1/***
2* Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
3* Distributed under the MIT Software License.
4* See accompanying file LICENSE.txt or copy at
5* https://opensource.org/licenses/MIT
6***/
7#include "cache.h"
9#include "sha1dc/sha1.h"
10#include "sha1dc/ubc_check.h"
11/*
14 Because Little-Endian architectures are most common,
15 we only set BIGENDIAN if one of these conditions is met.
16 Note that all MSFT platforms are little endian,
17 so none of these will be defined under the MSC compiler.
18 If you are compiling on a big endian platform and your compiler does not define one of these,
19 you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
20 */
21#if (defined(__BYTE_ORDER) && (__BYTE_ORDER == __BIG_ENDIAN)) || \
22 (defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __BIG_ENDIAN__)) || \
23 defined(__BIG_ENDIAN__) || defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
24 defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__)
25#define BIGENDIAN (1)
27#endif /*ENDIANNESS SELECTION*/
29#define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
31#define rotate_left(x,n) (((x)<<(n))|((x)>>(32-(n))))
32#define sha1_bswap32(x) \
34 {x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}
35#define sha1_mix(W, t) (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
37#if defined(BIGENDIAN)
39 #define sha1_load(m, t, temp) { temp = m[t]; }
40#else
41 #define sha1_load(m, t, temp) { temp = m[t]; sha1_bswap32(temp); }
42#endif /*define(BIGENDIAN)*/
43#define sha1_store(W, t, x) *(volatile uint32_t *)&W[t] = x
45#define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
47#define sha1_f2(b,c,d) ((b)^(c)^(d))
48#define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
49#define sha1_f4(b,c,d) ((b)^(c)^(d))
50#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
52 { e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
53#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
54 { e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
55#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
56 { e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
57#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
58 { e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }
59#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
61 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
62#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
63 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
64#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
65 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
66#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
67 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }
68#define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
70 {sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
71#define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
73 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
74#define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
76 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
77#define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
79 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
80#define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
82 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }
83#define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
86#ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
88void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
89{
90 uint32_t W[80];
91 uint32_t a,b,c,d,e;
92 unsigned i;
93 memcpy(W, m, 16 * 4);
95 for (i = 16; i < 80; ++i)
96 W[i] = sha1_mix(W, i);
97 a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
99 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
101 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
102 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
103 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
104 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
105 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
106 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
107 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
108 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
109 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
110 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
111 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
112 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
113 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
114 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
115 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
116 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
117 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
118 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
119 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
120 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
122 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
123 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
124 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
125 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
126 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
127 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
128 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
129 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
130 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
131 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
132 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
133 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
134 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
135 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
136 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
137 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
138 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
139 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
140 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
141 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
143 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
144 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
145 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
146 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
147 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
148 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
149 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
150 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
151 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
152 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
