1/***
2* Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
3* Distributed under the MIT Software License.
4* See accompanying file LICENSE.txt or copy at
5* https://opensource.org/licenses/MIT
6***/
7
8#include "cache.h"
9#include "sha1dc/sha1.h"
10#include "sha1dc/ubc_check.h"
11
12
13/*
14 Because Little-Endian architectures are most common,
15 we only set SHA1DC_BIGENDIAN if one of these conditions is met.
16 Note that all MSFT platforms are little endian,
17 so none of these will be defined under the MSC compiler.
18 If you are compiling on a big endian platform and your compiler does not define one of these,
19 you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
20 */
21#if (defined(__BYTE_ORDER) && (__BYTE_ORDER == __BIG_ENDIAN)) || \
22 (defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __BIG_ENDIAN__)) || \
23 defined(__BIG_ENDIAN__) || defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
24 defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__)
25
26#define SHA1DC_BIGENDIAN 1
27#else
28#undef SHA1DC_BIGENDIAN
29#endif /*ENDIANNESS SELECTION*/
30
31#define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
32#define rotate_left(x,n) (((x)<<(n))|((x)>>(32-(n))))
33
34#define sha1_bswap32(x) \
35 {x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}
36
37#define sha1_mix(W, t) (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
38
39#if defined(SHA1DC_BIGENDIAN)
40 #define sha1_load(m, t, temp) { temp = m[t]; }
41#else
42 #define sha1_load(m, t, temp) { temp = m[t]; sha1_bswap32(temp); }
43#endif /* !defined(SHA1DC_BIGENDIAN) */
44
45#define sha1_store(W, t, x) *(volatile uint32_t *)&W[t] = x
46
47#define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
48#define sha1_f2(b,c,d) ((b)^(c)^(d))
49#define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
50#define sha1_f4(b,c,d) ((b)^(c)^(d))
51
52#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
53 { e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
54#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
55 { e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
56#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
57 { e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
58#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
59 { e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }
60
61#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
62 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
63#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
64 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
65#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
66 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
67#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
68 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }
69
70#define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
71 {sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
72
73#define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
74 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
75
76#define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
77 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
78
79#define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
80 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
81
82#define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
83 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }
84
85
86#define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
87
88#ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
89void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
90{
91 uint32_t W[80];
92 uint32_t a,b,c,d,e;
93 unsigned i;
94
95 memcpy(W, m, 16 * 4);
96 for (i = 16; i < 80; ++i)
97 W[i] = sha1_mix(W, i);
98
99 a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
100
101 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
102 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
103 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
104 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
105 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
106 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
107 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
108 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
109 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
110 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
111 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
112 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
113 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
114 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
115 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
116 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
117 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
118 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
119 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
120 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
121
122 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
123 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
124 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
125 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
126 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
127 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
128 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
129 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
130 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
131 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
132 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
133 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
134 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
135 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
136 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
137 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
138 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
139 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
140 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
141 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
142
143 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
144 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
145 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
146 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
147 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
148 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
149 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
150 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
151 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
152 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
153 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
