sha1dc / sha1.con commit Merge branch 'sg/overlong-progress-fix' (425e51e)
   1/***
   2* Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
   3* Distributed under the MIT Software License.
   4* See accompanying file LICENSE.txt or copy at
   5* https://opensource.org/licenses/MIT
   6***/
   7
   8#ifndef SHA1DC_NO_STANDARD_INCLUDES
   9#include <string.h>
  10#include <memory.h>
  11#include <stdio.h>
  12#include <stdlib.h>
  13#ifdef __unix__
  14#include <sys/types.h> /* make sure macros like _BIG_ENDIAN visible */
  15#endif
  16#endif
  17
  18#ifdef SHA1DC_CUSTOM_INCLUDE_SHA1_C
  19#include SHA1DC_CUSTOM_INCLUDE_SHA1_C
  20#endif
  21
  22#ifndef SHA1DC_INIT_SAFE_HASH_DEFAULT
  23#define SHA1DC_INIT_SAFE_HASH_DEFAULT 1
  24#endif
  25
  26#include "sha1.h"
  27#include "ubc_check.h"
  28
  29#if (defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || \
  30     defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__)  || \
  31     defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || \
  32     defined(_X86_) || defined(__THW_INTEL__) || defined(__I86__) || defined(__INTEL__) || \
  33     defined(__386) || defined(_M_X64) || defined(_M_AMD64))
  34#define SHA1DC_ON_INTEL_LIKE_PROCESSOR
  35#endif
  36
  37/*
  38   Because Little-Endian architectures are most common,
  39   we only set SHA1DC_BIGENDIAN if one of these conditions is met.
  40   Note that all MSFT platforms are little endian,
  41   so none of these will be defined under the MSC compiler.
  42   If you are compiling on a big endian platform and your compiler does not define one of these,
  43   you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
  44 */
  45
  46#if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
  47/*
  48 * Should detect Big Endian under GCC since at least 4.6.0 (gcc svn
  49 * rev #165881). See
  50 * https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
  51 *
  52 * This also works under clang since 3.2, it copied the GCC-ism. See
  53 * clang.git's 3b198a97d2 ("Preprocessor: add __BYTE_ORDER__
  54 * predefined macro", 2012-07-27)
  55 */
  56#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
  57#define SHA1DC_BIGENDIAN
  58#endif
  59
  60/* Not under GCC-alike */
  61#elif defined(__BYTE_ORDER) && defined(__BIG_ENDIAN)
  62/*
  63 * Should detect Big Endian under glibc.git since 14245eb70e ("entered
  64 * into RCS", 1992-11-25). Defined in <endian.h> which will have been
  65 * brought in by standard headers. See glibc.git and
  66 * https://sourceforge.net/p/predef/wiki/Endianness/
  67 */
  68#if __BYTE_ORDER == __BIG_ENDIAN
  69#define SHA1DC_BIGENDIAN
  70#endif
  71
  72/* Not under GCC-alike or glibc */
  73#elif defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN)
  74/*
  75 * *BSD and newlib (embeded linux, cygwin, etc).
  76 * the defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN) part prevents
  77 * this condition from matching with Solaris/sparc.
  78 * (Solaris defines only one endian macro)
  79 */
  80#if _BYTE_ORDER == _BIG_ENDIAN
  81#define SHA1DC_BIGENDIAN
  82#endif
  83
  84/* Not under GCC-alike or glibc or *BSD or newlib */
  85#elif (defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
  86       defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || \
  87       defined(__sparc))
  88/*
  89 * Should define Big Endian for a whitelist of known processors. See
  90 * https://sourceforge.net/p/predef/wiki/Endianness/ and
  91 * http://www.oracle.com/technetwork/server-storage/solaris/portingtosolaris-138514.html
  92 */
  93#define SHA1DC_BIGENDIAN
  94
  95/* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> */
  96#elif (defined(_AIX))
  97
  98/*
  99 * Defines Big Endian on a whitelist of OSs that are known to be Big
 100 * Endian-only. See
 101 * https://public-inbox.org/git/93056823-2740-d072-1ebd-46b440b33d7e@felt.demon.nl/
 102 */
 103#define SHA1DC_BIGENDIAN
 104
 105/* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> */
 106#elif defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
 107/*
 108 * As a last resort before we do anything else we're not 100% sure
 109 * about below, we blacklist specific processors here. We could add
 110 * more, see e.g. https://wiki.debian.org/ArchitectureSpecificsMemo
 111 */
 112#else /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> or <processor blacklist> */
 113
 114/* We do nothing more here for now */
 115/*#error "Uncomment this to see if you fall through all the detection"*/
 116
 117#endif /* Big Endian detection */
 118
 119#if (defined(SHA1DC_FORCE_LITTLEENDIAN) && defined(SHA1DC_BIGENDIAN))
 120#undef SHA1DC_BIGENDIAN
 121#endif
 122#if (defined(SHA1DC_FORCE_BIGENDIAN) && !defined(SHA1DC_BIGENDIAN))
 123#define SHA1DC_BIGENDIAN
 124#endif
 125/*ENDIANNESS SELECTION*/
 126
 127#ifndef SHA1DC_FORCE_ALIGNED_ACCESS
 128#if defined(SHA1DC_FORCE_UNALIGNED_ACCESS) || defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
 129#define SHA1DC_ALLOW_UNALIGNED_ACCESS
 130#endif /*UNALIGNED ACCESS DETECTION*/
 131#endif /*FORCE ALIGNED ACCESS*/
 132
 133#define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
 134#define rotate_left(x,n)  (((x)<<(n))|((x)>>(32-(n))))
 135
 136#define sha1_bswap32(x) \
 137        {x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}
 138
 139#define sha1_mix(W, t)  (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
 140
 141#ifdef SHA1DC_BIGENDIAN
 142        #define sha1_load(m, t, temp)  { temp = m[t]; }
 143#else
 144        #define sha1_load(m, t, temp)  { temp = m[t]; sha1_bswap32(temp); }
 145#endif
 146
 147#define sha1_store(W, t, x)     *(volatile uint32_t *)&W[t] = x
 148
 149#define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
 150#define sha1_f2(b,c,d) ((b)^(c)^(d))
 151#define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
 152#define sha1_f4(b,c,d) ((b)^(c)^(d))
 153
 154#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
 155        { e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
 156#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
 157        { e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
 158#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
 159        { e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
 160#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
 161        { e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }
 162
 163#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
 164        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
 165#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
 166        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
 167#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
 168        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
 169#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
 170        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }
 171
 172#define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
 173        {sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
 174
 175#define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
 176        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
 177
 178#define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
 179        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
 180
 181#define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
 182        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
 183
 184#define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
 185        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }
 186
 187
 188#define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
 189
 190#ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
 191void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
 192{
 193        uint32_t W[80];
 194        uint32_t a,b,c,d,e;
 195        unsigned i;
 196
 197        memcpy(W, m, 16 * 4);
 198        for (i = 16; i < 80; ++i)
 199                W[i] = sha1_mix(W, i);
 200
 201        a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
 202
 203        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
 204        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
 205        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
 206        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
 207        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
