sha1dc / sha1.con commit t7411: merge tests 5 and 6 (d1b13df)
   1/***
   2* Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
   3* Distributed under the MIT Software License.
   4* See accompanying file LICENSE.txt or copy at
   5* https://opensource.org/licenses/MIT
   6***/
   7
   8#ifndef SHA1DC_NO_STANDARD_INCLUDES
   9#include <string.h>
  10#include <memory.h>
  11#include <stdio.h>
  12#include <stdlib.h>
  13#ifdef __unix__
  14#include <sys/types.h> /* make sure macros like _BIG_ENDIAN visible */
  15#endif
  16#endif
  17
  18#ifdef SHA1DC_CUSTOM_INCLUDE_SHA1_C
  19#include SHA1DC_CUSTOM_INCLUDE_SHA1_C
  20#endif
  21
  22#ifndef SHA1DC_INIT_SAFE_HASH_DEFAULT
  23#define SHA1DC_INIT_SAFE_HASH_DEFAULT 1
  24#endif
  25
  26#include "sha1.h"
  27#include "ubc_check.h"
  28
  29#if (defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || \
  30     defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__)  || \
  31     defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || \
  32     defined(_X86_) || defined(__THW_INTEL__) || defined(__I86__) || defined(__INTEL__) || \
  33     defined(__386) || defined(_M_X64) || defined(_M_AMD64))
  34#define SHA1DC_ON_INTEL_LIKE_PROCESSOR
  35#endif
  36
  37/*
  38   Because Little-Endian architectures are most common,
  39   we only set SHA1DC_BIGENDIAN if one of these conditions is met.
  40   Note that all MSFT platforms are little endian,
  41   so none of these will be defined under the MSC compiler.
  42   If you are compiling on a big endian platform and your compiler does not define one of these,
  43   you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
  44 */
  45
  46#if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
  47/*
  48 * Should detect Big Endian under GCC since at least 4.6.0 (gcc svn
  49 * rev #165881). See
  50 * https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
  51 *
  52 * This also works under clang since 3.2, it copied the GCC-ism. See
  53 * clang.git's 3b198a97d2 ("Preprocessor: add __BYTE_ORDER__
  54 * predefined macro", 2012-07-27)
  55 */
  56#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
  57#define SHA1DC_BIGENDIAN
  58#endif
  59
  60/* Not under GCC-alike */
  61#elif defined(__BYTE_ORDER) && defined(__BIG_ENDIAN)
  62/*
  63 * Should detect Big Endian under glibc.git since 14245eb70e ("entered
  64 * into RCS", 1992-11-25). Defined in <endian.h> which will have been
  65 * brought in by standard headers. See glibc.git and
  66 * https://sourceforge.net/p/predef/wiki/Endianness/
  67 */
  68#if __BYTE_ORDER == __BIG_ENDIAN
  69#define SHA1DC_BIGENDIAN
  70#endif
  71
  72/* Not under GCC-alike or glibc */
  73#elif defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN)
  74/*
  75 * *BSD and newlib (embeded linux, cygwin, etc).
  76 * the defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN) part prevents
  77 * this condition from matching with Solaris/sparc.
  78 * (Solaris defines only one endian macro)
  79 */
  80#if _BYTE_ORDER == _BIG_ENDIAN
  81#define SHA1DC_BIGENDIAN
  82#endif
  83
  84/* Not under GCC-alike or glibc or *BSD or newlib */
  85#elif (defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
  86       defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || \
  87       defined(__sparc))
  88/*
  89 * Should define Big Endian for a whitelist of known processors. See
  90 * https://sourceforge.net/p/predef/wiki/Endianness/ and
  91 * http://www.oracle.com/technetwork/server-storage/solaris/portingtosolaris-138514.html
  92 */
  93#define SHA1DC_BIGENDIAN
  94
  95/* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> */
  96#elif (defined(_AIX))
  97
  98/*
  99 * Defines Big Endian on a whitelist of OSs that are known to be Big
 100 * Endian-only. See
 101 * https://public-inbox.org/git/93056823-2740-d072-1ebd-46b440b33d7e@felt.demon.nl/
 102 */
 103#define SHA1DC_BIGENDIAN
 104
 105/* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> */
 106#elif defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
 107/*
 108 * As a last resort before we do anything else we're not 100% sure
 109 * about below, we blacklist specific processors here. We could add
 110 * more, see e.g. https://wiki.debian.org/ArchitectureSpecificsMemo
 111 */
 112#else /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> or <processor blacklist> */
 113
 114/* We do nothing more here for now */
 115/*#error "Uncomment this to see if you fall through all the detection"*/
 116
 117#endif /* Big Endian detection */
 118
 119#if (defined(SHA1DC_FORCE_LITTLEENDIAN) && defined(SHA1DC_BIGENDIAN))
 120#undef SHA1DC_BIGENDIAN
 121#endif
 122#if (defined(SHA1DC_FORCE_BIGENDIAN) && !defined(SHA1DC_BIGENDIAN))
 123#define SHA1DC_BIGENDIAN
 124#endif
 125/*ENDIANNESS SELECTION*/
 126
 127#if defined(SHA1DC_FORCE_UNALIGNED_ACCESS) || defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
 128#define SHA1DC_ALLOW_UNALIGNED_ACCESS
 129#endif /*UNALIGNMENT DETECTION*/
 130
 131
 132#define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
 133#define rotate_left(x,n)  (((x)<<(n))|((x)>>(32-(n))))
 134
 135#define sha1_bswap32(x) \
 136        {x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}
 137
 138#define sha1_mix(W, t)  (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
 139
 140#ifdef SHA1DC_BIGENDIAN
 141        #define sha1_load(m, t, temp)  { temp = m[t]; }
 142#else
 143        #define sha1_load(m, t, temp)  { temp = m[t]; sha1_bswap32(temp); }
 144#endif
 145
 146#define sha1_store(W, t, x)     *(volatile uint32_t *)&W[t] = x
 147
 148#define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
 149#define sha1_f2(b,c,d) ((b)^(c)^(d))
 150#define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
 151#define sha1_f4(b,c,d) ((b)^(c)^(d))
 152
 153#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
 154        { e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
 155#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
 156        { e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
 157#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
 158        { e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
 159#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
 160        { e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }
 161
 162#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
 163        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
 164#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
 165        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
 166#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
 167        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
 168#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
 169        { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }
 170
 171#define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
 172        {sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
 173
 174#define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
 175        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
 176
 177#define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
 178        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
 179
 180#define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
 181        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
 182
 183#define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
 184        {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }
 185
 186
 187#define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
 188
 189#ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
 190void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
 191{
 192        uint32_t W[80];
 193        uint32_t a,b,c,d,e;
 194        unsigned i;
 195
 196        memcpy(W, m, 16 * 4);
 197        for (i = 16; i < 80; ++i)
 198                W[i] = sha1_mix(W, i);
 199
 200        a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
 201
 202        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
 203        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
 204        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
 205        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
 206        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
 207        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
 208        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
