1 /***
2 * Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
3 * Distributed under the MIT Software License.
4 * See accompanying file LICENSE.txt or copy at
5 * https://opensource.org/licenses/MIT
6 ***/
7
8 #ifndef SHA1DC_NO_STANDARD_INCLUDES
9 #include <string.h>
10 #include <memory.h>
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <sys/types.h> /* make sure macros like _BIG_ENDIAN visible */
14 #endif
15
16 #ifdef SHA1DC_CUSTOM_INCLUDE_SHA1_C
17 #include SHA1DC_CUSTOM_INCLUDE_SHA1_C
18 #endif
19
20 #ifndef SHA1DC_INIT_SAFE_HASH_DEFAULT
21 #define SHA1DC_INIT_SAFE_HASH_DEFAULT 1
22 #endif
23
24 #include "sha1.h"
25 #include "ubc_check.h"
26
27 #if (defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || \
28 defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__) || \
29 defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || \
30 defined(_X86_) || defined(__THW_INTEL__) || defined(__I86__) || defined(__INTEL__) || \
31 defined(__386) || defined(_M_X64) || defined(_M_AMD64))
32 #define SHA1DC_ON_INTEL_LIKE_PROCESSOR
33 #endif
34
35 /*
36 Because Little-Endian architectures are most common,
37 we only set SHA1DC_BIGENDIAN if one of these conditions is met.
38 Note that all MSFT platforms are little endian,
39 so none of these will be defined under the MSC compiler.
40 If you are compiling on a big endian platform and your compiler does not define one of these,
41 you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
42 */
43
44 #if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
45 /*
46 * Should detect Big Endian under GCC since at least 4.6.0 (gcc svn
47 * rev #165881). See
48 * https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
49 *
50 * This also works under clang since 3.2, it copied the GCC-ism. See
51 * clang.git's 3b198a97d2 ("Preprocessor: add __BYTE_ORDER__
52 * predefined macro", 2012-07-27)
53 */
54 #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
55 #define SHA1DC_BIGENDIAN
56 #endif
57
58 /* Not under GCC-alike */
59 #elif defined(__BYTE_ORDER) && defined(__BIG_ENDIAN)
60 /*
61 * Should detect Big Endian under glibc.git since 14245eb70e ("entered
62 * into RCS", 1992-11-25). Defined in <endian.h> which will have been
63 * brought in by standard headers. See glibc.git and
64 * https://sourceforge.net/p/predef/wiki/Endianness/
65 */
66 #if __BYTE_ORDER == __BIG_ENDIAN
67 #define SHA1DC_BIGENDIAN
68 #endif
69
70 /* Not under GCC-alike or glibc */
71 #elif defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN)
72 /*
73 * *BSD and newlib (embeded linux, cygwin, etc).
74 * the defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN) part prevents
75 * this condition from matching with Solaris/sparc.
76 * (Solaris defines only one endian macro)
77 */
78 #if _BYTE_ORDER == _BIG_ENDIAN
79 #define SHA1DC_BIGENDIAN
80 #endif
81
82 /* Not under GCC-alike or glibc or *BSD or newlib */
83 #elif (defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
84 defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || \
85 defined(__sparc))
86 /*
87 * Should define Big Endian for a whitelist of known processors. See
88 * https://sourceforge.net/p/predef/wiki/Endianness/ and
89 * http://www.oracle.com/technetwork/server-storage/solaris/portingtosolaris-138514.html
90 */
91 #define SHA1DC_BIGENDIAN
92
93 /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> */
94 #elif (defined(_AIX) || defined(__hpux))
95
96 /*
97 * Defines Big Endian on a whitelist of OSs that are known to be Big
98 * Endian-only. See
99 * https://public-inbox.org/git/93056823-2740-d072-1ebd-46b440b33d7e@felt.demon.nl/
100 */
101 #define SHA1DC_BIGENDIAN
102
103 /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> */
104 #elif defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
105 /*
106 * As a last resort before we do anything else we're not 100% sure
107 * about below, we blacklist specific processors here. We could add
108 * more, see e.g. https://wiki.debian.org/ArchitectureSpecificsMemo
109 */
110 #else /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> or <processor blacklist> */
111
112 /* We do nothing more here for now */
113 /*#error "Uncomment this to see if you fall through all the detection"*/
114
115 #endif /* Big Endian detection */
116
117 #if (defined(SHA1DC_FORCE_LITTLEENDIAN) && defined(SHA1DC_BIGENDIAN))
118 #undef SHA1DC_BIGENDIAN
119 #endif
120 #if (defined(SHA1DC_FORCE_BIGENDIAN) && !defined(SHA1DC_BIGENDIAN))
121 #define SHA1DC_BIGENDIAN
122 #endif
123 /*ENDIANNESS SELECTION*/
124
125 #ifndef SHA1DC_FORCE_ALIGNED_ACCESS
126 #if defined(SHA1DC_FORCE_UNALIGNED_ACCESS) || defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
127 #define SHA1DC_ALLOW_UNALIGNED_ACCESS
128 #endif /*UNALIGNED ACCESS DETECTION*/
129 #endif /*FORCE ALIGNED ACCESS*/
130
131 #define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
132 #define rotate_left(x,n) (((x)<<(n))|((x)>>(32-(n))))
133
134 #define sha1_bswap32(x) \
135 {x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}
136
137 #define sha1_mix(W, t) (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
138
139 #ifdef SHA1DC_BIGENDIAN
140 #define sha1_load(m, t, temp) { temp = m[t]; }
141 #else
142 #define sha1_load(m, t, temp) { temp = m[t]; sha1_bswap32(temp); }
143 #endif
144
145 #define sha1_store(W, t, x) *(volatile uint32_t *)&W[t] = x
146
147 #define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
148 #define sha1_f2(b,c,d) ((b)^(c)^(d))
149 #define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
150 #define sha1_f4(b,c,d) ((b)^(c)^(d))
151
152 #define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
153 { e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
154 #define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
155 { e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
156 #define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
157 { e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
158 #define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
159 { e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }
160
161 #define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
162 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
163 #define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
164 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
165 #define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
166 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
167 #define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
168 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }
169
170 #define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
171 {sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
172
173 #define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
174 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
175
176 #define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
177 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
178
179 #define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
180 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
181
182 #define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
183 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }
184
185
186 #define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
187
188 #ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
sha1_compression(uint32_t ihv[5],const uint32_t m[16])189 void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