 208        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
 209        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
 210        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
 211        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
 212        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
 213        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
 214        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
 215        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
 216        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
 217        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
 218        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
 219        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
 220        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
 221        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
 222        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
 223
 224        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
 225        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
 226        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
 227        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
 228        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
 229        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
 230        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
 231        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
 232        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
 233        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
 234        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
 235        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
 236        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
 237        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
 238        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
 239        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
 240        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
 241        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
 242        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
 243        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
 244
 245        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
 246        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
 247        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
 248        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
 249        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
 250        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
 251        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
 252        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
 253        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
 254        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
 255        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
 256        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
 257        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
 258        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
 259        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
 260        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
 261        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
 262        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
 263        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
 264        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
 265
 266        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
 267        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
 268        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
 269        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
 270        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
 271        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
 272        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
 273        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
 274        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
 275        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
 276        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
 277        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
 278        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
 279        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
 280        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
 281        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
 282        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
 283        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
 284        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
 285        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
 286
 287        ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
 288}
 289#endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
 290
 291
 292static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
 293{
 294        uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
 295
 296        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
 297        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
 298        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
 299        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
 300        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
 301        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
 302        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
 303        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
 304        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
 305        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
 306        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
 307        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
 308        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
 309        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
 310        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
 311        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
 312        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
 313        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
 314        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
 315        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
 316
 317        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
 318        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
 319        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
 320        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
 321        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
 322        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
 323        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
 324        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
 325        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
 326        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
 327        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
 328        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
 329        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
 330        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
 331        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
 332        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
 333        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
 334        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
 335        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
 336        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
 337
 338        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
 339        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
 340        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
 341        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
 342        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
 343        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
 344        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
 345        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
 346        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