154 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
155 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
156 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
157 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
158 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
159 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
160 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
161 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
162 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
163
164 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
165 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
166 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
167 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
168 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
169 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
170 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
171 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
172 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
173 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
174 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
175 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
176 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
177 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
178 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
179 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
180 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
181 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
182 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
183 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
184
185 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
186}
187#endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
188
189
190static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
191{
192 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
193
194 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
195 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
196 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
197 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
198 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
199 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
200 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
201 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
202 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
203 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
204 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
205 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
206 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
207 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
208 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
209 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
210 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
211 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
212 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
213 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
214
215 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
216 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
217 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
218 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
219 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
220 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
221 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
222 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
223 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
224 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
225 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
226 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
227 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
228 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
229 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
230 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
231 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
232 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
233 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
234 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
235
236 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
237 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
238 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
239 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
240 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
241 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
242 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
243 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
244 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
245 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
246 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
247 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
248 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
249 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
250 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
251 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
252 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
253 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
254 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
255 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
256
257 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
258 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
259 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
260 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
261 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
262 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
263 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
264 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
265 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
266 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
267 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
268 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
269 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
270 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
271 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
272 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
273 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
274 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
275 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
276 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
277
278 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
279}
280
281
282
283void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
284{
285 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
286 uint32_t temp;
287
288#ifdef DOSTORESTATE00
289 SHA1_STORE_STATE(0)
290#endif
291 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
292
293#ifdef DOSTORESTATE01
294 SHA1_STORE_STATE(1)
295#endif
296 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
297
298#ifdef DOSTORESTATE02
299 SHA1_STORE_STATE(2)
300#endif
301 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
302
303#ifdef DOSTORESTATE03
304 SHA1_STORE_STATE(3)
305#endif
306 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
307
308#ifdef DOSTORESTATE04
309 SHA1_STORE_STATE(4)
310#endif
311 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
312
313#ifdef DOSTORESTATE05
314 SHA1_STORE_STATE(5)
315#endif
316 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
317
318#ifdef DOSTORESTATE06
319 SHA1_STORE_STATE(6)
320#endif
321 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
322
323#ifdef DOSTORESTATE07
324 SHA1_STORE_STATE(7)
325#endif
326 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
327
328#ifdef DOSTORESTATE08
329 SHA1_STORE_STATE(8)
330#endif
331 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
332
333#ifdef DOSTORESTATE09
334 SHA1_STORE_STATE(9)
335#endif
336 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
337
338#ifdef DOSTORESTATE10
339 SHA1_STORE_STATE(10)
340#endif
341 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
342
343#ifdef DOSTORESTATE11
344 SHA1_STORE_STATE(11)
345#endif
346 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
347
348#ifdef DOSTORESTATE12
349 SHA1_STORE_STATE(12)
350#endif
351 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
352
353#ifdef DOSTORESTATE13
354 SHA1_STORE_STATE(13)
355#endif
356 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
357
358#ifdef DOSTORESTATE14
359 SHA1_STORE_STATE(14)
360#endif
361 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
362
363#ifdef DOSTORESTATE15
364 SHA1_STORE_STATE(15)
365#endif
366 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
367
368#ifdef DOSTORESTATE16
369 SHA1_STORE_STATE(16)
370#endif
371 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
372
373#ifdef DOSTORESTATE17
374 SHA1_STORE_STATE(17)
375#endif
376 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
377
378#ifdef DOSTORESTATE18
379 SHA1_STORE_STATE(18)
380#endif
381 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
382
383#ifdef DOSTORESTATE19
384 SHA1_STORE_STATE(19)
385#endif
386 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
387
388
389
390#ifdef DOSTORESTATE20
391 SHA1_STORE_STATE(20)
392#endif
393 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
394
395#ifdef DOSTORESTATE21
396 SHA1_STORE_STATE(21)
397#endif
398 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
399
400#ifdef DOSTORESTATE22
401 SHA1_STORE_STATE(22)
402#endif
403 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
404
405#ifdef DOSTORESTATE23
406 SHA1_STORE_STATE(23)
407#endif
408 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
409
410#ifdef DOSTORESTATE24
411 SHA1_STORE_STATE(24)
412#endif
413 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
414
415#ifdef DOSTORESTATE25
416 SHA1_STORE_STATE(25)
417#endif
418 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
419
420#ifdef DOSTORESTATE26
421 SHA1_STORE_STATE(26)
422#endif
423 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
424
425#ifdef DOSTORESTATE27
426 SHA1_STORE_STATE(27)
427#endif
428 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
429
430#ifdef DOSTORESTATE28
431 SHA1_STORE_STATE(28)
432#endif
433 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
434
435#ifdef DOSTORESTATE29
436 SHA1_STORE_STATE(29)
437#endif
438 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
439
440#ifdef DOSTORESTATE30
441 SHA1_STORE_STATE(30)
442#endif
443 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
444
445#ifdef DOSTORESTATE31
446 SHA1_STORE_STATE(31)
447#endif
448 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
449
450#ifdef DOSTORESTATE32
451 SHA1_STORE_STATE(32)
452#endif
453 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
454
455#ifdef DOSTORESTATE33
456 SHA1_STORE_STATE(33)
457#endif
458 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
459
460#ifdef DOSTORESTATE34
461 SHA1_STORE_STATE(34)
462#endif
463 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
464
465#ifdef DOSTORESTATE35
466 SHA1_STORE_STATE(35)
467#endif
468 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
469
470#ifdef DOSTORESTATE36
471 SHA1_STORE_STATE(36)
472#endif
473 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
474
475#ifdef DOSTORESTATE37
476 SHA1_STORE_STATE(37)
477#endif
478 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
479
480#ifdef DOSTORESTATE38
481 SHA1_STORE_STATE(38)
482#endif
483 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
484
485#ifdef DOSTORESTATE39
486 SHA1_STORE_STATE(39)
487#endif
488 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
489
490
491
492#ifdef DOSTORESTATE40
493 SHA1_STORE_STATE(40)
494#endif
495 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
496
497#ifdef DOSTORESTATE41
498 SHA1_STORE_STATE(41)
499#endif
500 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
501
502#ifdef DOSTORESTATE42
503 SHA1_STORE_STATE(42)
504#endif
505 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
506
507#ifdef DOSTORESTATE43
508 SHA1_STORE_STATE(43)
509#endif
510 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
511
512#ifdef DOSTORESTATE44
513 SHA1_STORE_STATE(44)
514#endif
515 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
516
517#ifdef DOSTORESTATE45
518 SHA1_STORE_STATE(45)
519#endif
520 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
521
522#ifdef DOSTORESTATE46
523 SHA1_STORE_STATE(46)
524#endif
525 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
526
527#ifdef DOSTORESTATE47
528 SHA1_STORE_STATE(47)
529#endif
530 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
531
532#ifdef DOSTORESTATE48
533 SHA1_STORE_STATE(48)
534#endif
535 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
536
537#ifdef DOSTORESTATE49
538 SHA1_STORE_STATE(49)
539#endif
540 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
541
542#ifdef DOSTORESTATE50
543 SHA1_STORE_STATE(50)
544#endif
545 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
546
547#ifdef DOSTORESTATE51
548 SHA1_STORE_STATE(51)
549#endif
550 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
551
552#ifdef DOSTORESTATE52
553 SHA1_STORE_STATE(52)
554#endif
555 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
556
557#ifdef DOSTORESTATE53
558 SHA1_STORE_STATE(53)
559#endif
560 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
561
562#ifdef DOSTORESTATE54
563 SHA1_STORE_STATE(54)