 209        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
 210        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
 211        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
 212        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
 213        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
 214        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
 215        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
 216        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
 217        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
 218        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
 219        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
 220        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
 221        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
 222
 223        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
 224        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
 225        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
 226        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
 227        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
 228        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
 229        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
 230        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
 231        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
 232        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
 233        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
 234        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
 235        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
 236        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
 237        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
 238        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
 239        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
 240        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
 241        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
 242        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
 243
 244        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
 245        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
 246        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
 247        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
 248        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
 249        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
 250        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
 251        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
 252        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
 253        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
 254        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
 255        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
 256        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
 257        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
 258        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
 259        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
 260        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
 261        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
 262        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
 263        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
 264
 265        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
 266        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
 267        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
 268        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
 269        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
 270        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
 271        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
 272        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
 273        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
 274        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
 275        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
 276        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
 277        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
 278        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
 279        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
 280        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
 281        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
 282        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
 283        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
 284        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
 285
 286        ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
 287}
 288#endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
 289
 290
 291static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
 292{
 293        uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
 294
 295        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
 296        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
 297        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
 298        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
 299        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
 300        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
 301        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
 302        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
 303        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
 304        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
 305        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
 306        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
 307        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
 308        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
 309        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
 310        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
 311        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
 312        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
 313        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
 314        HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
 315
 316        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
 317        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
 318        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
 319        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
 320        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
 321        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
 322        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
 323        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
 324        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
 325        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
 326        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
 327        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
 328        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
 329        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
 330        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
 331        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
 332        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
 333        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
 334        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
 335        HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
 336
 337        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
 338        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
 339        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
 340        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
 341        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
 342        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
 343        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
 344        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
 345        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
 346        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
