sha1dc / sha1.con commit protocol: introduce enum protocol_version value protocol_v2 (8f6982b)
   1/***
   2* Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
   3* Distributed under the MIT Software License.
   4* See accompanying file LICENSE.txt or copy at
   5* https://opensource.org/licenses/MIT
   6***/
   7
   8#ifndef SHA1DC_NO_STANDARD_INCLUDES
   9#include <string.h>
  10#include <memory.h>
  11#include <stdio.h>
  12#include <stdlib.h>
  13#ifdef __unix__
  14#include <sys/types.h> /* make sure macros like _BIG_ENDIAN visible */
  15#endif
  16#endif
  17
  18#ifdef SHA1DC_CUSTOM_INCLUDE_SHA1_C
  19#include SHA1DC_CUSTOM_INCLUDE_SHA1_C
  20#endif
  21
  22#ifndef SHA1DC_INIT_SAFE_HASH_DEFAULT
  23#define SHA1DC_INIT_SAFE_HASH_DEFAULT 1
  24#endif
  25
  26#include "sha1.h"
  27#include "ubc_check.h"
  28
  29#if (defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || \
  30     defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__)  || \
  31     defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || \
  32     defined(_X86_) || defined(__THW_INTEL__) || defined(__I86__) || defined(__INTEL__) || \
  33     defined(__386) || defined(_M_X64) || defined(_M_AMD64))
  34#define SHA1DC_ON_INTEL_LIKE_PROCESSOR
  35#endif
  36
  37/*
  38   Because Little-Endian architectures are most common,
  39   we only set SHA1DC_BIGENDIAN if one of these conditions is met.
  40   Note that all MSFT platforms are little endian,
  41   so none of these will be defined under the MSC compiler.
  42   If you are compiling on a big endian platform and your compiler does not define one of these,
  43   you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
  44 */
  45
  46#if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
  47/*
  48 * Should detect Big Endian under GCC since at least 4.6.0 (gcc svn
  49 * rev #165881). See
  50 * https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
  51 *
  52 * This also works under clang since 3.2, it copied the GCC-ism. See
  53 * clang.git's 3b198a97d2 ("Preprocessor: add __BYTE_ORDER__
  54 * predefined macro", 2012-07-27)
  55 */
  56#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
  57#define SHA1DC_BIGENDIAN
  58#endif
  59
  60/* Not under GCC-alike */
  61#elif defined(__BYTE_ORDER) && defined(__BIG_ENDIAN)
  62/*
  63 * Should detect Big Endian under glibc.git since 14245eb70e ("entered
  64 * into RCS", 1992-11-25). Defined in <endian.h> which will have been
  65 * brought in by standard headers. See glibc.git and
  66 * https://sourceforge.net/p/predef/wiki/Endianness/
  67 */
  68#if __BYTE_ORDER == __BIG_ENDIAN
  69#define SHA1DC_BIGENDIAN
  70#endif
  71
  72/* Not under GCC-alike or glibc */
  73#elif defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN)
  74/*
  75 * *BSD and newlib (embeded linux, cygwin, etc).
  76 * the defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN) part prevents
  77 * this condition from matching with Solaris/sparc.
  78 * (Solaris defines only one endian macro)
  79 */
  80#if _BYTE_ORDER == _BIG_ENDIAN
  81#define SHA1DC_BIGENDIAN
  82#endif
  83
  84/* Not under GCC-alike or glibc or *BSD or newlib */
  85#elif (defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
  86       defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || \
  87       defined(__sparc))
  88/*
  89 * Should define Big Endian for a whitelist of known processors. See
  90 * https://sourceforge.net/p/predef/wiki/Endianness/ and
  91 * http://www.oracle.com/technetwork/server-storage/solaris/portingtosolaris-138514.html
  92 */
  93#define SHA1DC_BIGENDIAN
  94
  95/* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> */
  96#elif defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
  97/*
  98 * As a last resort before we do anything else we're not 100% sure
  99 * about below, we blacklist specific processors here. We could add
 100 * more, see e.g. https://wiki.debian.org/ArchitectureSpecificsMemo
 101 */
 102#else /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist>  or <processor blacklist> */
 103
 104/* We do nothing more here for now */
 105/*#error "Uncomment this to see if you fall through all the detection"*/
 106
 107#endif /* Big Endian detection */
 108
 109#if (defined(SHA1DC_FORCE_LITTLEENDIAN) && defined(SHA1DC_BIGENDIAN))
 110#undef SHA1DC_BIGENDIAN
 111#endif
 112#if (defined(SHA1DC_FORCE_BIGENDIAN) && !defined(SHA1DC_BIGENDIAN))
 113#define SHA1DC_BIGENDIAN
 114#endif
 115/*ENDIANNESS SELECTION*/
 116
 117#if defined(SHA1DC_FORCE_UNALIGNED_ACCESS) || defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
 118#define SHA1DC_ALLOW_UNALIGNED_ACCESS
 119#endif /*UNALIGNMENT DETECTION*/
 120
 121
 122#define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
 123#define rotate_left(x,n)  (((x)<<(n))|((x)>>(32-(n))))
 124
 125#define sha1_bswap32(x) \
 126        {x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}
 127
 128#define sha1_mix(W, t)  (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
 129
 130#ifdef SHA1DC_BIGENDIAN
 131        #define sha1_load(m, t, temp)  { temp = m[t]; }
 132#else
 133        #define sha1_load(m, t, temp)  { temp = m[t]; sha1_bswap32(temp); }
 134#endif
 135
 136#define sha1_store(W, t, x)     *(volatile uint32_t *)&W[t] = x
 137
 138#define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
 139#define sha1_f2(b,c,d) ((b)^(c)^(d))
 140#define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
 141#define sha1_f4(b,c,d) ((b)^(c)^(d))
 142
 143#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
 144        { e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
 145#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
 146        { e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
 147#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
 148        { e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
 149#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
 150        { e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }
 151
 152#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
 153        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
 154#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
 155        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
 156#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
 157        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
 158#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
 159        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }
 160
 161#define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
 162        {sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
 163
 164#define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
 165        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
 166
 167#define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
 168        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
 169
 170#define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
 171        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
 172
 173#define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
 174        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }
 175
 176
 177#define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
 178
 179#ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
 180void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
 181{
 182        uint32_t W[80];
 183        uint32_t a,b,c,d,e;
 184        unsigned i;
 185
 186        memcpy(W, m, 16 * 4);
 187        for (i = 16; i < 80; ++i)
 188                W[i] = sha1_mix(W, i);
 189
 190        a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
 191
 192        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
 193        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
 194        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
 195        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
 196        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
 197        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
 198        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
 199        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
 200        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
 201        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
 202        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
