRESS(26)
1330 #endif
1331
1332 #ifdef DOSTORESTATE27
1333 SHA1_RECOMPRESS(27)
1334 #endif
1335
1336 #ifdef DOSTORESTATE28
1337 SHA1_RECOMPRESS(28)
1338 #endif
1339
1340 #ifdef DOSTORESTATE29
1341 SHA1_RECOMPRESS(29)
1342 #endif
1343
1344 #ifdef DOSTORESTATE30
1345 SHA1_RECOMPRESS(30)
1346 #endif
1347
1348 #ifdef DOSTORESTATE31
1349 SHA1_RECOMPRESS(31)
1350 #endif
1351
1352 #ifdef DOSTORESTATE32
1353 SHA1_RECOMPRESS(32)
1354 #endif
1355
1356 #ifdef DOSTORESTATE33
1357 SHA1_RECOMPRESS(33)
1358 #endif
1359
1360 #ifdef DOSTORESTATE34
1361 SHA1_RECOMPRESS(34)
1362 #endif
1363
1364 #ifdef DOSTORESTATE35
1365 SHA1_RECOMPRESS(35)
1366 #endif
1367
1368 #ifdef DOSTORESTATE36
1369 SHA1_RECOMPRESS(36)
1370 #endif
1371
1372 #ifdef DOSTORESTATE37
1373 SHA1_RECOMPRESS(37)
1374 #endif
1375
1376 #ifdef DOSTORESTATE38
1377 SHA1_RECOMPRESS(38)
1378 #endif
1379
1380 #ifdef DOSTORESTATE39
1381 SHA1_RECOMPRESS(39)
1382 #endif
1383
1384 #ifdef DOSTORESTATE40
1385 SHA1_RECOMPRESS(40)
1386 #endif
1387
1388 #ifdef DOSTORESTATE41
1389 SHA1_RECOMPRESS(41)
1390 #endif
1391
1392 #ifdef DOSTORESTATE42
1393 SHA1_RECOMPRESS(42)
1394 #endif
1395
1396 #ifdef DOSTORESTATE43
1397 SHA1_RECOMPRESS(43)
1398 #endif
1399
1400 #ifdef DOSTORESTATE44
1401 SHA1_RECOMPRESS(44)
1402 #endif
1403
1404 #ifdef DOSTORESTATE45
1405 SHA1_RECOMPRESS(45)
1406 #endif
1407
1408 #ifdef DOSTORESTATE46
1409 SHA1_RECOMPRESS(46)
1410 #endif
1411
1412 #ifdef DOSTORESTATE47
1413 SHA1_RECOMPRESS(47)
1414 #endif
1415
1416 #ifdef DOSTORESTATE48
1417 SHA1_RECOMPRESS(48)
1418 #endif
1419
1420 #ifdef DOSTORESTATE49
1421 SHA1_RECOMPRESS(49)
1422 #endif
1423
1424 #ifdef DOSTORESTATE50
1425 SHA1_RECOMPRESS(50)
1426 #endif
1427
1428 #ifdef DOSTORESTATE51
1429 SHA1_RECOMPRESS(51)
1430 #endif
1431
1432 #ifdef DOSTORESTATE52
1433 SHA1_RECOMPRESS(52)
1434 #endif
1435
1436 #ifdef DOSTORESTATE53
1437 SHA1_RECOMPRESS(53)
1438 #endif
1439
1440 #ifdef DOSTORESTATE54
1441 SHA1_RECOMPRESS(54)
1442 #endif
1443
1444 #ifdef DOSTORESTATE55
1445 SHA1_RECOMPRESS(55)
1446 #endif
1447
1448 #ifdef DOSTORESTATE56
1449 SHA1_RECOMPRESS(56)
1450 #endif
1451
1452 #ifdef DOSTORESTATE57
1453 SHA1_RECOMPRESS(57)
1454 #endif
1455
1456 #ifdef DOSTORESTATE58
1457 SHA1_RECOMPRESS(58)
1458 #endif
1459
1460 #ifdef DOSTORESTATE59
1461 SHA1_RECOMPRESS(59)
1462 #endif
1463
1464 #ifdef DOSTORESTATE60
1465 SHA1_RECOMPRESS(60)
1466 #endif
1467
1468 #ifdef DOSTORESTATE61
1469 SHA1_RECOMPRESS(61)
1470 #endif
1471
1472 #ifdef DOSTORESTATE62
1473 SHA1_RECOMPRESS(62)
1474 #endif
1475
1476 #ifdef DOSTORESTATE63
1477 SHA1_RECOMPRESS(63)
1478 #endif
1479
1480 #ifdef DOSTORESTATE64
1481 SHA1_RECOMPRESS(64)
1482 #endif
1483
1484 #ifdef DOSTORESTATE65
1485 SHA1_RECOMPRESS(65)
1486 #endif
1487
1488 #ifdef DOSTORESTATE66
1489 SHA1_RECOMPRESS(66)
1490 #endif
1491
1492 #ifdef DOSTORESTATE67
1493 SHA1_RECOMPRESS(67)
1494 #endif
1495
1496 #ifdef DOSTORESTATE68