564#endif
565 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
566
567#ifdef DOSTORESTATE55
568 SHA1_STORE_STATE(55)
569#endif
570 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
571
572#ifdef DOSTORESTATE56
573 SHA1_STORE_STATE(56)
574#endif
575 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
576
577#ifdef DOSTORESTATE57
578 SHA1_STORE_STATE(57)
579#endif
580 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
581
582#ifdef DOSTORESTATE58
583 SHA1_STORE_STATE(58)
584#endif
585 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
586
587#ifdef DOSTORESTATE59
588 SHA1_STORE_STATE(59)
589#endif
590 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
591
592
593
594
595#ifdef DOSTORESTATE60
596 SHA1_STORE_STATE(60)
597#endif
598 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
599
600#ifdef DOSTORESTATE61
601 SHA1_STORE_STATE(61)
602#endif
603 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
604
605#ifdef DOSTORESTATE62
606 SHA1_STORE_STATE(62)
607#endif
608 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
609
610#ifdef DOSTORESTATE63
611 SHA1_STORE_STATE(63)
612#endif
613 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
614
615#ifdef DOSTORESTATE64
616 SHA1_STORE_STATE(64)
617#endif
618 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
619
620#ifdef DOSTORESTATE65
621 SHA1_STORE_STATE(65)
622#endif
623 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
624
625#ifdef DOSTORESTATE66
626 SHA1_STORE_STATE(66)
627#endif
628 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
629
630#ifdef DOSTORESTATE67
631 SHA1_STORE_STATE(67)
632#endif
633 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
634
635#ifdef DOSTORESTATE68
636 SHA1_STORE_STATE(68)
637#endif
638 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
639
640#ifdef DOSTORESTATE69
641 SHA1_STORE_STATE(69)
642#endif
643 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
644
645#ifdef DOSTORESTATE70
646 SHA1_STORE_STATE(70)
647#endif
648 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
649
650#ifdef DOSTORESTATE71
651 SHA1_STORE_STATE(71)
652#endif
653 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
654
655#ifdef DOSTORESTATE72
656 SHA1_STORE_STATE(72)
657#endif
658 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
659
660#ifdef DOSTORESTATE73
661 SHA1_STORE_STATE(73)
662#endif
663 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
664
665#ifdef DOSTORESTATE74
666 SHA1_STORE_STATE(74)
667#endif
668 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
669
670#ifdef DOSTORESTATE75
671 SHA1_STORE_STATE(75)
672#endif
673 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
674
675#ifdef DOSTORESTATE76
676 SHA1_STORE_STATE(76)
677#endif
678 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
679
680#ifdef DOSTORESTATE77
681 SHA1_STORE_STATE(77)
682#endif
683 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
684
685#ifdef DOSTORESTATE78
686 SHA1_STORE_STATE(78)
687#endif
688 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
689
690#ifdef DOSTORESTATE79
691 SHA1_STORE_STATE(79)
692#endif
693 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
694
695
696
697 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
698}
699
700
701
702
703#define SHA1_RECOMPRESS(t) \
704static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
705{ \
706 uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
707 if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
708 if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
709 if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
710 if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
711 if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
712 if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
713 if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
714 if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
715 if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
716 if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
717 if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
718 if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
719 if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
720 if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
721 if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
722 if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
723 if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
724 if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
725 if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
726 if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
727 if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
728 if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
729 if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
730 if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
731 if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
732 if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
733 if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
734 if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
735 if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
736 if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
737 if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
738 if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
739 if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
740 if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
741 if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
742 if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
743 if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
744 if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
745 if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
746 if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
747 if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
748 if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
749 if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
750 if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
751 if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
752 if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
753 if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
754 if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
755 if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
756 if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
757 if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
758 if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
759 if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
760 if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
761 if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
762 if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
