27a535c6a75779af7721966659b686ee3472858c
1/***
2* Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
3* Distributed under the MIT Software License.
4* See accompanying file LICENSE.txt or copy at
5* https://opensource.org/licenses/MIT
6***/
7#include <string.h>
9#include <memory.h>
10#include <stdio.h>
11#include <stdlib.h>
12#include "sha1.h"
14#include "ubc_check.h"
15/*
18 Because Little-Endian architectures are most common,
19 we only set BIGENDIAN if one of these conditions is met.
20 Note that all MSFT platforms are little endian,
21 so none of these will be defined under the MSC compiler.
22 If you are compiling on a big endian platform and your compiler does not define one of these,
23 you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
24 */
25#if (defined(__BYTE_ORDER) && (__BYTE_ORDER == __BIG_ENDIAN)) || \
26 (defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __BIG_ENDIAN__)) || \
27 defined(__BIG_ENDIAN__) || defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
28 defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__)
29#define BIGENDIAN (1)
31#endif /*ENDIANNESS SELECTION*/
33#define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
35#define rotate_left(x,n) (((x)<<(n))|((x)>>(32-(n))))
36#define sha1_bswap32(x) \
38 {x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}
39#define sha1_mix(W, t) (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
41#if defined(BIGENDIAN)
43 #define sha1_load(m, t, temp) { temp = m[t]; }
44#else
45 #define sha1_load(m, t, temp) { temp = m[t]; sha1_bswap32(temp); }
46#endif /*define(BIGENDIAN)*/
47#define sha1_store(W, t, x) *(volatile uint32_t *)&W[t] = x
49#define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
51#define sha1_f2(b,c,d) ((b)^(c)^(d))
52#define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
53#define sha1_f4(b,c,d) ((b)^(c)^(d))
54#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
56 { e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
57#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
58 { e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
59#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
60 { e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
61#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
62 { e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }
63#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
65 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
66#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
67 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
68#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
69 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
70#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
71 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }
72#define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
74 {sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
75#define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
77 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
78#define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
80 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
81#define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
83 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
84#define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
86 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }
87#define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
90#ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
92void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
93{
94 uint32_t W[80];
95 uint32_t a,b,c,d,e;
96 unsigned i;
97 memcpy(W, m, 16 * 4);
99 for (i = 16; i < 80; ++i)
100 W[i] = sha1_mix(W, i);
101 a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
103 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
105 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
106 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
107 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
108 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
109 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
110 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
111 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
112 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
113 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
114 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
115 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
116 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
117 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
118 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
119 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
120 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
121 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
122 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
123 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
124 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
126 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
127 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
128 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
129 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
130 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
131 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
132 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
133 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
134 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
135 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
136 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
137 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
138 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
139 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
140 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
141 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
142 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
143 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
144 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
145 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
147 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
148 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
149 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
150 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
151 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
152 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
153 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