 347        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
 348        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
 349        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
 350        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
 351        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
 352        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
 353        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
 354        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
 355        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
 356        HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
 357
 358        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
 359        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
 360        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
 361        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
 362        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
 363        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
 364        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
 365        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
 366        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
 367        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
 368        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
 369        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
 370        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
 371        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
 372        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
 373        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
 374        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
 375        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
 376        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
 377        HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
 378
 379        ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
 380}
 381
 382
 383
 384void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
 385{
 386        uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
 387        uint32_t temp;
 388
 389#ifdef DOSTORESTATE00
 390        SHA1_STORE_STATE(0)
 391#endif
 392        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
 393
 394#ifdef DOSTORESTATE01
 395        SHA1_STORE_STATE(1)
 396#endif
 397        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
 398
 399#ifdef DOSTORESTATE02
 400        SHA1_STORE_STATE(2)
 401#endif
 402        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
 403
 404#ifdef DOSTORESTATE03
 405        SHA1_STORE_STATE(3)
 406#endif
 407        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
 408
 409#ifdef DOSTORESTATE04
 410        SHA1_STORE_STATE(4)
 411#endif
 412        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
 413
 414#ifdef DOSTORESTATE05
 415        SHA1_STORE_STATE(5)
 416#endif
 417        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
 418
 419#ifdef DOSTORESTATE06
 420        SHA1_STORE_STATE(6)
 421#endif
 422        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
 423
 424#ifdef DOSTORESTATE07
 425        SHA1_STORE_STATE(7)
 426#endif
 427        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
 428
 429#ifdef DOSTORESTATE08
 430        SHA1_STORE_STATE(8)
 431#endif
 432        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
 433
 434#ifdef DOSTORESTATE09
 435        SHA1_STORE_STATE(9)
 436#endif
 437        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
 438
 439#ifdef DOSTORESTATE10
 440        SHA1_STORE_STATE(10)
 441#endif
 442        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
 443
 444#ifdef DOSTORESTATE11
 445        SHA1_STORE_STATE(11)
 446#endif
 447        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
 448
 449#ifdef DOSTORESTATE12
 450        SHA1_STORE_STATE(12)
 451#endif
 452        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
 453
 454#ifdef DOSTORESTATE13
 455        SHA1_STORE_STATE(13)
 456#endif
 457        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
 458
 459#ifdef DOSTORESTATE14
 460        SHA1_STORE_STATE(14)
 461#endif
 462        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
 463
 464#ifdef DOSTORESTATE15
 465        SHA1_STORE_STATE(15)
 466#endif
 467        SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
 468
 469#ifdef DOSTORESTATE16
 470        SHA1_STORE_STATE(16)
 471#endif
 472        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
 473
 474#ifdef DOSTORESTATE17
 475        SHA1_STORE_STATE(17)
 476#endif
 477        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
 478
 479#ifdef DOSTORESTATE18
 480        SHA1_STORE_STATE(18)
 481#endif
 482        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
 483
 484#ifdef DOSTORESTATE19
 485        SHA1_STORE_STATE(19)
 486#endif
 487        SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
 488
 489
 490
 491#ifdef DOSTORESTATE20
 492        SHA1_STORE_STATE(20)
 493#endif
 494        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
 495
 496#ifdef DOSTORESTATE21
 497        SHA1_STORE_STATE(21)
 498#endif
 499        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
 500
 501#ifdef DOSTORESTATE22
 502        SHA1_STORE_STATE(22)
 503#endif
 504        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
 505
 506#ifdef DOSTORESTATE23
 507        SHA1_STORE_STATE(23)
 508#endif
 509        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
 510
 511#ifdef DOSTORESTATE24
 512        SHA1_STORE_STATE(24)
 513#endif
 514        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
 515
 516#ifdef DOSTORESTATE25
 517        SHA1_STORE_STATE(25)
 518#endif
 519        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
 520
 521#ifdef DOSTORESTATE26
 522        SHA1_STORE_STATE(26)
 523#endif
 524        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
 525
 526#ifdef DOSTORESTATE27
 527        SHA1_STORE_STATE(27)
 528#endif
 529        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
 530
 531#ifdef DOSTORESTATE28
 532        SHA1_STORE_STATE(28)
 533#endif
 534        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
 535
 536#ifdef DOSTORESTATE29
 537        SHA1_STORE_STATE(29)
 538#endif
 539        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
 540
 541#ifdef DOSTORESTATE30
 542        SHA1_STORE_STATE(30)
 543#endif
 544        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
 545
 546#ifdef DOSTORESTATE31
 547        SHA1_STORE_STATE(31)
 548#endif
 549        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
 550
 551#ifdef DOSTORESTATE32
 552        SHA1_STORE_STATE(32)
 553#endif
 554        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
 555
 556#ifdef DOSTORESTATE33
 557        SHA1_STORE_STATE(33)
 558#endif
 559        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
 560
 561#ifdef DOSTORESTATE34
 562        SHA1_STORE_STATE(34)
 563#endif
 564        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
 565
 566#ifdef DOSTORESTATE35
 567        SHA1_STORE_STATE(35)
 568#endif
 569        SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
 570
 571#ifdef DOSTORESTATE36
 572        SHA1_STORE_STATE(36)
 573#endif
 574        SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
 575
 576#ifdef DOSTORESTATE37
 577        SHA1_STORE_STATE(37)
 578#endif
 579        SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
 580
 581#ifdef DOSTORESTATE38
 582        SHA1_STORE_STATE(38)
 583#endif
 584        SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
 585
 586#ifdef DOSTORESTATE39
 587        SHA1_STORE_STATE(39)
 588#endif
 589        SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
 590
 591
 592
 593#ifdef DOSTORESTATE40
 594        SHA1_STORE_STATE(40)
 595#endif
 596        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
 597
 598#ifdef DOSTORESTATE41
 599        SHA1_STORE_STATE(41)
 600#endif
 601        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
 602
 603#ifdef DOSTORESTATE42
 604        SHA1_STORE_STATE(42)
 605#endif
 606        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
 607
 608#ifdef DOSTORESTATE43
 609        SHA1_STORE_STATE(43)
 610#endif