1497 SHA1_RECOMPRESS(68)
1498 #endif
1499
1500 #ifdef DOSTORESTATE69
1501 SHA1_RECOMPRESS(69)
1502 #endif
1503
1504 #ifdef DOSTORESTATE70
1505 SHA1_RECOMPRESS(70)
1506 #endif
1507
1508 #ifdef DOSTORESTATE71
1509 SHA1_RECOMPRESS(71)
1510 #endif
1511
1512 #ifdef DOSTORESTATE72
1513 SHA1_RECOMPRESS(72)
1514 #endif
1515
1516 #ifdef DOSTORESTATE73
1517 SHA1_RECOMPRESS(73)
1518 #endif
1519
1520 #ifdef DOSTORESTATE74
1521 SHA1_RECOMPRESS(74)
1522 #endif
1523
1524 #ifdef DOSTORESTATE75
1525 SHA1_RECOMPRESS(75)
1526 #endif
1527
1528 #ifdef DOSTORESTATE76
1529 SHA1_RECOMPRESS(76)
1530 #endif
1531
1532 #ifdef DOSTORESTATE77
1533 SHA1_RECOMPRESS(77)
1534 #endif
1535
1536 #ifdef DOSTORESTATE78
1537 SHA1_RECOMPRESS(78)
1538 #endif
1539
1540 #ifdef DOSTORESTATE79
1541 SHA1_RECOMPRESS(79)
1542 #endif
1543
1544 #ifdef _MSC_VER
1545 #pragma warning(pop)
1546 #endif
1547
1548 static void
sha1_recompression_step(uint32_t step,uint32_t ihvin[5],uint32_t ihvout[5],const uint32_t me2[80],const uint32_t state[5])1549 sha1_recompression_step(uint32_t step,
1550 uint32_t ihvin[5],
1551 uint32_t ihvout[5],
1552 const uint32_t me2[80],
1553 const uint32_t state[5])
1554 {
1555 switch (step) {
1556 #ifdef DOSTORESTATE0
1557 case 0:
1558 sha1recompress_fast_0(ihvin, ihvout, me2, state);
1559 break;
1560 #endif
1561 #ifdef DOSTORESTATE1
1562 case 1:
1563 sha1recompress_fast_1(ihvin, ihvout, me2, state);
1564 break;
1565 #endif
1566 #ifdef DOSTORESTATE2
1567 case 2:
1568 sha1recompress_fast_2(ihvin, ihvout, me2, state);
1569 break;
1570 #endif
1571 #ifdef DOSTORESTATE3
1572 case 3:
1573 sha1recompress_fast_3(ihvin, ihvout, me2, state);
1574 break;
1575 #endif
1576 #ifdef DOSTORESTATE4
1577 case 4:
1578 sha1recompress_fast_4(ihvin, ihvout, me2, state);
1579 break;
1580 #endif
1581 #ifdef DOSTORESTATE5
1582 case 5:
1583 sha1recompress_fast_5(ihvin, ihvout, me2, state);
1584 break;
1585 #endif
1586 #ifdef DOSTORESTATE6
1587 case 6:
1588 sha1recompress_fast_6(ihvin, ihvout, me2, state);
1589 break;
1590 #endif
1591 #ifdef DOSTORESTATE7
1592 case 7:
1593 sha1recompress_fast_7(ihvin, ihvout, me2, state);
1594 break;
1595 #endif
1596 #ifdef DOSTORESTATE8
1597 case 8:
1598 sha1recompress_fast_8(ihvin, ihvout, me2, state);
1599 break;
1600 #endif
1601 #ifdef DOSTORESTATE9
1602 case 9:
1603 sha1recompress_fast_9(ihvin, ihvout, me2, state);
1604 break;
1605 #endif
1606 #ifdef DOSTORESTATE10
1607 case 10:
1608 sha1recompress_fast_10(ihvin, ihvout, me2, state);
1609 break;
1610 #endif
1611 #ifdef DOSTORESTATE11
1612 case 11:
1613 sha1recompress_fast_11(ihvin, ihvout, me2, state);
1614 break;
1615 #endif
1616 #ifdef DOSTORESTATE12
1617 case 12:
1618 sha1recompress_fast_12(ihvin, ihvout, me2, state);
1619 break;
1620 #endif
1621 #ifdef DOSTORESTATE13
1622 case 13:
1623 sha1recompress_fast_13(ihvin, ihvout, me2, state);
1624 break;
1625 #endif
1626 #ifdef DOSTORESTATE14
1627 case 14:
1628 sha1recompress_fast_14(ihvin, ihvout, me2, state);
1629 break;
1630 #endif
1631 #ifdef DOSTORESTATE15
1632 case 15:
1633 sha1recompress_fast_15(ihvin, ihvout, me2, state);
1634 break;
1635 #endif
1636 #ifdef DOSTORESTATE16
1637 case 16:
1638 sha1recompress_fast_16(ihvin, ihvout, me2, state);
1639 break;
1640 #endif
1641 #ifdef DOSTORESTATE17
1642 case 17:
1643 sha1recompress_fast_17(ihvin, ihvout, me2, state);
1644 break;
1645 #endif
1646 #ifdef DOSTORESTATE18
1647 case 18:
1648 sha1recompress_fast_18(ihvin, ihvout, me2, state);
1649 break;
1650 #endif
1651 #ifdef DOSTORESTATE19
1652 case 19:
1653 sha1recompress_fast_19(ihvin, ihvout, me2, state);
1654 break;
1655 #endif
1656 #ifdef DOSTORESTATE20
1657 case 20:
1658 sha1recompress_fast_20(ihvin, ihvout, me2, state);
1659 break;
1660 #endif
1661 #ifdef DOSTORESTATE21
1662 case 21:
1663 sha1recompress_fast_21(ihvin, ihvout, me2, state);
1664 break;
1665 #endif
1666 #ifdef DOSTORESTATE22
1667 case 22:
1668 sha1recompress_fast_22(ihvin, ihvout, me2, state);
1669 break;
1670 #endif
1671 #ifdef DOSTORESTATE23
1672 case 23:
1673 sha1recompress_fast_23(ihvin, ihvout, me2, state);
1674 break;
1675 #endif
1676 #ifdef DOSTORESTATE24
1677 case 24:
1678 sha1recompress_fast_24(ihvin, ihvout, me2, state);
1679 break;
1680 #endif
1681 #ifdef DOSTORESTATE25
1682 case 25:
1683 sha1recompress_fast_25(ihvin, ihvout, me2, state);
1684 break;
1685 #endif
1686 #ifdef DOSTORESTATE26
1687 case 26:
1688 sha1recompress_fast_26(ihvin, ihvout, me2, state);
1689 break;
1690 #endif
1691 #ifdef DOSTORESTATE27
1692 case 27:
1693 sha1recompress_fast_27(ihvin, ihvout, me2, state);
1694 break;
1695 #endif
1696 #ifdef DOSTORESTATE28
1697 case 28:
1698 sha1recompress_fast_28(ihvin, ihvout, me2, state);
1699 break;
1700 #endif
1701 #ifdef DOSTORESTATE29
1702 case 29:
1703 sha1recompress_fast_29(ihvin, ihvout, me2, state);
1704 break;
1705 #endif
1706 #ifdef DOSTORESTATE30
1707 case 30:
1708 sha1recompress_fast_30(ihvin, ihvout, me2, state);
1709 break;
1710 #endif
1711 #ifdef DOSTORESTATE31
1712 case 31:
1713 sha1recompress_fast_31(ihvin, ihvout, me2, state);
1714 break;
1715 #endif
1716 #ifdef DOSTORESTATE32
1717 case 32:
1718 sha1recompress_fast_32(ihvin, ihvout, me2, state);
1719 break;
1720 #endif
1721 #ifdef DOSTORESTATE33
1722 case 33:
1723 sha1recompress_fast_33(ihvin, ihvout, me2, state);
1724 break;
1725 #endif
1726 #ifdef DOSTORESTATE34
1727 case 34:
1728 sha1recompress_fast_34(ihvin, ihvout, me2, state);
1729 break;
1730 #endif
1731 #ifdef DOSTORESTATE35
1732 case 35:
1733 sha1recompress_fast_35(ihvin, ihvout, me2, state);
1734 break;
1735 #endif
1736 #ifdef DOSTORESTATE36
1737 case 36:
1738 sha1recompress_fast_36(ihvin, ihvout, me2, state);
1739 break;
1740 #endif
1741 #ifdef DOSTORESTATE37
1742 case 37:
1743 sha1recompress_fast_37(ihvin, ihvout, me2, state);
1744 break;
1745 #endif
1746 #ifdef DOSTORESTATE38
1747 case 38:
1748 sha1recompress_fast_38(ihvin, ihvout, me2, state);
1749 break;
1750 #endif
1751 #ifdef DOSTORESTATE39
1752 case 39:
1753 sha1recompress_fast_39(ihvin, ihvout, me2, state);
1754 break;
1755 #endif
1756 #ifdef DOSTORESTATE40
1757 case 40:
1758 sha1recompress_fast_40(ihvin, ihvout, me2, state);
1759 break;
1760 #endif
1761 #ifdef DOSTORESTATE41
1762 case 41:
1763 sha1recompress_fast_41(ihvin, ihvout, me2, state);
1764 break;
1765 #endif
1766 #ifdef DOSTORESTATE42
1767 case 42:
1768 sha1recompress_fast_42(ihvin, ihvout, me2, state);
1769 break;
1770 #endif
1771 #ifdef DOSTORESTATE43
1772 case 43:
1773 sha1recompress_fast_43(ihvin, ihvout, me2, state);
1774 break;
1775 #endif
1776 #ifdef DOSTORESTATE44
1777 case 44:
1778 sha1recompress_fast_44(ihvin, ihvout, me2, state);
1779 break;
1780 #endif
1781 #ifdef DOSTORESTATE45
1782 case 45:
1783 sha1recompress_fast_45(ihvin, ihvout, me2, state);
1784 break;
1785 #endif
1786 #ifdef DOSTORESTATE46
1787 case 46:
1788 sha1recompress_fast_46(ihvin, ihvout, me2, state);
1789 break;
1790 #endif
1791 #ifdef DOSTORESTATE47
1792 case 47:
1793 sha1recompress_fast_47(ihvin, ihvout, me2, state);
1794 break;
1795 #endif
1796 #ifdef DOSTORESTATE48
1797 case 48:
1798 sha1recompress_fast_48(ihvin, ihvout, me2, state);
1799 break;
1800 #endif
1801 #ifdef DOSTORESTATE49
1802 case 49:
1803 sha1recompress_fast_49(ihvin, ihvout, me2, state);
1804 break;
1805 #endif
1806 #ifdef DOSTORESTATE50
1807 case 50:
1808 sha1recompress_fast_50(ihvin, ihvout, me2, state);
1809 break;
1810 #endif
1811 #ifdef DOSTORESTATE51
1812 case 51:
1813 sha1recompress_fast_51(ihvin, ihvout, me2, state);
1814 break;
1815 #endif
1816 #ifdef DOSTORESTATE52
1817 case 52:
1818 sha1recompress_fast_52(ihvin, ihvout, me2, state);
1819 break;
1820 #endif
1821 #ifdef DOSTORESTATE53
1822 case 53:
1823 sha1recompress_fast_53(ihvin, ihvout, me2, state);
1824 break;
1825 #endif
1826 #ifdef DOSTORESTATE54
1827 case 54:
1828 sha1recompress_fast_54(ihvin, ihvout, me2, state);
1829 break;
1830 #endif
1831 #ifdef DOSTORESTATE55
1832 case 55:
1833 sha1recompress_fast_55(ihvin, ihvout, me2, state);
1834 break;
1835 #endif
1836 #ifdef DOSTORESTATE56
1837 case 56:
1838 sha1recompress_fast_56(ihvin, ihvout, me2, state);
1839 break;
1840 #endif
1841 #ifdef DOSTORESTATE57
1842 case 57:
1843 sha1recompress_fast_57(ihvin, ihvout, me2, state);
1844 break;
1845 #endif
1846 #ifdef DOSTORESTATE58
1847 case 58:
1848 sha1recompress_fast_58(ihvin, ihvout, me2, state);
1849 break;
1850 #endif
1851 #ifdef DOSTORESTATE59
1852 case 59:
1853 sha1recompress_fast_59(ihvin, ihvout, me2, state);
1854 break;
1855 #endif
1856 #ifdef DOSTORESTATE60
1857 case 60:
1858 sha1recompress_fast_60(ihvin, ihvout, me2, state);
1859 break;
1860 #endif
1861 #ifdef DOSTORESTATE61
1862 case 61:
1863 sha1recompress_fast_61(ihvin, ihvout, me2, state);
1864 break;
1865 #endif
1866 #ifdef DOSTORESTATE62