154 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
155 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
156 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
157 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
158 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
159 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
160 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
161 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
162 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
163 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
164 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
165 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
166 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
168 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
169 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
170 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
171 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
172 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
173 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
174 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
175 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
176 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
177 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
178 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
179 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
180 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
181 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
182 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
183 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
184 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
185 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
186 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
187 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
189}
190#endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
191static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
194{
195 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
196 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
198 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
199 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
200 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
201 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
202 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
203 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
204 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
205 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
206 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
207 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
208 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
209 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
210 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
211 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
212 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
213 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
214 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
215 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
216 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
217 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
219 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
220 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
221 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
222 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
223 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
224 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
225 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
226 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
227 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
228 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
229 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
230 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
231 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
232 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
233 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
234 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
235 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
236 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
237 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
238 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
240 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
241 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
242 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
243 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
244 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
245 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
246 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
247 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
248 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
249 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
250 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
251 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
252 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
253 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
254 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
255 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
256 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
257 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
258 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
259 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
261 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
262 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
263 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
264 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
265 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
266 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
267 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
268 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
269 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
270 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
271 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
272 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
273 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
274 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
275 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
276 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
277 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
278 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
279 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
280 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
282}
283void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
287{
288 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
289 uint32_t temp;
290#ifdef DOSTORESTATE00
292 SHA1_STORE_STATE(0)
293#endif
294 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
295#ifdef DOSTORESTATE01
297 SHA1_STORE_STATE(1)
298#endif
299 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
300#ifdef DOSTORESTATE02
302 SHA1_STORE_STATE(2)
303#endif
304 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
305#ifdef DOSTORESTATE03
307 SHA1_STORE_STATE(3)
308#endif
309 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
310#ifdef DOSTORESTATE04
312 SHA1_STORE_STATE(4)
313#endif
314 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
315#ifdef DOSTORESTATE05
317 SHA1_STORE_STATE(5)
318#endif
319 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
320#ifdef DOSTORESTATE06
322 SHA1_STORE_STATE(6)
323#endif
324 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
325#ifdef DOSTORESTATE07
327 SHA1_STORE_STATE(7)
328#endif
329 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
330#ifdef DOSTORESTATE08
332 SHA1_STORE_STATE(8)
333#endif
334 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
335#ifdef DOSTORESTATE09
337 SHA1_STORE_STATE(9)
338#endif
339 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
340#ifdef DOSTORESTATE10
342 SHA1_STORE_STATE(10)
343#endif
344 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
345#ifdef DOSTORESTATE11
347 SHA1_STORE_STATE(11)
348#endif
349 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
350#ifdef DOSTORESTATE12
352 SHA1_STORE_STATE(12)
353#endif
354 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
355#ifdef DOSTORESTATE13
357 SHA1_STORE_STATE(13)
358#endif
359 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
360#ifdef DOSTORESTATE14
362 SHA1_STORE_STATE(14)
363#endif
364 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
365#ifdef DOSTORESTATE15
367 SHA1_STORE_STATE(15)
368#endif
369 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
370#ifdef DOSTORESTATE16
372 SHA1_STORE_STATE(16)
373#endif
374 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
375#ifdef DOSTORESTATE17
377 SHA1_STORE_STATE(17)
378#endif
379 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
380#ifdef DOSTORESTATE18
382 SHA1_STORE_STATE(18)
383#endif
384 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
385#ifdef DOSTORESTATE19
387 SHA1_STORE_STATE(19)
388#endif
389 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
390#ifdef DOSTORESTATE20
394 SHA1_STORE_STATE(20)
395#endif
396 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
397#ifdef DOSTORESTATE21
399 SHA1_STORE_STATE(21)
400#endif
401 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
402#ifdef DOSTORESTATE22
404 SHA1_STORE_STATE(22)
405#endif
406 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
407#ifdef DOSTORESTATE23
409 SHA1_STORE_STATE(23)
410#endif
411 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
412#ifdef DOSTORESTATE24
414 SHA1_STORE_STATE(24)
415#endif
416 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
417#ifdef DOSTORESTATE25
419 SHA1_STORE_STATE(25)
420#endif
421 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
422#ifdef DOSTORESTATE26
424 SHA1_STORE_STATE(26)
425#endif
426 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
427#ifdef DOSTORESTATE27
429 SHA1_STORE_STATE(27)
430#endif
431 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
432#ifdef DOSTORESTATE28
434 SHA1_STORE_STATE(28)
435#endif
436 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
437#ifdef DOSTORESTATE29
439 SHA1_STORE_STATE(29)
440#endif
441 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
442#ifdef DOSTORESTATE30
444 SHA1_STORE_STATE(30)
445#endif
446 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
447#ifdef DOSTORESTATE31
449 SHA1_STORE_STATE(31)
450#endif
451 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
452#ifdef DOSTORESTATE32
454 SHA1_STORE_STATE(32)
455#endif
456 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
457#ifdef DOSTORESTATE33
459 SHA1_STORE_STATE(33)
460#endif
461 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
462#ifdef DOSTORESTATE34
464 SHA1_STORE_STATE(34)
465#endif
466 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
467#ifdef DOSTORESTATE35
469 SHA1_STORE_STATE(35)
470#endif
471 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
472#ifdef DOSTORESTATE36
474 SHA1_STORE_STATE(36)
475#endif
476 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
477#ifdef DOSTORESTATE37
479 SHA1_STORE_STATE(37)
480#endif
481 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
482#ifdef DOSTORESTATE38
484 SHA1_STORE_STATE(38)
485#endif
486 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
487#ifdef DOSTORESTATE39
489 SHA1_STORE_STATE(39)
490#endif
491 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
492#ifdef DOSTORESTATE40
496 SHA1_STORE_STATE(40)
497#endif
498 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
499#ifdef DOSTORESTATE41
501 SHA1_STORE_STATE(41)
502#endif
503 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
504#ifdef DOSTORESTATE42
506 SHA1_STORE_STATE(42)
507#endif
508 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
509#ifdef DOSTORESTATE43
511 SHA1_STORE_STATE(43)
512#endif
513 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
514#ifdef DOSTORESTATE44
516 SHA1_STORE_STATE(44)
517#endif
518 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
519#ifdef DOSTORESTATE45
521 SHA1_STORE_STATE(45)
522#endif
523 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
524#ifdef DOSTORESTATE46
526 SHA1_STORE_STATE(46)
527#endif
528 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
529#ifdef DOSTORESTATE47
531 SHA1_STORE_STATE(47)
532#endif
533 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
534#ifdef DOSTORESTATE48
536 SHA1_STORE_STATE(48)
537#endif
538 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
539#ifdef DOSTORESTATE49
541 SHA1_STORE_STATE(49)
542#endif
543 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
544#ifdef DOSTORESTATE50
546 SHA1_STORE_STATE(50)
547#endif
548 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
549#ifdef DOSTORESTATE51
551 SHA1_STORE_STATE(51)
552#endif
553 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
554#ifdef DOSTORESTATE52
556 SHA1_STORE_STATE(52)