 203        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
 204        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
 205        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
 206        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
 207        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
 208        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
 209        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
 210        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
 211        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
 212
 213        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
 214        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
 215        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
 216        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
 217        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
 218        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
 219        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
 220        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
 221        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
 222        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
 223        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
 224        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
 225        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
 226        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
 227        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
 228        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
 229        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
 230        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
 231        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
 232        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
 233
 234        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
 235        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
 236        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
 237        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
 238        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
 239        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
 240        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
 241        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
 242        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
 243        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
 244        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
 245        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
 246        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
 247        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
 248        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
 249        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
 250        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
 251        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
 252        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
 253        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
 254
 255        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
 256        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
 257        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
 258        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
 259        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
 260        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
 261        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
 262        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
 263        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
 264        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
 265        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
 266        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
 267        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
 268        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
 269        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
 270        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
 271        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
 272        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
 273        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
 274        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
 275
 276        ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
 277}
 278#endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
 279
 280
 281static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
 282{
 283        uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
 284
 285        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
 286        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
 287        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
 288        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
 289        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
 290        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
 291        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
 292        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
 293        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
 294        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
 295        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
 296        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
 297        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
 298        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
 299        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
 300        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
 301        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
 302        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
 303        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
 304        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
 305
 306        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
 307        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
 308        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
 309        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
 310        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
 311        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
 312        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
 313        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
 314        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
 315        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
 316        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
 317        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
 318        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
 319        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
 320        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
 321        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
 322        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
 323        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
 324        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
 325        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
 326
 327        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
 328        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
 329        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
 330        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
 331        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
 332        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
 333        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
 334        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
 335        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
 336        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
 337        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
 338        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
 339        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