 347        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
 348        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
 349        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
 350        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
 351        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
 352        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
 353        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
 354        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
 355        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
 356        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
 357        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
 358
 359        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
 360        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
 361        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
 362        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
 363        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
 364        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
 365        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
 366        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
 367        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
 368        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
 369        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
 370        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
 371        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
 372        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
 373        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
 374        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
 375        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
 376        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
 377        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
 378        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
 379
 380        ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
 381}
 382
 383
 384
 385void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
 386{
 387        uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
 388        uint32_t temp;
 389
 390#ifdef DOSTORESTATE00
 391        SHA1_STORE_STATE(0)
 392#endif
 393        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
 394
 395#ifdef DOSTORESTATE01
 396        SHA1_STORE_STATE(1)
 397#endif
 398        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
 399
 400#ifdef DOSTORESTATE02
 401        SHA1_STORE_STATE(2)
 402#endif
 403        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
 404
 405#ifdef DOSTORESTATE03
 406        SHA1_STORE_STATE(3)
 407#endif
 408        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
 409
 410#ifdef DOSTORESTATE04
 411        SHA1_STORE_STATE(4)
 412#endif
 413        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
 414
 415#ifdef DOSTORESTATE05
 416        SHA1_STORE_STATE(5)
 417#endif
 418        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
 419
 420#ifdef DOSTORESTATE06
 421        SHA1_STORE_STATE(6)
 422#endif
 423        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
 424
 425#ifdef DOSTORESTATE07
 426        SHA1_STORE_STATE(7)
 427#endif
 428        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
 429
 430#ifdef DOSTORESTATE08
 431        SHA1_STORE_STATE(8)
 432#endif
 433        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
 434
 435#ifdef DOSTORESTATE09
 436        SHA1_STORE_STATE(9)
 437#endif
 438        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
 439
 440#ifdef DOSTORESTATE10
 441        SHA1_STORE_STATE(10)
 442#endif
 443        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
 444
 445#ifdef DOSTORESTATE11
 446        SHA1_STORE_STATE(11)
 447#endif
 448        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
 449
 450#ifdef DOSTORESTATE12
 451        SHA1_STORE_STATE(12)
 452#endif
 453        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
 454
 455#ifdef DOSTORESTATE13
 456        SHA1_STORE_STATE(13)
 457#endif
 458        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
 459
 460#ifdef DOSTORESTATE14
 461        SHA1_STORE_STATE(14)
 462#endif
 463        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
 464
 465#ifdef DOSTORESTATE15
 466        SHA1_STORE_STATE(15)
 467#endif
 468        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
 469
 470#ifdef DOSTORESTATE16
 471        SHA1_STORE_STATE(16)
 472#endif
 473        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
 474
 475#ifdef DOSTORESTATE17
 476        SHA1_STORE_STATE(17)
 477#endif
 478        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
 479
 480#ifdef DOSTORESTATE18
 481        SHA1_STORE_STATE(18)
 482#endif
 483        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
 484
 485#ifdef DOSTORESTATE19
 486        SHA1_STORE_STATE(19)
 487#endif
 488        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
 489
 490
 491
 492#ifdef DOSTORESTATE20
 493        SHA1_STORE_STATE(20)
 494#endif
 495        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
 496
 497#ifdef DOSTORESTATE21
 498        SHA1_STORE_STATE(21)
 499#endif
 500        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
 501
 502#ifdef DOSTORESTATE22
 503        SHA1_STORE_STATE(22)
 504#endif
 505        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
 506
 507#ifdef DOSTORESTATE23
 508        SHA1_STORE_STATE(23)
 509#endif
 510        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
 511
 512#ifdef DOSTORESTATE24
 513        SHA1_STORE_STATE(24)
 514#endif
 515        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
 516
 517#ifdef DOSTORESTATE25
 518        SHA1_STORE_STATE(25)
 519#endif
 520        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
 521
 522#ifdef DOSTORESTATE26
 523        SHA1_STORE_STATE(26)
 524#endif
 525        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
 526
 527#ifdef DOSTORESTATE27
 528        SHA1_STORE_STATE(27)
 529#endif
 530        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
 531
 532#ifdef DOSTORESTATE28
 533        SHA1_STORE_STATE(28)
 534#endif
 535        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
 536
 537#ifdef DOSTORESTATE29
 538        SHA1_STORE_STATE(29)
 539#endif
 540        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
 541
 542#ifdef DOSTORESTATE30
 543        SHA1_STORE_STATE(30)
 544#endif
 545        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
 546
 547#ifdef DOSTORESTATE31
 548        SHA1_STORE_STATE(31)
 549#endif
 550        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
 551
 552#ifdef DOSTORESTATE32
 553        SHA1_STORE_STATE(32)
 554#endif
 555        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
 556
 557#ifdef DOSTORESTATE33
 558        SHA1_STORE_STATE(33)
 559#endif
 560        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
 561
 562#ifdef DOSTORESTATE34
 563        SHA1_STORE_STATE(34)
 564#endif
 565        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
 566
 567#ifdef DOSTORESTATE35
 568        SHA1_STORE_STATE(35)
 569#endif
 570        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
 571
 572#ifdef DOSTORESTATE36
 573        SHA1_STORE_STATE(36)
 574#endif
 575        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
 576
 577#ifdef DOSTORESTATE37
 578        SHA1_STORE_STATE(37)
 579#endif
 580        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
 581
 582#ifdef DOSTORESTATE38
 583        SHA1_STORE_STATE(38)
 584#endif
 585        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
 586
 587#ifdef DOSTORESTATE39
 588        SHA1_STORE_STATE(39)
 589#endif
 590        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
 591
 592
 593
 594#ifdef DOSTORESTATE40
 595        SHA1_STORE_STATE(40)
 596#endif
 597        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
 598
 599#ifdef DOSTORESTATE41
 600        SHA1_STORE_STATE(41)
 601#endif
 602        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
 603
 604#ifdef DOSTORESTATE42
 605        SHA1_STORE_STATE(42)
 606#endif
 607        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
 608
 609#ifdef DOSTORESTATE43