763 if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
764 if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
765 if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
766 if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
767 if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
768 if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
769 if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
770 if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
771 if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
772 if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
773 if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
774 if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
775 if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
776 if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
777 if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
778 if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
779 if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
780 if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
781 if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
782 if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
783 if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
784 if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
785 if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
786 if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
787 ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
788 a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
789 if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
790 if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
791 if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
792 if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
793 if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
794 if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
795 if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
796 if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
797 if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
798 if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
799 if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
800 if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
801 if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
802 if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
803 if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
804 if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
805 if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
806 if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
807 if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
808 if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
809 if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
810 if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
811 if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
812 if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
813 if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
814 if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
815 if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
816 if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
817 if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
818 if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
819 if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
820 if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
821 if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
822 if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
823 if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
824 if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
825 if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
826 if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
827 if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
828 if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
829 if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
830 if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
831 if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
832 if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
833 if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
834 if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
835 if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
836 if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
837 if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
838 if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
839 if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
840 if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
841 if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
842 if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
843 if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
844 if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
845 if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
846 if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
847 if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
848 if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
849 if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
850 if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
851 if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
852 if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
853 if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
854 if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
855 if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
856 if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
857 if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
858 if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
859 if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
860 if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
861 if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
862 if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
863 if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
864 if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
865 if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
866 if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
867 if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
868 if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
869 ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
870}
871
872#ifdef DOSTORESTATE0
873SHA1_RECOMPRESS(0)
874#endif
875
876#ifdef DOSTORESTATE1
877SHA1_RECOMPRESS(1)
878#endif
879
880#ifdef DOSTORESTATE2
881SHA1_RECOMPRESS(2)
882#endif
883
884#ifdef DOSTORESTATE3
885SHA1_RECOMPRESS(3)
886#endif
887
888#ifdef DOSTORESTATE4
889SHA1_RECOMPRESS(4)
890#endif
891
892#ifdef DOSTORESTATE5
893SHA1_RECOMPRESS(5)