 611        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
 612
 613#ifdef DOSTORESTATE44
 614        SHA1_STORE_STATE(44)
 615#endif
 616        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
 617
 618#ifdef DOSTORESTATE45
 619        SHA1_STORE_STATE(45)
 620#endif
 621        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
 622
 623#ifdef DOSTORESTATE46
 624        SHA1_STORE_STATE(46)
 625#endif
 626        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
 627
 628#ifdef DOSTORESTATE47
 629        SHA1_STORE_STATE(47)
 630#endif
 631        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
 632
 633#ifdef DOSTORESTATE48
 634        SHA1_STORE_STATE(48)
 635#endif
 636        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
 637
 638#ifdef DOSTORESTATE49
 639        SHA1_STORE_STATE(49)
 640#endif
 641        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
 642
 643#ifdef DOSTORESTATE50
 644        SHA1_STORE_STATE(50)
 645#endif
 646        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
 647
 648#ifdef DOSTORESTATE51
 649        SHA1_STORE_STATE(51)
 650#endif
 651        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
 652
 653#ifdef DOSTORESTATE52
 654        SHA1_STORE_STATE(52)
 655#endif
 656        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
 657
 658#ifdef DOSTORESTATE53
 659        SHA1_STORE_STATE(53)
 660#endif
 661        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
 662
 663#ifdef DOSTORESTATE54
 664        SHA1_STORE_STATE(54)
 665#endif
 666        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
 667
 668#ifdef DOSTORESTATE55
 669        SHA1_STORE_STATE(55)
 670#endif
 671        SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
 672
 673#ifdef DOSTORESTATE56
 674        SHA1_STORE_STATE(56)
 675#endif
 676        SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
 677
 678#ifdef DOSTORESTATE57
 679        SHA1_STORE_STATE(57)
 680#endif
 681        SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
 682
 683#ifdef DOSTORESTATE58
 684        SHA1_STORE_STATE(58)
 685#endif
 686        SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
 687
 688#ifdef DOSTORESTATE59
 689        SHA1_STORE_STATE(59)
 690#endif
 691        SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
 692
 693
 694
 695
 696#ifdef DOSTORESTATE60
 697        SHA1_STORE_STATE(60)
 698#endif
 699        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
 700
 701#ifdef DOSTORESTATE61
 702        SHA1_STORE_STATE(61)
 703#endif
 704        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
 705
 706#ifdef DOSTORESTATE62
 707        SHA1_STORE_STATE(62)
 708#endif
 709        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
 710
 711#ifdef DOSTORESTATE63
 712        SHA1_STORE_STATE(63)
 713#endif
 714        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
 715
 716#ifdef DOSTORESTATE64
 717        SHA1_STORE_STATE(64)
 718#endif
 719        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
 720
 721#ifdef DOSTORESTATE65
 722        SHA1_STORE_STATE(65)
 723#endif
 724        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
 725
 726#ifdef DOSTORESTATE66
 727        SHA1_STORE_STATE(66)
 728#endif
 729        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
 730
 731#ifdef DOSTORESTATE67
 732        SHA1_STORE_STATE(67)
 733#endif
 734        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
 735
 736#ifdef DOSTORESTATE68
 737        SHA1_STORE_STATE(68)
 738#endif
 739        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
 740
 741#ifdef DOSTORESTATE69
 742        SHA1_STORE_STATE(69)
 743#endif
 744        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
 745
 746#ifdef DOSTORESTATE70
 747        SHA1_STORE_STATE(70)
 748#endif
 749        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
 750
 751#ifdef DOSTORESTATE71
 752        SHA1_STORE_STATE(71)
 753#endif
 754        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
 755
 756#ifdef DOSTORESTATE72
 757        SHA1_STORE_STATE(72)
 758#endif
 759        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
 760
 761#ifdef DOSTORESTATE73
 762        SHA1_STORE_STATE(73)
 763#endif
 764        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
 765
 766#ifdef DOSTORESTATE74
 767        SHA1_STORE_STATE(74)
 768#endif
 769        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
 770
 771#ifdef DOSTORESTATE75
 772        SHA1_STORE_STATE(75)
 773#endif
 774        SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
 775
 776#ifdef DOSTORESTATE76
 777        SHA1_STORE_STATE(76)
 778#endif
 779        SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
 780
 781#ifdef DOSTORESTATE77
 782        SHA1_STORE_STATE(77)
 783#endif
 784        SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
 785
 786#ifdef DOSTORESTATE78
 787        SHA1_STORE_STATE(78)
 788#endif
 789        SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
 790
 791#ifdef DOSTORESTATE79
 792        SHA1_STORE_STATE(79)
 793#endif
 794        SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
 795
 796
 797
 798        ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
 799}
 800
 801
 802
 803
 804#define SHA1_RECOMPRESS(t) \
 805static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
 806{ \
 807        uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
 808        if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
 809        if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
 810        if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
 811        if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
 812        if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
 813        if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
 814        if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
 815        if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
 816        if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
 817        if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
 818        if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
 819        if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
 820        if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
 821        if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
 822        if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
 823        if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
 824        if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
 825        if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
 826        if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
 827        if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
 828        if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
 829        if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
 830        if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
 831        if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
 832        if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
 833        if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
 834        if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
 835        if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
 836        if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
 837        if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
 838        if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
 839        if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
 840        if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
 841        if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
 842        if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
 843        if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
 844        if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
 845        if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
 846        if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
 847        if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
 848        if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
 849        if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
 850        if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
 851        if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