 340        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
 341        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
 342        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
 343        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
 344        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
 345        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
 346        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
 347
 348        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
 349        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
 350        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
 351        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
 352        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
 353        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
 354        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
 355        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
 356        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
 357        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
 358        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
 359        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
 360        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
 361        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
 362        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
 363        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
 364        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
 365        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
 366        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
 367        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
 368
 369        ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
 370}
 371
 372
 373
 374void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
 375{
 376        uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
 377        uint32_t temp;
 378
 379#ifdef DOSTORESTATE00
 380        SHA1_STORE_STATE(0)
 381#endif
 382        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
 383
 384#ifdef DOSTORESTATE01
 385        SHA1_STORE_STATE(1)
 386#endif
 387        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
 388
 389#ifdef DOSTORESTATE02
 390        SHA1_STORE_STATE(2)
 391#endif
 392        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
 393
 394#ifdef DOSTORESTATE03
 395        SHA1_STORE_STATE(3)
 396#endif
 397        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
 398
 399#ifdef DOSTORESTATE04
 400        SHA1_STORE_STATE(4)
 401#endif
 402        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
 403
 404#ifdef DOSTORESTATE05
 405        SHA1_STORE_STATE(5)
 406#endif
 407        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
 408
 409#ifdef DOSTORESTATE06
 410        SHA1_STORE_STATE(6)
 411#endif
 412        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
 413
 414#ifdef DOSTORESTATE07
 415        SHA1_STORE_STATE(7)
 416#endif
 417        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
 418
 419#ifdef DOSTORESTATE08
 420        SHA1_STORE_STATE(8)
 421#endif
 422        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
 423
 424#ifdef DOSTORESTATE09
 425        SHA1_STORE_STATE(9)
 426#endif
 427        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
 428
 429#ifdef DOSTORESTATE10
 430        SHA1_STORE_STATE(10)
 431#endif
 432        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
 433
 434#ifdef DOSTORESTATE11
 435        SHA1_STORE_STATE(11)
 436#endif
 437        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
 438
 439#ifdef DOSTORESTATE12
 440        SHA1_STORE_STATE(12)
 441#endif
 442        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
 443
 444#ifdef DOSTORESTATE13
 445        SHA1_STORE_STATE(13)
 446#endif
 447        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
 448
 449#ifdef DOSTORESTATE14
 450        SHA1_STORE_STATE(14)
 451#endif
 452        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
 453
 454#ifdef DOSTORESTATE15
 455        SHA1_STORE_STATE(15)
 456#endif
 457        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
 458
 459#ifdef DOSTORESTATE16
 460        SHA1_STORE_STATE(16)
 461#endif
 462        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
 463
 464#ifdef DOSTORESTATE17
 465        SHA1_STORE_STATE(17)
 466#endif
 467        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
 468
 469#ifdef DOSTORESTATE18
 470        SHA1_STORE_STATE(18)
 471#endif
 472        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
 473
 474#ifdef DOSTORESTATE19
 475        SHA1_STORE_STATE(19)
 476#endif
 477        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
 478
 479
 480
 481#ifdef DOSTORESTATE20
 482        SHA1_STORE_STATE(20)
 483#endif
 484        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
 485
 486#ifdef DOSTORESTATE21
 487        SHA1_STORE_STATE(21)
 488#endif
 489        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
 490
 491#ifdef DOSTORESTATE22
 492        SHA1_STORE_STATE(22)
 493#endif
 494        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
 495
 496#ifdef DOSTORESTATE23
 497        SHA1_STORE_STATE(23)
 498#endif
 499        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
 500
 501#ifdef DOSTORESTATE24
 502        SHA1_STORE_STATE(24)
 503#endif
 504        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
 505
 506#ifdef DOSTORESTATE25
 507        SHA1_STORE_STATE(25)
 508#endif
 509        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
 510
 511#ifdef DOSTORESTATE26
 512        SHA1_STORE_STATE(26)
 513#endif
 514        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
 515
 516#ifdef DOSTORESTATE27
 517        SHA1_STORE_STATE(27)
 518#endif
 519        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
 520
 521#ifdef DOSTORESTATE28
 522        SHA1_STORE_STATE(28)
 523#endif
 524        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
 525
 526#ifdef DOSTORESTATE29
 527        SHA1_STORE_STATE(29)
 528#endif
 529        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
 530
 531#ifdef DOSTORESTATE30
 532        SHA1_STORE_STATE(30)
 533#endif
 534        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
 535
 536#ifdef DOSTORESTATE31
 537        SHA1_STORE_STATE(31)
 538#endif
 539        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
 540
 541#ifdef DOSTORESTATE32
 542        SHA1_STORE_STATE(32)
 543#endif
 544        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
 545
 546#ifdef DOSTORESTATE33
 547        SHA1_STORE_STATE(33)
 548#endif
 549        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
 550
 551#ifdef DOSTORESTATE34
 552        SHA1_STORE_STATE(34)
 553#endif
 554        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
 555
 556#ifdef DOSTORESTATE35
 557        SHA1_STORE_STATE(35)
 558#endif
 559        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
 560
 561#ifdef DOSTORESTATE36
 562        SHA1_STORE_STATE(36)
 563#endif
 564        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
 565
 566#ifdef DOSTORESTATE37
 567        SHA1_STORE_STATE(37)
 568#endif
 569        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
 570
 571#ifdef DOSTORESTATE38
 572        SHA1_STORE_STATE(38)
 573#endif
 574        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
 575
 576#ifdef DOSTORESTATE39
 577        SHA1_STORE_STATE(39)
 578#endif
 579        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
 580
 581
 582
 583#ifdef DOSTORESTATE40
 584        SHA1_STORE_STATE(40)
 585#endif
 586        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
 587
 588#ifdef DOSTORESTATE41
 589        SHA1_STORE_STATE(41)
 590#endif
 591        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
 592
 593#ifdef DOSTORESTATE42
 594        SHA1_STORE_STATE(42)
 595#endif
 596        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
 597
 598#ifdef DOSTORESTATE43
 599        SHA1_STORE_STATE(43)
 600#endif
 601        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
 602
 603#ifdef DOSTORESTATE44
 604        SHA1_STORE_STATE(44)
 605#endif
 606        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