894#endif
895
896#ifdef DOSTORESTATE6
897SHA1_RECOMPRESS(6)
898#endif
899
900#ifdef DOSTORESTATE7
901SHA1_RECOMPRESS(7)
902#endif
903
904#ifdef DOSTORESTATE8
905SHA1_RECOMPRESS(8)
906#endif
907
908#ifdef DOSTORESTATE9
909SHA1_RECOMPRESS(9)
910#endif
911
912#ifdef DOSTORESTATE10
913SHA1_RECOMPRESS(10)
914#endif
915
916#ifdef DOSTORESTATE11
917SHA1_RECOMPRESS(11)
918#endif
919
920#ifdef DOSTORESTATE12
921SHA1_RECOMPRESS(12)
922#endif
923
924#ifdef DOSTORESTATE13
925SHA1_RECOMPRESS(13)
926#endif
927
928#ifdef DOSTORESTATE14
929SHA1_RECOMPRESS(14)
930#endif
931
932#ifdef DOSTORESTATE15
933SHA1_RECOMPRESS(15)
934#endif
935
936#ifdef DOSTORESTATE16
937SHA1_RECOMPRESS(16)
938#endif
939
940#ifdef DOSTORESTATE17
941SHA1_RECOMPRESS(17)
942#endif
943
944#ifdef DOSTORESTATE18
945SHA1_RECOMPRESS(18)
946#endif
947
948#ifdef DOSTORESTATE19
949SHA1_RECOMPRESS(19)
950#endif
951
952#ifdef DOSTORESTATE20
953SHA1_RECOMPRESS(20)
954#endif
955
956#ifdef DOSTORESTATE21
957SHA1_RECOMPRESS(21)
958#endif
959
960#ifdef DOSTORESTATE22
961SHA1_RECOMPRESS(22)
962#endif
963
964#ifdef DOSTORESTATE23
965SHA1_RECOMPRESS(23)
966#endif
967
968#ifdef DOSTORESTATE24
969SHA1_RECOMPRESS(24)
970#endif
971
972#ifdef DOSTORESTATE25
973SHA1_RECOMPRESS(25)
974#endif
975
976#ifdef DOSTORESTATE26
977SHA1_RECOMPRESS(26)
978#endif
979
980#ifdef DOSTORESTATE27
981SHA1_RECOMPRESS(27)
982#endif
983
984#ifdef DOSTORESTATE28
985SHA1_RECOMPRESS(28)
986#endif
987
988#ifdef DOSTORESTATE29
989SHA1_RECOMPRESS(29)
990#endif
991
992#ifdef DOSTORESTATE30
993SHA1_RECOMPRESS(30)
994#endif
995
996#ifdef DOSTORESTATE31
997SHA1_RECOMPRESS(31)
998#endif
999
1000#ifdef DOSTORESTATE32
1001SHA1_RECOMPRESS(32)
1002#endif
1003
1004#ifdef DOSTORESTATE33
1005SHA1_RECOMPRESS(33)
1006#endif
1007
1008#ifdef DOSTORESTATE34
1009SHA1_RECOMPRESS(34)
1010#endif
1011
1012#ifdef DOSTORESTATE35
1013SHA1_RECOMPRESS(35)
1014#endif
1015
1016#ifdef DOSTORESTATE36
1017SHA1_RECOMPRESS(36)
1018#endif
1019
1020#ifdef DOSTORESTATE37
1021SHA1_RECOMPRESS(37)
1022#endif
1023
1024#ifdef DOSTORESTATE38
1025SHA1_RECOMPRESS(38)
1026#endif
1027
1028#ifdef DOSTORESTATE39
1029SHA1_RECOMPRESS(39)
1030#endif
1031
1032#ifdef DOSTORESTATE40
1033SHA1_RECOMPRESS(40)
1034#endif
1035
1036#ifdef DOSTORESTATE41
1037SHA1_RECOMPRESS(41)
1038#endif
1039
1040#ifdef DOSTORESTATE42
1041SHA1_RECOMPRESS(42)
1042#endif
1043
1044#ifdef DOSTORESTATE43
1045SHA1_RECOMPRESS(43)
1046#endif
1047
1048#ifdef DOSTORESTATE44
1049SHA1_RECOMPRESS(44)
1050#endif
1051
1052#ifdef DOSTORESTATE45
1053SHA1_RECOMPRESS(45)
1054#endif
1055
1056#ifdef DOSTORESTATE46
1057SHA1_RECOMPRESS(46)
1058#endif
1059
1060#ifdef DOSTORESTATE47
1061SHA1_RECOMPRESS(47)
1062#endif
1063
1064#ifdef DOSTORESTATE48
1065SHA1_RECOMPRESS(48)
1066#endif
1067
1068#ifdef DOSTORESTATE49
1069SHA1_RECOMPRESS(49)
1070#endif
1071
1072#ifdef DOSTORESTATE50
1073SHA1_RECOMPRESS(50)
1074#endif
1075
1076#ifdef DOSTORESTATE51
1077SHA1_RECOMPRESS(51)
1078#endif
1079
1080#ifdef DOSTORESTATE52
1081SHA1_RECOMPRESS(52)
1082#endif
1083
1084#ifdef DOSTORESTATE53
1085SHA1_RECOMPRESS(53)
1086#endif
1087
1088#ifdef DOSTORESTATE54
1089SHA1_RECOMPRESS(54)
1090#endif
1091
1092#ifdef DOSTORESTATE55
1093SHA1_RECOMPRESS(55)
1094#endif
1095
1096#ifdef DOSTORESTATE56
1097SHA1_RECOMPRESS(56)
1098#endif
1099
1100#ifdef DOSTORESTATE57
1101SHA1_RECOMPRESS(57)
1102#endif
1103
1104#ifdef DOSTORESTATE58
1105SHA1_RECOMPRESS(58)
1106#endif
1107
1108#ifdef DOSTORESTATE59
1109SHA1_RECOMPRESS(59)
1110#endif
1111
1112#ifdef DOSTORESTATE60
1113SHA1_RECOMPRESS(60)
1114#endif
1115
1116#ifdef DOSTORESTATE61
1117SHA1_RECOMPRESS(61)
1118#endif
1119
1120#ifdef DOSTORESTATE62
1121SHA1_RECOMPRESS(62)
1122#endif
1123
1124#ifdef DOSTORESTATE63
1125SHA1_RECOMPRESS(63)
1126#endif
1127
1128#ifdef DOSTORESTATE64
1129SHA1_RECOMPRESS(64)
1130#endif
1131
1132#ifdef DOSTORESTATE65
1133SHA1_RECOMPRESS(65)
1134#endif
1135
1136#ifdef DOSTORESTATE66
1137SHA1_RECOMPRESS(66)
1138#endif
1139
1140#ifdef DOSTORESTATE67
1141SHA1_RECOMPRESS(67)
1142#endif
1143
1144#ifdef DOSTORESTATE68
1145SHA1_RECOMPRESS(68)
1146#endif
1147
1148#ifdef DOSTORESTATE69
1149SHA1_RECOMPRESS(69)
1150#endif
1151
1152#ifdef DOSTORESTATE70
1153SHA1_RECOMPRESS(70)
1154#endif
1155
1156#ifdef DOSTORESTATE71
1157SHA1_RECOMPRESS(71)
1158#endif
1159
1160#ifdef DOSTORESTATE72
1161SHA1_RECOMPRESS(72)
1162#endif
1163
1164#ifdef DOSTORESTATE73
1165SHA1_RECOMPRESS(73)
1166#endif
1167
1168#ifdef DOSTORESTATE74
1169SHA1_RECOMPRESS(74)
1170#endif
1171
1172#ifdef DOSTORESTATE75
1173SHA1_RECOMPRESS(75)
1174#endif
1175
1176#ifdef DOSTORESTATE76
1177SHA1_RECOMPRESS(76)
1178#endif
1179
1180#ifdef DOSTORESTATE77
1181SHA1_RECOMPRESS(77)
1182#endif
1183
1184#ifdef DOSTORESTATE78
1185SHA1_RECOMPRESS(78)
1186#endif
1187
1188#ifdef DOSTORESTATE79
1189SHA1_RECOMPRESS(79)
1190#endif
1191
1192static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
1193{
1194 switch (step)
1195 {
1196#ifdef DOSTORESTATE0
1197 case 0:
1198 sha1recompress_fast_0(ihvin, ihvout, me2, state);
1199 break;
1200#endif
1201#ifdef DOSTORESTATE1
1202 case 1:
1203 sha1recompress_fast_1(ihvin, ihvout, me2, state);
1204 break;
1205#endif
1206#ifdef DOSTORESTATE2
1207 case 2:
1208 sha1recompress_fast_2(ihvin, ihvout, me2, state);
1209 break;
1210#endif
1211#ifdef DOSTORESTATE3
1212 case 3:
1213 sha1recompress_fast_3(ihvin, ihvout, me2, state);
1214 break;
1215#endif
1216#ifdef DOSTORESTATE4
1217 case 4:
1218 sha1recompress_fast_4(ihvin, ihvout, me2, state);
1219 break;
1220#endif
1221#ifdef DOSTORESTATE5
1222 case 5:
1223 sha1recompress_fast_5(ihvin, ihvout, me2, state);
1224 break;
1225#endif
1226#ifdef DOSTORESTATE6
1227 case 6:
1228 sha1recompress_fast_6(ihvin, ihvout, me2, state);
1229 break;
1230#endif
1231#ifdef DOSTORESTATE7
1232 case 7:
1233 sha1recompress_fast_7(ihvin, ihvout, me2, state);
1234 break;
1235#endif
1236#ifdef DOSTORESTATE8
1237 case 8:
1238 sha1recompress_fast_8(ihvin, ihvout, me2, state);
1239 break;
1240#endif
1241#ifdef DOSTORESTATE9
1242 case 9:
1243 sha1recompress_fast_9(ihvin, ihvout, me2, state);
1244 break;
1245#endif
1246#ifdef DOSTORESTATE10
1247 case 10:
1248 sha1recompress_fast_10(ihvin, ihvout, me2, state);
1249 break;
1250#endif
1251#ifdef DOSTORESTATE11
1252 case 11:
1253 sha1recompress_fast_11(ihvin, ihvout, me2, state);
1254 break;
1255#endif
1256#ifdef DOSTORESTATE12
1257 case 12:
1258 sha1recompress_fast_12(ihvin, ihvout, me2, state);
1259 break;
1260#endif
1261#ifdef DOSTORESTATE13
1262 case 13:
1263 sha1recompress_fast_13(ihvin, ihvout, me2, state);
1264 break;
1265#endif
1266#ifdef DOSTORESTATE14
1267 case 14:
1268 sha1recompress_fast_14(ihvin, ihvout, me2, state);
1269 break;
1270#endif
1271#ifdef DOSTORESTATE15
1272 case 15:
1273 sha1recompress_fast_15(ihvin, ihvout, me2, state);
1274 break;