190 {
191 uint32_t W[80];
192 uint32_t a,b,c,d,e;
193 unsigned i;
194
195 memcpy(W, m, 16 * 4);
196 for (i = 16; i < 80; ++i)
197 W[i] = sha1_mix(W, i);
198
199 a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
200
201 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
202 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
203 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
204 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
205 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
206 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
207 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
208 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
209 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
210 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
211 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
212 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
213 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
214 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
215 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
216 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
217 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
218 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
219 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
220 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
221
222 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
223 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
224 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
225 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
226 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
227 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
228 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
229 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
230 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
231 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
232 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
233 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
234 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
235 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
236 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
237 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
238 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
239 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
240 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
241 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
242
243 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
244 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
245 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
246 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
247 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
248 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
249 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
250 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
251 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
252 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
253 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
254 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
255 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
256 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
257 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
258 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
259 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
260 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
261 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
262 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
263
264 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
265 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
266 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
267 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
268 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
269 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
270 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
271 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
272 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
273 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
274 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
275 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
276 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
277 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
278 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
279 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
280 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
281 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
282 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
283 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
284
285 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
286 }
287 #endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
288
289
sha1_compression_W(uint32_t ihv[5],const uint32_t W[80])290 static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
291 {
292 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
293
294 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
295 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
296 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
297 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
298 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
299 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
300 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
301 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
302 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
303 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
304 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
305 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
306 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
307 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
308 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
309 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
310 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
311 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
312 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
313 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
314
315 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
316 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
317 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
318 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
319 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
320 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
321 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
322 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
323 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
324 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
325 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
326 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
327 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
328 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
329 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
330 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
331 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
332 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