 607
 608#ifdef DOSTORESTATE45
 609        SHA1_STORE_STATE(45)
 610#endif
 611        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
 612
 613#ifdef DOSTORESTATE46
 614        SHA1_STORE_STATE(46)
 615#endif
 616        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
 617
 618#ifdef DOSTORESTATE47
 619        SHA1_STORE_STATE(47)
 620#endif
 621        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
 622
 623#ifdef DOSTORESTATE48
 624        SHA1_STORE_STATE(48)
 625#endif
 626        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
 627
 628#ifdef DOSTORESTATE49
 629        SHA1_STORE_STATE(49)
 630#endif
 631        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
 632
 633#ifdef DOSTORESTATE50
 634        SHA1_STORE_STATE(50)
 635#endif
 636        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
 637
 638#ifdef DOSTORESTATE51
 639        SHA1_STORE_STATE(51)
 640#endif
 641        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
 642
 643#ifdef DOSTORESTATE52
 644        SHA1_STORE_STATE(52)
 645#endif
 646        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
 647
 648#ifdef DOSTORESTATE53
 649        SHA1_STORE_STATE(53)
 650#endif
 651        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
 652
 653#ifdef DOSTORESTATE54
 654        SHA1_STORE_STATE(54)
 655#endif
 656        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
 657
 658#ifdef DOSTORESTATE55
 659        SHA1_STORE_STATE(55)
 660#endif
 661        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
 662
 663#ifdef DOSTORESTATE56
 664        SHA1_STORE_STATE(56)
 665#endif
 666        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
 667
 668#ifdef DOSTORESTATE57
 669        SHA1_STORE_STATE(57)
 670#endif
 671        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
 672
 673#ifdef DOSTORESTATE58
 674        SHA1_STORE_STATE(58)
 675#endif
 676        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
 677
 678#ifdef DOSTORESTATE59
 679        SHA1_STORE_STATE(59)
 680#endif
 681        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
 682
 683
 684
 685
 686#ifdef DOSTORESTATE60
 687        SHA1_STORE_STATE(60)
 688#endif
 689        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
 690
 691#ifdef DOSTORESTATE61
 692        SHA1_STORE_STATE(61)
 693#endif
 694        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
 695
 696#ifdef DOSTORESTATE62
 697        SHA1_STORE_STATE(62)
 698#endif
 699        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
 700
 701#ifdef DOSTORESTATE63
 702        SHA1_STORE_STATE(63)
 703#endif
 704        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
 705
 706#ifdef DOSTORESTATE64
 707        SHA1_STORE_STATE(64)
 708#endif
 709        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
 710
 711#ifdef DOSTORESTATE65
 712        SHA1_STORE_STATE(65)
 713#endif
 714        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
 715
 716#ifdef DOSTORESTATE66
 717        SHA1_STORE_STATE(66)
 718#endif
 719        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
 720
 721#ifdef DOSTORESTATE67
 722        SHA1_STORE_STATE(67)
 723#endif
 724        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
 725
 726#ifdef DOSTORESTATE68
 727        SHA1_STORE_STATE(68)
 728#endif
 729        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
 730
 731#ifdef DOSTORESTATE69
 732        SHA1_STORE_STATE(69)
 733#endif
 734        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
 735
 736#ifdef DOSTORESTATE70
 737        SHA1_STORE_STATE(70)
 738#endif
 739        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
 740
 741#ifdef DOSTORESTATE71
 742        SHA1_STORE_STATE(71)
 743#endif
 744        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
 745
 746#ifdef DOSTORESTATE72
 747        SHA1_STORE_STATE(72)
 748#endif
 749        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
 750
 751#ifdef DOSTORESTATE73
 752        SHA1_STORE_STATE(73)
 753#endif
 754        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
 755
 756#ifdef DOSTORESTATE74
 757        SHA1_STORE_STATE(74)
 758#endif
 759        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
 760
 761#ifdef DOSTORESTATE75
 762        SHA1_STORE_STATE(75)
 763#endif
 764        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
 765
 766#ifdef DOSTORESTATE76
 767        SHA1_STORE_STATE(76)
 768#endif
 769        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
 770
 771#ifdef DOSTORESTATE77
 772        SHA1_STORE_STATE(77)
 773#endif
 774        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
 775
 776#ifdef DOSTORESTATE78
 777        SHA1_STORE_STATE(78)
 778#endif
 779        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
 780
 781#ifdef DOSTORESTATE79
 782        SHA1_STORE_STATE(79)
 783#endif
 784        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
 785
 786
 787
 788        ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
 789}
 790
 791
 792
 793
 794#define SHA1_RECOMPRESS(t) \
 795static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
 796{ \
 797        uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
 798        if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
 799        if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
 800        if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
 801        if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
 802        if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
 803        if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
 804        if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
 805        if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
 806        if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
 807        if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
 808        if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
 809        if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
 810        if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
 811        if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
 812        if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
 813        if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
 814        if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
 815        if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
 816        if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
 817        if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
 818        if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
 819        if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
 820        if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
 821        if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
 822        if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
 823        if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
 824        if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
 825        if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
 826        if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
 827        if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
 828        if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
 829        if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
 830        if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
 831        if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
 832        if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
 833        if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
 834        if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
 835        if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
 836        if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
 837        if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
 838        if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
 839        if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
 840        if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
 841        if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
 842        if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
 843        if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