1867 case 62:
1868 sha1recompress_fast_62(ihvin, ihvout, me2, state);
1869 break;
1870 #endif
1871 #ifdef DOSTORESTATE63
1872 case 63:
1873 sha1recompress_fast_63(ihvin, ihvout, me2, state);
1874 break;
1875 #endif
1876 #ifdef DOSTORESTATE64
1877 case 64:
1878 sha1recompress_fast_64(ihvin, ihvout, me2, state);
1879 break;
1880 #endif
1881 #ifdef DOSTORESTATE65
1882 case 65:
1883 sha1recompress_fast_65(ihvin, ihvout, me2, state);
1884 break;
1885 #endif
1886 #ifdef DOSTORESTATE66
1887 case 66:
1888 sha1recompress_fast_66(ihvin, ihvout, me2, state);
1889 break;
1890 #endif
1891 #ifdef DOSTORESTATE67
1892 case 67:
1893 sha1recompress_fast_67(ihvin, ihvout, me2, state);
1894 break;
1895 #endif
1896 #ifdef DOSTORESTATE68
1897 case 68:
1898 sha1recompress_fast_68(ihvin, ihvout, me2, state);
1899 break;
1900 #endif
1901 #ifdef DOSTORESTATE69
1902 case 69:
1903 sha1recompress_fast_69(ihvin, ihvout, me2, state);
1904 break;
1905 #endif
1906 #ifdef DOSTORESTATE70
1907 case 70:
1908 sha1recompress_fast_70(ihvin, ihvout, me2, state);
1909 break;
1910 #endif
1911 #ifdef DOSTORESTATE71
1912 case 71:
1913 sha1recompress_fast_71(ihvin, ihvout, me2, state);
1914 break;
1915 #endif
1916 #ifdef DOSTORESTATE72
1917 case 72:
1918 sha1recompress_fast_72(ihvin, ihvout, me2, state);
1919 break;
1920 #endif
1921 #ifdef DOSTORESTATE73
1922 case 73:
1923 sha1recompress_fast_73(ihvin, ihvout, me2, state);
1924 break;
1925 #endif
1926 #ifdef DOSTORESTATE74
1927 case 74:
1928 sha1recompress_fast_74(ihvin, ihvout, me2, state);
1929 break;
1930 #endif
1931 #ifdef DOSTORESTATE75
1932 case 75:
1933 sha1recompress_fast_75(ihvin, ihvout, me2, state);
1934 break;
1935 #endif
1936 #ifdef DOSTORESTATE76
1937 case 76:
1938 sha1recompress_fast_76(ihvin, ihvout, me2, state);
1939 break;
1940 #endif
1941 #ifdef DOSTORESTATE77
1942 case 77:
1943 sha1recompress_fast_77(ihvin, ihvout, me2, state);
1944 break;
1945 #endif
1946 #ifdef DOSTORESTATE78
1947 case 78:
1948 sha1recompress_fast_78(ihvin, ihvout, me2, state);
1949 break;
1950 #endif
1951 #ifdef DOSTORESTATE79
1952 case 79:
1953 sha1recompress_fast_79(ihvin, ihvout, me2, state);
1954 break;
1955 #endif
1956 default:
1957 abort();
1958 }
1959 }
1960
1961 static void
sha1_process(SHA1_CTX * ctx,const uint32_t block[16])1962 sha1_process(SHA1_CTX *ctx, const uint32_t block[16])
1963 {
1964 unsigned i, j;
1965 uint32_t ubc_dv_mask[DVMASKSIZE] = {0xFFFFFFFF};
1966 uint32_t ihvtmp[5];
1967
1968 ctx->ihv1[0] = ctx->ihv[0];
1969 ctx->ihv1[1] = ctx->ihv[1];
1970 ctx->ihv1[2] = ctx->ihv[2];
1971 ctx->ihv1[3] = ctx->ihv[3];
1972 ctx->ihv1[4] = ctx->ihv[4];
1973
1974 sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
1975
1976 if (ctx->detect_coll) {
1977 if (ctx->ubc_check) {
1978 ubc_check(ctx->m1, ubc_dv_mask);
1979 }
1980
1981 if (ubc_dv_mask[0] != 0) {
1982 for (i = 0; sha1_dvs[i].dvType != 0; ++i) {