557#endif
558 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
559#ifdef DOSTORESTATE53
561 SHA1_STORE_STATE(53)
562#endif
563 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
564#ifdef DOSTORESTATE54
566 SHA1_STORE_STATE(54)
567#endif
568 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
569#ifdef DOSTORESTATE55
571 SHA1_STORE_STATE(55)
572#endif
573 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
574#ifdef DOSTORESTATE56
576 SHA1_STORE_STATE(56)
577#endif
578 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
579#ifdef DOSTORESTATE57
581 SHA1_STORE_STATE(57)
582#endif
583 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
584#ifdef DOSTORESTATE58
586 SHA1_STORE_STATE(58)
587#endif
588 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
589#ifdef DOSTORESTATE59
591 SHA1_STORE_STATE(59)
592#endif
593 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
594#ifdef DOSTORESTATE60
599 SHA1_STORE_STATE(60)
600#endif
601 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
602#ifdef DOSTORESTATE61
604 SHA1_STORE_STATE(61)
605#endif
606 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
607#ifdef DOSTORESTATE62
609 SHA1_STORE_STATE(62)
610#endif
611 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
612#ifdef DOSTORESTATE63
614 SHA1_STORE_STATE(63)
615#endif
616 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
617#ifdef DOSTORESTATE64
619 SHA1_STORE_STATE(64)
620#endif
621 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
622#ifdef DOSTORESTATE65
624 SHA1_STORE_STATE(65)
625#endif
626 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
627#ifdef DOSTORESTATE66
629 SHA1_STORE_STATE(66)
630#endif
631 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
632#ifdef DOSTORESTATE67
634 SHA1_STORE_STATE(67)
635#endif
636 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
637#ifdef DOSTORESTATE68
639 SHA1_STORE_STATE(68)
640#endif
641 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
642#ifdef DOSTORESTATE69
644 SHA1_STORE_STATE(69)
645#endif
646 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
647#ifdef DOSTORESTATE70
649 SHA1_STORE_STATE(70)
650#endif
651 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
652#ifdef DOSTORESTATE71
654 SHA1_STORE_STATE(71)
655#endif
656 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
657#ifdef DOSTORESTATE72
659 SHA1_STORE_STATE(72)
660#endif
661 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
662#ifdef DOSTORESTATE73
664 SHA1_STORE_STATE(73)
665#endif
666 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
667#ifdef DOSTORESTATE74
669 SHA1_STORE_STATE(74)
670#endif
671 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
672#ifdef DOSTORESTATE75
674 SHA1_STORE_STATE(75)
675#endif
676 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
677#ifdef DOSTORESTATE76
679 SHA1_STORE_STATE(76)
680#endif
681 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
682#ifdef DOSTORESTATE77
684 SHA1_STORE_STATE(77)
685#endif
686 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
687#ifdef DOSTORESTATE78
689 SHA1_STORE_STATE(78)
690#endif
691 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
692#ifdef DOSTORESTATE79
694 SHA1_STORE_STATE(79)
695#endif
696 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
697 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
701}
702#define SHA1_RECOMPRESS(t) \
707static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
708{ \
709 uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
710 if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
711 if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
712 if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
713 if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
714 if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
715 if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
716 if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
717 if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
718 if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
719 if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
720 if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
721 if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
722 if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
723 if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
724 if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
725 if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
726 if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
727 if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
728 if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
729 if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
730 if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
731 if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
732 if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
733 if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
734 if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
735 if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
736 if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
737 if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
738 if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
739 if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
740 if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
741 if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
742 if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
743 if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
744 if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
745 if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
746 if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
747 if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
748 if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
749 if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
750 if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
751 if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
752 if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
753 if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
754 if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
755 if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
756 if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
757 if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
758 if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
759 if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
760 if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