 844        if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
 845        if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
 846        if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
 847        if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
 848        if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
 849        if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
 850        if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
 851        if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
 852        if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
 853        if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
 854        if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
 855        if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
 856        if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
 857        if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
 858        if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
 859        if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
 860        if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
 861        if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
 862        if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
 863        if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
 864        if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
 865        if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
 866        if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
 867        if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
 868        if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
 869        if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
 870        if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
 871        if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
 872        if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
 873        if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
 874        if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
 875        if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
 876        if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
 877        if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
 878        ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
 879        a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
 880        if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
 881        if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
 882        if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
 883        if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
 884        if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
 885        if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
 886        if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
 887        if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
 888        if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
 889        if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
 890        if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
 891        if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
 892        if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
 893        if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
 894        if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
 895        if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
 896        if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
 897        if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
 898        if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
 899        if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
 900        if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
 901        if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
 902        if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
 903        if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
 904        if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
 905        if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
 906        if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
 907        if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
 908        if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
 909        if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
 910        if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
 911        if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
 912        if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
 913        if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
 914        if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
 915        if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
 916        if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
 917        if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
 918        if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
 919        if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
 920        if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
 921        if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
 922        if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
 923        if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
 924        if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
 925        if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
 926        if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
 927        if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
 928        if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
 929        if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
 930        if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
 931        if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
 932        if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
 933        if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
 934        if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
 935        if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
 936        if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
 937        if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
 938        if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
 939        if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
 940        if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
 941        if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
 942        if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
 943        if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
 944        if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
 945        if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
 946        if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
 947        if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
 948        if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
 949        if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
 950        if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
 951        if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
 952        if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
 953        if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
 954        if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
 955        if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
 956        if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
 957        if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
 958        if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
 959        if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
 960        ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
 961}
 962
 963#ifdef _MSC_VER
 964#pragma warning(push)
 965#pragma warning(disable: 4127)  /* Compiler complains about the checks in the above macro being constant. */
 966#endif
 967
 968#ifdef DOSTORESTATE0
 969SHA1_RECOMPRESS(0)
 970#endif
 971
 972#ifdef DOSTORESTATE1
 973SHA1_RECOMPRESS(1)
 974#endif
 975
 976#ifdef DOSTORESTATE2
 977SHA1_RECOMPRESS(2)
 978#endif
 979
 980#ifdef DOSTORESTATE3
 981SHA1_RECOMPRESS(3)
 982#endif
 983
 984#ifdef DOSTORESTATE4