1275#endif
1276#ifdef DOSTORESTATE16
1277 case 16:
1278 sha1recompress_fast_16(ihvin, ihvout, me2, state);
1279 break;
1280#endif
1281#ifdef DOSTORESTATE17
1282 case 17:
1283 sha1recompress_fast_17(ihvin, ihvout, me2, state);
1284 break;
1285#endif
1286#ifdef DOSTORESTATE18
1287 case 18:
1288 sha1recompress_fast_18(ihvin, ihvout, me2, state);
1289 break;
1290#endif
1291#ifdef DOSTORESTATE19
1292 case 19:
1293 sha1recompress_fast_19(ihvin, ihvout, me2, state);
1294 break;
1295#endif
1296#ifdef DOSTORESTATE20
1297 case 20:
1298 sha1recompress_fast_20(ihvin, ihvout, me2, state);
1299 break;
1300#endif
1301#ifdef DOSTORESTATE21
1302 case 21:
1303 sha1recompress_fast_21(ihvin, ihvout, me2, state);
1304 break;
1305#endif
1306#ifdef DOSTORESTATE22
1307 case 22:
1308 sha1recompress_fast_22(ihvin, ihvout, me2, state);
1309 break;
1310#endif
1311#ifdef DOSTORESTATE23
1312 case 23:
1313 sha1recompress_fast_23(ihvin, ihvout, me2, state);
1314 break;
1315#endif
1316#ifdef DOSTORESTATE24
1317 case 24:
1318 sha1recompress_fast_24(ihvin, ihvout, me2, state);
1319 break;
1320#endif
1321#ifdef DOSTORESTATE25
1322 case 25:
1323 sha1recompress_fast_25(ihvin, ihvout, me2, state);
1324 break;
1325#endif
1326#ifdef DOSTORESTATE26
1327 case 26:
1328 sha1recompress_fast_26(ihvin, ihvout, me2, state);
1329 break;
1330#endif
1331#ifdef DOSTORESTATE27
1332 case 27:
1333 sha1recompress_fast_27(ihvin, ihvout, me2, state);
1334 break;
1335#endif
1336#ifdef DOSTORESTATE28
1337 case 28:
1338 sha1recompress_fast_28(ihvin, ihvout, me2, state);
1339 break;
1340#endif
1341#ifdef DOSTORESTATE29
1342 case 29:
1343 sha1recompress_fast_29(ihvin, ihvout, me2, state);
1344 break;
1345#endif
1346#ifdef DOSTORESTATE30
1347 case 30:
1348 sha1recompress_fast_30(ihvin, ihvout, me2, state);
1349 break;
1350#endif
1351#ifdef DOSTORESTATE31
1352 case 31:
1353 sha1recompress_fast_31(ihvin, ihvout, me2, state);
1354 break;
1355#endif
1356#ifdef DOSTORESTATE32
1357 case 32:
1358 sha1recompress_fast_32(ihvin, ihvout, me2, state);
1359 break;
1360#endif
1361#ifdef DOSTORESTATE33
1362 case 33:
1363 sha1recompress_fast_33(ihvin, ihvout, me2, state);
1364 break;
1365#endif
1366#ifdef DOSTORESTATE34
1367 case 34:
1368 sha1recompress_fast_34(ihvin, ihvout, me2, state);
1369 break;
1370#endif
1371#ifdef DOSTORESTATE35
1372 case 35:
1373 sha1recompress_fast_35(ihvin, ihvout, me2, state);
1374 break;
1375#endif
1376#ifdef DOSTORESTATE36
1377 case 36:
1378 sha1recompress_fast_36(ihvin, ihvout, me2, state);
1379 break;
1380#endif
1381#ifdef DOSTORESTATE37
1382 case 37:
1383 sha1recompress_fast_37(ihvin, ihvout, me2, state);
1384 break;
1385#endif
1386#ifdef DOSTORESTATE38
1387 case 38:
1388 sha1recompress_fast_38(ihvin, ihvout, me2, state);
1389 break;
1390#endif
1391#ifdef DOSTORESTATE39
1392 case 39:
1393 sha1recompress_fast_39(ihvin, ihvout, me2, state);
1394 break;
1395#endif
1396#ifdef DOSTORESTATE40
1397 case 40:
1398 sha1recompress_fast_40(ihvin, ihvout, me2, state);
1399 break;
1400#endif
1401#ifdef DOSTORESTATE41
1402 case 41:
1403 sha1recompress_fast_41(ihvin, ihvout, me2, state);
1404 break;
1405#endif
1406#ifdef DOSTORESTATE42
1407 case 42:
1408 sha1recompress_fast_42(ihvin, ihvout, me2, state);
1409 break;
1410#endif
1411#ifdef DOSTORESTATE43
1412 case 43:
1413 sha1recompress_fast_43(ihvin, ihvout, me2, state);
1414 break;
1415#endif
1416#ifdef DOSTORESTATE44
1417 case 44:
1418 sha1recompress_fast_44(ihvin, ihvout, me2, state);
1419 break;
1420#endif
1421#ifdef DOSTORESTATE45
1422 case 45:
1423 sha1recompress_fast_45(ihvin, ihvout, me2, state);
1424 break;
1425#endif
1426#ifdef DOSTORESTATE46
1427 case 46:
1428 sha1recompress_fast_46(ihvin, ihvout, me2, state);
1429 break;
1430#endif
1431#ifdef DOSTORESTATE47
1432 case 47:
1433 sha1recompress_fast_47(ihvin, ihvout, me2, state);
1434 break;
1435#endif
1436#ifdef DOSTORESTATE48
1437 case 48:
1438 sha1recompress_fast_48(ihvin, ihvout, me2, state);
1439 break;
1440#endif
1441#ifdef DOSTORESTATE49
1442 case 49:
1443 sha1recompress_fast_49(ihvin, ihvout, me2, state);
1444 break;
1445#endif
1446#ifdef DOSTORESTATE50
1447 case 50:
1448 sha1recompress_fast_50(ihvin, ihvout, me2, state);
1449 break;
1450#endif
1451#ifdef DOSTORESTATE51
1452 case 51:
1453 sha1recompress_fast_51(ihvin, ihvout, me2, state);
1454 break;
1455#endif
1456#ifdef DOSTORESTATE52
1457 case 52:
1458 sha1recompress_fast_52(ihvin, ihvout, me2, state);
1459 break;
1460#endif
1461#ifdef DOSTORESTATE53
1462 case 53:
1463 sha1recompress_fast_53(ihvin, ihvout, me2, state);
1464 break;
1465#endif
1466#ifdef DOSTORESTATE54
1467 case 54:
1468 sha1recompress_fast_54(ihvin, ihvout, me2, state);
1469 break;
1470#endif
1471#ifdef DOSTORESTATE55
1472 case 55:
1473 sha1recompress_fast_55(ihvin, ihvout, me2, state);
1474 break;
1475#endif
1476#ifdef DOSTORESTATE56
1477 case 56:
1478 sha1recompress_fast_56(ihvin, ihvout, me2, state);
1479 break;
1480#endif
1481#ifdef DOSTORESTATE57
1482 case 57:
1483 sha1recompress_fast_57(ihvin, ihvout, me2, state);
1484 break;
1485#endif
1486#ifdef DOSTORESTATE58
1487 case 58:
1488 sha1recompress_fast_58(ihvin, ihvout, me2, state);
1489 break;
1490#endif
1491#ifdef DOSTORESTATE59
1492 case 59:
1493 sha1recompress_fast_59(ihvin, ihvout, me2, state);
1494 break;
1495#endif
1496#ifdef DOSTORESTATE60
1497 case 60:
1498 sha1recompress_fast_60(ihvin, ihvout, me2, state);
1499 break;
1500#endif
1501#ifdef DOSTORESTATE61
1502 case 61:
1503 sha1recompress_fast_61(ihvin, ihvout, me2, state);
1504 break;
1505#endif
1506#ifdef DOSTORESTATE62
1507 case 62:
1508 sha1recompress_fast_62(ihvin, ihvout, me2, state);
1509 break;
1510#endif
1511#ifdef DOSTORESTATE63
1512 case 63:
1513 sha1recompress_fast_63(ihvin, ihvout, me2, state);
1514 break;
1515#endif
1516#ifdef DOSTORESTATE64
1517 case 64:
1518 sha1recompress_fast_64(ihvin, ihvout, me2, state);
1519 break;
1520#endif
1521#ifdef DOSTORESTATE65
1522 case 65:
1523 sha1recompress_fast_65(ihvin, ihvout, me2, state);
1524 break;
1525#endif
1526#ifdef DOSTORESTATE66
1527 case 66:
1528 sha1recompress_fast_66(ihvin, ihvout, me2, state);
1529 break;
1530#endif
1531#ifdef DOSTORESTATE67
1532 case 67:
1533 sha1recompress_fast_67(ihvin, ihvout, me2, state);
1534 break;
1535#endif
1536#ifdef DOSTORESTATE68
1537 case 68:
1538 sha1recompress_fast_68(ihvin, ihvout, me2, state);
1539 break;
1540#endif
1541#ifdef DOSTORESTATE69
1542 case 69:
1543 sha1recompress_fast_69(ihvin, ihvout, me2, state);
1544 break;
1545#endif
1546#ifdef DOSTORESTATE70
1547 case 70:
1548 sha1recompress_fast_70(ihvin, ihvout, me2, state);
1549 break;
1550#endif
1551#ifdef DOSTORESTATE71
1552 case 71:
1553 sha1recompress_fast_71(ihvin, ihvout, me2, state);
1554 break;
1555#endif
1556#ifdef DOSTORESTATE72
1557 case 72:
1558 sha1recompress_fast_72(ihvin, ihvout, me2, state);