333 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
334 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
335
336 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
337 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
338 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
339 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
340 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
341 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
342 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
343 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
344 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
345 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
346 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
347 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
348 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
349 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
350 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
351 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
352 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
353 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
354 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
355 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
356
357 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
358 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
359 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
360 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
361 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
362 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
363 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
364 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
365 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
366 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
367 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
368 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
369 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
370 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
371 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
372 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
373 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
374 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
375 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
376 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
377
378 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
379 }
380
381
382
sha1_compression_states(uint32_t ihv[5],const uint32_t m[16],uint32_t W[80],uint32_t states[80][5])383 void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
384 {
385 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
386 uint32_t temp;
387
388 #ifdef DOSTORESTATE00
389 SHA1_STORE_STATE(0)
390 #endif
391 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
392
393 #ifdef DOSTORESTATE01
394 SHA1_STORE_STATE(1)
395 #endif
396 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
397
398 #ifdef DOSTORESTATE02
399 SHA1_STORE_STATE(2)
400 #endif
401 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
402
403 #ifdef DOSTORESTATE03
404 SHA1_STORE_STATE(3)
405 #endif
406 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
407
408 #ifdef DOSTORESTATE04
409 SHA1_STORE_STATE(4)
410 #endif
411 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
412
413 #ifdef DOSTORESTATE05
414 SHA1_STORE_STATE(5)
415 #endif
416 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
417
418 #ifdef DOSTORESTATE06
419 SHA1_STORE_STATE(6)
420 #endif
421 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
422
423 #ifdef DOSTORESTATE07
424 SHA1_STORE_STATE(7)
425 #endif
426 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
427
428 #ifdef DOSTORESTATE08
429 SHA1_STORE_STATE(8)
430 #endif
431 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
432
433 #ifdef DOSTORESTATE09
434 SHA1_STORE_STATE(9)
435 #endif
436 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
437
438 #ifdef DOSTORESTATE10
439 SHA1_STORE_STATE(10)
440 #endif
441 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
442
443 #ifdef DOSTORESTATE11
444 SHA1_STORE_STATE(11)
445 #endif
446 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
447
448 #ifdef DOSTORESTATE12
449 SHA1_STORE_STATE(12)
450 #endif
451 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
452
453 #ifdef DOSTORESTATE13
454 SHA1_STORE_STATE(13)
455 #endif
456 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
457
458 #ifdef DOSTORESTATE14
459 SHA1_STORE_STATE(14)
460 #endif
461 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
462
463 #ifdef DOSTORESTATE15
464 SHA1_STORE_STATE(15)
465 #endif
466 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
467
468 #ifdef DOSTORESTATE16
469 SHA1_STORE_STATE(16)
470 #endif
471 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
472
473 #ifdef DOSTORESTATE17
474 SHA1_STORE_STATE(17)
475 #endif
476 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
477
478 #ifdef DOSTORESTATE18
479 SHA1_STORE_STATE(18)
480 #endif
481 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
482
483 #ifdef DOSTORESTATE19
484 SHA1_STORE_STATE(19)
485 #endif
486 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
487
488
489
490 #ifdef DOSTORESTATE20
491 SHA1_STORE_STATE(20)
492 #endif
493 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
494
495 #ifdef DOSTORESTATE21
496 SHA1_STORE_STATE(21)
497 #endif
498 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
499
500 #ifdef DOSTORESTATE22
501 SHA1_STORE_STATE(22)
502 #endif
503 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
504
505 #ifdef DOSTORESTATE23
506 SHA1_STORE_STATE(23)
507 #endif
508 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
509
510 #ifdef DOSTORESTATE24
511 SHA1_STORE_STATE(24)
512 #endif
513 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
514
515 #ifdef DOSTORESTATE25
516 SHA1_STORE_STATE(25)
517 #endif
518 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
519
520 #ifdef DOSTORESTATE26
521 SHA1_STORE_STATE(26)
522 #endif
523 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
524
525 #ifdef DOSTORESTATE27
526 SHA1_STORE_STATE(27)
527 #endif
528 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
529
530 #ifdef DOSTORESTATE28
531 SHA1_STORE_STATE(28)
532 #endif
533 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
534
535 #ifdef DOSTORESTATE29
536 SHA1_STORE_STATE(29)
537 #endif
538 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
539
540 #ifdef DOSTORESTATE30
541 SHA1_STORE_STATE(30)
542 #endif
543 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
544
545 #ifdef DOSTORESTATE31
546 SHA1_STORE_STATE(31)
547 #endif
548 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
549
550 #ifdef DOSTORESTATE32
551 SHA1_STORE_STATE(32)
552 #endif
553 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
554
555 #ifdef DOSTORESTATE33
556 SHA1_STORE_STATE(33)
557 #endif
558 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
559
560 #ifdef DOSTORESTATE34
561 SHA1_STORE_STATE(34)
562 #endif
563 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
564
565 #ifdef DOSTORESTATE35
566 SHA1_STORE_STATE(35)
567 #endif
568 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
569
570 #ifdef DOSTORESTATE36
571 SHA1_STORE_STATE(36)
572 #endif
573 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
574
575 #ifdef DOSTORESTATE37
576 SHA1_STORE_STATE(37)
577 #endif