1983 if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb)) {
1984 for (j = 0; j < 80; ++j)
1985 ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1986
1987 sha1_recompression_step(sha1_dvs[i].testt,
1988 ctx->ihv2,
1989 ihvtmp,
1990 ctx->m2,
1991 ctx->states[sha1_dvs[i].testt]);
1992
1993 /* to verify SHA-1 collision detection code with collisions for
1994 * reduced-step SHA-1 */
1995 if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) |
1996 (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) |
1997 (ihvtmp[4] ^ ctx->ihv[4]))) ||
1998 (ctx->reduced_round_coll &&
1999 0 == ((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) |
2000 (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) |
2001 (ctx->ihv1[4] ^ ctx->ihv2[4])))) {
2002 ctx->found_collision = 1;
2003
2004 if (ctx->safe_hash) {
2005 sha1_compression_W(ctx->ihv, ctx->m1);
2006 sha1_compression_W(ctx->ihv, ctx->m1);
2007 }
2008
2009 break;
2010 }
2011 }
2012 }
2013 }
2014 }
2015 }
2016
2017 void
SHA1DCInit(SHA1_CTX * ctx)2018 SHA1DCInit(SHA1_CTX *ctx)
2019 {
2020 ctx->total = 0;
2021 ctx->ihv[0] = 0x67452301;
2022 ctx->ihv[1] = 0xEFCDAB89;
2023 ctx->ihv[2] = 0x98BADCFE;
2024 ctx->ihv[3] = 0x10325476;
2025 ctx->ihv[4] = 0xC3D2E1F0;
2026 ctx->found_collision = 0;
2027 ctx->safe_hash = SHA1DC_INIT_SAFE_HASH_DEFAULT;
2028 ctx->ubc_check = 1;
2029 ctx->detect_coll = 1;
2030 ctx->reduced_round_coll = 0;
2031 ctx->callback = NULL;
2032 }
2033
2034 void
SHA1DCSetSafeHash(SHA1_CTX * ctx,int safehash)2035 SHA1DCSetSafeHash(SHA1_CTX *ctx, int safehash)
2036 {
2037 if (safehash)
2038 ctx->safe_hash = 1;
2039 else
2040 ctx->safe_hash = 0;
2041 }
2042
2043 void
SHA1DCSetUseUBC(SHA1_CTX * ctx,int ubc_check)2044 SHA1DCSetUseUBC(SHA1_CTX *ctx, int ubc_check)
2045 {
2046 if (ubc_check)
2047 ctx->ubc_check = 1;
2048 else
2049 ctx->ubc_check = 0;
2050 }
2051
2052 void
SHA1DCSetUseDetectColl(SHA1_CTX * ctx,int detect_coll)2053 SHA1DCSetUseDetectColl(SHA1_CTX *ctx, int detect_coll)
2054 {
2055 if (detect_coll)
2056 ctx->detect_coll = 1;
2057 else
2058 ctx->detect_coll = 0;
2059 }
2060
2061 void
SHA1DCSetDetectReducedRoundCollision(SHA1_CTX * ctx,int reduced_round_coll)2062 SHA1DCSetDetectReducedRoundCollision(SHA1_CTX *ctx, int reduced_round_coll)
2063 {
2064 if (reduced_round_coll)
2065 ctx->reduced_round_coll = 1;
2066 else
2067 ctx->reduced_round_coll = 0;
2068 }
2069
2070 void
SHA1DCSetCallback(SHA1_CTX * ctx,collision_block_callback callback)2071 SHA1DCSetCallback(SHA1_CTX *ctx, collision_block_callback callback)
2072 {
2073 ctx->callback = callback;
2074 }
2075
2076 void
SHA1DCUpdate(SHA1_CTX * ctx,const char * buf,size_t len)2077 SHA1DCUpdate(SHA1_CTX *ctx, const char *buf, size_t len)
2078 {
2079 unsigned left, fill;
2080
2081 if (len == 0)
2082 return;
2083
2084 left = ctx->total & 63;
2085 fill = 64 - left;
2086
2087 if (left && len >= fill) {
2088 ctx->total += fill;
2089 memcpy(ctx->buffer + left, buf, fill);