 852        if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
 853        if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
 854        if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
 855        if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
 856        if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
 857        if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
 858        if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
 859        if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
 860        if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
 861        if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
 862        if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
 863        if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
 864        if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
 865        if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
 866        if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
 867        if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
 868        if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
 869        if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
 870        if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
 871        if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
 872        if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
 873        if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
 874        if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
 875        if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
 876        if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
 877        if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
 878        if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
 879        if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
 880        if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
 881        if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
 882        if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
 883        if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
 884        if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
 885        if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
 886        if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
 887        if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
 888        ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
 889        a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
 890        if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
 891        if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
 892        if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
 893        if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
 894        if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
 895        if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
 896        if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
 897        if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
 898        if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
 899        if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
 900        if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
 901        if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
 902        if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
 903        if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
 904        if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
 905        if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
 906        if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
 907        if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
 908        if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
 909        if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
 910        if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
 911        if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
 912        if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
 913        if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
 914        if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
 915        if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
 916        if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
 917        if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
 918        if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
 919        if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
 920        if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
 921        if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
 922        if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
 923        if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
 924        if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
 925        if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
 926        if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
 927        if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
 928        if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
 929        if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
 930        if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
 931        if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
 932        if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
 933        if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
 934        if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
 935        if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
 936        if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
 937        if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
 938        if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
 939        if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
 940        if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
 941        if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
 942        if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
 943        if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
 944        if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
 945        if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
 946        if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
 947        if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
 948        if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
 949        if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
 950        if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
 951        if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
 952        if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
 953        if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
 954        if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
 955        if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
 956        if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
 957        if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
 958        if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
 959        if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
 960        if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
 961        if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
 962        if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
 963        if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
 964        if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
 965        if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
 966        if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
 967        if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
 968        if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
 969        if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
 970        ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
 971}
 972
 973#ifdef _MSC_VER
 974#pragma warning(push)
 975#pragma warning(disable: 4127)  /* Compiler complains about the checks in the above macro being constant. */
 976#endif
 977
 978#ifdef DOSTORESTATE0
 979SHA1_RECOMPRESS(0)
 980#endif
 981
 982#ifdef DOSTORESTATE1
 983SHA1_RECOMPRESS(1)
 984#endif
 985
 986#ifdef DOSTORESTATE2
 987SHA1_RECOMPRESS(2)