 610        SHA1_STORE_STATE(43)
 611#endif
 612        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
 613
 614#ifdef DOSTORESTATE44
 615        SHA1_STORE_STATE(44)
 616#endif
 617        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
 618
 619#ifdef DOSTORESTATE45
 620        SHA1_STORE_STATE(45)
 621#endif
 622        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
 623
 624#ifdef DOSTORESTATE46
 625        SHA1_STORE_STATE(46)
 626#endif
 627        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
 628
 629#ifdef DOSTORESTATE47
 630        SHA1_STORE_STATE(47)
 631#endif
 632        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
 633
 634#ifdef DOSTORESTATE48
 635        SHA1_STORE_STATE(48)
 636#endif
 637        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
 638
 639#ifdef DOSTORESTATE49
 640        SHA1_STORE_STATE(49)
 641#endif
 642        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
 643
 644#ifdef DOSTORESTATE50
 645        SHA1_STORE_STATE(50)
 646#endif
 647        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
 648
 649#ifdef DOSTORESTATE51
 650        SHA1_STORE_STATE(51)
 651#endif
 652        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
 653
 654#ifdef DOSTORESTATE52
 655        SHA1_STORE_STATE(52)
 656#endif
 657        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
 658
 659#ifdef DOSTORESTATE53
 660        SHA1_STORE_STATE(53)
 661#endif
 662        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
 663
 664#ifdef DOSTORESTATE54
 665        SHA1_STORE_STATE(54)
 666#endif
 667        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
 668
 669#ifdef DOSTORESTATE55
 670        SHA1_STORE_STATE(55)
 671#endif
 672        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
 673
 674#ifdef DOSTORESTATE56
 675        SHA1_STORE_STATE(56)
 676#endif
 677        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
 678
 679#ifdef DOSTORESTATE57
 680        SHA1_STORE_STATE(57)
 681#endif
 682        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
 683
 684#ifdef DOSTORESTATE58
 685        SHA1_STORE_STATE(58)
 686#endif
 687        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
 688
 689#ifdef DOSTORESTATE59
 690        SHA1_STORE_STATE(59)
 691#endif
 692        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
 693
 694
 695
 696
 697#ifdef DOSTORESTATE60
 698        SHA1_STORE_STATE(60)
 699#endif
 700        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
 701
 702#ifdef DOSTORESTATE61
 703        SHA1_STORE_STATE(61)
 704#endif
 705        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
 706
 707#ifdef DOSTORESTATE62
 708        SHA1_STORE_STATE(62)
 709#endif
 710        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
 711
 712#ifdef DOSTORESTATE63
 713        SHA1_STORE_STATE(63)
 714#endif
 715        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
 716
 717#ifdef DOSTORESTATE64
 718        SHA1_STORE_STATE(64)
 719#endif
 720        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
 721
 722#ifdef DOSTORESTATE65
 723        SHA1_STORE_STATE(65)
 724#endif
 725        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
 726
 727#ifdef DOSTORESTATE66
 728        SHA1_STORE_STATE(66)
 729#endif
 730        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
 731
 732#ifdef DOSTORESTATE67
 733        SHA1_STORE_STATE(67)
 734#endif
 735        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
 736
 737#ifdef DOSTORESTATE68
 738        SHA1_STORE_STATE(68)
 739#endif
 740        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
 741
 742#ifdef DOSTORESTATE69
 743        SHA1_STORE_STATE(69)
 744#endif
 745        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
 746
 747#ifdef DOSTORESTATE70
 748        SHA1_STORE_STATE(70)
 749#endif
 750        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
 751
 752#ifdef DOSTORESTATE71
 753        SHA1_STORE_STATE(71)
 754#endif
 755        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
 756
 757#ifdef DOSTORESTATE72
 758        SHA1_STORE_STATE(72)
 759#endif
 760        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
 761
 762#ifdef DOSTORESTATE73
 763        SHA1_STORE_STATE(73)
 764#endif
 765        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
 766
 767#ifdef DOSTORESTATE74
 768        SHA1_STORE_STATE(74)
 769#endif
 770        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
 771
 772#ifdef DOSTORESTATE75
 773        SHA1_STORE_STATE(75)
 774#endif
 775        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
 776
 777#ifdef DOSTORESTATE76
 778        SHA1_STORE_STATE(76)
 779#endif
 780        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
 781
 782#ifdef DOSTORESTATE77
 783        SHA1_STORE_STATE(77)
 784#endif
 785        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
 786
 787#ifdef DOSTORESTATE78
 788        SHA1_STORE_STATE(78)
 789#endif
 790        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
 791
 792#ifdef DOSTORESTATE79
 793        SHA1_STORE_STATE(79)
 794#endif
 795        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
 796
 797
 798
 799        ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
 800}
 801
 802
 803
 804
 805#define SHA1_RECOMPRESS(t) \
 806static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
 807{ \
 808        uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
 809        if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
 810        if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
 811        if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
 812        if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
 813        if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
 814        if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
 815        if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
 816        if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
 817        if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
 818        if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
 819        if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
 820        if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
 821        if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
 822        if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
 823        if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
 824        if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
 825        if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
 826        if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
 827        if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
 828        if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
 829        if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
 830        if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
 831        if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
 832        if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
 833        if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
 834        if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
 835        if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
 836        if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
 837        if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
 838        if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
 839        if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
 840        if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
 841        if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
 842        if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
 843        if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
 844        if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
 845        if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
 846        if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
 847        if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
 848        if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
 849        if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
 850        if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
 851        if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
 852        if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