578 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
579
580 #ifdef DOSTORESTATE38
581 SHA1_STORE_STATE(38)
582 #endif
583 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
584
585 #ifdef DOSTORESTATE39
586 SHA1_STORE_STATE(39)
587 #endif
588 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
589
590
591
592 #ifdef DOSTORESTATE40
593 SHA1_STORE_STATE(40)
594 #endif
595 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
596
597 #ifdef DOSTORESTATE41
598 SHA1_STORE_STATE(41)
599 #endif
600 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
601
602 #ifdef DOSTORESTATE42
603 SHA1_STORE_STATE(42)
604 #endif
605 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
606
607 #ifdef DOSTORESTATE43
608 SHA1_STORE_STATE(43)
609 #endif
610 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
611
612 #ifdef DOSTORESTATE44
613 SHA1_STORE_STATE(44)
614 #endif
615 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
616
617 #ifdef DOSTORESTATE45
618 SHA1_STORE_STATE(45)
619 #endif
620 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
621
622 #ifdef DOSTORESTATE46
623 SHA1_STORE_STATE(46)
624 #endif
625 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
626
627 #ifdef DOSTORESTATE47
628 SHA1_STORE_STATE(47)
629 #endif
630 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
631
632 #ifdef DOSTORESTATE48
633 SHA1_STORE_STATE(48)
634 #endif
635 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
636
637 #ifdef DOSTORESTATE49
638 SHA1_STORE_STATE(49)
639 #endif
640 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
641
642 #ifdef DOSTORESTATE50
643 SHA1_STORE_STATE(50)
644 #endif
645 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
646
647 #ifdef DOSTORESTATE51
648 SHA1_STORE_STATE(51)
649 #endif
650 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
651
652 #ifdef DOSTORESTATE52
653 SHA1_STORE_STATE(52)
654 #endif
655 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
656
657 #ifdef DOSTORESTATE53
658 SHA1_STORE_STATE(53)
659 #endif
660 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
661
662 #ifdef DOSTORESTATE54
663 SHA1_STORE_STATE(54)
664 #endif
665 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
666
667 #ifdef DOSTORESTATE55
668 SHA1_STORE_STATE(55)
669 #endif
670 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
671
672 #ifdef DOSTORESTATE56
673 SHA1_STORE_STATE(56)
674 #endif
675 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
676
677 #ifdef DOSTORESTATE57
678 SHA1_STORE_STATE(57)
679 #endif
680 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
681
682 #ifdef DOSTORESTATE58
683 SHA1_STORE_STATE(58)
684 #endif
685 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
686
687 #ifdef DOSTORESTATE59
688 SHA1_STORE_STATE(59)
689 #endif
690 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
691
692
693
694
695 #ifdef DOSTORESTATE60
696 SHA1_STORE_STATE(60)
697 #endif
698 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
699
700 #ifdef DOSTORESTATE61
701 SHA1_STORE_STATE(61)
702 #endif
703 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
704
705 #ifdef DOSTORESTATE62
706 SHA1_STORE_STATE(62)
707 #endif
708 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
709
710 #ifdef DOSTORESTATE63
711 SHA1_STORE_STATE(63)
712 #endif
713 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
714
715 #ifdef DOSTORESTATE64
716 SHA1_STORE_STATE(64)
717 #endif
718 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
719
720 #ifdef DOSTORESTATE65
721 SHA1_STORE_STATE(65)
722 #endif
723 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
724
725 #ifdef DOSTORESTATE66
726 SHA1_STORE_STATE(66)
727 #endif
728 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
729
730 #ifdef DOSTORESTATE67
731 SHA1_STORE_STATE(67)
732 #endif
733 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
734
735 #ifdef DOSTORESTATE68
736 SHA1_STORE_STATE(68)
737 #endif
738 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
739
740 #ifdef DOSTORESTATE69
741 SHA1_STORE_STATE(69)
742 #endif
743 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
744
745 #ifdef DOSTORESTATE70
746 SHA1_STORE_STATE(70)
747 #endif
748 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
749
750 #ifdef DOSTORESTATE71
751 SHA1_STORE_STATE(71)
752 #endif
753 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
754
755 #ifdef DOSTORESTATE72
756 SHA1_STORE_STATE(72)
757 #endif
758 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
759
760 #ifdef DOSTORESTATE73
761 SHA1_STORE_STATE(73)
762 #endif
763 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
764
765 #ifdef DOSTORESTATE74
766 SHA1_STORE_STATE(74)
767 #endif
768 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
769
770 #ifdef DOSTORESTATE75
771 SHA1_STORE_STATE(75)
772 #endif
773 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
774
775 #ifdef DOSTORESTATE76
776 SHA1_STORE_STATE(76)
777 #endif
778 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
779
780 #ifdef DOSTORESTATE77
781 SHA1_STORE_STATE(77)
782 #endif
783 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
784
785 #ifdef DOSTORESTATE78
786 SHA1_STORE_STATE(78)
787 #endif
788 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
789
790 #ifdef DOSTORESTATE79
791 SHA1_STORE_STATE(79)
792 #endif
793 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
794
795
796
797 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
798 }
799
800
801
802
803 #define SHA1_RECOMPRESS(t) \
804 static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
805 { \
806 uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
807 if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
808 if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
809 if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
810 if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
811 if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
812 if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
813 if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
814 if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
815 if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
816 if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
817 if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
818 if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
819 if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
820 if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
821 if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
822 if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
823 if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
824 if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
825 if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
826 if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
827 if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
828 if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
829 if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
830 if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
831 if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
832 if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
833 if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
834 if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
835 if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
836 if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
837 if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