153 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
154 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
155 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
156 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
157 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
158 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
159 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
160 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
161 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
162 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
164 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
165 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
166 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
167 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
168 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
169 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
170 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
171 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
172 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
173 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
174 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
175 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
176 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
177 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
178 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
179 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
180 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
181 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
182 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
183 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
185}
186#endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
187static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
190{
191 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
192 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
194 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
195 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
196 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
197 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
198 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
199 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
200 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
201 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
202 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
203 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
204 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
205 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
206 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
207 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
208 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
209 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
210 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
211 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
212 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
213 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
215 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
216 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
217 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
218 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
219 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
220 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
221 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
222 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
223 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
224 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
225 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
226 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
227 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
228 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
229 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
230 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
231 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
232 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
233 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
234 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
236 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
237 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
238 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
239 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
240 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
241 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
242 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
243 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
244 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
245 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
246 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
247 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
248 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
249 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
250 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
251 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
252 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
253 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
254 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
255 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
257 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
258 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
259 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
260 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
261 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
262 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
263 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
264 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
265 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
266 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
267 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
268 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
269 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
270 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
271 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
272 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
273 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
274 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
275 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
276 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
278}
279void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
283{
284 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
285 uint32_t temp;
286#ifdef DOSTORESTATE00
288 SHA1_STORE_STATE(0)
289#endif
290 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
291#ifdef DOSTORESTATE01
293 SHA1_STORE_STATE(1)
294#endif
295 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
296#ifdef DOSTORESTATE02
298 SHA1_STORE_STATE(2)
299#endif
300 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
301#ifdef DOSTORESTATE03
303 SHA1_STORE_STATE(3)
304#endif
305 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
306#ifdef DOSTORESTATE04
308 SHA1_STORE_STATE(4)
309#endif
310 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
311#ifdef DOSTORESTATE05
313 SHA1_STORE_STATE(5)
314#endif
315 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
316#ifdef DOSTORESTATE06
318 SHA1_STORE_STATE(6)
319#endif
320 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
321#ifdef DOSTORESTATE07
323 SHA1_STORE_STATE(7)
324#endif
325 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
326#ifdef DOSTORESTATE08
328 SHA1_STORE_STATE(8)
329#endif
330 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
331#ifdef DOSTORESTATE09
333 SHA1_STORE_STATE(9)
334#endif
335 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
336#ifdef DOSTORESTATE10
338 SHA1_STORE_STATE(10)
339#endif
340 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
341#ifdef DOSTORESTATE11
343 SHA1_STORE_STATE(11)
344#endif
345 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
346#ifdef DOSTORESTATE12
348 SHA1_STORE_STATE(12)
349#endif
350 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
351#ifdef DOSTORESTATE13
353 SHA1_STORE_STATE(13)
354#endif
355 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
356#ifdef DOSTORESTATE14
358 SHA1_STORE_STATE(14)
359#endif
360 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
361#ifdef DOSTORESTATE15
363 SHA1_STORE_STATE(15)
364#endif
365 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
366#ifdef DOSTORESTATE16
368 SHA1_STORE_STATE(16)
369#endif
370 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
371#ifdef DOSTORESTATE17
373 SHA1_STORE_STATE(17)
374#endif
375 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
376#ifdef DOSTORESTATE18
378 SHA1_STORE_STATE(18)
379#endif
380 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
381#ifdef DOSTORESTATE19
383 SHA1_STORE_STATE(19)
384#endif
385 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
386#ifdef DOSTORESTATE20
390 SHA1_STORE_STATE(20)
391#endif
392 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
393#ifdef DOSTORESTATE21
395 SHA1_STORE_STATE(21)
396#endif
397 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
398#ifdef DOSTORESTATE22
400 SHA1_STORE_STATE(22)
401#endif
402 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
403#ifdef DOSTORESTATE23
405 SHA1_STORE_STATE(23)
406#endif
407 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
408#ifdef DOSTORESTATE24
410 SHA1_STORE_STATE(24)
411#endif
412 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
413#ifdef DOSTORESTATE25
415 SHA1_STORE_STATE(25)
416#endif
417 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
418#ifdef DOSTORESTATE26
420 SHA1_STORE_STATE(26)
421#endif
422 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
423#ifdef DOSTORESTATE27
425 SHA1_STORE_STATE(27)
426#endif
427 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
428#ifdef DOSTORESTATE28
430 SHA1_STORE_STATE(28)
431#endif
432 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
433#ifdef DOSTORESTATE29
435 SHA1_STORE_STATE(29)
436#endif
437 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
438#ifdef DOSTORESTATE30
440 SHA1_STORE_STATE(30)
441#endif
442 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
443#ifdef DOSTORESTATE31
445 SHA1_STORE_STATE(31)
446#endif
447 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
448#ifdef DOSTORESTATE32
450 SHA1_STORE_STATE(32)
451#endif
452 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
453#ifdef DOSTORESTATE33
455 SHA1_STORE_STATE(33)
456#endif
457 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
458#ifdef DOSTORESTATE34
460 SHA1_STORE_STATE(34)
461#endif
462 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
463#ifdef DOSTORESTATE35
465 SHA1_STORE_STATE(35)
466#endif
467 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
468#ifdef DOSTORESTATE36
470 SHA1_STORE_STATE(36)
471#endif
472 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
473#ifdef DOSTORESTATE37
475 SHA1_STORE_STATE(37)
476#endif
477 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
478#ifdef DOSTORESTATE38
480 SHA1_STORE_STATE(38)
481#endif
482 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
483#ifdef DOSTORESTATE39
485 SHA1_STORE_STATE(39)
486#endif
487 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
488#ifdef DOSTORESTATE40
492 SHA1_STORE_STATE(40)
493#endif
494 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
495#ifdef DOSTORESTATE41
497 SHA1_STORE_STATE(41)
498#endif
499 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
500#ifdef DOSTORESTATE42
502 SHA1_STORE_STATE(42)
503#endif
504 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
505#ifdef DOSTORESTATE43
507 SHA1_STORE_STATE(43)
508#endif
509 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
510#ifdef DOSTORESTATE44
512 SHA1_STORE_STATE(44)
513#endif
514 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
515#ifdef DOSTORESTATE45
517 SHA1_STORE_STATE(45)
518#endif
519 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
520#ifdef DOSTORESTATE46
522 SHA1_STORE_STATE(46)
523#endif
524 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
525#ifdef DOSTORESTATE47
527 SHA1_STORE_STATE(47)
528#endif
529 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
530#ifdef DOSTORESTATE48
532 SHA1_STORE_STATE(48)
533#endif
534 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
535#ifdef DOSTORESTATE49
537 SHA1_STORE_STATE(49)
538#endif
539 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
540#ifdef DOSTORESTATE50
542 SHA1_STORE_STATE(50)
543#endif
544 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
545#ifdef DOSTORESTATE51
547 SHA1_STORE_STATE(51)
548#endif
549 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
550#ifdef DOSTORESTATE52
552 SHA1_STORE_STATE(52)
553#endif
554 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
555#ifdef DOSTORESTATE53
557 SHA1_STORE_STATE(53)
558#endif
559 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
560#ifdef DOSTORESTATE54
562 SHA1_STORE_STATE(54)
563#endif