 853        if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
 854        if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
 855        if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
 856        if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
 857        if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
 858        if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
 859        if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
 860        if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
 861        if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
 862        if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
 863        if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
 864        if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
 865        if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
 866        if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
 867        if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
 868        if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
 869        if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
 870        if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
 871        if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
 872        if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
 873        if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
 874        if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
 875        if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
 876        if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
 877        if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
 878        if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
 879        if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
 880        if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
 881        if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
 882        if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
 883        if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
 884        if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
 885        if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
 886        if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
 887        if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
 888        if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
 889        ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
 890        a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
 891        if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
 892        if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
 893        if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
 894        if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
 895        if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
 896        if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
 897        if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
 898        if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
 899        if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
 900        if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
 901        if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
 902        if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
 903        if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
 904        if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
 905        if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
 906        if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
 907        if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
 908        if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
 909        if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
 910        if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
 911        if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
 912        if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
 913        if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
 914        if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
 915        if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
 916        if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
 917        if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
 918        if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
 919        if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
 920        if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
 921        if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
 922        if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
 923        if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
 924        if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
 925        if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
 926        if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
 927        if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
 928        if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
 929        if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
 930        if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
 931        if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
 932        if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
 933        if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
 934        if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
 935        if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
 936        if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
 937        if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
 938        if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
 939        if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
 940        if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
 941        if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
 942        if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
 943        if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
 944        if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
 945        if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
 946        if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
 947        if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
 948        if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
 949        if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
 950        if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
 951        if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
 952        if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
 953        if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
 954        if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
 955        if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
 956        if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
 957        if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
 958        if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
 959        if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
 960        if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
 961        if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
 962        if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
 963        if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
 964        if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
 965        if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
 966        if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
 967        if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
 968        if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
 969        if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
 970        if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
 971        ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
 972}
 973
 974#ifdef _MSC_VER
 975#pragma warning(push)
 976#pragma warning(disable: 4127)  /* Compiler complains about the checks in the above macro being constant. */
 977#endif
 978
 979#ifdef DOSTORESTATE0
 980SHA1_RECOMPRESS(0)
 981#endif
 982
 983#ifdef DOSTORESTATE1
 984SHA1_RECOMPRESS(1)
 985#endif
 986
 987#ifdef DOSTORESTATE2