838 if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
839 if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
840 if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
841 if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
842 if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
843 if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
844 if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
845 if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
846 if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
847 if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
848 if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
849 if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
850 if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
851 if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
852 if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
853 if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
854 if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
855 if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
856 if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
857 if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
858 if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
859 if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
860 if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
861 if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
862 if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
863 if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
864 if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
865 if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
866 if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
867 if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
868 if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
869 if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
870 if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
871 if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
872 if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
873 if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
874 if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
875 if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
876 if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
877 if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
878 if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
879 if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
880 if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
881 if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
882 if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
883 if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
884 if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
885 if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
886 if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
887 ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
888 a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
889 if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
890 if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
891 if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
892 if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
893 if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
894 if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
895 if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
896 if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
897 if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
898 if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
899 if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
900 if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
901 if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
902 if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
903 if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
904 if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
905 if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
906 if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
907 if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
908 if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
909 if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
910 if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
911 if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
912 if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
913 if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
914 if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
915 if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
916 if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
917 if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
918 if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
919 if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
920 if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
921 if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
922 if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
923 if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
924 if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
925 if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
926 if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
927 if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
928 if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
929 if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
930 if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
931 if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
932 if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
933 if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
934 if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
935 if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
936 if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
937 if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
938 if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
939 if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
940 if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
941 if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
942 if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
943 if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
944 if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
945 if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
946 if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
947 if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
948 if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
949 if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
950 if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
951 if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
952 if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
953 if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
954 if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
955 if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
956 if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
957 if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
958 if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
959 if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
960 if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
961 if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