 985SHA1_RECOMPRESS(4)
 986#endif
 987
 988#ifdef DOSTORESTATE5
 989SHA1_RECOMPRESS(5)
 990#endif
 991
 992#ifdef DOSTORESTATE6
 993SHA1_RECOMPRESS(6)
 994#endif
 995
 996#ifdef DOSTORESTATE7
 997SHA1_RECOMPRESS(7)
 998#endif
 999
1000#ifdef DOSTORESTATE8
1001SHA1_RECOMPRESS(8)
1002#endif
1003
1004#ifdef DOSTORESTATE9
1005SHA1_RECOMPRESS(9)
1006#endif
1007
1008#ifdef DOSTORESTATE10
1009SHA1_RECOMPRESS(10)
1010#endif
1011
1012#ifdef DOSTORESTATE11
1013SHA1_RECOMPRESS(11)
1014#endif
1015
1016#ifdef DOSTORESTATE12
1017SHA1_RECOMPRESS(12)
1018#endif
1019
1020#ifdef DOSTORESTATE13
1021SHA1_RECOMPRESS(13)
1022#endif
1023
1024#ifdef DOSTORESTATE14
1025SHA1_RECOMPRESS(14)
1026#endif
1027
1028#ifdef DOSTORESTATE15
1029SHA1_RECOMPRESS(15)
1030#endif
1031
1032#ifdef DOSTORESTATE16
1033SHA1_RECOMPRESS(16)
1034#endif
1035
1036#ifdef DOSTORESTATE17
1037SHA1_RECOMPRESS(17)
1038#endif
1039
1040#ifdef DOSTORESTATE18
1041SHA1_RECOMPRESS(18)
1042#endif
1043
1044#ifdef DOSTORESTATE19
1045SHA1_RECOMPRESS(19)
1046#endif
1047
1048#ifdef DOSTORESTATE20
1049SHA1_RECOMPRESS(20)
1050#endif
1051
1052#ifdef DOSTORESTATE21
1053SHA1_RECOMPRESS(21)
1054#endif
1055
1056#ifdef DOSTORESTATE22
1057SHA1_RECOMPRESS(22)
1058#endif
1059
1060#ifdef DOSTORESTATE23
1061SHA1_RECOMPRESS(23)
1062#endif
1063
1064#ifdef DOSTORESTATE24
1065SHA1_RECOMPRESS(24)
1066#endif
1067
1068#ifdef DOSTORESTATE25
1069SHA1_RECOMPRESS(25)
1070#endif
1071
1072#ifdef DOSTORESTATE26
1073SHA1_RECOMPRESS(26)
1074#endif
1075
1076#ifdef DOSTORESTATE27
1077SHA1_RECOMPRESS(27)
1078#endif
1079
1080#ifdef DOSTORESTATE28
1081SHA1_RECOMPRESS(28)
1082#endif
1083
1084#ifdef DOSTORESTATE29
1085SHA1_RECOMPRESS(29)
1086#endif
1087
1088#ifdef DOSTORESTATE30
1089SHA1_RECOMPRESS(30)
1090#endif
1091
1092#ifdef DOSTORESTATE31
1093SHA1_RECOMPRESS(31)
1094#endif
1095
1096#ifdef DOSTORESTATE32
1097SHA1_RECOMPRESS(32)
1098#endif
1099
1100#ifdef DOSTORESTATE33
1101SHA1_RECOMPRESS(33)
1102#endif
1103
1104#ifdef DOSTORESTATE34
1105SHA1_RECOMPRESS(34)
1106#endif
1107
1108#ifdef DOSTORESTATE35
1109SHA1_RECOMPRESS(35)
1110#endif
1111
1112#ifdef DOSTORESTATE36
1113SHA1_RECOMPRESS(36)
1114#endif
1115
1116#ifdef DOSTORESTATE37
1117SHA1_RECOMPRESS(37)
1118#endif
1119
1120#ifdef DOSTORESTATE38
1121SHA1_RECOMPRESS(38)
1122#endif
1123
1124#ifdef DOSTORESTATE39
1125SHA1_RECOMPRESS(39)
1126#endif
1127
1128#ifdef DOSTORESTATE40
1129SHA1_RECOMPRESS(40)
1130#endif
1131
1132#ifdef DOSTORESTATE41
1133SHA1_RECOMPRESS(41)
1134#endif
1135
1136#ifdef DOSTORESTATE42
1137SHA1_RECOMPRESS(42)
1138#endif
1139
1140#ifdef DOSTORESTATE43
1141SHA1_RECOMPRESS(43)
1142#endif
1143
1144#ifdef DOSTORESTATE44
1145SHA1_RECOMPRESS(44)
1146#endif
1147
1148#ifdef DOSTORESTATE45
1149SHA1_RECOMPRESS(45)
1150#endif
1151
1152#ifdef DOSTORESTATE46
1153SHA1_RECOMPRESS(46)
1154#endif
1155
1156#ifdef DOSTORESTATE47
1157SHA1_RECOMPRESS(47)
1158#endif
1159
1160#ifdef DOSTORESTATE48
1161SHA1_RECOMPRESS(48)
1162#endif
1163
1164#ifdef DOSTORESTATE49
1165SHA1_RECOMPRESS(49)
1166#endif
1167
1168#ifdef DOSTORESTATE50
1169SHA1_RECOMPRESS(50)
1170#endif
1171
1172#ifdef DOSTORESTATE51
1173SHA1_RECOMPRESS(51)
1174#endif
1175
1176#ifdef DOSTORESTATE52
1177SHA1_RECOMPRESS(52)
1178#endif
1179
1180#ifdef DOSTORESTATE53
1181SHA1_RECOMPRESS(53)
1182#endif
1183
1184#ifdef DOSTORESTATE54
1185SHA1_RECOMPRESS(54)
1186#endif
1187
1188#ifdef DOSTORESTATE55
1189SHA1_RECOMPRESS(55)
1190#endif
1191
1192#ifdef DOSTORESTATE56
1193SHA1_RECOMPRESS(56)
1194#endif
1195
1196#ifdef DOSTORESTATE57
1197SHA1_RECOMPRESS(57)
1198#endif
1199
1200#ifdef DOSTORESTATE58
1201SHA1_RECOMPRESS(58)
1202#endif
1203
1204#ifdef DOSTORESTATE59
1205SHA1_RECOMPRESS(59)
1206#endif
1207
1208#ifdef DOSTORESTATE60
1209SHA1_RECOMPRESS(60)
1210#endif
1211
1212#ifdef DOSTORESTATE61
1213SHA1_RECOMPRESS(61)
1214#endif
1215
1216#ifdef DOSTORESTATE62
1217SHA1_RECOMPRESS(62)
1218#endif
1219
1220#ifdef DOSTORESTATE63
1221SHA1_RECOMPRESS(63)
1222#endif
1223
1224#ifdef DOSTORESTATE64
1225SHA1_RECOMPRESS(64)
1226#endif
1227
1228#ifdef DOSTORESTATE65
1229SHA1_RECOMPRESS(65)
1230#endif
1231
1232#ifdef DOSTORESTATE66
1233SHA1_RECOMPRESS(66)
1234#endif
1235
1236#ifdef DOSTORESTATE67
1237SHA1_RECOMPRESS(67)
1238#endif
1239
1240#ifdef DOSTORESTATE68
1241SHA1_RECOMPRESS(68)
1242#endif
1243
1244#ifdef DOSTORESTATE69
1245SHA1_RECOMPRESS(69)
1246#endif
1247
1248#ifdef DOSTORESTATE70
1249SHA1_RECOMPRESS(70)
1250#endif
1251
1252#ifdef DOSTORESTATE71
1253SHA1_RECOMPRESS(71)
1254#endif
1255
1256#ifdef DOSTORESTATE72
1257SHA1_RECOMPRESS(72)
1258#endif
1259
1260#ifdef DOSTORESTATE73
1261SHA1_RECOMPRESS(73)
1262#endif
1263
1264#ifdef DOSTORESTATE74
1265SHA1_RECOMPRESS(74)
1266#endif
1267
1268#ifdef DOSTORESTATE75
1269SHA1_RECOMPRESS(75)
1270#endif
1271
1272#ifdef DOSTORESTATE76
1273SHA1_RECOMPRESS(76)
1274#endif
1275
1276#ifdef DOSTORESTATE77
1277SHA1_RECOMPRESS(77)
1278#endif
1279
1280#ifdef DOSTORESTATE78
1281SHA1_RECOMPRESS(78)
1282#endif
1283
1284#ifdef DOSTORESTATE79
1285SHA1_RECOMPRESS(79)
1286#endif
1287
1288#ifdef _MSC_VER
1289#pragma warning(pop)
1290#endif
1291
1292static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
1293{
1294        switch (step)
1295        {
1296#ifdef DOSTORESTATE0
1297        case 0:
1298                sha1recompress_fast_0(ihvin, ihvout, me2, state);
1299                break;
1300#endif
1301#ifdef DOSTORESTATE1
1302        case 1:
1303                sha1recompress_fast_1(ihvin, ihvout, me2, state);
1304                break;
1305#endif
1306#ifdef DOSTORESTATE2
1307        case 2:
1308                sha1recompress_fast_2(ihvin, ihvout, me2, state);
1309                break;
1310#endif
1311#ifdef DOSTORESTATE3
1312        case 3:
1313                sha1recompress_fast_3(ihvin, ihvout, me2, state);
1314                break;
1315#endif
1316#ifdef DOSTORESTATE4
1317        case 4:
1318                sha1recompress_fast_4(ihvin, ihvout, me2, state);
1319                break;
1320#endif
1321#ifdef DOSTORESTATE5
1322        case 5:
1323                sha1recompress_fast_5(ihvin, ihvout, me2, state);
1324                break;
1325#endif
1326#ifdef DOSTORESTATE6
1327        case 6:
1328                sha1recompress_fast_6(ihvin, ihvout, me2, state);
1329                break;
1330#endif
1331#ifdef DOSTORESTATE7
1332        case 7:
1333                sha1recompress_fast_7(ihvin, ihvout, me2, state);
1334                break;
1335#endif
1336#ifdef DOSTORESTATE8
1337        case 8:
1338                sha1recompress_fast_8(ihvin, ihvout, me2, state);
1339                break;
1340#endif
1341#ifdef DOSTORESTATE9
1342        case 9:
1343                sha1recompress_fast_9(ihvin, ihvout, me2, state);
1344                break;
1345#endif
1346#ifdef DOSTORESTATE10
1347        case 10:
1348                sha1recompress_fast_10(ihvin, ihvout, me2, state);
1349                break;
1350#endif
1351#ifdef DOSTORESTATE11
1352        case 11:
1353                sha1recompress_fast_11(ihvin, ihvout, me2, state);
1354                break;
1355#endif
1356#ifdef DOSTORESTATE12
1357        case 12:
1358                sha1recompress_fast_12(ihvin, ihvout, me2, state);
1359                break;
1360#endif
1361#ifdef DOSTORESTATE13
1362        case 13:
1363                sha1recompress_fast_13(ihvin, ihvout, me2, state);
1364                break;
1365#endif
1366#ifdef DOSTORESTATE14
1367        case 14:
1368                sha1recompress_fast_14(ihvin, ihvout, me2, state);
1369                break;
1370#endif
1371#ifdef DOSTORESTATE15
1372        case 15:
1373                sha1recompress_fast_15(ihvin, ihvout, me2, state);
1374                break;
1375#endif
1376#ifdef DOSTORESTATE16
1377        case 16:
1378                sha1recompress_fast_16(ihvin, ihvout, me2, state);
1379                break;
1380#endif
1381#ifdef DOSTORESTATE17
1382        case 17:
1383                sha1recompress_fast_17(ihvin, ihvout, me2, state);
1384                break;
1385#endif
1386#ifdef DOSTORESTATE18
1387        case 18:
1388                sha1recompress_fast_18(ihvin, ihvout, me2, state);
1389                break;
1390#endif
1391#ifdef DOSTORESTATE19
1392        case 19:
1393                sha1recompress_fast_19(ihvin, ihvout, me2, state);
1394                break;
1395#endif
1396#ifdef DOSTORESTATE20
1397        case 20:
1398                sha1recompress_fast_20(ihvin, ihvout, me2, state);
1399                break;
1400#endif