 988#endif
 989
 990#ifdef DOSTORESTATE3
 991SHA1_RECOMPRESS(3)
 992#endif
 993
 994#ifdef DOSTORESTATE4
 995SHA1_RECOMPRESS(4)
 996#endif
 997
 998#ifdef DOSTORESTATE5
 999SHA1_RECOMPRESS(5)
1000#endif
1001
1002#ifdef DOSTORESTATE6
1003SHA1_RECOMPRESS(6)
1004#endif
1005
1006#ifdef DOSTORESTATE7
1007SHA1_RECOMPRESS(7)
1008#endif
1009
1010#ifdef DOSTORESTATE8
1011SHA1_RECOMPRESS(8)
1012#endif
1013
1014#ifdef DOSTORESTATE9
1015SHA1_RECOMPRESS(9)
1016#endif
1017
1018#ifdef DOSTORESTATE10
1019SHA1_RECOMPRESS(10)
1020#endif
1021
1022#ifdef DOSTORESTATE11
1023SHA1_RECOMPRESS(11)
1024#endif
1025
1026#ifdef DOSTORESTATE12
1027SHA1_RECOMPRESS(12)
1028#endif
1029
1030#ifdef DOSTORESTATE13
1031SHA1_RECOMPRESS(13)
1032#endif
1033
1034#ifdef DOSTORESTATE14
1035SHA1_RECOMPRESS(14)
1036#endif
1037
1038#ifdef DOSTORESTATE15
1039SHA1_RECOMPRESS(15)
1040#endif
1041
1042#ifdef DOSTORESTATE16
1043SHA1_RECOMPRESS(16)
1044#endif
1045
1046#ifdef DOSTORESTATE17
1047SHA1_RECOMPRESS(17)
1048#endif
1049
1050#ifdef DOSTORESTATE18
1051SHA1_RECOMPRESS(18)
1052#endif
1053
1054#ifdef DOSTORESTATE19
1055SHA1_RECOMPRESS(19)
1056#endif
1057
1058#ifdef DOSTORESTATE20
1059SHA1_RECOMPRESS(20)
1060#endif
1061
1062#ifdef DOSTORESTATE21
1063SHA1_RECOMPRESS(21)
1064#endif
1065
1066#ifdef DOSTORESTATE22
1067SHA1_RECOMPRESS(22)
1068#endif
1069
1070#ifdef DOSTORESTATE23
1071SHA1_RECOMPRESS(23)
1072#endif
1073
1074#ifdef DOSTORESTATE24
1075SHA1_RECOMPRESS(24)
1076#endif
1077
1078#ifdef DOSTORESTATE25
1079SHA1_RECOMPRESS(25)
1080#endif
1081
1082#ifdef DOSTORESTATE26
1083SHA1_RECOMPRESS(26)
1084#endif
1085
1086#ifdef DOSTORESTATE27
1087SHA1_RECOMPRESS(27)
1088#endif
1089
1090#ifdef DOSTORESTATE28
1091SHA1_RECOMPRESS(28)
1092#endif
1093
1094#ifdef DOSTORESTATE29
1095SHA1_RECOMPRESS(29)
1096#endif
1097
1098#ifdef DOSTORESTATE30
1099SHA1_RECOMPRESS(30)
1100#endif
1101
1102#ifdef DOSTORESTATE31
1103SHA1_RECOMPRESS(31)
1104#endif
1105
1106#ifdef DOSTORESTATE32
1107SHA1_RECOMPRESS(32)
1108#endif
1109
1110#ifdef DOSTORESTATE33
1111SHA1_RECOMPRESS(33)
1112#endif
1113
1114#ifdef DOSTORESTATE34
1115SHA1_RECOMPRESS(34)
1116#endif
1117
1118#ifdef DOSTORESTATE35
1119SHA1_RECOMPRESS(35)
1120#endif
1121
1122#ifdef DOSTORESTATE36
1123SHA1_RECOMPRESS(36)
1124#endif
1125
1126#ifdef DOSTORESTATE37
1127SHA1_RECOMPRESS(37)
1128#endif
1129
1130#ifdef DOSTORESTATE38
1131SHA1_RECOMPRESS(38)
1132#endif
1133
1134#ifdef DOSTORESTATE39
1135SHA1_RECOMPRESS(39)
1136#endif
1137
1138#ifdef DOSTORESTATE40
1139SHA1_RECOMPRESS(40)
1140#endif
1141
1142#ifdef DOSTORESTATE41
1143SHA1_RECOMPRESS(41)
1144#endif
1145
1146#ifdef DOSTORESTATE42
1147SHA1_RECOMPRESS(42)
1148#endif
1149
1150#ifdef DOSTORESTATE43
1151SHA1_RECOMPRESS(43)
1152#endif
1153
1154#ifdef DOSTORESTATE44
1155SHA1_RECOMPRESS(44)
1156#endif
1157
1158#ifdef DOSTORESTATE45
1159SHA1_RECOMPRESS(45)
1160#endif
1161
1162#ifdef DOSTORESTATE46
1163SHA1_RECOMPRESS(46)
1164#endif
1165
1166#ifdef DOSTORESTATE47
1167SHA1_RECOMPRESS(47)
1168#endif
1169
1170#ifdef DOSTORESTATE48
1171SHA1_RECOMPRESS(48)
1172#endif
1173
1174#ifdef DOSTORESTATE49
1175SHA1_RECOMPRESS(49)
1176#endif
1177
1178#ifdef DOSTORESTATE50
1179SHA1_RECOMPRESS(50)
1180#endif
1181
1182#ifdef DOSTORESTATE51
1183SHA1_RECOMPRESS(51)
1184#endif
1185
1186#ifdef DOSTORESTATE52
1187SHA1_RECOMPRESS(52)
1188#endif
1189
1190#ifdef DOSTORESTATE53
1191SHA1_RECOMPRESS(53)
1192#endif
1193
1194#ifdef DOSTORESTATE54
1195SHA1_RECOMPRESS(54)
1196#endif
1197
1198#ifdef DOSTORESTATE55
1199SHA1_RECOMPRESS(55)
1200#endif
1201
1202#ifdef DOSTORESTATE56
1203SHA1_RECOMPRESS(56)
1204#endif
1205
1206#ifdef DOSTORESTATE57
1207SHA1_RECOMPRESS(57)
1208#endif
1209
1210#ifdef DOSTORESTATE58
1211SHA1_RECOMPRESS(58)
1212#endif
1213
1214#ifdef DOSTORESTATE59
1215SHA1_RECOMPRESS(59)
1216#endif
1217
1218#ifdef DOSTORESTATE60
1219SHA1_RECOMPRESS(60)
1220#endif
1221
1222#ifdef DOSTORESTATE61
1223SHA1_RECOMPRESS(61)
1224#endif
1225
1226#ifdef DOSTORESTATE62
1227SHA1_RECOMPRESS(62)
1228#endif
1229
1230#ifdef DOSTORESTATE63
1231SHA1_RECOMPRESS(63)
1232#endif
1233
1234#ifdef DOSTORESTATE64
1235SHA1_RECOMPRESS(64)
1236#endif
1237
1238#ifdef DOSTORESTATE65
1239SHA1_RECOMPRESS(65)
1240#endif
1241
1242#ifdef DOSTORESTATE66
1243SHA1_RECOMPRESS(66)
1244#endif
1245
1246#ifdef DOSTORESTATE67
1247SHA1_RECOMPRESS(67)
1248#endif
1249
1250#ifdef DOSTORESTATE68
1251SHA1_RECOMPRESS(68)
1252#endif
1253
1254#ifdef DOSTORESTATE69
1255SHA1_RECOMPRESS(69)
1256#endif
1257
1258#ifdef DOSTORESTATE70
1259SHA1_RECOMPRESS(70)
1260#endif
1261
1262#ifdef DOSTORESTATE71
1263SHA1_RECOMPRESS(71)
1264#endif
1265
1266#ifdef DOSTORESTATE72
1267SHA1_RECOMPRESS(72)
1268#endif
1269
1270#ifdef DOSTORESTATE73
1271SHA1_RECOMPRESS(73)
1272#endif
1273
1274#ifdef DOSTORESTATE74
1275SHA1_RECOMPRESS(74)
1276#endif
1277
1278#ifdef DOSTORESTATE75
1279SHA1_RECOMPRESS(75)
1280#endif
1281
1282#ifdef DOSTORESTATE76
1283SHA1_RECOMPRESS(76)
1284#endif
1285
1286#ifdef DOSTORESTATE77
1287SHA1_RECOMPRESS(77)
1288#endif
1289
1290#ifdef DOSTORESTATE78
1291SHA1_RECOMPRESS(78)
1292#endif
1293
1294#ifdef DOSTORESTATE79
1295SHA1_RECOMPRESS(79)
1296#endif
1297
1298#ifdef _MSC_VER
1299#pragma warning(pop)
1300#endif
1301
1302static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
1303{
1304        switch (step)
1305        {
1306#ifdef DOSTORESTATE0
1307        case 0:
1308                sha1recompress_fast_0(ihvin, ihvout, me2, state);
1309                break;
1310#endif
1311#ifdef DOSTORESTATE1
1312        case 1:
1313                sha1recompress_fast_1(ihvin, ihvout, me2, state);
1314                break;
1315#endif
1316#ifdef DOSTORESTATE2
1317        case 2:
1318                sha1recompress_fast_2(ihvin, ihvout, me2, state);
1319                break;
1320#endif
1321#ifdef DOSTORESTATE3
1322        case 3:
1323                sha1recompress_fast_3(ihvin, ihvout, me2, state);
1324                break;
1325#endif
1326#ifdef DOSTORESTATE4
1327        case 4:
1328                sha1recompress_fast_4(ihvin, ihvout, me2, state);
1329                break;
1330#endif
1331#ifdef DOSTORESTATE5
1332        case 5:
1333                sha1recompress_fast_5(ihvin, ihvout, me2, state);
1334                break;
1335#endif
1336#ifdef DOSTORESTATE6
1337        case 6:
1338                sha1recompress_fast_6(ihvin, ihvout, me2, state);
1339                break;
1340#endif
1341#ifdef DOSTORESTATE7
1342        case 7:
1343                sha1recompress_fast_7(ihvin, ihvout, me2, state);
1344                break;
1345#endif
1346#ifdef DOSTORESTATE8
1347        case 8:
1348                sha1recompress_fast_8(ihvin, ihvout, me2, state);
1349                break;
1350#endif
1351#ifdef DOSTORESTATE9
1352        case 9:
1353                sha1recompress_fast_9(ihvin, ihvout, me2, state);
1354                break;
1355#endif
1356#ifdef DOSTORESTATE10
1357        case 10:
1358                sha1recompress_fast_10(ihvin, ihvout, me2, state);
1359                break;
1360#endif
1361#ifdef DOSTORESTATE11
1362        case 11:
1363                sha1recompress_fast_11(ihvin, ihvout, me2, state);
1364                break;
1365#endif
1366#ifdef DOSTORESTATE12
1367        case 12:
1368                sha1recompress_fast_12(ihvin, ihvout, me2, state);
1369                break;
1370#endif
1371#ifdef DOSTORESTATE13
1372        case 13:
1373                sha1recompress_fast_13(ihvin, ihvout, me2, state);
1374                break;
1375#endif
1376#ifdef DOSTORESTATE14
1377        case 14:
1378                sha1recompress_fast_14(ihvin, ihvout, me2, state);
1379                break;
1380#endif
1381#ifdef DOSTORESTATE15
1382        case 15:
1383                sha1recompress_fast_15(ihvin, ihvout, me2, state);
1384                break;
1385#endif
1386#ifdef DOSTORESTATE16
1387        case 16:
1388                sha1recompress_fast_16(ihvin, ihvout, me2, state);
1389                break;
1390#endif
1391#ifdef DOSTORESTATE17
1392        case 17:
1393                sha1recompress_fast_17(ihvin, ihvout, me2, state);
1394                break;
1395#endif
1396#ifdef DOSTORESTATE18
1397        case 18:
1398                sha1recompress_fast_18(ihvin, ihvout, me2, state);
1399                break;
1400#endif
1401#ifdef DOSTORESTATE19
1402        case 19:
1403                sha1recompress_fast_19(ihvin, ihvout, me2, state);
1404                break;
1405#endif
1406#ifdef DOSTORESTATE20
1407        case 20:
1408                sha1recompress_fast_20(ihvin, ihvout, me2, state);