564 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
565#ifdef DOSTORESTATE55
567 SHA1_STORE_STATE(55)
568#endif
569 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
570#ifdef DOSTORESTATE56
572 SHA1_STORE_STATE(56)
573#endif
574 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
575#ifdef DOSTORESTATE57
577 SHA1_STORE_STATE(57)
578#endif
579 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
580#ifdef DOSTORESTATE58
582 SHA1_STORE_STATE(58)
583#endif
584 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
585#ifdef DOSTORESTATE59
587 SHA1_STORE_STATE(59)
588#endif
589 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
590#ifdef DOSTORESTATE60
595 SHA1_STORE_STATE(60)
596#endif
597 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
598#ifdef DOSTORESTATE61
600 SHA1_STORE_STATE(61)
601#endif
602 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
603#ifdef DOSTORESTATE62
605 SHA1_STORE_STATE(62)
606#endif
607 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
608#ifdef DOSTORESTATE63
610 SHA1_STORE_STATE(63)
611#endif
612 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
613#ifdef DOSTORESTATE64
615 SHA1_STORE_STATE(64)
616#endif
617 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
618#ifdef DOSTORESTATE65
620 SHA1_STORE_STATE(65)
621#endif
622 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
623#ifdef DOSTORESTATE66
625 SHA1_STORE_STATE(66)
626#endif
627 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
628#ifdef DOSTORESTATE67
630 SHA1_STORE_STATE(67)
631#endif
632 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
633#ifdef DOSTORESTATE68
635 SHA1_STORE_STATE(68)
636#endif
637 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
638#ifdef DOSTORESTATE69
640 SHA1_STORE_STATE(69)
641#endif
642 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
643#ifdef DOSTORESTATE70
645 SHA1_STORE_STATE(70)
646#endif
647 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
648#ifdef DOSTORESTATE71
650 SHA1_STORE_STATE(71)
651#endif
652 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
653#ifdef DOSTORESTATE72
655 SHA1_STORE_STATE(72)
656#endif
657 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
658#ifdef DOSTORESTATE73
660 SHA1_STORE_STATE(73)
661#endif
662 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
663#ifdef DOSTORESTATE74
665 SHA1_STORE_STATE(74)
666#endif
667 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
668#ifdef DOSTORESTATE75
670 SHA1_STORE_STATE(75)
671#endif
672 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
673#ifdef DOSTORESTATE76
675 SHA1_STORE_STATE(76)
676#endif
677 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
678#ifdef DOSTORESTATE77
680 SHA1_STORE_STATE(77)
681#endif
682 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
683#ifdef DOSTORESTATE78
685 SHA1_STORE_STATE(78)
686#endif
687 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
688#ifdef DOSTORESTATE79
690 SHA1_STORE_STATE(79)
691#endif
692 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
693 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
697}
698#define SHA1_RECOMPRESS(t) \
703static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
704{ \
705 uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
706 if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
707 if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
708 if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
709 if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
710 if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
711 if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
712 if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
713 if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
714 if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
715 if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
716 if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
717 if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
718 if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
719 if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
720 if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
721 if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
722 if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
723 if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
724 if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
725 if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
726 if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
727 if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
728 if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
729 if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
730 if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
731 if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
732 if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
733 if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
734 if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
735 if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
736 if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
737 if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
738 if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
739 if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
740 if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
741 if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
742 if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
743 if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
744 if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
745 if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
746 if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
747 if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
748 if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
749 if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
750 if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
751 if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
752 if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
753 if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
754 if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
755 if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
756 if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
757 if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
758 if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
759 if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
760 if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
761 if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
762 if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