1401#ifdef DOSTORESTATE21
1402        case 21:
1403                sha1recompress_fast_21(ihvin, ihvout, me2, state);
1404                break;
1405#endif
1406#ifdef DOSTORESTATE22
1407        case 22:
1408                sha1recompress_fast_22(ihvin, ihvout, me2, state);
1409                break;
1410#endif
1411#ifdef DOSTORESTATE23
1412        case 23:
1413                sha1recompress_fast_23(ihvin, ihvout, me2, state);
1414                break;
1415#endif
1416#ifdef DOSTORESTATE24
1417        case 24:
1418                sha1recompress_fast_24(ihvin, ihvout, me2, state);
1419                break;
1420#endif
1421#ifdef DOSTORESTATE25
1422        case 25:
1423                sha1recompress_fast_25(ihvin, ihvout, me2, state);
1424                break;
1425#endif
1426#ifdef DOSTORESTATE26
1427        case 26:
1428                sha1recompress_fast_26(ihvin, ihvout, me2, state);
1429                break;
1430#endif
1431#ifdef DOSTORESTATE27
1432        case 27:
1433                sha1recompress_fast_27(ihvin, ihvout, me2, state);
1434                break;
1435#endif
1436#ifdef DOSTORESTATE28
1437        case 28:
1438                sha1recompress_fast_28(ihvin, ihvout, me2, state);
1439                break;
1440#endif
1441#ifdef DOSTORESTATE29
1442        case 29:
1443                sha1recompress_fast_29(ihvin, ihvout, me2, state);
1444                break;
1445#endif
1446#ifdef DOSTORESTATE30
1447        case 30:
1448                sha1recompress_fast_30(ihvin, ihvout, me2, state);
1449                break;
1450#endif
1451#ifdef DOSTORESTATE31
1452        case 31:
1453                sha1recompress_fast_31(ihvin, ihvout, me2, state);
1454                break;
1455#endif
1456#ifdef DOSTORESTATE32
1457        case 32:
1458                sha1recompress_fast_32(ihvin, ihvout, me2, state);
1459                break;
1460#endif
1461#ifdef DOSTORESTATE33
1462        case 33:
1463                sha1recompress_fast_33(ihvin, ihvout, me2, state);
1464                break;
1465#endif
1466#ifdef DOSTORESTATE34
1467        case 34:
1468                sha1recompress_fast_34(ihvin, ihvout, me2, state);
1469                break;
1470#endif
1471#ifdef DOSTORESTATE35
1472        case 35:
1473                sha1recompress_fast_35(ihvin, ihvout, me2, state);
1474                break;
1475#endif
1476#ifdef DOSTORESTATE36
1477        case 36:
1478                sha1recompress_fast_36(ihvin, ihvout, me2, state);
1479                break;
1480#endif
1481#ifdef DOSTORESTATE37
1482        case 37:
1483                sha1recompress_fast_37(ihvin, ihvout, me2, state);
1484                break;
1485#endif
1486#ifdef DOSTORESTATE38
1487        case 38:
1488                sha1recompress_fast_38(ihvin, ihvout, me2, state);
1489                break;
1490#endif
1491#ifdef DOSTORESTATE39
1492        case 39:
1493                sha1recompress_fast_39(ihvin, ihvout, me2, state);
1494                break;
1495#endif
1496#ifdef DOSTORESTATE40
1497        case 40:
1498                sha1recompress_fast_40(ihvin, ihvout, me2, state);
1499                break;
1500#endif
1501#ifdef DOSTORESTATE41
1502        case 41:
1503                sha1recompress_fast_41(ihvin, ihvout, me2, state);
1504                break;
1505#endif
1506#ifdef DOSTORESTATE42
1507        case 42:
1508                sha1recompress_fast_42(ihvin, ihvout, me2, state);
1509                break;
1510#endif
1511#ifdef DOSTORESTATE43
1512        case 43:
1513                sha1recompress_fast_43(ihvin, ihvout, me2, state);
1514                break;
1515#endif
1516#ifdef DOSTORESTATE44
1517        case 44:
1518                sha1recompress_fast_44(ihvin, ihvout, me2, state);
1519                break;
1520#endif
1521#ifdef DOSTORESTATE45
1522        case 45:
1523                sha1recompress_fast_45(ihvin, ihvout, me2, state);
1524                break;
1525#endif
1526#ifdef DOSTORESTATE46
1527        case 46:
1528                sha1recompress_fast_46(ihvin, ihvout, me2, state);
1529                break;
1530#endif
1531#ifdef DOSTORESTATE47
1532        case 47:
1533                sha1recompress_fast_47(ihvin, ihvout, me2, state);
1534                break;
1535#endif
1536#ifdef DOSTORESTATE48
1537        case 48:
1538                sha1recompress_fast_48(ihvin, ihvout, me2, state);
1539                break;
1540#endif
1541#ifdef DOSTORESTATE49
1542        case 49:
1543                sha1recompress_fast_49(ihvin, ihvout, me2, state);
1544                break;
1545#endif
1546#ifdef DOSTORESTATE50
1547        case 50:
1548                sha1recompress_fast_50(ihvin, ihvout, me2, state);
1549                break;
1550#endif
1551#ifdef DOSTORESTATE51
1552        case 51:
1553                sha1recompress_fast_51(ihvin, ihvout, me2, state);
1554                break;
1555#endif
1556#ifdef DOSTORESTATE52
1557        case 52:
1558                sha1recompress_fast_52(ihvin, ihvout, me2, state);
1559                break;
1560#endif
1561#ifdef DOSTORESTATE53
1562        case 53:
1563                sha1recompress_fast_53(ihvin, ihvout, me2, state);
1564                break;
1565#endif
1566#ifdef DOSTORESTATE54
1567        case 54:
1568                sha1recompress_fast_54(ihvin, ihvout, me2, state);
1569                break;
1570#endif
1571#ifdef DOSTORESTATE55
1572        case 55:
1573                sha1recompress_fast_55(ihvin, ihvout, me2, state);
1574                break;
1575#endif
1576#ifdef DOSTORESTATE56
1577        case 56:
1578                sha1recompress_fast_56(ihvin, ihvout, me2, state);
1579                break;
1580#endif
1581#ifdef DOSTORESTATE57
1582        case 57:
1583                sha1recompress_fast_57(ihvin, ihvout, me2, state);
1584                break;
1585#endif
1586#ifdef DOSTORESTATE58
1587        case 58:
1588                sha1recompress_fast_58(ihvin, ihvout, me2, state);
1589                break;
1590#endif
1591#ifdef DOSTORESTATE59
1592        case 59:
1593                sha1recompress_fast_59(ihvin, ihvout, me2, state);
1594                break;
1595#endif
1596#ifdef DOSTORESTATE60
1597        case 60:
1598                sha1recompress_fast_60(ihvin, ihvout, me2, state);
1599                break;
1600#endif
1601#ifdef DOSTORESTATE61
1602        case 61:
1603                sha1recompress_fast_61(ihvin, ihvout, me2, state);
1604                break;
1605#endif
1606#ifdef DOSTORESTATE62
1607        case 62:
1608                sha1recompress_fast_62(ihvin, ihvout, me2, state);
1609                break;
1610#endif
1611#ifdef DOSTORESTATE63
1612        case 63:
1613                sha1recompress_fast_63(ihvin, ihvout, me2, state);
1614                break;
1615#endif
1616#ifdef DOSTORESTATE64
1617        case 64:
1618                sha1recompress_fast_64(ihvin, ihvout, me2, state);
1619                break;
1620#endif
1621#ifdef DOSTORESTATE65
1622        case 65:
1623                sha1recompress_fast_65(ihvin, ihvout, me2, state);
1624                break;
1625#endif
1626#ifdef DOSTORESTATE66
1627        case 66:
1628                sha1recompress_fast_66(ihvin, ihvout, me2, state);
1629                break;
1630#endif
1631#ifdef DOSTORESTATE67
1632        case 67:
1633                sha1recompress_fast_67(ihvin, ihvout, me2, state);
1634                break;
1635#endif
1636#ifdef DOSTORESTATE68
1637        case 68:
1638                sha1recompress_fast_68(ihvin, ihvout, me2, state);
1639                break;
1640#endif
1641#ifdef DOSTORESTATE69
1642        case 69:
1643                sha1recompress_fast_69(ihvin, ihvout, me2, state);
1644                break;
1645#endif
1646#ifdef DOSTORESTATE70
1647        case 70:
1648                sha1recompress_fast_70(ihvin, ihvout, me2, state);
1649                break;
1650#endif
1651#ifdef DOSTORESTATE71
1652        case 71:
1653                sha1recompress_fast_71(ihvin, ihvout, me2, state);
1654                break;
1655#endif
1656#ifdef DOSTORESTATE72
1657        case 72:
1658                sha1recompress_fast_72(ihvin, ihvout, me2, state);
1659                break;
1660#endif
1661#ifdef DOSTORESTATE73
1662        case 73:
1663                sha1recompress_fast_73(ihvin, ihvout, me2, state);
1664                break;
1665#endif
1666#ifdef DOSTORESTATE74
1667        case 74:
1668                sha1recompress_fast_74(ihvin, ihvout, me2, state);
1669                break;