1409                break;
1410#endif
1411#ifdef DOSTORESTATE21
1412        case 21:
1413                sha1recompress_fast_21(ihvin, ihvout, me2, state);
1414                break;
1415#endif
1416#ifdef DOSTORESTATE22
1417        case 22:
1418                sha1recompress_fast_22(ihvin, ihvout, me2, state);
1419                break;
1420#endif
1421#ifdef DOSTORESTATE23
1422        case 23:
1423                sha1recompress_fast_23(ihvin, ihvout, me2, state);
1424                break;
1425#endif
1426#ifdef DOSTORESTATE24
1427        case 24:
1428                sha1recompress_fast_24(ihvin, ihvout, me2, state);
1429                break;
1430#endif
1431#ifdef DOSTORESTATE25
1432        case 25:
1433                sha1recompress_fast_25(ihvin, ihvout, me2, state);
1434                break;
1435#endif
1436#ifdef DOSTORESTATE26
1437        case 26:
1438                sha1recompress_fast_26(ihvin, ihvout, me2, state);
1439                break;
1440#endif
1441#ifdef DOSTORESTATE27
1442        case 27:
1443                sha1recompress_fast_27(ihvin, ihvout, me2, state);
1444                break;
1445#endif
1446#ifdef DOSTORESTATE28
1447        case 28:
1448                sha1recompress_fast_28(ihvin, ihvout, me2, state);
1449                break;
1450#endif
1451#ifdef DOSTORESTATE29
1452        case 29:
1453                sha1recompress_fast_29(ihvin, ihvout, me2, state);
1454                break;
1455#endif
1456#ifdef DOSTORESTATE30
1457        case 30:
1458                sha1recompress_fast_30(ihvin, ihvout, me2, state);
1459                break;
1460#endif
1461#ifdef DOSTORESTATE31
1462        case 31:
1463                sha1recompress_fast_31(ihvin, ihvout, me2, state);
1464                break;
1465#endif
1466#ifdef DOSTORESTATE32
1467        case 32:
1468                sha1recompress_fast_32(ihvin, ihvout, me2, state);
1469                break;
1470#endif
1471#ifdef DOSTORESTATE33
1472        case 33:
1473                sha1recompress_fast_33(ihvin, ihvout, me2, state);
1474                break;
1475#endif
1476#ifdef DOSTORESTATE34
1477        case 34:
1478                sha1recompress_fast_34(ihvin, ihvout, me2, state);
1479                break;
1480#endif
1481#ifdef DOSTORESTATE35
1482        case 35:
1483                sha1recompress_fast_35(ihvin, ihvout, me2, state);
1484                break;
1485#endif
1486#ifdef DOSTORESTATE36
1487        case 36:
1488                sha1recompress_fast_36(ihvin, ihvout, me2, state);
1489                break;
1490#endif
1491#ifdef DOSTORESTATE37
1492        case 37:
1493                sha1recompress_fast_37(ihvin, ihvout, me2, state);
1494                break;
1495#endif
1496#ifdef DOSTORESTATE38
1497        case 38:
1498                sha1recompress_fast_38(ihvin, ihvout, me2, state);
1499                break;
1500#endif
1501#ifdef DOSTORESTATE39
1502        case 39:
1503                sha1recompress_fast_39(ihvin, ihvout, me2, state);
1504                break;
1505#endif
1506#ifdef DOSTORESTATE40
1507        case 40:
1508                sha1recompress_fast_40(ihvin, ihvout, me2, state);
1509                break;
1510#endif
1511#ifdef DOSTORESTATE41
1512        case 41:
1513                sha1recompress_fast_41(ihvin, ihvout, me2, state);
1514                break;
1515#endif
1516#ifdef DOSTORESTATE42
1517        case 42:
1518                sha1recompress_fast_42(ihvin, ihvout, me2, state);
1519                break;
1520#endif
1521#ifdef DOSTORESTATE43
1522        case 43:
1523                sha1recompress_fast_43(ihvin, ihvout, me2, state);
1524                break;
1525#endif
1526#ifdef DOSTORESTATE44
1527        case 44:
1528                sha1recompress_fast_44(ihvin, ihvout, me2, state);
1529                break;
1530#endif
1531#ifdef DOSTORESTATE45
1532        case 45:
1533                sha1recompress_fast_45(ihvin, ihvout, me2, state);
1534                break;
1535#endif
1536#ifdef DOSTORESTATE46
1537        case 46:
1538                sha1recompress_fast_46(ihvin, ihvout, me2, state);
1539                break;
1540#endif
1541#ifdef DOSTORESTATE47
1542        case 47:
1543                sha1recompress_fast_47(ihvin, ihvout, me2, state);
1544                break;
1545#endif
1546#ifdef DOSTORESTATE48
1547        case 48:
1548                sha1recompress_fast_48(ihvin, ihvout, me2, state);
1549                break;
1550#endif
1551#ifdef DOSTORESTATE49
1552        case 49:
1553                sha1recompress_fast_49(ihvin, ihvout, me2, state);
1554                break;
1555#endif
1556#ifdef DOSTORESTATE50
1557        case 50:
1558                sha1recompress_fast_50(ihvin, ihvout, me2, state);
1559                break;
1560#endif
1561#ifdef DOSTORESTATE51
1562        case 51:
1563                sha1recompress_fast_51(ihvin, ihvout, me2, state);
1564                break;
1565#endif
1566#ifdef DOSTORESTATE52
1567        case 52:
1568                sha1recompress_fast_52(ihvin, ihvout, me2, state);
1569                break;
1570#endif
1571#ifdef DOSTORESTATE53
1572        case 53:
1573                sha1recompress_fast_53(ihvin, ihvout, me2, state);
1574                break;
1575#endif
1576#ifdef DOSTORESTATE54
1577        case 54:
1578                sha1recompress_fast_54(ihvin, ihvout, me2, state);
1579                break;
1580#endif
1581#ifdef DOSTORESTATE55
1582        case 55:
1583                sha1recompress_fast_55(ihvin, ihvout, me2, state);
1584                break;
1585#endif
1586#ifdef DOSTORESTATE56
1587        case 56:
1588                sha1recompress_fast_56(ihvin, ihvout, me2, state);
1589                break;
1590#endif
1591#ifdef DOSTORESTATE57
1592        case 57:
1593                sha1recompress_fast_57(ihvin, ihvout, me2, state);
1594                break;
1595#endif
1596#ifdef DOSTORESTATE58
1597        case 58:
1598                sha1recompress_fast_58(ihvin, ihvout, me2, state);
1599                break;
1600#endif
1601#ifdef DOSTORESTATE59
1602        case 59:
1603                sha1recompress_fast_59(ihvin, ihvout, me2, state);
1604                break;
1605#endif
1606#ifdef DOSTORESTATE60
1607        case 60:
1608                sha1recompress_fast_60(ihvin, ihvout, me2, state);
1609                break;
1610#endif
1611#ifdef DOSTORESTATE61
1612        case 61:
1613                sha1recompress_fast_61(ihvin, ihvout, me2, state);
1614                break;
1615#endif
1616#ifdef DOSTORESTATE62
1617        case 62:
1618                sha1recompress_fast_62(ihvin, ihvout, me2, state);
1619                break;
1620#endif
1621#ifdef DOSTORESTATE63
1622        case 63:
1623                sha1recompress_fast_63(ihvin, ihvout, me2, state);
1624                break;
1625#endif
1626#ifdef DOSTORESTATE64
1627        case 64:
1628                sha1recompress_fast_64(ihvin, ihvout, me2, state);
1629                break;
1630#endif
1631#ifdef DOSTORESTATE65
1632        case 65:
1633                sha1recompress_fast_65(ihvin, ihvout, me2, state);
1634                break;
1635#endif
1636#ifdef DOSTORESTATE66
1637        case 66:
1638                sha1recompress_fast_66(ihvin, ihvout, me2, state);
1639                break;
1640#endif
1641#ifdef DOSTORESTATE67
1642        case 67:
1643                sha1recompress_fast_67(ihvin, ihvout, me2, state);
1644                break;
1645#endif
1646#ifdef DOSTORESTATE68
1647        case 68:
1648                sha1recompress_fast_68(ihvin, ihvout, me2, state);
1649                break;
1650#endif
1651#ifdef DOSTORESTATE69
1652        case 69:
1653                sha1recompress_fast_69(ihvin, ihvout, me2, state);
1654                break;
1655#endif
1656#ifdef DOSTORESTATE70
1657        case 70:
1658                sha1recompress_fast_70(ihvin, ihvout, me2, state);
1659                break;
1660#endif
1661#ifdef DOSTORESTATE71
1662        case 71:
1663                sha1recompress_fast_71(ihvin, ihvout, me2, state);
1664                break;
1665#endif
1666#ifdef DOSTORESTATE72
1667        case 72:
1668                sha1recompress_fast_72(ihvin, ihvout, me2, state);
1669                break;
1670#endif
1671#ifdef DOSTORESTATE73
1672        case 73:
1673                sha1recompress_fast_73(ihvin, ihvout, me2, state);
1674                break;
1675#endif
1676#ifdef DOSTORESTATE74
1677        case 74:
1678                sha1recompress_fast_74(ihvin, ihvout, me2, state);