763 if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
764 if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
765 if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
766 if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
767 if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
768 if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
769 if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
770 if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
771 if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
772 if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
773 if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
774 if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
775 if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
776 if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
777 if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
778 if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
779 if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
780 if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
781 if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
782 if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
783 if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
784 if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
785 if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
786 ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
787 a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
788 if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
789 if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
790 if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
791 if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
792 if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
793 if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
794 if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
795 if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
796 if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
797 if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
798 if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
799 if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
800 if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
801 if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
802 if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
803 if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
804 if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
805 if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
806 if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
807 if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
808 if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
809 if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
810 if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
811 if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
812 if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
813 if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
814 if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
815 if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
816 if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
817 if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
818 if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
819 if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
820 if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
821 if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
822 if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
823 if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
824 if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
825 if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
826 if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
827 if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
828 if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
829 if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
830 if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
831 if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
832 if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
833 if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
834 if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
835 if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
836 if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
837 if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
838 if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
839 if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
840 if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
841 if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
842 if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
843 if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
844 if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
845 if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
846 if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
847 if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
848 if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
849 if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
850 if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
851 if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
852 if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
853 if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
854 if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
855 if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
856 if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
857 if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
858 if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
859 if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
860 if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
861 if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
862 if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
863 if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
864 if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
865 if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
866 if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
867 if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
868 ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
869}
870#ifdef DOSTORESTATE0
872SHA1_RECOMPRESS(0)
873#endif
874#ifdef DOSTORESTATE1
876SHA1_RECOMPRESS(1)
877#endif
878#ifdef DOSTORESTATE2
880SHA1_RECOMPRESS(2)
881#endif
882#ifdef DOSTORESTATE3
884SHA1_RECOMPRESS(3)
885#endif
886#ifdef DOSTORESTATE4