761 if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
762 if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
763 if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
764 if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
765 if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
766 if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
767 if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
768 if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
769 if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
770 if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
771 if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
772 if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
773 if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
774 if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
775 if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
776 if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
777 if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
778 if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
779 if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
780 if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
781 if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
782 if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
783 if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
784 if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
785 if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
786 if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
787 if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
788 if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
789 if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
790 ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
791 a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
792 if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
793 if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
794 if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
795 if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
796 if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
797 if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
798 if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
799 if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
800 if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
801 if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
802 if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
803 if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
804 if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
805 if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
806 if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
807 if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
808 if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
809 if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
810 if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
811 if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
812 if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
813 if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
814 if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
815 if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
816 if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
817 if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
818 if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
819 if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
820 if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
821 if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
822 if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
823 if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
824 if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
825 if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
826 if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
827 if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
828 if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
829 if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
830 if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
831 if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
832 if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
833 if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
834 if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
835 if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
836 if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
837 if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
838 if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
839 if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
840 if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
841 if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
842 if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
843 if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
844 if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
845 if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
846 if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
847 if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
848 if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
849 if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
850 if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
851 if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
852 if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
853 if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
854 if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
855 if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
856 if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
857 if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
858 if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
859 if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
860 if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
861 if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
862 if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
863 if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
864 if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
865 if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
866 if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
867 if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
868 if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
869 if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
870 if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