962 if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
963 if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
964 if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
965 if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
966 if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
967 if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
968 if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
969 ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
970 }
971
972 #ifdef _MSC_VER
973 #pragma warning(push)
974 #pragma warning(disable: 4127) /* Compiler complains about the checks in the above macro being constant. */
975 #endif
976
977 #ifdef DOSTORESTATE0
978 SHA1_RECOMPRESS(0)
979 #endif
980
981 #ifdef DOSTORESTATE1
982 SHA1_RECOMPRESS(1)
983 #endif
984
985 #ifdef DOSTORESTATE2
986 SHA1_RECOMPRESS(2)
987 #endif
988
989 #ifdef DOSTORESTATE3
990 SHA1_RECOMPRESS(3)
991 #endif
992
993 #ifdef DOSTORESTATE4
994 SHA1_RECOMPRESS(4)
995 #endif
996
997 #ifdef DOSTORESTATE5
998 SHA1_RECOMPRESS(5)
999 #endif
1000
1001 #ifdef DOSTORESTATE6
1002 SHA1_RECOMPRESS(6)
1003 #endif
1004
1005 #ifdef DOSTORESTATE7
1006 SHA1_RECOMPRESS(7)
1007 #endif
1008
1009 #ifdef DOSTORESTATE8
1010 SHA1_RECOMPRESS(8)
1011 #endif
1012
1013 #ifdef DOSTORESTATE9
1014 SHA1_RECOMPRESS(9)
1015 #endif
1016
1017 #ifdef DOSTORESTATE10
1018 SHA1_RECOMPRESS(10)
1019 #endif
1020
1021 #ifdef DOSTORESTATE11
1022 SHA1_RECOMPRESS(11)
1023 #endif
1024
1025 #ifdef DOSTORESTATE12
1026 SHA1_RECOMPRESS(12)
1027 #endif
1028
1029 #ifdef DOSTORESTATE13
1030 SHA1_RECOMPRESS(13)
1031 #endif
1032
1033 #ifdef DOSTORESTATE14
1034 SHA1_RECOMPRESS(14)
1035 #endif
1036
1037 #ifdef DOSTORESTATE15
1038 SHA1_RECOMPRESS(15)
1039 #endif
1040
1041 #ifdef DOSTORESTATE16
1042 SHA1_RECOMPRESS(16)
1043 #endif
1044
1045 #ifdef DOSTORESTATE17
1046 SHA1_RECOMPRESS(17)
1047 #endif
1048
1049 #ifdef DOSTORESTATE18
1050 SHA1_RECOMPRESS(18)
1051 #endif
1052
1053 #ifdef DOSTORESTATE19
1054 SHA1_RECOMPRESS(19)
1055 #endif
1056
1057 #ifdef DOSTORESTATE20
1058 SHA1_RECOMPRESS(20)
1059 #endif
1060
1061 #ifdef DOSTORESTATE21
1062 SHA1_RECOMPRESS(21)
1063 #endif
1064
1065 #ifdef DOSTORESTATE22
1066 SHA1_RECOMPRESS(22)
1067 #endif
1068
1069 #ifdef DOSTORESTATE23
1070 SHA1_RECOMPRESS(23)
1071 #endif
1072
1073 #ifdef DOSTORESTATE24
1074 SHA1_RECOMPRESS(24)
1075 #endif
1076
1077 #ifdef DOSTORESTATE25
1078 SHA1_RECOMPRESS(25)
1079 #endif
1080
1081 #ifdef DOSTORESTATE26
1082 SHA1_RECOMPRESS(26)
1083 #endif
1084
1085 #ifdef DOSTORESTATE27
1086 SHA1_RECOMPRESS(27)
1087 #endif
1088
1089 #ifdef DOSTORESTATE28
1090 SHA1_RECOMPRESS(28)
1091 #endif
1092
1093 #ifdef DOSTORESTATE29
1094 SHA1_RECOMPRESS(29)
1095 #endif
1096
1097 #ifdef DOSTORESTATE30
1098 SHA1_RECOMPRESS(30)
1099 #endif
1100
1101 #ifdef DOSTORESTATE31
1102 SHA1_RECOMPRESS(31)
1103 #endif
1104
1105 #ifdef DOSTORESTATE32
1106 SHA1_RECOMPRESS(32)
1107 #endif
1108
1109 #ifdef DOSTORESTATE33
1110 SHA1_RECOMPRESS(33)
1111 #endif
1112
1113 #ifdef DOSTORESTATE34
1114 SHA1_RECOMPRESS(34)
1115 #endif
1116
1117 #ifdef DOSTORESTATE35
1118 SHA1_RECOMPRESS(35)
1119 #endif
1120
1121 #ifdef DOSTORESTATE36
1122 SHA1_RECOMPRESS(36)
1123 #endif
1124
1125 #ifdef DOSTORESTATE37
1126 SHA1_RECOMPRESS(37)
1127 #endif
1128
1129 #ifdef DOSTORESTATE38
1130 SHA1_RECOMPRESS(38)
1131 #endif
1132
1133 #ifdef DOSTORESTATE39
1134 SHA1_RECOMPRESS(39)
1135 #endif
1136
1137 #ifdef DOSTORESTATE40
1138 SHA1_RECOMPRESS(40)
1139 #endif
1140
1141 #ifdef DOSTORESTATE41
1142 SHA1_RECOMPRESS(41)
1143 #endif
1144
1145 #ifdef DOSTORESTATE42
1146 SHA1_RECOMPRESS(42)
1147 #endif
1148
1149 #ifdef DOSTORESTATE43
1150 SHA1_RECOMPRESS(43)
1151 #endif
1152
1153 #ifdef DOSTORESTATE44
1154 SHA1_RECOMPRESS(44)
1155 #endif
1156
1157 #ifdef DOSTORESTATE45
1158 SHA1_RECOMPRESS(45)
1159 #endif
1160
1161 #ifdef DOSTORESTATE46
1162 SHA1_RECOMPRESS(46)
1163 #endif
1164
1165 #ifdef DOSTORESTATE47
1166 SHA1_RECOMPRESS(47)
1167 #endif
1168
1169 #ifdef DOSTORESTATE48
1170 SHA1_RECOMPRESS(48)
1171 #endif
1172
1173 #ifdef DOSTORESTATE49
1174 SHA1_RECOMPRESS(49)
1175 #endif
1176
1177 #ifdef DOSTORESTATE50
1178 SHA1_RECOMPRESS(50)
1179 #endif
1180
1181 #ifdef DOSTORESTATE51
1182 SHA1_RECOMPRESS(51)
1183 #endif
1184
1185 #ifdef DOSTORESTATE52
1186 SHA1_RECOMPRESS(52)
1187 #endif
1188
1189 #ifdef DOSTORESTATE53
1190 SHA1_RECOMPRESS(53)
1191 #endif
1192
1193 #ifdef DOSTORESTATE54
1194 SHA1_RECOMPRESS(54)
1195 #endif
1196
1197 #ifdef DOSTORESTATE55
1198 SHA1_RECOMPRESS(55)
1199 #endif
1200
1201 #ifdef DOSTORESTATE56
1202 SHA1_RECOMPRESS(56)
1203 #endif
1204
1205 #ifdef DOSTORESTATE57
1206 SHA1_RECOMPRESS(57)
1207 #endif
1208
1209 #ifdef DOSTORESTATE58
1210 SHA1_RECOMPRESS(58)
1211 #endif
1212
1213 #ifdef DOSTORESTATE59
1214 SHA1_RECOMPRESS(59)
1215 #endif
1216
1217 #ifdef DOSTORESTATE60
1218 SHA1_RECOMPRESS(60)
1219 #endif
1220
1221 #ifdef DOSTORESTATE61
1222 SHA1_RECOMPRESS(61)
1223 #endif
1224
1225 #ifdef DOSTORESTATE62
1226 SHA1_RECOMPRESS(62)
1227 #endif
1228
1229 #ifdef DOSTORESTATE63
1230 SHA1_RECOMPRESS(63)
1231 #endif
1232
1233 #ifdef DOSTORESTATE64
1234 SHA1_RECOMPRESS(64)
1235 #endif
1236
1237 #ifdef DOSTORESTATE65
1238 SHA1_RECOMPRESS(65)
1239 #endif
1240
1241 #ifdef DOSTORESTATE66
1242 SHA1_RECOMPRESS(66)
1243 #endif
1244
1245 #ifdef DOSTORESTATE67
1246 SHA1_RECOMPRESS(67)
1247 #endif
1248
1249 #ifdef DOSTORESTATE68
1250 SHA1_RECOMPRESS(68)
1251 #endif
1252
1253 #ifdef DOSTORESTATE69
1254 SHA1_RECOMPRESS(69)
1255 #endif
1256
1257 #ifdef DOSTORESTATE70
1258 SHA1_RECOMPRESS(70)
1259 #endif
1260
1261 #ifdef DOSTORESTATE71
1262 SHA1_RECOMPRESS(71)
1263 #endif
1264
1265 #ifdef DOSTORESTATE72
1266 SHA1_RECOMPRESS(72)
1267 #endif
1268
1269 #ifdef DOSTORESTATE73
1270 SHA1_RECOMPRESS(73)
1271 #endif
1272
1273 #ifdef DOSTORESTATE74
1274 SHA1_RECOMPRESS(74)
1275 #endif
1276
1277 #ifdef DOSTORESTATE75
1278 SHA1_RECOMPRESS(75)
1279 #endif
1280
1281 #ifdef DOSTORESTATE76
1282 SHA1_RECOMPRESS(76)
1283 #endif
1284
1285 #ifdef DOSTORESTATE77
1286 SHA1_RECOMPRESS(77)
1287 #endif
1288
1289 #ifdef DOSTORESTATE78
1290 SHA1_RECOMPRESS(78)
1291 #endif
1292
1293 #ifdef DOSTORESTATE79
1294 SHA1_RECOMPRESS(79)
1295 #endif
1296
1297 #ifdef _MSC_VER
1298 #pragma warning(pop)
1299 #endif
1300
sha1_recompression_step(uint32_t step,uint32_t ihvin[5],uint32_t ihvout[5],const uint32_t me2[80],const uint32_t state[5])1301 static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
1302 {
1303 switch (step)
1304 {
1305 #ifdef DOSTORESTATE0
1306 case 0:
1307 sha1recompress_fast_0(ihvin, ihvout, me2, state);
1308 break;
1309 #endif
1310 #ifdef DOSTORESTATE1
1311 case 1:
1312 sha1recompress_fast_1(ihvin, ihvout, me2, state);
1313 break;
1314 #endif
1315 #ifdef DOSTORESTATE2
1316 case 2:
1317 sha1recompress_fast_2(ihvin, ihvout, me2, state);
1318 break;
1319 #endif
1320 #ifdef DOSTORESTATE3
1321 case 3:
1322 sha1recompress_fast_3(ihvin, ihvout, me2, state);
1323 break;
1324 #endif
1325 #ifdef DOSTORESTATE4
1326 case 4:
1327 sha1recompress_fast_4(ihvin, ihvout, me2, state);
1328 break;
1329 #endif
1330 #ifdef DOSTORESTATE5
1331 case 5:
1332 sha1recompress_fast_5(ihvin, ihvout, me2, state);
1333 break;
1334 #endif
1335 #ifdef DOSTORESTATE6
1336 case 6:
1337 sha1recompress_fast_6(ihvin, ihvout, me2, state);
1338 break;
1339 #endif
1340 #ifdef DOSTORESTATE7
1341 case 7:
1342 sha1recompress_fast_7(ihvin, ihvout, me2, state);
1343 break;
1344 #endif
1345 #ifdef DOSTORESTATE8
1346 case 8:
1347 sha1recompress_fast_8(ihvin, ihvout, me2, state);