888SHA1_RECOMPRESS(4)
889#endif
890#ifdef DOSTORESTATE5
892SHA1_RECOMPRESS(5)
893#endif
894#ifdef DOSTORESTATE6
896SHA1_RECOMPRESS(6)
897#endif
898#ifdef DOSTORESTATE7
900SHA1_RECOMPRESS(7)
901#endif
902#ifdef DOSTORESTATE8
904SHA1_RECOMPRESS(8)
905#endif
906#ifdef DOSTORESTATE9
908SHA1_RECOMPRESS(9)
909#endif
910#ifdef DOSTORESTATE10
912SHA1_RECOMPRESS(10)
913#endif
914#ifdef DOSTORESTATE11
916SHA1_RECOMPRESS(11)
917#endif
918#ifdef DOSTORESTATE12
920SHA1_RECOMPRESS(12)
921#endif
922#ifdef DOSTORESTATE13
924SHA1_RECOMPRESS(13)
925#endif
926#ifdef DOSTORESTATE14
928SHA1_RECOMPRESS(14)
929#endif
930#ifdef DOSTORESTATE15
932SHA1_RECOMPRESS(15)
933#endif
934#ifdef DOSTORESTATE16
936SHA1_RECOMPRESS(16)
937#endif
938#ifdef DOSTORESTATE17
940SHA1_RECOMPRESS(17)
941#endif
942#ifdef DOSTORESTATE18
944SHA1_RECOMPRESS(18)
945#endif
946#ifdef DOSTORESTATE19
948SHA1_RECOMPRESS(19)
949#endif
950#ifdef DOSTORESTATE20
952SHA1_RECOMPRESS(20)
953#endif
954#ifdef DOSTORESTATE21
956SHA1_RECOMPRESS(21)
957#endif
958#ifdef DOSTORESTATE22
960SHA1_RECOMPRESS(22)
961#endif
962#ifdef DOSTORESTATE23
964SHA1_RECOMPRESS(23)
965#endif
966#ifdef DOSTORESTATE24
968SHA1_RECOMPRESS(24)
969#endif
970#ifdef DOSTORESTATE25
972SHA1_RECOMPRESS(25)
973#endif
974#ifdef DOSTORESTATE26
976SHA1_RECOMPRESS(26)
977#endif
978#ifdef DOSTORESTATE27
980SHA1_RECOMPRESS(27)
981#endif
982#ifdef DOSTORESTATE28
984SHA1_RECOMPRESS(28)
985#endif
986#ifdef DOSTORESTATE29
988SHA1_RECOMPRESS(29)
989#endif
990#ifdef DOSTORESTATE30
992SHA1_RECOMPRESS(30)
993#endif
994#ifdef DOSTORESTATE31
996SHA1_RECOMPRESS(31)
997#endif
998#ifdef DOSTORESTATE32
1000SHA1_RECOMPRESS(32)
1001#endif
1002#ifdef DOSTORESTATE33
1004SHA1_RECOMPRESS(33)
1005#endif
1006#ifdef DOSTORESTATE34
1008SHA1_RECOMPRESS(34)
1009#endif
1010#ifdef DOSTORESTATE35
1012SHA1_RECOMPRESS(35)
1013#endif
1014#ifdef DOSTORESTATE36
1016SHA1_RECOMPRESS(36)
1017#endif
1018#ifdef DOSTORESTATE37
1020SHA1_RECOMPRESS(37)
1021#endif
1022#ifdef DOSTORESTATE38
1024SHA1_RECOMPRESS(38)
1025#endif
1026#ifdef DOSTORESTATE39
1028SHA1_RECOMPRESS(39)
1029#endif
1030#ifdef DOSTORESTATE40
1032SHA1_RECOMPRESS(40)
1033#endif
1034#ifdef DOSTORESTATE41
1036SHA1_RECOMPRESS(41)
1037#endif
1038#ifdef DOSTORESTATE42
1040SHA1_RECOMPRESS(42)
1041#endif
1042#ifdef DOSTORESTATE43
1044SHA1_RECOMPRESS(43)
1045#endif
1046#ifdef DOSTORESTATE44
1048SHA1_RECOMPRESS(44)
1049#endif
1050#ifdef DOSTORESTATE45
1052SHA1_RECOMPRESS(45)
1053#endif
1054#ifdef DOSTORESTATE46
1056SHA1_RECOMPRESS(46)
1057#endif
1058#ifdef DOSTORESTATE47
1060SHA1_RECOMPRESS(47)
1061#endif
1062#ifdef DOSTORESTATE48
1064SHA1_RECOMPRESS(48)
1065#endif
1066#ifdef DOSTORESTATE49
1068SHA1_RECOMPRESS(49)
1069#endif
1070#ifdef DOSTORESTATE50
1072SHA1_RECOMPRESS(50)
1073#endif
1074#ifdef DOSTORESTATE51
1076SHA1_RECOMPRESS(51)
1077#endif
1078#ifdef DOSTORESTATE52
1080SHA1_RECOMPRESS(52)
1081#endif
1082#ifdef DOSTORESTATE53
1084SHA1_RECOMPRESS(53)
1085#endif
1086#ifdef DOSTORESTATE54
1088SHA1_RECOMPRESS(54)
1089#endif
1090#ifdef DOSTORESTATE55
1092SHA1_RECOMPRESS(55)
1093#endif
1094#ifdef DOSTORESTATE56
1096SHA1_RECOMPRESS(56)
1097#endif
1098#ifdef DOSTORESTATE57
1100SHA1_RECOMPRESS(57)
1101#endif
1102#ifdef DOSTORESTATE58
1104SHA1_RECOMPRESS(58)
1105#endif
1106#ifdef DOSTORESTATE59
1108SHA1_RECOMPRESS(59)
1109#endif
1110#ifdef DOSTORESTATE60
1112SHA1_RECOMPRESS(60)
1113#endif
1114#ifdef DOSTORESTATE61
1116SHA1_RECOMPRESS(61)
1117#endif
1118#ifdef DOSTORESTATE62
1120SHA1_RECOMPRESS(62)
1121#endif
1122#ifdef DOSTORESTATE63
1124SHA1_RECOMPRESS(63)
1125#endif
1126#ifdef DOSTORESTATE64
1128SHA1_RECOMPRESS(64)
1129#endif
1130#ifdef DOSTORESTATE65
1132SHA1_RECOMPRESS(65)
1133#endif
1134#ifdef DOSTORESTATE66
1136SHA1_RECOMPRESS(66)
1137#endif
1138#ifdef DOSTORESTATE67
1140SHA1_RECOMPRESS(67)
1141#endif
1142#ifdef DOSTORESTATE68
1144SHA1_RECOMPRESS(68)
1145#endif
1146#ifdef DOSTORESTATE69
1148SHA1_RECOMPRESS(69)
1149#endif
1150#ifdef DOSTORESTATE70
1152SHA1_RECOMPRESS(70)
1153#endif
1154#ifdef DOSTORESTATE71
1156SHA1_RECOMPRESS(71)
1157#endif
1158#ifdef DOSTORESTATE72
1160SHA1_RECOMPRESS(72)
1161#endif
1162#ifdef DOSTORESTATE73
1164SHA1_RECOMPRESS(73)
1165#endif
1166#ifdef DOSTORESTATE74
1168SHA1_RECOMPRESS(74)
1169#endif
1170#ifdef DOSTORESTATE75
1172SHA1_RECOMPRESS(75)
1173#endif
1174#ifdef DOSTORESTATE76
1176SHA1_RECOMPRESS(76)
1177#endif
1178#ifdef DOSTORESTATE77
1180SHA1_RECOMPRESS(77)
1181#endif
1182#ifdef DOSTORESTATE78
1184SHA1_RECOMPRESS(78)
1185#endif
1186#ifdef DOSTORESTATE79
1188SHA1_RECOMPRESS(79)
1189#endif
1190static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
1192{
1193 switch (step)
1194 {
1195#ifdef DOSTORESTATE0
1196 case 0:
1197 sha1recompress_fast_0(ihvin, ihvout, me2, state);
1198 break;
1199#endif
1200#ifdef DOSTORESTATE1
1201 case 1:
1202 sha1recompress_fast_1(ihvin, ihvout, me2, state);
1203 break;
1204#endif
1205#ifdef DOSTORESTATE2
1206 case 2:
1207 sha1recompress_fast_2(ihvin, ihvout, me2, state);
1208 break;
1209#endif
1210#ifdef DOSTORESTATE3
1211 case 3:
1212 sha1recompress_fast_3(ihvin, ihvout, me2, state);
1213 break;
1214#endif
1215#ifdef DOSTORESTATE4
1216 case 4:
1217 sha1recompress_fast_4(ihvin, ihvout, me2, state);
1218 break;
1219#endif
1220#ifdef DOSTORESTATE5
1221 case 5:
1222 sha1recompress_fast_5(ihvin, ihvout, me2, state);
1223 break;
1224#endif
1225#ifdef DOSTORESTATE6
1226 case 6:
1227 sha1recompress_fast_6(ihvin, ihvout, me2, state);
1228 break;
1229#endif
1230#ifdef DOSTORESTATE7
1231 case 7:
1232 sha1recompress_fast_7(ihvin, ihvout, me2, state);
1233 break;
1234#endif
1235#ifdef DOSTORESTATE8
1236 case 8:
1237 sha1recompress_fast_8(ihvin, ihvout, me2, state);
1238 break;
1239#endif
1240#ifdef DOSTORESTATE9
1241 case 9:
1242 sha1recompress_fast_9(ihvin, ihvout, me2, state);
1243 break;
1244#endif
1245#ifdef DOSTORESTATE10
1246 case 10:
1247 sha1recompress_fast_10(ihvin, ihvout, me2, state);
1248 break;
1249#endif
1250#ifdef DOSTORESTATE11
1251 case 11:
1252 sha1recompress_fast_11(ihvin, ihvout, me2, state);
1253 break;
1254#endif
1255#ifdef DOSTORESTATE12
1256 case 12:
1257 sha1recompress_fast_12(ihvin, ihvout, me2, state);
1258 break;
1259#endif
1260#ifdef DOSTORESTATE13
1261 case 13:
1262 sha1recompress_fast_13(ihvin, ihvout, me2, state);
1263 break;
1264#endif
1265#ifdef DOSTORESTATE14
1266 case 14:
1267 sha1recompress_fast_14(ihvin, ihvout, me2, state);
1268 break;
1269#endif
1270#ifdef DOSTORESTATE15
1271 case 15:
1272 sha1recompress_fast_15(ihvin, ihvout, me2, state);
1273 break;
1274#endif
1275#ifdef DOSTORESTATE16
1276 case 16:
1277 sha1recompress_fast_16(ihvin, ihvout, me2, state);
1278 break;
1279#endif