1670#endif
1671#ifdef DOSTORESTATE75
1672        case 75:
1673                sha1recompress_fast_75(ihvin, ihvout, me2, state);
1674                break;
1675#endif
1676#ifdef DOSTORESTATE76
1677        case 76:
1678                sha1recompress_fast_76(ihvin, ihvout, me2, state);
1679                break;
1680#endif
1681#ifdef DOSTORESTATE77
1682        case 77:
1683                sha1recompress_fast_77(ihvin, ihvout, me2, state);
1684                break;
1685#endif
1686#ifdef DOSTORESTATE78
1687        case 78:
1688                sha1recompress_fast_78(ihvin, ihvout, me2, state);
1689                break;
1690#endif
1691#ifdef DOSTORESTATE79
1692        case 79:
1693                sha1recompress_fast_79(ihvin, ihvout, me2, state);
1694                break;
1695#endif
1696        default:
1697                abort();
1698        }
1699
1700}
1701
1702
1703
1704static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
1705{
1706        unsigned i, j;
1707        uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
1708        uint32_t ihvtmp[5];
1709
1710        ctx->ihv1[0] = ctx->ihv[0];
1711        ctx->ihv1[1] = ctx->ihv[1];
1712        ctx->ihv1[2] = ctx->ihv[2];
1713        ctx->ihv1[3] = ctx->ihv[3];
1714        ctx->ihv1[4] = ctx->ihv[4];
1715
1716        sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
1717
1718        if (ctx->detect_coll)
1719        {
1720                if (ctx->ubc_check)
1721                {
1722                        ubc_check(ctx->m1, ubc_dv_mask);
1723                }
1724
1725                if (ubc_dv_mask[0] != 0)
1726                {
1727                        for (i = 0; sha1_dvs[i].dvType != 0; ++i)
1728                        {
1729                                if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
1730                                {
1731                                        for (j = 0; j < 80; ++j)
1732                                                ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1733
1734                                        sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);
1735
1736                                        /* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
1737                                        if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
1738                                                || (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
1739                                        {
1740                                                ctx->found_collision = 1;
1741
1742                                                if (ctx->safe_hash)
1743                                                {
1744                                                        sha1_compression_W(ctx->ihv, ctx->m1);
1745                                                        sha1_compression_W(ctx->ihv, ctx->m1);
1746                                                }
1747
1748                                                break;
1749                                        }
1750                                }
1751                        }
1752                }
1753        }
1754}
1755
1756void SHA1DCInit(SHA1_CTX* ctx)
1757{
1758        ctx->total = 0;
1759        ctx->ihv[0] = 0x67452301;
1760        ctx->ihv[1] = 0xEFCDAB89;
1761        ctx->ihv[2] = 0x98BADCFE;
1762        ctx->ihv[3] = 0x10325476;
1763        ctx->ihv[4] = 0xC3D2E1F0;
1764        ctx->found_collision = 0;
1765        ctx->safe_hash = SHA1DC_INIT_SAFE_HASH_DEFAULT;
1766        ctx->ubc_check = 1;
1767        ctx->detect_coll = 1;
1768        ctx->reduced_round_coll = 0;
1769        ctx->callback = NULL;
1770}
1771
1772void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
1773{
1774        if (safehash)
1775                ctx->safe_hash = 1;
1776        else
1777                ctx->safe_hash = 0;
1778}
1779
1780
1781void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
1782{
1783        if (ubc_check)
1784                ctx->ubc_check = 1;
1785        else
1786                ctx->ubc_check = 0;
1787}
1788
1789void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
1790{
1791        if (detect_coll)
1792                ctx->detect_coll = 1;
1793        else
1794                ctx->detect_coll = 0;
1795}
1796
1797void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
1798{
1799        if (reduced_round_coll)
1800                ctx->reduced_round_coll = 1;
1801        else
1802                ctx->reduced_round_coll = 0;
1803}
1804
1805void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
1806{
1807        ctx->callback = callback;
1808}
1809
1810void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
1811{
1812        unsigned left, fill;
1813
1814        if (len == 0)
1815                return;
1816
1817        left = ctx->total & 63;
1818        fill = 64 - left;
1819
1820        if (left && len >= fill)
1821        {
1822                ctx->total += fill;
1823                memcpy(ctx->buffer + left, buf, fill);
1824                sha1_process(ctx, (uint32_t*)(ctx->buffer));
1825                buf += fill;
1826                len -= fill;
1827                left = 0;
1828        }
1829        while (len >= 64)
1830        {
1831                ctx->total += 64;
1832
1833#if defined(SHA1DC_ALLOW_UNALIGNED_ACCESS)
1834                sha1_process(ctx, (uint32_t*)(buf));
1835#else
1836                memcpy(ctx->buffer, buf, 64);
1837                sha1_process(ctx, (uint32_t*)(ctx->buffer));
1838#endif /* defined(SHA1DC_ALLOW_UNALIGNED_ACCESS) */
1839                buf += 64;
1840                len -= 64;
1841        }
1842        if (len > 0)
1843        {
1844                ctx->total += len;
1845                memcpy(ctx->buffer + left, buf, len);
1846        }
1847}
1848
1849static const unsigned char sha1_padding[64] =
1850{
1851        0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1852        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1853        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1854        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1855};
1856
1857int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
1858{
1859        uint32_t last = ctx->total & 63;
1860        uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
1861        uint64_t total;
1862        SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
1863
1864        total = ctx->total - padn;
1865        total <<= 3;
1866        ctx->buffer[56] = (unsigned char)(total >> 56);
1867        ctx->buffer[57] = (unsigned char)(total >> 48);
1868        ctx->buffer[58] = (unsigned char)(total >> 40);
1869        ctx->buffer[59] = (unsigned char)(total >> 32);
1870        ctx->buffer[60] = (unsigned char)(total >> 24);
1871        ctx->buffer[61] = (unsigned char)(total >> 16);
1872        ctx->buffer[62] = (unsigned char)(total >> 8);
1873        ctx->buffer[63] = (unsigned char)(total);
1874        sha1_process(ctx, (uint32_t*)(ctx->buffer));
1875        output[0] = (unsigned char)(ctx->ihv[0] >> 24);
1876        output[1] = (unsigned char)(ctx->ihv[0] >> 16);
1877        output[2] = (unsigned char)(ctx->ihv[0] >> 8);
1878        output[3] = (unsigned char)(ctx->ihv[0]);
1879        output[4] = (unsigned char)(ctx->ihv[1] >> 24);
1880        output[5] = (unsigned char)(ctx->ihv[1] >> 16);
1881        output[6] = (unsigned char)(ctx->ihv[1] >> 8);
1882        output[7] = (unsigned char)(ctx->ihv[1]);
1883        output[8] = (unsigned char)(ctx->ihv[2] >> 24);
1884        output[9] = (unsigned char)(ctx->ihv[2] >> 16);
1885        output[10] = (unsigned char)(ctx->ihv[2] >> 8);
1886        output[11] = (unsigned char)(ctx->ihv[2]);
1887        output[12] = (unsigned char)(ctx->ihv[3] >> 24);
1888        output[13] = (unsigned char)(ctx->ihv[3] >> 16);
1889        output[14] = (unsigned char)(ctx->ihv[3] >> 8);
1890        output[15] = (unsigned char)(ctx->ihv[3]);
1891        output[16] = (unsigned char)(ctx->ihv[4] >> 24);
1892        output[17] = (unsigned char)(ctx->ihv[4] >> 16);
1893        output[18] = (unsigned char)(ctx->ihv[4] >> 8);
1894        output[19] = (unsigned char)(ctx->ihv[4]);
1895        return ctx->found_collision;
1896}
1897
1898#ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1899#include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1900#endif