1348 break;
1349 #endif
1350 #ifdef DOSTORESTATE9
1351 case 9:
1352 sha1recompress_fast_9(ihvin, ihvout, me2, state);
1353 break;
1354 #endif
1355 #ifdef DOSTORESTATE10
1356 case 10:
1357 sha1recompress_fast_10(ihvin, ihvout, me2, state);
1358 break;
1359 #endif
1360 #ifdef DOSTORESTATE11
1361 case 11:
1362 sha1recompress_fast_11(ihvin, ihvout, me2, state);
1363 break;
1364 #endif
1365 #ifdef DOSTORESTATE12
1366 case 12:
1367 sha1recompress_fast_12(ihvin, ihvout, me2, state);
1368 break;
1369 #endif
1370 #ifdef DOSTORESTATE13
1371 case 13:
1372 sha1recompress_fast_13(ihvin, ihvout, me2, state);
1373 break;
1374 #endif
1375 #ifdef DOSTORESTATE14
1376 case 14:
1377 sha1recompress_fast_14(ihvin, ihvout, me2, state);
1378 break;
1379 #endif
1380 #ifdef DOSTORESTATE15
1381 case 15:
1382 sha1recompress_fast_15(ihvin, ihvout, me2, state);
1383 break;
1384 #endif
1385 #ifdef DOSTORESTATE16
1386 case 16:
1387 sha1recompress_fast_16(ihvin, ihvout, me2, state);
1388 break;
1389 #endif
1390 #ifdef DOSTORESTATE17
1391 case 17:
1392 sha1recompress_fast_17(ihvin, ihvout, me2, state);
1393 break;
1394 #endif
1395 #ifdef DOSTORESTATE18
1396 case 18:
1397 sha1recompress_fast_18(ihvin, ihvout, me2, state);
1398 break;
1399 #endif
1400 #ifdef DOSTORESTATE19
1401 case 19:
1402 sha1recompress_fast_19(ihvin, ihvout, me2, state);
1403 break;
1404 #endif
1405 #ifdef DOSTORESTATE20
1406 case 20:
1407 sha1recompress_fast_20(ihvin, ihvout, me2, state);
1408 break;
1409 #endif
1410 #ifdef DOSTORESTATE21
1411 case 21:
1412 sha1recompress_fast_21(ihvin, ihvout, me2, state);
1413 break;
1414 #endif
1415 #ifdef DOSTORESTATE22
1416 case 22:
1417 sha1recompress_fast_22(ihvin, ihvout, me2, state);
1418 break;
1419 #endif
1420 #ifdef DOSTORESTATE23
1421 case 23:
1422 sha1recompress_fast_23(ihvin, ihvout, me2, state);
1423 break;
1424 #endif
1425 #ifdef DOSTORESTATE24
1426 case 24:
1427 sha1recompress_fast_24(ihvin, ihvout, me2, state);
1428 break;
1429 #endif
1430 #ifdef DOSTORESTATE25
1431 case 25:
1432 sha1recompress_fast_25(ihvin, ihvout, me2, state);
1433 break;
1434 #endif
1435 #ifdef DOSTORESTATE26
1436 case 26:
1437 sha1recompress_fast_26(ihvin, ihvout, me2, state);
1438 break;
1439 #endif
1440 #ifdef DOSTORESTATE27
1441 case 27:
1442 sha1recompress_fast_27(ihvin, ihvout, me2, state);
1443 break;
1444 #endif
1445 #ifdef DOSTORESTATE28
1446 case 28:
1447 sha1recompress_fast_28(ihvin, ihvout, me2, state);
1448 break;
1449 #endif
1450 #ifdef DOSTORESTATE29
1451 case 29:
1452 sha1recompress_fast_29(ihvin, ihvout, me2, state);
1453 break;
1454 #endif
1455 #ifdef DOSTORESTATE30
1456 case 30:
1457 sha1recompress_fast_30(ihvin, ihvout, me2, state);
1458 break;
1459 #endif
1460 #ifdef DOSTORESTATE31
1461 case 31:
1462 sha1recompress_fast_31(ihvin, ihvout, me2, state);
1463 break;
1464 #endif
1465 #ifdef DOSTORESTATE32
1466 case 32:
1467 sha1recompress_fast_32(ihvin, ihvout, me2, state);
1468 break;
1469 #endif
1470 #ifdef DOSTORESTATE33
1471 case 33:
1472 sha1recompress_fast_33(ihvin, ihvout, me2, state);
1473 break;
1474 #endif
1475 #ifdef DOSTORESTATE34
1476 case 34:
1477 sha1recompress_fast_34(ihvin, ihvout, me2, state);
1478 break;
1479 #endif
1480 #ifdef DOSTORESTATE35
1481 case 35:
1482 sha1recompress_fast_35(ihvin, ihvout, me2, state);
1483 break;
1484 #endif
1485 #ifdef DOSTORESTATE36
1486 case 36:
1487 sha1recompress_fast_36(ihvin, ihvout, me2, state);
1488 break;
1489 #endif
1490 #ifdef DOSTORESTATE37
1491 case 37:
1492 sha1recompress_fast_37(ihvin, ihvout, me2, state);
1493 break;
1494 #endif
1495 #ifdef DOSTORESTATE38
1496 case 38:
1497 sha1recompress_fast_38(ihvin, ihvout, me2, state);
1498 break;
1499 #endif
1500 #ifdef DOSTORESTATE39
1501 case 39:
1502 sha1recompress_fast_39(ihvin, ihvout, me2, state);
1503 break;
1504 #endif
1505 #ifdef DOSTORESTATE40
1506 case 40:
1507 sha1recompress_fast_40(ihvin, ihvout, me2, state);
1508 break;
1509 #endif
1510 #ifdef DOSTORESTATE41
1511 case 41:
1512 sha1recompress_fast_41(ihvin, ihvout, me2, state);
1513 break;
1514 #endif
1515 #ifdef DOSTORESTATE42
1516 case 42:
1517 sha1recompress_fast_42(ihvin, ihvout, me2, state);
1518 break;
1519 #endif
1520 #ifdef DOSTORESTATE43
1521 case 43:
1522 sha1recompress_fast_43(ihvin, ihvout, me2, state);
1523 break;
1524 #endif
1525 #ifdef DOSTORESTATE44
1526 case 44:
1527 sha1recompress_fast_44(ihvin, ihvout, me2, state);
1528 break;
1529 #endif
1530 #ifdef DOSTORESTATE45
1531 case 45:
1532 sha1recompress_fast_45(ihvin, ihvout, me2, state);
1533 break;
1534 #endif
1535 #ifdef DOSTORESTATE46
1536 case 46:
1537 sha1recompress_fast_46(ihvin, ihvout, me2, state);
1538 break;
1539 #endif
1540 #ifdef DOSTORESTATE47
1541 case 47:
1542 sha1recompress_fast_47(ihvin, ihvout, me2, state);
1543 break;
1544 #endif
1545 #ifdef DOSTORESTATE48
1546 case 48:
1547 sha1recompress_fast_48(ihvin, ihvout, me2, state);
1548 break;
1549 #endif
1550 #ifdef DOSTORESTATE49
1551 case 49:
1552 sha1recompress_fast_49(ihvin, ihvout, me2, state);
1553 break;
1554 #endif
1555 #ifdef DOSTORESTATE50
1556 case 50:
1557 sha1recompress_fast_50(ihvin, ihvout, me2, state);
1558 break;
1559 #endif
1560 #ifdef DOSTORESTATE51
1561 case 51:
1562 sha1recompress_fast_51(ihvin, ihvout, me2, state);
1563 break;
1564 #endif
1565 #ifdef DOSTORESTATE52
1566 case 52:
1567 sha1recompress_fast_52(ihvin, ihvout, me2, state);
1568 break;
1569 #endif
1570 #ifdef DOSTORESTATE53
1571 case 53:
1572 sha1recompress_fast_53(ihvin, ihvout, me2, state);
1573 break;
1574 #endif
1575 #ifdef DOSTORESTATE54
1576 case 54:
1577 sha1recompress_fast_54(ihvin, ihvout, me2, state);
1578 break;
1579 #endif
1580 #ifdef DOSTORESTATE55
1581 case 55:
1582 sha1recompress_fast_55(ihvin, ihvout, me2, state);
1583 break;
1584 #endif
1585 #ifdef DOSTORESTATE56
1586 case 56:
1587 sha1recompress_fast_56(ihvin, ihvout, me2, state);
1588 break;
1589 #endif
1590 #ifdef DOSTORESTATE57
1591 case 57:
1592 sha1recompress_fast_57(ihvin, ihvout, me2, state);
1593 break;
1594 #endif
1595 #ifdef DOSTORESTATE58
1596 case 58:
1597 sha1recompress_fast_58(ihvin, ihvout, me2, state);
1598 break;
1599 #endif
1600 #ifdef DOSTORESTATE59
1601 case 59:
1602 sha1recompress_fast_59(ihvin, ihvout, me2, state);
1603 break;
1604 #endif
1605 #ifdef DOSTORESTATE60
1606 case 60:
1607 sha1recompress_fast_60(ihvin, ihvout, me2, state);
1608 break;
1609 #endif
1610 #ifdef DOSTORESTATE61
1611 case 61:
1612 sha1recompress_fast_61(ihvin, ihvout, me2, state);
1613 break;
1614 #endif
1615 #ifdef DOSTORESTATE62
1616 case 62:
1617 sha1recompress_fast_62(ihvin, ihvout, me2, state);
1618 break;
1619 #endif
1620 #ifdef DOSTORESTATE63
1621 case 63:
1622 sha1recompress_fast_63(ihvin, ihvout, me2, state);
1623 break;
1624 #endif
1625 #ifdef DOSTORESTATE64
1626 case 64:
1627 sha1recompress_fast_64(ihvin, ihvout, me2, state);
1628 break;
1629 #endif
1630 #ifdef DOSTORESTATE65
1631 case 65:
1632 sha1recompress_fast_65(ihvin, ihvout, me2, state);
1633 break;
1634 #endif
1635 #ifdef DOSTORESTATE66
1636 case 66:
1637 sha1recompress_fast_66(ihvin, ihvout, me2, state);
1638 break;
1639 #endif
1640 #ifdef DOSTORESTATE67
1641 case 67:
1642 sha1recompress_fast_67(ihvin, ihvout, me2, state);
1643 break;
1644 #endif
1645 #ifdef DOSTORESTATE68
1646 case 68:
1647 sha1recompress_fast_68(ihvin, ihvout, me2, state);
1648 break;
1649 #endif
1650 #ifdef DOSTORESTATE69
1651 case 69:
1652 sha1recompress_fast_69(ihvin, ihvout, me2, state);
1653 break;
1654 #endif