1280#ifdef DOSTORESTATE17
1281 case 17:
1282 sha1recompress_fast_17(ihvin, ihvout, me2, state);
1283 break;
1284#endif
1285#ifdef DOSTORESTATE18
1286 case 18:
1287 sha1recompress_fast_18(ihvin, ihvout, me2, state);
1288 break;
1289#endif
1290#ifdef DOSTORESTATE19
1291 case 19:
1292 sha1recompress_fast_19(ihvin, ihvout, me2, state);
1293 break;
1294#endif
1295#ifdef DOSTORESTATE20
1296 case 20:
1297 sha1recompress_fast_20(ihvin, ihvout, me2, state);
1298 break;
1299#endif
1300#ifdef DOSTORESTATE21
1301 case 21:
1302 sha1recompress_fast_21(ihvin, ihvout, me2, state);
1303 break;
1304#endif
1305#ifdef DOSTORESTATE22
1306 case 22:
1307 sha1recompress_fast_22(ihvin, ihvout, me2, state);
1308 break;
1309#endif
1310#ifdef DOSTORESTATE23
1311 case 23:
1312 sha1recompress_fast_23(ihvin, ihvout, me2, state);
1313 break;
1314#endif
1315#ifdef DOSTORESTATE24
1316 case 24:
1317 sha1recompress_fast_24(ihvin, ihvout, me2, state);
1318 break;
1319#endif
1320#ifdef DOSTORESTATE25
1321 case 25:
1322 sha1recompress_fast_25(ihvin, ihvout, me2, state);
1323 break;
1324#endif
1325#ifdef DOSTORESTATE26
1326 case 26:
1327 sha1recompress_fast_26(ihvin, ihvout, me2, state);
1328 break;
1329#endif
1330#ifdef DOSTORESTATE27
1331 case 27:
1332 sha1recompress_fast_27(ihvin, ihvout, me2, state);
1333 break;
1334#endif
1335#ifdef DOSTORESTATE28
1336 case 28:
1337 sha1recompress_fast_28(ihvin, ihvout, me2, state);
1338 break;
1339#endif
1340#ifdef DOSTORESTATE29
1341 case 29:
1342 sha1recompress_fast_29(ihvin, ihvout, me2, state);
1343 break;
1344#endif
1345#ifdef DOSTORESTATE30
1346 case 30:
1347 sha1recompress_fast_30(ihvin, ihvout, me2, state);
1348 break;
1349#endif
1350#ifdef DOSTORESTATE31
1351 case 31:
1352 sha1recompress_fast_31(ihvin, ihvout, me2, state);
1353 break;
1354#endif
1355#ifdef DOSTORESTATE32
1356 case 32:
1357 sha1recompress_fast_32(ihvin, ihvout, me2, state);
1358 break;
1359#endif
1360#ifdef DOSTORESTATE33
1361 case 33:
1362 sha1recompress_fast_33(ihvin, ihvout, me2, state);
1363 break;
1364#endif
1365#ifdef DOSTORESTATE34
1366 case 34:
1367 sha1recompress_fast_34(ihvin, ihvout, me2, state);
1368 break;
1369#endif
1370#ifdef DOSTORESTATE35
1371 case 35:
1372 sha1recompress_fast_35(ihvin, ihvout, me2, state);
1373 break;
1374#endif
1375#ifdef DOSTORESTATE36
1376 case 36:
1377 sha1recompress_fast_36(ihvin, ihvout, me2, state);
1378 break;
1379#endif
1380#ifdef DOSTORESTATE37
1381 case 37:
1382 sha1recompress_fast_37(ihvin, ihvout, me2, state);
1383 break;
1384#endif
1385#ifdef DOSTORESTATE38
1386 case 38:
1387 sha1recompress_fast_38(ihvin, ihvout, me2, state);
1388 break;
1389#endif
1390#ifdef DOSTORESTATE39
1391 case 39:
1392 sha1recompress_fast_39(ihvin, ihvout, me2, state);
1393 break;
1394#endif
1395#ifdef DOSTORESTATE40
1396 case 40:
1397 sha1recompress_fast_40(ihvin, ihvout, me2, state);
1398 break;
1399#endif
1400#ifdef DOSTORESTATE41
1401 case 41:
1402 sha1recompress_fast_41(ihvin, ihvout, me2, state);
1403 break;
1404#endif
1405#ifdef DOSTORESTATE42
1406 case 42:
1407 sha1recompress_fast_42(ihvin, ihvout, me2, state);
1408 break;
1409#endif
1410#ifdef DOSTORESTATE43
1411 case 43:
1412 sha1recompress_fast_43(ihvin, ihvout, me2, state);
1413 break;
1414#endif
1415#ifdef DOSTORESTATE44
1416 case 44:
1417 sha1recompress_fast_44(ihvin, ihvout, me2, state);
1418 break;
1419#endif
1420#ifdef DOSTORESTATE45
1421 case 45:
1422 sha1recompress_fast_45(ihvin, ihvout, me2, state);
1423 break;
1424#endif
1425#ifdef DOSTORESTATE46
1426 case 46:
1427 sha1recompress_fast_46(ihvin, ihvout, me2, state);
1428 break;
1429#endif
1430#ifdef DOSTORESTATE47
1431 case 47:
1432 sha1recompress_fast_47(ihvin, ihvout, me2, state);
1433 break;
1434#endif
1435#ifdef DOSTORESTATE48
1436 case 48:
1437 sha1recompress_fast_48(ihvin, ihvout, me2, state);
1438 break;
1439#endif
1440#ifdef DOSTORESTATE49
1441 case 49:
1442 sha1recompress_fast_49(ihvin, ihvout, me2, state);
1443 break;
1444#endif
1445#ifdef DOSTORESTATE50
1446 case 50:
1447 sha1recompress_fast_50(ihvin, ihvout, me2, state);
1448 break;
1449#endif
1450#ifdef DOSTORESTATE51
1451 case 51:
1452 sha1recompress_fast_51(ihvin, ihvout, me2, state);
1453 break;
1454#endif
1455#ifdef DOSTORESTATE52
1456 case 52:
1457 sha1recompress_fast_52(ihvin, ihvout, me2, state);
1458 break;
1459#endif
1460#ifdef DOSTORESTATE53
1461 case 53:
1462 sha1recompress_fast_53(ihvin, ihvout, me2, state);
1463 break;
1464#endif
1465#ifdef DOSTORESTATE54
1466 case 54:
1467 sha1recompress_fast_54(ihvin, ihvout, me2, state);
1468 break;
1469#endif
1470#ifdef DOSTORESTATE55
1471 case 55:
1472 sha1recompress_fast_55(ihvin, ihvout, me2, state);
1473 break;
1474#endif
1475#ifdef DOSTORESTATE56
1476 case 56:
1477 sha1recompress_fast_56(ihvin, ihvout, me2, state);
1478 break;
1479#endif
1480#ifdef DOSTORESTATE57
1481 case 57:
1482 sha1recompress_fast_57(ihvin, ihvout, me2, state);
1483 break;
1484#endif
1485#ifdef DOSTORESTATE58
1486 case 58:
1487 sha1recompress_fast_58(ihvin, ihvout, me2, state);
1488 break;
1489#endif
1490#ifdef DOSTORESTATE59
1491 case 59:
1492 sha1recompress_fast_59(ihvin, ihvout, me2, state);
1493 break;
1494#endif
1495#ifdef DOSTORESTATE60
1496 case 60:
1497 sha1recompress_fast_60(ihvin, ihvout, me2, state);
1498 break;
1499#endif
1500#ifdef DOSTORESTATE61
1501 case 61:
1502 sha1recompress_fast_61(ihvin, ihvout, me2, state);
1503 break;
1504#endif
1505#ifdef DOSTORESTATE62
1506 case 62:
1507 sha1recompress_fast_62(ihvin, ihvout, me2, state);
1508 break;
1509#endif
1510#ifdef DOSTORESTATE63
1511 case 63:
1512 sha1recompress_fast_63(ihvin, ihvout, me2, state);
1513 break;
1514#endif
1515#ifdef DOSTORESTATE64
1516 case 64:
1517 sha1recompress_fast_64(ihvin, ihvout, me2, state);
1518 break;
1519#endif
1520#ifdef DOSTORESTATE65
1521 case 65:
1522 sha1recompress_fast_65(ihvin, ihvout, me2, state);
1523 break;
1524#endif
1525#ifdef DOSTORESTATE66
1526 case 66:
1527 sha1recompress_fast_66(ihvin, ihvout, me2, state);
1528 break;
1529#endif
1530#ifdef DOSTORESTATE67
1531 case 67:
1532 sha1recompress_fast_67(ihvin, ihvout, me2, state);
1533 break;
1534#endif
1535#ifdef DOSTORESTATE68
1536 case 68:
1537 sha1recompress_fast_68(ihvin, ihvout, me2, state);
1538 break;
1539#endif
1540#ifdef DOSTORESTATE69
1541 case 69:
1542 sha1recompress_fast_69(ihvin, ihvout, me2, state);
1543 break;
1544#endif
1545#ifdef DOSTORESTATE70
1546 case 70:
1547 sha1recompress_fast_70(ihvin, ihvout, me2, state);
1548 break;
1549#endif
1550#ifdef DOSTORESTATE71
1551 case 71:
1552 sha1recompress_fast_71(ihvin, ihvout, me2, state);
1553 break;
1554#endif
1555#ifdef DOSTORESTATE72
1556 case 72:
1557 sha1recompress_fast_72(ihvin, ihvout, me2, state);