 988SHA1_RECOMPRESS(2)
 989#endif
 990
 991#ifdef DOSTORESTATE3
 992SHA1_RECOMPRESS(3)
 993#endif
 994
 995#ifdef DOSTORESTATE4
 996SHA1_RECOMPRESS(4)
 997#endif
 998
 999#ifdef DOSTORESTATE5
1000SHA1_RECOMPRESS(5)
1001#endif
1002
1003#ifdef DOSTORESTATE6
1004SHA1_RECOMPRESS(6)
1005#endif
1006
1007#ifdef DOSTORESTATE7
1008SHA1_RECOMPRESS(7)
1009#endif
1010
1011#ifdef DOSTORESTATE8
1012SHA1_RECOMPRESS(8)
1013#endif
1014
1015#ifdef DOSTORESTATE9
1016SHA1_RECOMPRESS(9)
1017#endif
1018
1019#ifdef DOSTORESTATE10
1020SHA1_RECOMPRESS(10)
1021#endif
1022
1023#ifdef DOSTORESTATE11
1024SHA1_RECOMPRESS(11)
1025#endif
1026
1027#ifdef DOSTORESTATE12
1028SHA1_RECOMPRESS(12)
1029#endif
1030
1031#ifdef DOSTORESTATE13
1032SHA1_RECOMPRESS(13)
1033#endif
1034
1035#ifdef DOSTORESTATE14
1036SHA1_RECOMPRESS(14)
1037#endif
1038
1039#ifdef DOSTORESTATE15
1040SHA1_RECOMPRESS(15)
1041#endif
1042
1043#ifdef DOSTORESTATE16
1044SHA1_RECOMPRESS(16)
1045#endif
1046
1047#ifdef DOSTORESTATE17
1048SHA1_RECOMPRESS(17)
1049#endif
1050
1051#ifdef DOSTORESTATE18
1052SHA1_RECOMPRESS(18)
1053#endif
1054
1055#ifdef DOSTORESTATE19
1056SHA1_RECOMPRESS(19)
1057#endif
1058
1059#ifdef DOSTORESTATE20
1060SHA1_RECOMPRESS(20)
1061#endif
1062
1063#ifdef DOSTORESTATE21
1064SHA1_RECOMPRESS(21)
1065#endif
1066
1067#ifdef DOSTORESTATE22
1068SHA1_RECOMPRESS(22)
1069#endif
1070
1071#ifdef DOSTORESTATE23
1072SHA1_RECOMPRESS(23)
1073#endif
1074
1075#ifdef DOSTORESTATE24
1076SHA1_RECOMPRESS(24)
1077#endif
1078
1079#ifdef DOSTORESTATE25
1080SHA1_RECOMPRESS(25)
1081#endif
1082
1083#ifdef DOSTORESTATE26
1084SHA1_RECOMPRESS(26)
1085#endif
1086
1087#ifdef DOSTORESTATE27
1088SHA1_RECOMPRESS(27)
1089#endif
1090
1091#ifdef DOSTORESTATE28
1092SHA1_RECOMPRESS(28)
1093#endif
1094
1095#ifdef DOSTORESTATE29
1096SHA1_RECOMPRESS(29)
1097#endif
1098
1099#ifdef DOSTORESTATE30
1100SHA1_RECOMPRESS(30)
1101#endif
1102
1103#ifdef DOSTORESTATE31
1104SHA1_RECOMPRESS(31)
1105#endif
1106
1107#ifdef DOSTORESTATE32
1108SHA1_RECOMPRESS(32)
1109#endif
1110
1111#ifdef DOSTORESTATE33
1112SHA1_RECOMPRESS(33)
1113#endif
1114
1115#ifdef DOSTORESTATE34
1116SHA1_RECOMPRESS(34)
1117#endif
1118
1119#ifdef DOSTORESTATE35
1120SHA1_RECOMPRESS(35)
1121#endif
1122
1123#ifdef DOSTORESTATE36
1124SHA1_RECOMPRESS(36)
1125#endif
1126
1127#ifdef DOSTORESTATE37
1128SHA1_RECOMPRESS(37)
1129#endif
1130
1131#ifdef DOSTORESTATE38
1132SHA1_RECOMPRESS(38)
1133#endif
1134
1135#ifdef DOSTORESTATE39
1136SHA1_RECOMPRESS(39)
1137#endif
1138
1139#ifdef DOSTORESTATE40
1140SHA1_RECOMPRESS(40)
1141#endif
1142
1143#ifdef DOSTORESTATE41
1144SHA1_RECOMPRESS(41)
1145#endif
1146
1147#ifdef DOSTORESTATE42
1148SHA1_RECOMPRESS(42)
1149#endif
1150
1151#ifdef DOSTORESTATE43
1152SHA1_RECOMPRESS(43)
1153#endif
1154
1155#ifdef DOSTORESTATE44
1156SHA1_RECOMPRESS(44)
1157#endif
1158
1159#ifdef DOSTORESTATE45
1160SHA1_RECOMPRESS(45)
1161#endif
1162
1163#ifdef DOSTORESTATE46
1164SHA1_RECOMPRESS(46)
1165#endif
1166
1167#ifdef DOSTORESTATE47
1168SHA1_RECOMPRESS(47)
1169#endif
1170
1171#ifdef DOSTORESTATE48
1172SHA1_RECOMPRESS(48)
1173#endif
1174
1175#ifdef DOSTORESTATE49
1176SHA1_RECOMPRESS(49)
1177#endif
1178
1179#ifdef DOSTORESTATE50
1180SHA1_RECOMPRESS(50)
1181#endif
1182
1183#ifdef DOSTORESTATE51
1184SHA1_RECOMPRESS(51)
1185#endif
1186
1187#ifdef DOSTORESTATE52
1188SHA1_RECOMPRESS(52)
1189#endif
1190
1191#ifdef DOSTORESTATE53
1192SHA1_RECOMPRESS(53)
1193#endif
1194
1195#ifdef DOSTORESTATE54
1196SHA1_RECOMPRESS(54)
1197#endif
1198
1199#ifdef DOSTORESTATE55
1200SHA1_RECOMPRESS(55)
1201#endif
1202
1203#ifdef DOSTORESTATE56
1204SHA1_RECOMPRESS(56)
1205#endif
1206
1207#ifdef DOSTORESTATE57
1208SHA1_RECOMPRESS(57)
1209#endif
1210
1211#ifdef DOSTORESTATE58
1212SHA1_RECOMPRESS(58)
1213#endif
1214
1215#ifdef DOSTORESTATE59
1216SHA1_RECOMPRESS(59)
1217#endif
1218
1219#ifdef DOSTORESTATE60
1220SHA1_RECOMPRESS(60)
1221#endif
1222
1223#ifdef DOSTORESTATE61
1224SHA1_RECOMPRESS(61)
1225#endif
1226
1227#ifdef DOSTORESTATE62
1228SHA1_RECOMPRESS(62)
1229#endif
1230
1231#ifdef DOSTORESTATE63
1232SHA1_RECOMPRESS(63)
1233#endif
1234
1235#ifdef DOSTORESTATE64
1236SHA1_RECOMPRESS(64)
1237#endif
1238
1239#ifdef DOSTORESTATE65
1240SHA1_RECOMPRESS(65)
1241#endif
1242
1243#ifdef DOSTORESTATE66
1244SHA1_RECOMPRESS(66)
1245#endif
1246
1247#ifdef DOSTORESTATE67
1248SHA1_RECOMPRESS(67)
1249#endif
1250
1251#ifdef DOSTORESTATE68
1252SHA1_RECOMPRESS(68)
1253#endif
1254
1255#ifdef DOSTORESTATE69
1256SHA1_RECOMPRESS(69)
1257#endif
1258
1259#ifdef DOSTORESTATE70
1260SHA1_RECOMPRESS(70)
1261#endif
1262
1263#ifdef DOSTORESTATE71
1264SHA1_RECOMPRESS(71)
1265#endif
1266
1267#ifdef DOSTORESTATE72
1268SHA1_RECOMPRESS(72)
1269#endif
1270
1271#ifdef DOSTORESTATE73
1272SHA1_RECOMPRESS(73)
1273#endif
1274
1275#ifdef DOSTORESTATE74
1276SHA1_RECOMPRESS(74)
1277#endif
1278
1279#ifdef DOSTORESTATE75
1280SHA1_RECOMPRESS(75)
1281#endif
1282
1283#ifdef DOSTORESTATE76
1284SHA1_RECOMPRESS(76)
1285#endif
1286
1287#ifdef DOSTORESTATE77
1288SHA1_RECOMPRESS(77)
1289#endif
1290
1291#ifdef DOSTORESTATE78
1292SHA1_RECOMPRESS(78)
1293#endif
1294
1295#ifdef DOSTORESTATE79
1296SHA1_RECOMPRESS(79)
1297#endif
1298
1299#ifdef _MSC_VER
1300#pragma warning(pop)
1301#endif
1302
1303static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
1304{
1305        switch (step)
1306        {
1307#ifdef DOSTORESTATE0
1308        case 0:
1309                sha1recompress_fast_0(ihvin, ihvout, me2, state);
1310                break;
1311#endif
1312#ifdef DOSTORESTATE1
1313        case 1:
1314                sha1recompress_fast_1(ihvin, ihvout, me2, state);
1315                break;
1316#endif
1317#ifdef DOSTORESTATE2
1318        case 2:
1319                sha1recompress_fast_2(ihvin, ihvout, me2, state);
1320                break;
1321#endif
1322#ifdef DOSTORESTATE3
1323        case 3:
1324                sha1recompress_fast_3(ihvin, ihvout, me2, state);
1325                break;
1326#endif
1327#ifdef DOSTORESTATE4
1328        case 4:
1329                sha1recompress_fast_4(ihvin, ihvout, me2, state);
1330                break;
1331#endif
1332#ifdef DOSTORESTATE5
1333        case 5:
1334                sha1recompress_fast_5(ihvin, ihvout, me2, state);
1335                break;
1336#endif
1337#ifdef DOSTORESTATE6
1338        case 6:
1339                sha1recompress_fast_6(ihvin, ihvout, me2, state);
1340                break;
1341#endif
1342#ifdef DOSTORESTATE7
1343        case 7:
1344                sha1recompress_fast_7(ihvin, ihvout, me2, state);
1345                break;
1346#endif
1347#ifdef DOSTORESTATE8
1348        case 8:
1349                sha1recompress_fast_8(ihvin, ihvout, me2, state);
1350                break;
1351#endif
1352#ifdef DOSTORESTATE9
1353        case 9:
1354                sha1recompress_fast_9(ihvin, ihvout, me2, state);
1355                break;
1356#endif
1357#ifdef DOSTORESTATE10
1358        case 10:
1359                sha1recompress_fast_10(ihvin, ihvout, me2, state);
1360                break;
1361#endif
1362#ifdef DOSTORESTATE11
1363        case 11:
1364                sha1recompress_fast_11(ihvin, ihvout, me2, state);
1365                break;
1366#endif
1367#ifdef DOSTORESTATE12
1368        case 12:
1369                sha1recompress_fast_12(ihvin, ihvout, me2, state);
1370                break;
1371#endif
1372#ifdef DOSTORESTATE13
1373        case 13:
1374                sha1recompress_fast_13(ihvin, ihvout, me2, state);
1375                break;
1376#endif
1377#ifdef DOSTORESTATE14
1378        case 14:
1379                sha1recompress_fast_14(ihvin, ihvout, me2, state);
1380                break;
1381#endif
1382#ifdef DOSTORESTATE15
1383        case 15:
1384                sha1recompress_fast_15(ihvin, ihvout, me2, state);
1385                break;
1386#endif
1387#ifdef DOSTORESTATE16
1388        case 16:
1389                sha1recompress_fast_16(ihvin, ihvout, me2, state);
1390                break;
1391#endif
1392#ifdef DOSTORESTATE17
1393        case 17:
1394                sha1recompress_fast_17(ihvin, ihvout, me2, state);
1395                break;
1396#endif
1397#ifdef DOSTORESTATE18
1398        case 18:
1399                sha1recompress_fast_18(ihvin, ihvout, me2, state);
1400                break;
1401#endif
1402#ifdef DOSTORESTATE19
1403        case 19:
1404                sha1recompress_fast_19(ihvin, ihvout, me2, state);
1405                break;
1406#endif
1407#ifdef DOSTORESTATE20
1408        case 20:
1409                sha1recompress_fast_20(ihvin, ihvout, me2, state);
1410                break;
1411#endif
1412#ifdef DOSTORESTATE21
1413        case 21:
1414                sha1recompress_fast_21(ihvin, ihvout, me2, state);
1415                break;
1416#endif
1417#ifdef DOSTORESTATE22
1418        case 22:
1419                sha1recompress_fast_22(ihvin, ihvout, me2, state);
1420                break;
1421#endif
1422#ifdef DOSTORESTATE23
1423        case 23:
1424                sha1recompress_fast_23(ihvin, ihvout, me2, state);
1425                break;
1426#endif
1427#ifdef DOSTORESTATE24
1428        case 24:
1429                sha1recompress_fast_24(ihvin, ihvout, me2, state);
1430                break;
1431#endif
1432#ifdef DOSTORESTATE25
1433        case 25:
1434                sha1recompress_fast_25(ihvin, ihvout, me2, state);
1435                break;
1436#endif
1437#ifdef DOSTORESTATE26
1438        case 26:
1439                sha1recompress_fast_26(ihvin, ihvout, me2, state);
1440                break;
1441#endif
1442#ifdef DOSTORESTATE27
1443        case 27:
1444                sha1recompress_fast_27(ihvin, ihvout, me2, state);
1445                break;
1446#endif
1447#ifdef DOSTORESTATE28
1448        case 28:
1449                sha1recompress_fast_28(ihvin, ihvout, me2, state);
1450                break;
1451#endif
1452#ifdef DOSTORESTATE29
1453        case 29:
1454                sha1recompress_fast_29(ihvin, ihvout, me2, state);
1455                break;
1456#endif
1457#ifdef DOSTORESTATE30
1458        case 30:
1459                sha1recompress_fast_30(ihvin, ihvout, me2, state);
1460                break;
1461#endif
1462#ifdef DOSTORESTATE31
1463        case 31:
1464                sha1recompress_fast_31(ihvin, ihvout, me2, state);
1465                break;
1466#endif
1467#ifdef DOSTORESTATE32
1468        case 32:
1469                sha1recompress_fast_32(ihvin, ihvout, me2, state);
1470                break;
1471#endif
1472#ifdef DOSTORESTATE33
1473        case 33:
1474                sha1recompress_fast_33(ihvin, ihvout, me2, state);
1475                break;
1476#endif
1477#ifdef DOSTORESTATE34
1478        case 34:
1479                sha1recompress_fast_34(ihvin, ihvout, me2, state);
1480                break;
1481#endif
1482#ifdef DOSTORESTATE35
1483        case 35:
1484                sha1recompress_fast_35(ihvin, ihvout, me2, state);
1485                break;
1486#endif
1487#ifdef DOSTORESTATE36
1488        case 36:
1489                sha1recompress_fast_36(ihvin, ihvout, me2, state);
1490                break;
1491#endif
1492#ifdef DOSTORESTATE37
1493        case 37:
1494                sha1recompress_fast_37(ihvin, ihvout, me2, state);
1495                break;
1496#endif
1497#ifdef DOSTORESTATE38
1498        case 38:
1499                sha1recompress_fast_38(ihvin, ihvout, me2, state);
1500                break;
1501#endif
1502#ifdef DOSTORESTATE39
1503        case 39:
1504                sha1recompress_fast_39(ihvin, ihvout, me2, state);
1505                break;
1506#endif
1507#ifdef DOSTORESTATE40
1508        case 40:
1509                sha1recompress_fast_40(ihvin, ihvout, me2, state);
1510                break;
1511#endif
1512#ifdef DOSTORESTATE41
1513        case 41:
1514                sha1recompress_fast_41(ihvin, ihvout, me2, state);
1515                break;
1516#endif
1517#ifdef DOSTORESTATE42
1518        case 42:
1519                sha1recompress_fast_42(ihvin, ihvout, me2, state);
1520                break;
1521#endif
1522#ifdef DOSTORESTATE43
1523        case 43:
1524                sha1recompress_fast_43(ihvin, ihvout, me2, state);
1525                break;
1526#endif
1527#ifdef DOSTORESTATE44
1528        case 44:
1529                sha1recompress_fast_44(ihvin, ihvout, me2, state);
1530                break;
1531#endif
1532#ifdef DOSTORESTATE45
1533        case 45:
1534                sha1recompress_fast_45(ihvin, ihvout, me2, state);
1535                break;
1536#endif
1537#ifdef DOSTORESTATE46
1538        case 46:
1539                sha1recompress_fast_46(ihvin, ihvout, me2, state);
1540                break;
1541#endif
1542#ifdef DOSTORESTATE47
1543        case 47:
1544                sha1recompress_fast_47(ihvin, ihvout, me2, state);
1545                break;
1546#endif
1547#ifdef DOSTORESTATE48
1548        case 48:
1549                sha1recompress_fast_48(ihvin, ihvout, me2, state);
1550                break;
1551#endif
1552#ifdef DOSTORESTATE49
1553        case 49:
1554                sha1recompress_fast_49(ihvin, ihvout, me2, state);
1555                break;
1556#endif
1557#ifdef DOSTORESTATE50
1558        case 50:
1559                sha1recompress_fast_50(ihvin, ihvout, me2, state);
1560                break;
1561#endif
1562#ifdef DOSTORESTATE51
1563        case 51:
1564                sha1recompress_fast_51(ihvin, ihvout, me2, state);
1565                break;
1566#endif
1567#ifdef DOSTORESTATE52
1568        case 52:
1569                sha1recompress_fast_52(ihvin, ihvout, me2, state);
1570                break;
1571#endif
1572#ifdef DOSTORESTATE53
1573        case 53:
1574                sha1recompress_fast_53(ihvin, ihvout, me2, state);
1575                break;
1576#endif
1577#ifdef DOSTORESTATE54
1578        case 54:
1579                sha1recompress_fast_54(ihvin, ihvout, me2, state);
1580                break;
1581#endif
1582#ifdef DOSTORESTATE55
1583        case 55:
1584                sha1recompress_fast_55(ihvin, ihvout, me2, state);
1585                break;
1586#endif
1587#ifdef DOSTORESTATE56
1588        case 56:
1589                sha1recompress_fast_56(ihvin, ihvout, me2, state);
1590                break;
1591#endif
1592#ifdef DOSTORESTATE57
1593        case 57:
1594                sha1recompress_fast_57(ihvin, ihvout, me2, state);
1595                break;
1596#endif
1597#ifdef DOSTORESTATE58
1598        case 58:
1599                sha1recompress_fast_58(ihvin, ihvout, me2, state);
1600                break;
1601#endif
1602#ifdef DOSTORESTATE59
1603        case 59:
1604                sha1recompress_fast_59(ihvin, ihvout, me2, state);
1605                break;
1606#endif
1607#ifdef DOSTORESTATE60
1608        case 60:
1609                sha1recompress_fast_60(ihvin, ihvout, me2, state);
1610                break;
1611#endif
1612#ifdef DOSTORESTATE61
1613        case 61:
1614                sha1recompress_fast_61(ihvin, ihvout, me2, state);
1615                break;
1616#endif
1617#ifdef DOSTORESTATE62
1618        case 62:
1619                sha1recompress_fast_62(ihvin, ihvout, me2, state);
1620                break;
1621#endif
1622#ifdef DOSTORESTATE63
1623        case 63:
1624                sha1recompress_fast_63(ihvin, ihvout, me2, state);
1625                break;
1626#endif
1627#ifdef DOSTORESTATE64
1628        case 64:
1629                sha1recompress_fast_64(ihvin, ihvout, me2, state);
1630                break;
1631#endif
1632#ifdef DOSTORESTATE65
1633        case 65:
1634                sha1recompress_fast_65(ihvin, ihvout, me2, state);
1635                break;
1636#endif
1637#ifdef DOSTORESTATE66
1638        case 66:
1639                sha1recompress_fast_66(ihvin, ihvout, me2, state);
1640                break;
1641#endif
1642#ifdef DOSTORESTATE67
1643        case 67:
1644                sha1recompress_fast_67(ihvin, ihvout, me2, state);
1645                break;
1646#endif
1647#ifdef DOSTORESTATE68
1648        case 68:
1649                sha1recompress_fast_68(ihvin, ihvout, me2, state);
1650                break;
1651#endif
1652#ifdef DOSTORESTATE69
1653        case 69:
1654                sha1recompress_fast_69(ihvin, ihvout, me2, state);
1655                break;
1656#endif
1657#ifdef DOSTORESTATE70
1658        case 70:
1659                sha1recompress_fast_70(ihvin, ihvout, me2, state);
1660                break;
1661#endif
1662#ifdef DOSTORESTATE71
1663        case 71:
1664                sha1recompress_fast_71(ihvin, ihvout, me2, state);
1665                break;
1666#endif
1667#ifdef DOSTORESTATE72
1668        case 72:
1669                sha1recompress_fast_72(ihvin, ihvout, me2, state);
1670                break;
1671#endif
1672#ifdef DOSTORESTATE73
1673        case 73:
1674                sha1recompress_fast_73(ihvin, ihvout, me2, state);
1675                break;
1676#endif
1677#ifdef DOSTORESTATE74
1678        case 74:
1679                sha1recompress_fast_74(ihvin, ihvout, me2, state);