871 if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
872 ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
873}
874#ifdef DOSTORESTATE0
876SHA1_RECOMPRESS(0)
877#endif
878#ifdef DOSTORESTATE1
880SHA1_RECOMPRESS(1)
881#endif
882#ifdef DOSTORESTATE2
884SHA1_RECOMPRESS(2)
885#endif
886#ifdef DOSTORESTATE3
888SHA1_RECOMPRESS(3)
889#endif
890#ifdef DOSTORESTATE4
892SHA1_RECOMPRESS(4)
893#endif
894#ifdef DOSTORESTATE5
896SHA1_RECOMPRESS(5)
897#endif
898#ifdef DOSTORESTATE6
900SHA1_RECOMPRESS(6)
901#endif
902#ifdef DOSTORESTATE7
904SHA1_RECOMPRESS(7)
905#endif
906#ifdef DOSTORESTATE8
908SHA1_RECOMPRESS(8)
909#endif
910#ifdef DOSTORESTATE9
912SHA1_RECOMPRESS(9)
913#endif
914#ifdef DOSTORESTATE10
916SHA1_RECOMPRESS(10)
917#endif
918#ifdef DOSTORESTATE11
920SHA1_RECOMPRESS(11)
921#endif
922#ifdef DOSTORESTATE12
924SHA1_RECOMPRESS(12)
925#endif
926#ifdef DOSTORESTATE13
928SHA1_RECOMPRESS(13)
929#endif
930#ifdef DOSTORESTATE14
932SHA1_RECOMPRESS(14)
933#endif
934#ifdef DOSTORESTATE15
936SHA1_RECOMPRESS(15)
937#endif
938#ifdef DOSTORESTATE16
940SHA1_RECOMPRESS(16)
941#endif
942#ifdef DOSTORESTATE17
944SHA1_RECOMPRESS(17)
945#endif
946#ifdef DOSTORESTATE18
948SHA1_RECOMPRESS(18)
949#endif
950#ifdef DOSTORESTATE19
952SHA1_RECOMPRESS(19)
953#endif
954#ifdef DOSTORESTATE20
956SHA1_RECOMPRESS(20)
957#endif
958#ifdef DOSTORESTATE21
960SHA1_RECOMPRESS(21)
961#endif
962#ifdef DOSTORESTATE22
964SHA1_RECOMPRESS(22)
965#endif
966#ifdef DOSTORESTATE23
968SHA1_RECOMPRESS(23)
969#endif
970#ifdef DOSTORESTATE24
972SHA1_RECOMPRESS(24)
973#endif
974#ifdef DOSTORESTATE25
976SHA1_RECOMPRESS(25)
977#endif
978#ifdef DOSTORESTATE26
980SHA1_RECOMPRESS(26)
981#endif
982#ifdef DOSTORESTATE27
984SHA1_RECOMPRESS(27)
985#endif
986#ifdef DOSTORESTATE28
988SHA1_RECOMPRESS(28)
989#endif
990#ifdef DOSTORESTATE29
992SHA1_RECOMPRESS(29)
993#endif
994#ifdef DOSTORESTATE30
996SHA1_RECOMPRESS(30)
997#endif
998#ifdef DOSTORESTATE31
1000SHA1_RECOMPRESS(31)
1001#endif
1002#ifdef DOSTORESTATE32
1004SHA1_RECOMPRESS(32)
1005#endif
1006#ifdef DOSTORESTATE33
1008SHA1_RECOMPRESS(33)
1009#endif
1010#ifdef DOSTORESTATE34
1012SHA1_RECOMPRESS(34)
1013#endif
1014#ifdef DOSTORESTATE35
1016SHA1_RECOMPRESS(35)
1017#endif
1018#ifdef DOSTORESTATE36
1020SHA1_RECOMPRESS(36)
1021#endif
1022#ifdef DOSTORESTATE37
1024SHA1_RECOMPRESS(37)
1025#endif
1026#ifdef DOSTORESTATE38
1028SHA1_RECOMPRESS(38)
1029#endif
1030#ifdef DOSTORESTATE39
1032SHA1_RECOMPRESS(39)
1033#endif
1034#ifdef DOSTORESTATE40
1036SHA1_RECOMPRESS(40)
1037#endif
1038#ifdef DOSTORESTATE41
1040SHA1_RECOMPRESS(41)
1041#endif
1042#ifdef DOSTORESTATE42
1044SHA1_RECOMPRESS(42)
1045#endif
1046#ifdef DOSTORESTATE43
1048SHA1_RECOMPRESS(43)
1049#endif
1050#ifdef DOSTORESTATE44
1052SHA1_RECOMPRESS(44)
1053#endif
1054#ifdef DOSTORESTATE45
1056SHA1_RECOMPRESS(45)
1057#endif
1058#ifdef DOSTORESTATE46
1060SHA1_RECOMPRESS(46)
1061#endif
1062#ifdef DOSTORESTATE47
1064SHA1_RECOMPRESS(47)
1065#endif
1066#ifdef DOSTORESTATE48
1068SHA1_RECOMPRESS(48)
1069#endif
1070#ifdef DOSTORESTATE49
1072SHA1_RECOMPRESS(49)
1073#endif
1074#ifdef DOSTORESTATE50
1076SHA1_RECOMPRESS(50)
1077#endif
1078#ifdef DOSTORESTATE51
1080SHA1_RECOMPRESS(51)
1081#endif
1082#ifdef DOSTORESTATE52
1084SHA1_RECOMPRESS(52)
1085#endif
1086#ifdef DOSTORESTATE53
1088SHA1_RECOMPRESS(53)
1089#endif
1090#ifdef DOSTORESTATE54
1092SHA1_RECOMPRESS(54)
1093#endif
1094#ifdef DOSTORESTATE55
1096SHA1_RECOMPRESS(55)
1097#endif
1098#ifdef DOSTORESTATE56
1100SHA1_RECOMPRESS(56)
1101#endif
1102#ifdef DOSTORESTATE57
1104SHA1_RECOMPRESS(57)
1105#endif
1106#ifdef DOSTORESTATE58
1108SHA1_RECOMPRESS(58)
1109#endif
1110#ifdef DOSTORESTATE59
1112SHA1_RECOMPRESS(59)
1113#endif
1114#ifdef DOSTORESTATE60
1116SHA1_RECOMPRESS(60)
1117#endif
1118#ifdef DOSTORESTATE61
1120SHA1_RECOMPRESS(61)
1121#endif
1122#ifdef DOSTORESTATE62
1124SHA1_RECOMPRESS(62)
1125#endif
1126#ifdef DOSTORESTATE63
1128SHA1_RECOMPRESS(63)
1129#endif
1130#ifdef DOSTORESTATE64
1132SHA1_RECOMPRESS(64)
1133#endif
1134#ifdef DOSTORESTATE65
1136SHA1_RECOMPRESS(65)
1137#endif
1138#ifdef DOSTORESTATE66
1140SHA1_RECOMPRESS(66)
1141#endif
1142#ifdef DOSTORESTATE67
1144SHA1_RECOMPRESS(67)
1145#endif
1146#ifdef DOSTORESTATE68
1148SHA1_RECOMPRESS(68)
1149#endif
1150#ifdef DOSTORESTATE69
1152SHA1_RECOMPRESS(69)
1153#endif
1154#ifdef DOSTORESTATE70
1156SHA1_RECOMPRESS(70)
1157#endif
1158#ifdef DOSTORESTATE71
1160SHA1_RECOMPRESS(71)
1161#endif
1162#ifdef DOSTORESTATE72
1164SHA1_RECOMPRESS(72)
1165#endif
1166#ifdef DOSTORESTATE73
1168SHA1_RECOMPRESS(73)
1169#endif
1170#ifdef DOSTORESTATE74
1172SHA1_RECOMPRESS(74)
1173#endif
1174#ifdef DOSTORESTATE75
1176SHA1_RECOMPRESS(75)
1177#endif
1178#ifdef DOSTORESTATE76
1180SHA1_RECOMPRESS(76)
1181#endif
1182#ifdef DOSTORESTATE77
1184SHA1_RECOMPRESS(77)
1185#endif
1186#ifdef DOSTORESTATE78
1188SHA1_RECOMPRESS(78)
1189#endif
1190#ifdef DOSTORESTATE79
1192SHA1_RECOMPRESS(79)
1193#endif
1194static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
1196{
1197 switch (step)
1198 {
1199#ifdef DOSTORESTATE0
1200 case 0:
1201 sha1recompress_fast_0(ihvin, ihvout, me2, state);
1202 break;
1203#endif
1204#ifdef DOSTORESTATE1
1205 case 1:
1206 sha1recompress_fast_1(ihvin, ihvout, me2, state);
1207 break;
1208#endif
1209#ifdef DOSTORESTATE2
1210 case 2:
1211 sha1recompress_fast_2(ihvin, ihvout, me2, state);
1212 break;
1213#endif
1214#ifdef DOSTORESTATE3
1215 case 3:
1216 sha1recompress_fast_3(ihvin, ihvout, me2, state);
1217 break;
1218#endif
1219#ifdef DOSTORESTATE4
1220 case 4:
1221 sha1recompress_fast_4(ihvin, ihvout, me2, state);
1222 break;
1223#endif
1224#ifdef DOSTORESTATE5
1225 case 5:
1226 sha1recompress_fast_5(ihvin, ihvout, me2, state);
1227 break;
1228#endif
1229#ifdef DOSTORESTATE6
1230 case 6:
1231 sha1recompress_fast_6(ihvin, ihvout, me2, state);
1232 break;
1233#endif
1234#ifdef DOSTORESTATE7
1235 case 7:
1236 sha1recompress_fast_7(ihvin, ihvout, me2, state);
1237 break;
1238#endif
1239#ifdef DOSTORESTATE8
1240 case 8:
1241 sha1recompress_fast_8(ihvin, ihvout, me2, state);
1242 break;
1243#endif
1244#ifdef DOSTORESTATE9
1245 case 9:
1246 sha1recompress_fast_9(ihvin, ihvout, me2, state);
1247 break;
1248#endif
1249#ifdef DOSTORESTATE10
1250 case 10:
1251 sha1recompress_fast_10(ihvin, ihvout, me2, state);
1252 break;
1253#endif
1254#ifdef DOSTORESTATE11
1255 case 11:
1256 sha1recompress_fast_11(ihvin, ihvout, me2, state);
1257 break;
1258#endif
1259#ifdef DOSTORESTATE12
1260 case 12:
1261 sha1recompress_fast_12(ihvin, ihvout, me2, state);
1262 break;
1263#endif
1264#ifdef DOSTORESTATE13
1265 case 13:
1266 sha1recompress_fast_13(ihvin, ihvout, me2, state);
1267 break;
1268#endif
1269#ifdef DOSTORESTATE14
1270 case 14:
1271 sha1recompress_fast_14(ihvin, ihvout, me2, state);
1272 break;
1273#endif
1274#ifdef DOSTORESTATE15
1275 case 15:
1276 sha1recompress_fast_15(ihvin, ihvout, me2, state);
1277 break;
1278#endif
1279#ifdef DOSTORESTATE16
1280 case 16:
1281 sha1recompress_fast_16(ihvin, ihvout, me2, state);
1282 break;
1283#endif
1284#ifdef DOSTORESTATE17
1285 case 17:
1286 sha1recompress_fast_17(ihvin, ihvout, me2, state);
1287 break;
1288#endif
1289#ifdef DOSTORESTATE18
1290 case 18:
1291 sha1recompress_fast_18(ihvin, ihvout, me2, state);
1292 break;
1293#endif
1294#ifdef DOSTORESTATE19
1295 case 19:
1296 sha1recompress_fast_19(ihvin, ihvout, me2, state);
1297 break;
1298#endif
1299#ifdef DOSTORESTATE20
1300 case 20:
1301 sha1recompress_fast_20(ihvin, ihvout, me2, state);
1302 break;
1303#endif
1304#ifdef DOSTORESTATE21
1305 case 21:
1306 sha1recompress_fast_21(ihvin, ihvout, me2, state);
1307 break;
1308#endif
1309#ifdef DOSTORESTATE22
1310 case 22:
1311 sha1recompress_fast_22(ihvin, ihvout, me2, state);
1312 break;
1313#endif
1314#ifdef DOSTORESTATE23
1315 case 23:
1316 sha1recompress_fast_23(ihvin, ihvout, me2, state);
1317 break;
1318#endif
1319#ifdef DOSTORESTATE24
1320 case 24:
1321 sha1recompress_fast_24(ihvin, ihvout, me2, state);
1322 break;
1323#endif
1324#ifdef DOSTORESTATE25
1325 case 25:
1326 sha1recompress_fast_25(ihvin, ihvout, me2, state);
1327 break;
1328#endif
1329#ifdef DOSTORESTATE26
1330 case 26:
1331 sha1recompress_fast_26(ihvin, ihvout, me2, state);
1332 break;
1333#endif
1334#ifdef DOSTORESTATE27
1335 case 27:
1336 sha1recompress_fast_27(ihvin, ihvout, me2, state);
1337 break;
1338#endif
1339#ifdef DOSTORESTATE28
1340 case 28:
1341 sha1recompress_fast_28(ihvin, ihvout, me2, state);
1342 break;
1343#endif
1344#ifdef DOSTORESTATE29
1345 case 29:
1346 sha1recompress_fast_29(ihvin, ihvout, me2, state);
1347 break;
1348#endif
1349#ifdef DOSTORESTATE30
1350 case 30:
1351 sha1recompress_fast_30(ihvin, ihvout, me2, state);
1352 break;
1353#endif
1354#ifdef DOSTORESTATE31
1355 case 31:
1356 sha1recompress_fast_31(ihvin, ihvout, me2, state);
1357 break;
1358#endif
1359#ifdef DOSTORESTATE32
1360 case 32:
1361 sha1recompress_fast_32(ihvin, ihvout, me2, state);
1362 break;
1363#endif
1364#ifdef DOSTORESTATE33
1365 case 33:
1366 sha1recompress_fast_33(ihvin, ihvout, me2, state);
1367 break;
1368#endif
1369#ifdef DOSTORESTATE34
1370 case 34:
1371 sha1recompress_fast_34(ihvin, ihvout, me2, state);
1372 break;
1373#endif
1374#ifdef DOSTORESTATE35
1375 case 35:
1376 sha1recompress_fast_35(ihvin, ihvout, me2, state);
1377 break;
1378#endif
1379#ifdef DOSTORESTATE36
1380 case 36:
1381 sha1recompress_fast_36(ihvin, ihvout, me2, state);
1382 break;
1383#endif
1384#ifdef DOSTORESTATE37
1385 case 37:
1386 sha1recompress_fast_37(ihvin, ihvout, me2, state);
1387 break;
1388#endif
1389#ifdef DOSTORESTATE38
1390 case 38:
1391 sha1recompress_fast_38(ihvin, ihvout, me2, state);
1392 break;
1393#endif
1394#ifdef DOSTORESTATE39
1395 case 39:
1396 sha1recompress_fast_39(ihvin, ihvout, me2, state);
1397 break;
1398#endif
1399#ifdef DOSTORESTATE40
1400 case 40:
1401 sha1recompress_fast_40(ihvin, ihvout, me2, state);
1402 break;
1403#endif
1404#ifdef DOSTORESTATE41
1405 case 41:
1406 sha1recompress_fast_41(ihvin, ihvout, me2, state);
1407 break;
1408#endif
1409#ifdef DOSTORESTATE42
1410 case 42:
1411 sha1recompress_fast_42(ihvin, ihvout, me2, state);
1412 break;
1413#endif
1414#ifdef DOSTORESTATE43
1415 case 43:
1416 sha1recompress_fast_43(ihvin, ihvout, me2, state);
1417 break;
1418#endif
1419#ifdef DOSTORESTATE44
1420 case 44:
1421 sha1recompress_fast_44(ihvin, ihvout, me2, state);
1422 break;
1423#endif
1424#ifdef DOSTORESTATE45
1425 case 45:
1426 sha1recompress_fast_45(ihvin, ihvout, me2, state);
1427 break;
1428#endif
1429#ifdef DOSTORESTATE46
1430 case 46:
1431 sha1recompress_fast_46(ihvin, ihvout, me2, state);
1432 break;
1433#endif
1434#ifdef DOSTORESTATE47
1435 case 47:
1436 sha1recompress_fast_47(ihvin, ihvout, me2, state);
1437 break;
1438#endif
1439#ifdef DOSTORESTATE48
1440 case 48:
1441 sha1recompress_fast_48(ihvin, ihvout, me2, state);
1442 break;
1443#endif
1444#ifdef DOSTORESTATE49
1445 case 49:
1446 sha1recompress_fast_49(ihvin, ihvout, me2, state);
1447 break;
1448#endif
1449#ifdef DOSTORESTATE50
1450 case 50:
1451 sha1recompress_fast_50(ihvin, ihvout, me2, state);
1452 break;
1453#endif
1454#ifdef DOSTORESTATE51
1455 case 51:
1456 sha1recompress_fast_51(ihvin, ihvout, me2, state);
1457 break;
1458#endif
1459#ifdef DOSTORESTATE52
1460 case 52:
1461 sha1recompress_fast_52(ihvin, ihvout, me2, state);
1462 break;
1463#endif
1464#ifdef DOSTORESTATE53
1465 case 53:
1466 sha1recompress_fast_53(ihvin, ihvout, me2, state);
1467 break;
1468#endif
1469#ifdef DOSTORESTATE54
1470 case 54:
1471 sha1recompress_fast_54(ihvin, ihvout, me2, state);
1472 break;
1473#endif
1474#ifdef DOSTORESTATE55
1475 case 55:
1476 sha1recompress_fast_55(ihvin, ihvout, me2, state);
1477 break;
1478#endif
1479#ifdef DOSTORESTATE56
1480 case 56:
1481 sha1recompress_fast_56(ihvin, ihvout, me2, state);
1482 break;
1483#endif
1484#ifdef DOSTORESTATE57
1485 case 57:
1486 sha1recompress_fast_57(ihvin, ihvout, me2, state);
1487 break;
1488#endif
1489#ifdef DOSTORESTATE58
1490 case 58:
1491 sha1recompress_fast_58(ihvin, ihvout, me2, state);
1492 break;
1493#endif
1494#ifdef DOSTORESTATE59
1495 case 59:
1496 sha1recompress_fast_59(ihvin, ihvout, me2, state);
1497 break;
1498#endif
1499#ifdef DOSTORESTATE60
1500 case 60:
1501 sha1recompress_fast_60(ihvin, ihvout, me2, state);
1502 break;
1503#endif
1504#ifdef DOSTORESTATE61
1505 case 61:
1506 sha1recompress_fast_61(ihvin, ihvout, me2, state);
1507 break;
1508#endif
1509#ifdef DOSTORESTATE62
1510 case 62:
1511 sha1recompress_fast_62(ihvin, ihvout, me2, state);
1512 break;
1513#endif
1514#ifdef DOSTORESTATE63
1515 case 63:
1516 sha1recompress_fast_63(ihvin, ihvout, me2, state);
1517 break;
1518#endif
1519#ifdef DOSTORESTATE64
1520 case 64:
1521 sha1recompress_fast_64(ihvin, ihvout, me2, state);
1522 break;
1523#endif
1524#ifdef DOSTORESTATE65
1525 case 65:
1526 sha1recompress_fast_65(ihvin, ihvout, me2, state);
1527 break;
1528#endif
1529#ifdef DOSTORESTATE66
1530 case 66:
1531 sha1recompress_fast_66(ihvin, ihvout, me2, state);
1532 break;
1533#endif
1534#ifdef DOSTORESTATE67
1535 case 67:
1536 sha1recompress_fast_67(ihvin, ihvout, me2, state);
1537 break;
1538#endif
1539#ifdef DOSTORESTATE68
1540 case 68:
1541 sha1recompress_fast_68(ihvin, ihvout, me2, state);
1542 break;
1543#endif
1544#ifdef DOSTORESTATE69
1545 case 69:
1546 sha1recompress_fast_69(ihvin, ihvout, me2, state);
1547 break;
1548#endif
1549#ifdef DOSTORESTATE70
1550 case 70:
1551 sha1recompress_fast_70(ihvin, ihvout, me2, state);
1552 break;
1553#endif
1554#ifdef DOSTORESTATE71
1555 case 71:
1556 sha1recompress_fast_71(ihvin, ihvout, me2, state);
1557 break;
1558#endif
1559#ifdef DOSTORESTATE72
1560 case 72:
1561 sha1recompress_fast_72(ihvin, ihvout, me2, state);
1562 break;
1563#endif
1564#ifdef DOSTORESTATE73
1565 case 73:
1566 sha1recompress_fast_73(ihvin, ihvout, me2, state);
1567 break;
1568#endif
1569#ifdef DOSTORESTATE74
1570 case 74:
1571 sha1recompress_fast_74(ihvin, ihvout, me2, state);
1572 break;
1573#endif
1574#ifdef DOSTORESTATE75
1575 case 75:
1576 sha1recompress_fast_75(ihvin, ihvout, me2, state);
1577 break;
1578#endif
1579#ifdef DOSTORESTATE76
1580 case 76:
1581 sha1recompress_fast_76(ihvin, ihvout, me2, state);
1582 break;
1583#endif
1584#ifdef DOSTORESTATE77
1585 case 77:
1586 sha1recompress_fast_77(ihvin, ihvout, me2, state);
1587 break;
1588#endif
1589#ifdef DOSTORESTATE78
1590 case 78:
1591 sha1recompress_fast_78(ihvin, ihvout, me2, state);
1592 break;
1593#endif
1594#ifdef DOSTORESTATE79
1595 case 79:
1596 sha1recompress_fast_79(ihvin, ihvout, me2, state);
1597 break;
1598#endif
1599 default:
1600 abort();
1601 }
1602}
1604static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
1608{
1609 unsigned i, j;
1610 uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
1611 uint32_t ihvtmp[5];
1612 ctx->ihv1[0] = ctx->ihv[0];
1614 ctx->ihv1[1] = ctx->ihv[1];
1615 ctx->ihv1[2] = ctx->ihv[2];
1616 ctx->ihv1[3] = ctx->ihv[3];
1617 ctx->ihv1[4] = ctx->ihv[4];
1618 sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
1620 if (ctx->detect_coll)
1622 {
1623 if (ctx->ubc_check)
1624 {
1625 ubc_check(ctx->m1, ubc_dv_mask);
1626 }
1627 if (ubc_dv_mask[0] != 0)
1629 {
1630 for (i = 0; sha1_dvs[i].dvType != 0; ++i)
1631 {
1632 if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
1633 {
1634 for (j = 0; j < 80; ++j)
1635 ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1636 sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);
1638 /* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
1640 if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
1641 || (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
1642 {
1643 ctx->found_collision = 1;
1644 if (ctx->safe_hash)
1646 {
1647 sha1_compression_W(ctx->ihv, ctx->m1);
1648 sha1_compression_W(ctx->ihv, ctx->m1);
1649 }
1650 break;
1652 }
1653 }
1654 }
1655 }
1656 }
1657}
1658void SHA1DCInit(SHA1_CTX* ctx)
1660{
1661 ctx->total = 0;
1662 ctx->ihv[0] = 0x67452301;
1663 ctx->ihv[1] = 0xEFCDAB89;
1664 ctx->ihv[2] = 0x98BADCFE;
1665 ctx->ihv[3] = 0x10325476;
1666 ctx->ihv[4] = 0xC3D2E1F0;
1667 ctx->found_collision = 0;
1668 ctx->safe_hash = 1;
1669 ctx->ubc_check = 1;
1670 ctx->detect_coll = 1;
1671 ctx->reduced_round_coll = 0;
1672 ctx->callback = NULL;
1673}
1674void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
1676{
1677 if (safehash)
1678 ctx->safe_hash = 1;
1679 else
1680 ctx->safe_hash = 0;
1681}
1682void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
1685{
1686 if (ubc_check)
1687 ctx->ubc_check = 1;
1688 else
1689 ctx->ubc_check = 0;
1690}
1691void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
1693{
1694 if (detect_coll)
1695 ctx->detect_coll = 1;
1696 else
1697 ctx->detect_coll = 0;
1698}
1699void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
1701{
1702 if (reduced_round_coll)
1703 ctx->reduced_round_coll = 1;
1704 else
1705 ctx->reduced_round_coll = 0;
1706}
1707void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
1709{
1710 ctx->callback = callback;
1711}
1712void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
1714{
1715 unsigned left, fill;
1716 if (len == 0)
1717 return;
1718 left = ctx->total & 63;
1720 fill = 64 - left;
1721 if (left && len >= fill)
1723 {
1724 ctx->total += fill;
1725 memcpy(ctx->buffer + left, buf, fill);
1726 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1727 buf += fill;
1728 len -= fill;
1729 left = 0;
1730 }
1731 while (len >= 64)
1732 {
1733 ctx->total += 64;
1734 sha1_process(ctx, (uint32_t*)(buf));
1735 buf += 64;
1736 len -= 64;
1737 }
1738 if (len > 0)
1739 {
1740 ctx->total += len;
1741 memcpy(ctx->buffer + left, buf, len);
1742 }
1743}
1744static const unsigned char sha1_padding[64] =
1746{
1747 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1748 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1749 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1750 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1751};
1752int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
1754{
1755 uint32_t last = ctx->total & 63;
1756 uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
1757 uint64_t total;
1758 SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
1759 total = ctx->total - padn;
1761 total <<= 3;
1762 ctx->buffer[56] = (unsigned char)(total >> 56);
1763 ctx->buffer[57] = (unsigned char)(total >> 48);
1764 ctx->buffer[58] = (unsigned char)(total >> 40);
1765 ctx->buffer[59] = (unsigned char)(total >> 32);
1766 ctx->buffer[60] = (unsigned char)(total >> 24);
1767 ctx->buffer[61] = (unsigned char)(total >> 16);
1768 ctx->buffer[62] = (unsigned char)(total >> 8);
1769 ctx->buffer[63] = (unsigned char)(total);
1770 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1771 output[0] = (unsigned char)(ctx->ihv[0] >> 24);
1772 output[1] = (unsigned char)(ctx->ihv[0] >> 16);
1773 output[2] = (unsigned char)(ctx->ihv[0] >> 8);
1774 output[3] = (unsigned char)(ctx->ihv[0]);
1775 output[4] = (unsigned char)(ctx->ihv[1] >> 24);
1776 output[5] = (unsigned char)(ctx->ihv[1] >> 16);
1777 output[6] = (unsigned char)(ctx->ihv[1] >> 8);
1778 output[7] = (unsigned char)(ctx->ihv[1]);
1779 output[8] = (unsigned char)(ctx->ihv[2] >> 24);
1780 output[9] = (unsigned char)(ctx->ihv[2] >> 16);
1781 output[10] = (unsigned char)(ctx->ihv[2] >> 8);
1782 output[11] = (unsigned char)(ctx->ihv[2]);
1783 output[12] = (unsigned char)(ctx->ihv[3] >> 24);
1784 output[13] = (unsigned char)(ctx->ihv[3] >> 16);
1785 output[14] = (unsigned char)(ctx->ihv[3] >> 8);
1786 output[15] = (unsigned char)(ctx->ihv[3]);
1787 output[16] = (unsigned char)(ctx->ihv[4] >> 24);
1788 output[17] = (unsigned char)(ctx->ihv[4] >> 16);
1789 output[18] = (unsigned char)(ctx->ihv[4] >> 8);
1790 output[19] = (unsigned char)(ctx->ihv[4]);
1791 return ctx->found_collision;
1792}