1558 break;
1559#endif
1560#ifdef DOSTORESTATE73
1561 case 73:
1562 sha1recompress_fast_73(ihvin, ihvout, me2, state);
1563 break;
1564#endif
1565#ifdef DOSTORESTATE74
1566 case 74:
1567 sha1recompress_fast_74(ihvin, ihvout, me2, state);
1568 break;
1569#endif
1570#ifdef DOSTORESTATE75
1571 case 75:
1572 sha1recompress_fast_75(ihvin, ihvout, me2, state);
1573 break;
1574#endif
1575#ifdef DOSTORESTATE76
1576 case 76:
1577 sha1recompress_fast_76(ihvin, ihvout, me2, state);
1578 break;
1579#endif
1580#ifdef DOSTORESTATE77
1581 case 77:
1582 sha1recompress_fast_77(ihvin, ihvout, me2, state);
1583 break;
1584#endif
1585#ifdef DOSTORESTATE78
1586 case 78:
1587 sha1recompress_fast_78(ihvin, ihvout, me2, state);
1588 break;
1589#endif
1590#ifdef DOSTORESTATE79
1591 case 79:
1592 sha1recompress_fast_79(ihvin, ihvout, me2, state);
1593 break;
1594#endif
1595 default:
1596 abort();
1597 }
1598}
1600static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
1604{
1605 unsigned i, j;
1606 uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
1607 uint32_t ihvtmp[5];
1608 ctx->ihv1[0] = ctx->ihv[0];
1610 ctx->ihv1[1] = ctx->ihv[1];
1611 ctx->ihv1[2] = ctx->ihv[2];
1612 ctx->ihv1[3] = ctx->ihv[3];
1613 ctx->ihv1[4] = ctx->ihv[4];
1614 sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
1616 if (ctx->detect_coll)
1618 {
1619 if (ctx->ubc_check)
1620 {
1621 ubc_check(ctx->m1, ubc_dv_mask);
1622 }
1623 if (ubc_dv_mask[0] != 0)
1625 {
1626 for (i = 0; sha1_dvs[i].dvType != 0; ++i)
1627 {
1628 if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
1629 {
1630 for (j = 0; j < 80; ++j)
1631 ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1632 sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);
1634 /* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
1636 if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
1637 || (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
1638 {
1639 ctx->found_collision = 1;
1640 if (ctx->safe_hash)
1642 {
1643 sha1_compression_W(ctx->ihv, ctx->m1);
1644 sha1_compression_W(ctx->ihv, ctx->m1);
1645 }
1646 break;
1648 }
1649 }
1650 }
1651 }
1652 }
1653}
1654void SHA1DCInit(SHA1_CTX* ctx)
1656{
1657 ctx->total = 0;
1658 ctx->ihv[0] = 0x67452301;
1659 ctx->ihv[1] = 0xEFCDAB89;
1660 ctx->ihv[2] = 0x98BADCFE;
1661 ctx->ihv[3] = 0x10325476;
1662 ctx->ihv[4] = 0xC3D2E1F0;
1663 ctx->found_collision = 0;
1664 ctx->safe_hash = 0;
1665 ctx->ubc_check = 1;
1666 ctx->detect_coll = 1;
1667 ctx->reduced_round_coll = 0;
1668 ctx->callback = NULL;
1669}
1670void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
1672{
1673 if (safehash)
1674 ctx->safe_hash = 1;
1675 else
1676 ctx->safe_hash = 0;
1677}
1678void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
1681{
1682 if (ubc_check)
1683 ctx->ubc_check = 1;
1684 else
1685 ctx->ubc_check = 0;
1686}
1687void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
1689{
1690 if (detect_coll)
1691 ctx->detect_coll = 1;
1692 else
1693 ctx->detect_coll = 0;
1694}
1695void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
1697{
1698 if (reduced_round_coll)
1699 ctx->reduced_round_coll = 1;
1700 else
1701 ctx->reduced_round_coll = 0;
1702}
1703void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
1705{
1706 ctx->callback = callback;
1707}
1708void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
1710{
1711 unsigned left, fill;
1712 if (len == 0)
1713 return;
1714 left = ctx->total & 63;
1716 fill = 64 - left;
1717 if (left && len >= fill)
1719 {
1720 ctx->total += fill;
1721 memcpy(ctx->buffer + left, buf, fill);
1722 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1723 buf += fill;
1724 len -= fill;
1725 left = 0;
1726 }
1727 while (len >= 64)
1728 {
1729 ctx->total += 64;
1730 sha1_process(ctx, (uint32_t*)(buf));
1731 buf += 64;
1732 len -= 64;
1733 }
1734 if (len > 0)
1735 {
1736 ctx->total += len;
1737 memcpy(ctx->buffer + left, buf, len);
1738 }
1739}
1740static const unsigned char sha1_padding[64] =
1742{
1743 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1744 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1745 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1746 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1747};
1748int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
1750{
1751 uint32_t last = ctx->total & 63;
1752 uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
1753 uint64_t total;
1754 SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
1755 total = ctx->total - padn;
1757 total <<= 3;
1758 ctx->buffer[56] = (unsigned char)(total >> 56);
1759 ctx->buffer[57] = (unsigned char)(total >> 48);
1760 ctx->buffer[58] = (unsigned char)(total >> 40);
1761 ctx->buffer[59] = (unsigned char)(total >> 32);
1762 ctx->buffer[60] = (unsigned char)(total >> 24);
1763 ctx->buffer[61] = (unsigned char)(total >> 16);
1764 ctx->buffer[62] = (unsigned char)(total >> 8);
1765 ctx->buffer[63] = (unsigned char)(total);
1766 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1767 output[0] = (unsigned char)(ctx->ihv[0] >> 24);
1768 output[1] = (unsigned char)(ctx->ihv[0] >> 16);
1769 output[2] = (unsigned char)(ctx->ihv[0] >> 8);
1770 output[3] = (unsigned char)(ctx->ihv[0]);
1771 output[4] = (unsigned char)(ctx->ihv[1] >> 24);
1772 output[5] = (unsigned char)(ctx->ihv[1] >> 16);
1773 output[6] = (unsigned char)(ctx->ihv[1] >> 8);
1774 output[7] = (unsigned char)(ctx->ihv[1]);
1775 output[8] = (unsigned char)(ctx->ihv[2] >> 24);
1776 output[9] = (unsigned char)(ctx->ihv[2] >> 16);
1777 output[10] = (unsigned char)(ctx->ihv[2] >> 8);
1778 output[11] = (unsigned char)(ctx->ihv[2]);
1779 output[12] = (unsigned char)(ctx->ihv[3] >> 24);
1780 output[13] = (unsigned char)(ctx->ihv[3] >> 16);
1781 output[14] = (unsigned char)(ctx->ihv[3] >> 8);
1782 output[15] = (unsigned char)(ctx->ihv[3]);
1783 output[16] = (unsigned char)(ctx->ihv[4] >> 24);
1784 output[17] = (unsigned char)(ctx->ihv[4] >> 16);
1785 output[18] = (unsigned char)(ctx->ihv[4] >> 8);
1786 output[19] = (unsigned char)(ctx->ihv[4]);
1787 return ctx->found_collision;
1788}
1789void git_SHA1DCFinal(unsigned char hash[20], SHA1_CTX *ctx)
1791{
1792 if (!SHA1DCFinal(hash, ctx))
1793 return;
1794 die("SHA-1 appears to be part of a collision attack: %s",
1795 sha1_to_hex(hash));
1796}
1797void git_SHA1DCUpdate(SHA1_CTX *ctx, const void *vdata, unsigned long len)
1799{
1800 const char *data = vdata;
1801 /* We expect an unsigned long, but sha1dc only takes an int */
1802 while (len > INT_MAX) {
1803 SHA1DCUpdate(ctx, data, INT_MAX);
1804 data += INT_MAX;
1805 len -= INT_MAX;
1806 }
1807 SHA1DCUpdate(ctx, data, len);
1808}