1680                break;
1681#endif
1682#ifdef DOSTORESTATE75
1683        case 75:
1684                sha1recompress_fast_75(ihvin, ihvout, me2, state);
1685                break;
1686#endif
1687#ifdef DOSTORESTATE76
1688        case 76:
1689                sha1recompress_fast_76(ihvin, ihvout, me2, state);
1690                break;
1691#endif
1692#ifdef DOSTORESTATE77
1693        case 77:
1694                sha1recompress_fast_77(ihvin, ihvout, me2, state);
1695                break;
1696#endif
1697#ifdef DOSTORESTATE78
1698        case 78:
1699                sha1recompress_fast_78(ihvin, ihvout, me2, state);
1700                break;
1701#endif
1702#ifdef DOSTORESTATE79
1703        case 79:
1704                sha1recompress_fast_79(ihvin, ihvout, me2, state);
1705                break;
1706#endif
1707        default:
1708                abort();
1709        }
1710
1711}
1712
1713
1714
1715static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
1716{
1717        unsigned i, j;
1718        uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
1719        uint32_t ihvtmp[5];
1720
1721        ctx->ihv1[0] = ctx->ihv[0];
1722        ctx->ihv1[1] = ctx->ihv[1];
1723        ctx->ihv1[2] = ctx->ihv[2];
1724        ctx->ihv1[3] = ctx->ihv[3];
1725        ctx->ihv1[4] = ctx->ihv[4];
1726
1727        sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
1728
1729        if (ctx->detect_coll)
1730        {
1731                if (ctx->ubc_check)
1732                {
1733                        ubc_check(ctx->m1, ubc_dv_mask);
1734                }
1735
1736                if (ubc_dv_mask[0] != 0)
1737                {
1738                        for (i = 0; sha1_dvs[i].dvType != 0; ++i)
1739                        {
1740                                if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
1741                                {
1742                                        for (j = 0; j < 80; ++j)
1743                                                ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1744
1745                                        sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);
1746
1747                                        /* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
1748                                        if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
1749                                                || (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
1750                                        {
1751                                                ctx->found_collision = 1;
1752
1753                                                if (ctx->safe_hash)
1754                                                {
1755                                                        sha1_compression_W(ctx->ihv, ctx->m1);
1756                                                        sha1_compression_W(ctx->ihv, ctx->m1);
1757                                                }
1758
1759                                                break;
1760                                        }
1761                                }
1762                        }
1763                }
1764        }
1765}
1766
1767void SHA1DCInit(SHA1_CTX* ctx)
1768{
1769        ctx->total = 0;
1770        ctx->ihv[0] = 0x67452301;
1771        ctx->ihv[1] = 0xEFCDAB89;
1772        ctx->ihv[2] = 0x98BADCFE;
1773        ctx->ihv[3] = 0x10325476;
1774        ctx->ihv[4] = 0xC3D2E1F0;
1775        ctx->found_collision = 0;
1776        ctx->safe_hash = SHA1DC_INIT_SAFE_HASH_DEFAULT;
1777        ctx->ubc_check = 1;
1778        ctx->detect_coll = 1;
1779        ctx->reduced_round_coll = 0;
1780        ctx->callback = NULL;
1781}
1782
1783void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
1784{
1785        if (safehash)
1786                ctx->safe_hash = 1;
1787        else
1788                ctx->safe_hash = 0;
1789}
1790
1791
1792void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
1793{
1794        if (ubc_check)
1795                ctx->ubc_check = 1;
1796        else
1797                ctx->ubc_check = 0;
1798}
1799
1800void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
1801{
1802        if (detect_coll)
1803                ctx->detect_coll = 1;
1804        else
1805                ctx->detect_coll = 0;
1806}
1807
1808void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
1809{
1810        if (reduced_round_coll)
1811                ctx->reduced_round_coll = 1;
1812        else
1813                ctx->reduced_round_coll = 0;
1814}
1815
1816void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
1817{
1818        ctx->callback = callback;
1819}
1820
1821void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
1822{
1823        unsigned left, fill;
1824
1825        if (len == 0)
1826                return;
1827
1828        left = ctx->total & 63;
1829        fill = 64 - left;
1830
1831        if (left && len >= fill)
1832        {
1833                ctx->total += fill;
1834                memcpy(ctx->buffer + left, buf, fill);
1835                sha1_process(ctx, (uint32_t*)(ctx->buffer));
1836                buf += fill;
1837                len -= fill;
1838                left = 0;
1839        }
1840        while (len >= 64)
1841        {
1842                ctx->total += 64;
1843
1844#if defined(SHA1DC_ALLOW_UNALIGNED_ACCESS)
1845                sha1_process(ctx, (uint32_t*)(buf));
1846#else
1847                memcpy(ctx->buffer, buf, 64);
1848                sha1_process(ctx, (uint32_t*)(ctx->buffer));
1849#endif /* defined(SHA1DC_ALLOW_UNALIGNED_ACCESS) */
1850                buf += 64;
1851                len -= 64;
1852        }
1853        if (len > 0)
1854        {
1855                ctx->total += len;
1856                memcpy(ctx->buffer + left, buf, len);
1857        }
1858}
1859
1860static const unsigned char sha1_padding[64] =
1861{
1862        0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1863        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1864        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1865        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1866};
1867
1868int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
1869{
1870        uint32_t last = ctx->total & 63;
1871        uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
1872        uint64_t total;
1873        SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
1874
1875        total = ctx->total - padn;
1876        total <<= 3;
1877        ctx->buffer[56] = (unsigned char)(total >> 56);
1878        ctx->buffer[57] = (unsigned char)(total >> 48);
1879        ctx->buffer[58] = (unsigned char)(total >> 40);
1880        ctx->buffer[59] = (unsigned char)(total >> 32);
1881        ctx->buffer[60] = (unsigned char)(total >> 24);
1882        ctx->buffer[61] = (unsigned char)(total >> 16);
1883        ctx->buffer[62] = (unsigned char)(total >> 8);
1884        ctx->buffer[63] = (unsigned char)(total);
1885        sha1_process(ctx, (uint32_t*)(ctx->buffer));
1886        output[0] = (unsigned char)(ctx->ihv[0] >> 24);
1887        output[1] = (unsigned char)(ctx->ihv[0] >> 16);
1888        output[2] = (unsigned char)(ctx->ihv[0] >> 8);
1889        output[3] = (unsigned char)(ctx->ihv[0]);
1890        output[4] = (unsigned char)(ctx->ihv[1] >> 24);
1891        output[5] = (unsigned char)(ctx->ihv[1] >> 16);
1892        output[6] = (unsigned char)(ctx->ihv[1] >> 8);
1893        output[7] = (unsigned char)(ctx->ihv[1]);
1894        output[8] = (unsigned char)(ctx->ihv[2] >> 24);
1895        output[9] = (unsigned char)(ctx->ihv[2] >> 16);
1896        output[10] = (unsigned char)(ctx->ihv[2] >> 8);
1897        output[11] = (unsigned char)(ctx->ihv[2]);
1898        output[12] = (unsigned char)(ctx->ihv[3] >> 24);
1899        output[13] = (unsigned char)(ctx->ihv[3] >> 16);
1900        output[14] = (unsigned char)(ctx->ihv[3] >> 8);
1901        output[15] = (unsigned char)(ctx->ihv[3]);
1902        output[16] = (unsigned char)(ctx->ihv[4] >> 24);
1903        output[17] = (unsigned char)(ctx->ihv[4] >> 16);
1904        output[18] = (unsigned char)(ctx->ihv[4] >> 8);
1905        output[19] = (unsigned char)(ctx->ihv[4]);
1906        return ctx->found_collision;
1907}
1908
1909#ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1910#include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1911#endif