1655 #ifdef DOSTORESTATE70
1656 case 70:
1657 sha1recompress_fast_70(ihvin, ihvout, me2, state);
1658 break;
1659 #endif
1660 #ifdef DOSTORESTATE71
1661 case 71:
1662 sha1recompress_fast_71(ihvin, ihvout, me2, state);
1663 break;
1664 #endif
1665 #ifdef DOSTORESTATE72
1666 case 72:
1667 sha1recompress_fast_72(ihvin, ihvout, me2, state);
1668 break;
1669 #endif
1670 #ifdef DOSTORESTATE73
1671 case 73:
1672 sha1recompress_fast_73(ihvin, ihvout, me2, state);
1673 break;
1674 #endif
1675 #ifdef DOSTORESTATE74
1676 case 74:
1677 sha1recompress_fast_74(ihvin, ihvout, me2, state);
1678 break;
1679 #endif
1680 #ifdef DOSTORESTATE75
1681 case 75:
1682 sha1recompress_fast_75(ihvin, ihvout, me2, state);
1683 break;
1684 #endif
1685 #ifdef DOSTORESTATE76
1686 case 76:
1687 sha1recompress_fast_76(ihvin, ihvout, me2, state);
1688 break;
1689 #endif
1690 #ifdef DOSTORESTATE77
1691 case 77:
1692 sha1recompress_fast_77(ihvin, ihvout, me2, state);
1693 break;
1694 #endif
1695 #ifdef DOSTORESTATE78
1696 case 78:
1697 sha1recompress_fast_78(ihvin, ihvout, me2, state);
1698 break;
1699 #endif
1700 #ifdef DOSTORESTATE79
1701 case 79:
1702 sha1recompress_fast_79(ihvin, ihvout, me2, state);
1703 break;
1704 #endif
1705 default:
1706 abort();
1707 }
1708
1709 }
1710
1711
1712
sha1_process(SHA1_CTX * ctx,const uint32_t block[16])1713 static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
1714 {
1715 unsigned i, j;
1716 uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
1717 uint32_t ihvtmp[5];
1718
1719 ctx->ihv1[0] = ctx->ihv[0];
1720 ctx->ihv1[1] = ctx->ihv[1];
1721 ctx->ihv1[2] = ctx->ihv[2];
1722 ctx->ihv1[3] = ctx->ihv[3];
1723 ctx->ihv1[4] = ctx->ihv[4];
1724
1725 sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
1726
1727 if (ctx->detect_coll)
1728 {
1729 if (ctx->ubc_check)
1730 {
1731 ubc_check(ctx->m1, ubc_dv_mask);
1732 }
1733
1734 if (ubc_dv_mask[0] != 0)
1735 {
1736 for (i = 0; sha1_dvs[i].dvType != 0; ++i)
1737 {
1738 if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
1739 {
1740 for (j = 0; j < 80; ++j)
1741 ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1742
1743 sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);
1744
1745 /* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
1746 if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
1747 || (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
1748 {
1749 ctx->found_collision = 1;
1750
1751 if (ctx->safe_hash)
1752 {
1753 sha1_compression_W(ctx->ihv, ctx->m1);
1754 sha1_compression_W(ctx->ihv, ctx->m1);
1755 }
1756
1757 break;
1758 }
1759 }
1760 }
1761 }
1762 }
1763 }
1764
SHA1DCInit(SHA1_CTX * ctx)1765 void SHA1DCInit(SHA1_CTX* ctx)
1766 {
1767 ctx->total = 0;
1768 ctx->ihv[0] = 0x67452301;
1769 ctx->ihv[1] = 0xEFCDAB89;
1770 ctx->ihv[2] = 0x98BADCFE;
1771 ctx->ihv[3] = 0x10325476;
1772 ctx->ihv[4] = 0xC3D2E1F0;
1773 ctx->found_collision = 0;
1774 ctx->safe_hash = SHA1DC_INIT_SAFE_HASH_DEFAULT;
1775 ctx->ubc_check = 1;
1776 ctx->detect_coll = 1;
1777 ctx->reduced_round_coll = 0;
1778 ctx->callback = NULL;
1779 }
1780
SHA1DCSetSafeHash(SHA1_CTX * ctx,int safehash)1781 void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
1782 {
1783 if (safehash)
1784 ctx->safe_hash = 1;
1785 else
1786 ctx->safe_hash = 0;
1787 }
1788
1789
SHA1DCSetUseUBC(SHA1_CTX * ctx,int ubc_check)1790 void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
1791 {
1792 if (ubc_check)
1793 ctx->ubc_check = 1;
1794 else
1795 ctx->ubc_check = 0;
1796 }
1797
SHA1DCSetUseDetectColl(SHA1_CTX * ctx,int detect_coll)1798 void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
1799 {
1800 if (detect_coll)
1801 ctx->detect_coll = 1;
1802 else
1803 ctx->detect_coll = 0;
1804 }
1805
SHA1DCSetDetectReducedRoundCollision(SHA1_CTX * ctx,int reduced_round_coll)1806 void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
1807 {
1808 if (reduced_round_coll)
1809 ctx->reduced_round_coll = 1;
1810 else
1811 ctx->reduced_round_coll = 0;
1812 }
1813
SHA1DCSetCallback(SHA1_CTX * ctx,collision_block_callback callback)1814 void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
1815 {
1816 ctx->callback = callback;
1817 }
1818
SHA1DCUpdate(SHA1_CTX * ctx,const char * buf,size_t len)1819 void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
1820 {
1821 unsigned left, fill;
1822
1823 if (len == 0)
1824 return;
1825
1826 left = ctx->total & 63;
1827 fill = 64 - left;
1828
1829 if (left && len >= fill)
1830 {
1831 ctx->total += fill;
1832 memcpy(ctx->buffer + left, buf, fill);
1833 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1834 buf += fill;
1835 len -= fill;
1836 left = 0;
1837 }
1838 while (len >= 64)
1839 {
1840 ctx->total += 64;
1841
1842 #if defined(SHA1DC_ALLOW_UNALIGNED_ACCESS)
1843 sha1_process(ctx, (uint32_t*)(buf));
1844 #else
1845 memcpy(ctx->buffer, buf, 64);
1846 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1847 #endif /* defined(SHA1DC_ALLOW_UNALIGNED_ACCESS) */
1848 buf += 64;
1849 len -= 64;
1850 }
1851 if (len > 0)
1852 {
1853 ctx->total += len;
1854 memcpy(ctx->buffer + left, buf, len);
1855 }
1856 }
1857
1858 static const unsigned char sha1_padding[64] =
1859 {
1860 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1861 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1862 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1863 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1864 };
1865
SHA1DCFinal(unsigned char output[20],SHA1_CTX * ctx)1866 int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
1867 {
1868 uint32_t last = ctx->total & 63;
1869 uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
1870 uint64_t total;
1871 SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
1872
1873 total = ctx->total - padn;
1874 total <<= 3;
1875 ctx->buffer[56] = (unsigned char)(total >> 56);
1876 ctx->buffer[57] = (unsigned char)(total >> 48);
1877 ctx->buffer[58] = (unsigned char)(total >> 40);
1878 ctx->buffer[59] = (unsigned char)(total >> 32);
1879 ctx->buffer[60] = (unsigned char)(total >> 24);
1880 ctx->buffer[61] = (unsigned char)(total >> 16);
1881 ctx->buffer[62] = (unsigned char)(total >> 8);
1882 ctx->buffer[63] = (unsigned char)(total);
1883 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1884 output[0] = (unsigned char)(ctx->ihv[0] >> 24);
1885 output[1] = (unsigned char)(ctx->ihv[0] >> 16);
1886 output[2] = (unsigned char)(ctx->ihv[0] >> 8);
1887 output[3] = (unsigned char)(ctx->ihv[0]);
1888 output[4] = (unsigned char)(ctx->ihv[1] >> 24);
1889 output[5] = (unsigned char)(ctx->ihv[1] >> 16);
1890 output[6] = (unsigned char)(ctx->ihv[1] >> 8);
1891 output[7] = (unsigned char)(ctx->ihv[1]);
1892 output[8] = (unsigned char)(ctx->ihv[2] >> 24);
1893 output[9] = (unsigned char)(ctx->ihv[2] >> 16);
1894 output[10] = (unsigned char)(ctx->ihv[2] >> 8);
1895 output[11] = (unsigned char)(ctx->ihv[2]);
1896 output[12] = (unsigned char)(ctx->ihv[3] >> 24);
1897 output[13] = (unsigned char)(ctx->ihv[3] >> 16);
1898 output[14] = (unsigned char)(ctx->ihv[3] >> 8);
1899 output[15] = (unsigned char)(ctx->ihv[3]);
1900 output[16] = (unsigned char)(ctx->ihv[4] >> 24);
1901 output[17] = (unsigned char)(ctx->ihv[4] >> 16);
1902 output[18] = (unsigned char)(ctx->ihv[4] >> 8);
1903 output[19] = (unsigned char)(ctx->ihv[4]);
1904 return ctx->found_collision;
1905 }
1906
1907 #ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1908 #include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1909 #endif
1910