1679                break;
1680#endif
1681#ifdef DOSTORESTATE75
1682        case 75:
1683                sha1recompress_fast_75(ihvin, ihvout, me2, state);
1684                break;
1685#endif
1686#ifdef DOSTORESTATE76
1687        case 76:
1688                sha1recompress_fast_76(ihvin, ihvout, me2, state);
1689                break;
1690#endif
1691#ifdef DOSTORESTATE77
1692        case 77:
1693                sha1recompress_fast_77(ihvin, ihvout, me2, state);
1694                break;
1695#endif
1696#ifdef DOSTORESTATE78
1697        case 78:
1698                sha1recompress_fast_78(ihvin, ihvout, me2, state);
1699                break;
1700#endif
1701#ifdef DOSTORESTATE79
1702        case 79:
1703                sha1recompress_fast_79(ihvin, ihvout, me2, state);
1704                break;
1705#endif
1706        default:
1707                abort();
1708        }
1709
1710}
1711
1712
1713
1714static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
1715{
1716        unsigned i, j;
1717        uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
1718        uint32_t ihvtmp[5];
1719
1720        ctx->ihv1[0] = ctx->ihv[0];
1721        ctx->ihv1[1] = ctx->ihv[1];
1722        ctx->ihv1[2] = ctx->ihv[2];
1723        ctx->ihv1[3] = ctx->ihv[3];
1724        ctx->ihv1[4] = ctx->ihv[4];
1725
1726        sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
1727
1728        if (ctx->detect_coll)
1729        {
1730                if (ctx->ubc_check)
1731                {
1732                        ubc_check(ctx->m1, ubc_dv_mask);
1733                }
1734
1735                if (ubc_dv_mask[0] != 0)
1736                {
1737                        for (i = 0; sha1_dvs[i].dvType != 0; ++i)
1738                        {
1739                                if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
1740                                {
1741                                        for (j = 0; j < 80; ++j)
1742                                                ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1743
1744                                        sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);
1745
1746                                        /* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
1747                                        if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
1748                                                || (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
1749                                        {
1750                                                ctx->found_collision = 1;
1751
1752                                                if (ctx->safe_hash)
1753                                                {
1754                                                        sha1_compression_W(ctx->ihv, ctx->m1);
1755                                                        sha1_compression_W(ctx->ihv, ctx->m1);
1756                                                }
1757
1758                                                break;
1759                                        }
1760                                }
1761                        }
1762                }
1763        }
1764}
1765
1766void SHA1DCInit(SHA1_CTX* ctx)
1767{
1768        ctx->total = 0;
1769        ctx->ihv[0] = 0x67452301;
1770        ctx->ihv[1] = 0xEFCDAB89;
1771        ctx->ihv[2] = 0x98BADCFE;
1772        ctx->ihv[3] = 0x10325476;
1773        ctx->ihv[4] = 0xC3D2E1F0;
1774        ctx->found_collision = 0;
1775        ctx->safe_hash = SHA1DC_INIT_SAFE_HASH_DEFAULT;
1776        ctx->ubc_check = 1;
1777        ctx->detect_coll = 1;
1778        ctx->reduced_round_coll = 0;
1779        ctx->callback = NULL;
1780}
1781
1782void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
1783{
1784        if (safehash)
1785                ctx->safe_hash = 1;
1786        else
1787                ctx->safe_hash = 0;
1788}
1789
1790
1791void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
1792{
1793        if (ubc_check)
1794                ctx->ubc_check = 1;
1795        else
1796                ctx->ubc_check = 0;
1797}
1798
1799void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
1800{
1801        if (detect_coll)
1802                ctx->detect_coll = 1;
1803        else
1804                ctx->detect_coll = 0;
1805}
1806
1807void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
1808{
1809        if (reduced_round_coll)
1810                ctx->reduced_round_coll = 1;
1811        else
1812                ctx->reduced_round_coll = 0;
1813}
1814
1815void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
1816{
1817        ctx->callback = callback;
1818}
1819
1820void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
1821{
1822        unsigned left, fill;
1823
1824        if (len == 0)
1825                return;
1826
1827        left = ctx->total & 63;
1828        fill = 64 - left;
1829
1830        if (left && len >= fill)
1831        {
1832                ctx->total += fill;
1833                memcpy(ctx->buffer + left, buf, fill);
1834                sha1_process(ctx, (uint32_t*)(ctx->buffer));
1835                buf += fill;
1836                len -= fill;
1837                left = 0;
1838        }
1839        while (len >= 64)
1840        {
1841                ctx->total += 64;
1842
1843#if defined(SHA1DC_ALLOW_UNALIGNED_ACCESS)
1844                sha1_process(ctx, (uint32_t*)(buf));
1845#else
1846                memcpy(ctx->buffer, buf, 64);
1847                sha1_process(ctx, (uint32_t*)(ctx->buffer));
1848#endif /* defined(SHA1DC_ALLOW_UNALIGNED_ACCESS) */
1849                buf += 64;
1850                len -= 64;
1851        }
1852        if (len > 0)
1853        {
1854                ctx->total += len;
1855                memcpy(ctx->buffer + left, buf, len);
1856        }
1857}
1858
1859static const unsigned char sha1_padding[64] =
1860{
1861        0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1862        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1863        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1864        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1865};
1866
1867int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
1868{
1869        uint32_t last = ctx->total & 63;
1870        uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
1871        uint64_t total;
1872        SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
1873
1874        total = ctx->total - padn;
1875        total <<= 3;
1876        ctx->buffer[56] = (unsigned char)(total >> 56);
1877        ctx->buffer[57] = (unsigned char)(total >> 48);
1878        ctx->buffer[58] = (unsigned char)(total >> 40);
1879        ctx->buffer[59] = (unsigned char)(total >> 32);
1880        ctx->buffer[60] = (unsigned char)(total >> 24);
1881        ctx->buffer[61] = (unsigned char)(total >> 16);
1882        ctx->buffer[62] = (unsigned char)(total >> 8);
1883        ctx->buffer[63] = (unsigned char)(total);
1884        sha1_process(ctx, (uint32_t*)(ctx->buffer));
1885        output[0] = (unsigned char)(ctx->ihv[0] >> 24);
1886        output[1] = (unsigned char)(ctx->ihv[0] >> 16);
1887        output[2] = (unsigned char)(ctx->ihv[0] >> 8);
1888        output[3] = (unsigned char)(ctx->ihv[0]);
1889        output[4] = (unsigned char)(ctx->ihv[1] >> 24);
1890        output[5] = (unsigned char)(ctx->ihv[1] >> 16);
1891        output[6] = (unsigned char)(ctx->ihv[1] >> 8);
1892        output[7] = (unsigned char)(ctx->ihv[1]);
1893        output[8] = (unsigned char)(ctx->ihv[2] >> 24);
1894        output[9] = (unsigned char)(ctx->ihv[2] >> 16);
1895        output[10] = (unsigned char)(ctx->ihv[2] >> 8);
1896        output[11] = (unsigned char)(ctx->ihv[2]);
1897        output[12] = (unsigned char)(ctx->ihv[3] >> 24);
1898        output[13] = (unsigned char)(ctx->ihv[3] >> 16);
1899        output[14] = (unsigned char)(ctx->ihv[3] >> 8);
1900        output[15] = (unsigned char)(ctx->ihv[3]);
1901        output[16] = (unsigned char)(ctx->ihv[4] >> 24);
1902        output[17] = (unsigned char)(ctx->ihv[4] >> 16);
1903        output[18] = (unsigned char)(ctx->ihv[4] >> 8);
1904        output[19] = (unsigned char)(ctx->ihv[4]);
1905        return ctx->found_collision;
1906}
1907
1908#ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1909#include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1910#endif