1559 break;
1560#endif
1561#ifdef DOSTORESTATE73
1562 case 73:
1563 sha1recompress_fast_73(ihvin, ihvout, me2, state);
1564 break;
1565#endif
1566#ifdef DOSTORESTATE74
1567 case 74:
1568 sha1recompress_fast_74(ihvin, ihvout, me2, state);
1569 break;
1570#endif
1571#ifdef DOSTORESTATE75
1572 case 75:
1573 sha1recompress_fast_75(ihvin, ihvout, me2, state);
1574 break;
1575#endif
1576#ifdef DOSTORESTATE76
1577 case 76:
1578 sha1recompress_fast_76(ihvin, ihvout, me2, state);
1579 break;
1580#endif
1581#ifdef DOSTORESTATE77
1582 case 77:
1583 sha1recompress_fast_77(ihvin, ihvout, me2, state);
1584 break;
1585#endif
1586#ifdef DOSTORESTATE78
1587 case 78:
1588 sha1recompress_fast_78(ihvin, ihvout, me2, state);
1589 break;
1590#endif
1591#ifdef DOSTORESTATE79
1592 case 79:
1593 sha1recompress_fast_79(ihvin, ihvout, me2, state);
1594 break;
1595#endif
1596 default:
1597 abort();
1598 }
1599
1600}
1601
1602
1603
1604static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
1605{
1606 unsigned i, j;
1607 uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
1608 uint32_t ihvtmp[5];
1609
1610 ctx->ihv1[0] = ctx->ihv[0];
1611 ctx->ihv1[1] = ctx->ihv[1];
1612 ctx->ihv1[2] = ctx->ihv[2];
1613 ctx->ihv1[3] = ctx->ihv[3];
1614 ctx->ihv1[4] = ctx->ihv[4];
1615
1616 sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
1617
1618 if (ctx->detect_coll)
1619 {
1620 if (ctx->ubc_check)
1621 {
1622 ubc_check(ctx->m1, ubc_dv_mask);
1623 }
1624
1625 if (ubc_dv_mask[0] != 0)
1626 {
1627 for (i = 0; sha1_dvs[i].dvType != 0; ++i)
1628 {
1629 if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
1630 {
1631 for (j = 0; j < 80; ++j)
1632 ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1633
1634 sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);
1635
1636 /* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
1637 if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
1638 || (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
1639 {
1640 ctx->found_collision = 1;
1641
1642 if (ctx->safe_hash)
1643 {
1644 sha1_compression_W(ctx->ihv, ctx->m1);
1645 sha1_compression_W(ctx->ihv, ctx->m1);
1646 }
1647
1648 break;
1649 }
1650 }
1651 }
1652 }
1653 }
1654}
1655
1656void SHA1DCInit(SHA1_CTX* ctx)
1657{
1658 ctx->total = 0;
1659 ctx->ihv[0] = 0x67452301;
1660 ctx->ihv[1] = 0xEFCDAB89;
1661 ctx->ihv[2] = 0x98BADCFE;
1662 ctx->ihv[3] = 0x10325476;
1663 ctx->ihv[4] = 0xC3D2E1F0;
1664 ctx->found_collision = 0;
1665 ctx->safe_hash = 0;
1666 ctx->ubc_check = 1;
1667 ctx->detect_coll = 1;
1668 ctx->reduced_round_coll = 0;
1669 ctx->callback = NULL;
1670}
1671
1672void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
1673{
1674 if (safehash)
1675 ctx->safe_hash = 1;
1676 else
1677 ctx->safe_hash = 0;
1678}
1679
1680
1681void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
1682{
1683 if (ubc_check)
1684 ctx->ubc_check = 1;
1685 else
1686 ctx->ubc_check = 0;
1687}
1688
1689void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
1690{
1691 if (detect_coll)
1692 ctx->detect_coll = 1;
1693 else
1694 ctx->detect_coll = 0;
1695}
1696
1697void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
1698{
1699 if (reduced_round_coll)
1700 ctx->reduced_round_coll = 1;
1701 else
1702 ctx->reduced_round_coll = 0;
1703}
1704
1705void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
1706{
1707 ctx->callback = callback;
1708}
1709
1710void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
1711{
1712 unsigned left, fill;
1713 if (len == 0)
1714 return;
1715
1716 left = ctx->total & 63;
1717 fill = 64 - left;
1718
1719 if (left && len >= fill)
1720 {
1721 ctx->total += fill;
1722 memcpy(ctx->buffer + left, buf, fill);
1723 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1724 buf += fill;
1725 len -= fill;
1726 left = 0;
1727 }
1728 while (len >= 64)
1729 {
1730 ctx->total += 64;
1731 sha1_process(ctx, (uint32_t*)(buf));
1732 buf += 64;
1733 len -= 64;
1734 }
1735 if (len > 0)
1736 {
1737 ctx->total += len;
1738 memcpy(ctx->buffer + left, buf, len);
1739 }
1740}
1741
1742static const unsigned char sha1_padding[64] =
1743{
1744 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1745 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1746 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1747 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1748};
1749
1750int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
1751{
1752 uint32_t last = ctx->total & 63;
1753 uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
1754 uint64_t total;
1755 SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
1756
1757 total = ctx->total - padn;
1758 total <<= 3;
1759 ctx->buffer[56] = (unsigned char)(total >> 56);
1760 ctx->buffer[57] = (unsigned char)(total >> 48);
1761 ctx->buffer[58] = (unsigned char)(total >> 40);
1762 ctx->buffer[59] = (unsigned char)(total >> 32);
1763 ctx->buffer[60] = (unsigned char)(total >> 24);
1764 ctx->buffer[61] = (unsigned char)(total >> 16);
1765 ctx->buffer[62] = (unsigned char)(total >> 8);
1766 ctx->buffer[63] = (unsigned char)(total);
1767 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1768 output[0] = (unsigned char)(ctx->ihv[0] >> 24);
1769 output[1] = (unsigned char)(ctx->ihv[0] >> 16);
1770 output[2] = (unsigned char)(ctx->ihv[0] >> 8);
1771 output[3] = (unsigned char)(ctx->ihv[0]);
1772 output[4] = (unsigned char)(ctx->ihv[1] >> 24);
1773 output[5] = (unsigned char)(ctx->ihv[1] >> 16);
1774 output[6] = (unsigned char)(ctx->ihv[1] >> 8);
1775 output[7] = (unsigned char)(ctx->ihv[1]);
1776 output[8] = (unsigned char)(ctx->ihv[2] >> 24);
1777 output[9] = (unsigned char)(ctx->ihv[2] >> 16);
1778 output[10] = (unsigned char)(ctx->ihv[2] >> 8);
1779 output[11] = (unsigned char)(ctx->ihv[2]);
1780 output[12] = (unsigned char)(ctx->ihv[3] >> 24);
1781 output[13] = (unsigned char)(ctx->ihv[3] >> 16);
1782 output[14] = (unsigned char)(ctx->ihv[3] >> 8);
1783 output[15] = (unsigned char)(ctx->ihv[3]);
1784 output[16] = (unsigned char)(ctx->ihv[4] >> 24);
1785 output[17] = (unsigned char)(ctx->ihv[4] >> 16);
1786 output[18] = (unsigned char)(ctx->ihv[4] >> 8);
1787 output[19] = (unsigned char)(ctx->ihv[4]);
1788 return ctx->found_collision;
1789}
1790
1791void git_SHA1DCFinal(unsigned char hash[20], SHA1_CTX *ctx)
1792{
1793 if (!SHA1DCFinal(hash, ctx))
1794 return;
1795 die("SHA-1 appears to be part of a collision attack: %s",
1796 sha1_to_hex(hash));
1797}
1798
1799void git_SHA1DCUpdate(SHA1_CTX *ctx, const void *vdata, unsigned long len)
1800{
1801 const char *data = vdata;
1802 /* We expect an unsigned long, but sha1dc only takes an int */
1803 while (len > INT_MAX) {
1804 SHA1DCUpdate(ctx, data, INT_MAX);
1805 data += INT_MAX;
1806 len -= INT_MAX;
1807 }
1808 SHA1DCUpdate(ctx, data, len);
1809}