2090 sha1_process(ctx, (uint32_t *) (ctx->buffer));
2091 buf += fill;
2092 len -= fill;
2093 left = 0;
2094 }
2095 while (len >= 64) {
2096 ctx->total += 64;
2097
2098 #if defined(SHA1DC_ALLOW_UNALIGNED_ACCESS)
2099 sha1_process(ctx, (uint32_t *) (buf));
2100 #else
2101 memcpy(ctx->buffer, buf, 64);
2102 sha1_process(ctx, (uint32_t *) (ctx->buffer));
2103 #endif /* defined(SHA1DC_ALLOW_UNALIGNED_ACCESS) */
2104 buf += 64;
2105 len -= 64;
2106 }
2107 if (len > 0) {
2108 ctx->total += len;
2109 memcpy(ctx->buffer + left, buf, len);
2110 }
2111 }
2112
2113 static const unsigned char sha1_padding[64] = {
2114 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2115 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2116 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2117
2118 int
SHA1DCFinal(unsigned char output[20],SHA1_CTX * ctx)2119 SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
2120 {
2121 uint32_t last = ctx->total & 63;
2122 uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
2123 uint64_t total;
2124 SHA1DCUpdate(ctx, (const char *) (sha1_padding), padn);
2125
2126 total = ctx->total - padn;
2127 total <<= 3;
2128 ctx->buffer[56] = (unsigned char) (total >> 56);
2129 ctx->buffer[57] = (unsigned char) (total >> 48);
2130 ctx->buffer[58] = (unsigned char) (total >> 40);
2131 ctx->buffer[59] = (unsigned char) (total >> 32);
2132 ctx->buffer[60] = (unsigned char) (total >> 24);
2133 ctx->buffer[61] = (unsigned char) (total >> 16);
2134 ctx->buffer[62] = (unsigned char) (total >> 8);
2135 ctx->buffer[63] = (unsigned char) (total);
2136 sha1_process(ctx, (uint32_t *) (ctx->buffer));
2137 output[0] = (unsigned char) (ctx->ihv[0] >> 24);
2138 output[1] = (unsigned char) (ctx->ihv[0] >> 16);
2139 output[2] = (unsigned char) (ctx->ihv[0] >> 8);
2140 output[3] = (unsigned char) (ctx->ihv[0]);
2141 output[4] = (unsigned char) (ctx->ihv[1] >> 24);
2142 output[5] = (unsigned char) (ctx->ihv[1] >> 16);
2143 output[6] = (unsigned char) (ctx->ihv[1] >> 8);
2144 output[7] = (unsigned char) (ctx->ihv[1]);
2145 output[8] = (unsigned char) (ctx->ihv[2] >> 24);
2146 output[9] = (unsigned char) (ctx->ihv[2] >> 16);
2147 output[10] = (unsigned char) (ctx->ihv[2] >> 8);
2148 output[11] = (unsigned char) (ctx->ihv[2]);
2149 output[12] = (unsigned char) (ctx->ihv[3] >> 24);
2150 output[13] = (unsigned char) (ctx->ihv[3] >> 16);
2151 output[14] = (unsigned char) (ctx->ihv[3] >> 8);
2152 output[15] = (unsigned char) (ctx->ihv[3]);
2153 output[16] = (unsigned char) (ctx->ihv[4] >> 24);
2154 output[17] = (unsigned char) (ctx->ihv[4] >> 16);
2155 output[18] = (unsigned char) (ctx->ihv[4] >> 8);
2156 output[19] = (unsigned char) (ctx->ihv[4]);
2157 return ctx->found_collision;
2158 }
2159
2160 #ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
2161 #include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
2162 #endif
2163