sha1.c 56.4 KB
Newer Older
1
/***
2
* Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
3 4 5 6 7
* Distributed under the MIT Software License.
* See accompanying file LICENSE.txt or copy at
* https://opensource.org/licenses/MIT
***/

8
#ifndef SHA1DC_NO_STANDARD_INCLUDES
9 10 11
#include <string.h>
#include <memory.h>
#include <stdio.h>
12
#include <stdlib.h>
13 14 15
#ifdef __unix__
#include <sys/types.h> /* make sure macros like _BIG_ENDIAN visible */
#endif
16 17 18 19 20 21 22 23 24
#endif

#ifdef SHA1DC_CUSTOM_INCLUDE_SHA1_C
#include SHA1DC_CUSTOM_INCLUDE_SHA1_C
#endif

#ifndef SHA1DC_INIT_SAFE_HASH_DEFAULT
#define SHA1DC_INIT_SAFE_HASH_DEFAULT 1
#endif
25 26 27 28

#include "sha1.h"
#include "ubc_check.h"

29 30 31 32 33 34 35
#if (defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || \
     defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__)  || \
     defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || \
     defined(_X86_) || defined(__THW_INTEL__) || defined(__I86__) || defined(__INTEL__) || \
     defined(__386) || defined(_M_X64) || defined(_M_AMD64))
#define SHA1DC_ON_INTEL_LIKE_PROCESSOR
#endif
36

37
/*
38
   Because Little-Endian architectures are most common,
39
   we only set SHA1DC_BIGENDIAN if one of these conditions is met.
40 41 42 43 44
   Note that all MSFT platforms are little endian,
   so none of these will be defined under the MSC compiler.
   If you are compiling on a big endian platform and your compiler does not define one of these,
   you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
 */
45

46 47 48 49 50 51 52 53 54 55 56
#if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
/*
 * Should detect Big Endian under GCC since at least 4.6.0 (gcc svn
 * rev #165881). See
 * https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
 *
 * This also works under clang since 3.2, it copied the GCC-ism. See
 * clang.git's 3b198a97d2 ("Preprocessor: add __BYTE_ORDER__
 * predefined macro", 2012-07-27)
 */
#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
57 58 59
#define SHA1DC_BIGENDIAN
#endif

60 61 62 63 64 65 66 67 68
/* Not under GCC-alike */
#elif defined(__BYTE_ORDER) && defined(__BIG_ENDIAN)
/*
 * Should detect Big Endian under glibc.git since 14245eb70e ("entered
 * into RCS", 1992-11-25). Defined in <endian.h> which will have been
 * brought in by standard headers. See glibc.git and
 * https://sourceforge.net/p/predef/wiki/Endianness/
 */
#if __BYTE_ORDER == __BIG_ENDIAN
69 70 71
#define SHA1DC_BIGENDIAN
#endif

72 73 74 75 76 77 78 79 80 81
/* Not under GCC-alike or glibc */
#elif defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN)
/*
 * *BSD and newlib (embeded linux, cygwin, etc).
 * the defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN) part prevents
 * this condition from matching with Solaris/sparc.
 * (Solaris defines only one endian macro)
 */
#if _BYTE_ORDER == _BIG_ENDIAN
#define SHA1DC_BIGENDIAN
82 83
#endif

84 85 86 87 88 89 90 91 92 93 94 95
/* Not under GCC-alike or glibc or *BSD or newlib */
#elif (defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
       defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || \
       defined(__sparc))
/*
 * Should define Big Endian for a whitelist of known processors. See
 * https://sourceforge.net/p/predef/wiki/Endianness/ and
 * http://www.oracle.com/technetwork/server-storage/solaris/portingtosolaris-138514.html
 */
#define SHA1DC_BIGENDIAN

/* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> */
96 97 98 99 100 101 102 103 104 105
#elif (defined(_AIX) || defined(__hpux))

/*
 * Defines Big Endian on a whitelist of OSs that are known to be Big
 * Endian-only. See
 * https://public-inbox.org/git/93056823-2740-d072-1ebd-46b440b33d7e@felt.demon.nl/
 */
#define SHA1DC_BIGENDIAN

/* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> */
106 107 108 109 110 111
#elif defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
/*
 * As a last resort before we do anything else we're not 100% sure
 * about below, we blacklist specific processors here. We could add
 * more, see e.g. https://wiki.debian.org/ArchitectureSpecificsMemo
 */
112
#else /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> or <processor blacklist> */
113 114 115 116 117 118

/* We do nothing more here for now */
/*#error "Uncomment this to see if you fall through all the detection"*/

#endif /* Big Endian detection */

119 120 121 122 123 124 125 126
#if (defined(SHA1DC_FORCE_LITTLEENDIAN) && defined(SHA1DC_BIGENDIAN))
#undef SHA1DC_BIGENDIAN
#endif
#if (defined(SHA1DC_FORCE_BIGENDIAN) && !defined(SHA1DC_BIGENDIAN))
#define SHA1DC_BIGENDIAN
#endif
/*ENDIANNESS SELECTION*/

127
#ifndef SHA1DC_FORCE_ALIGNED_ACCESS
128
#if defined(SHA1DC_FORCE_UNALIGNED_ACCESS) || defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
129
#define SHA1DC_ALLOW_UNALIGNED_ACCESS
130 131
#endif /*UNALIGNED ACCESS DETECTION*/
#endif /*FORCE ALIGNED ACCESS*/
132

133 134 135
#define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
#define rotate_left(x,n)  (((x)<<(n))|((x)>>(32-(n))))

136 137 138 139 140
#define sha1_bswap32(x) \
	{x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}

#define sha1_mix(W, t)  (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))

141
#ifdef SHA1DC_BIGENDIAN
142 143 144
	#define sha1_load(m, t, temp)  { temp = m[t]; }
#else
	#define sha1_load(m, t, temp)  { temp = m[t]; sha1_bswap32(temp); }
145
#endif
146 147 148

#define sha1_store(W, t, x)	*(volatile uint32_t *)&W[t] = x

149 150
#define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
#define sha1_f2(b,c,d) ((b)^(c)^(d))
151
#define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171
#define sha1_f4(b,c,d) ((b)^(c)^(d))

#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
	{ e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
	{ e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
	{ e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
	{ e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }

#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
	{ b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
	{ b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
	{ b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
	{ b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }

172 173
#define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
	{sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
174

175 176
#define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
	{temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
177

178 179
#define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
	{temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
180

181 182
#define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
	{temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
183

184 185 186 187 188
#define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
	{temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }


#define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
189

190
#ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
191 192
void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
{
193 194
	uint32_t W[80];
	uint32_t a,b,c,d,e;
195 196 197 198
	unsigned i;

	memcpy(W, m, 16 * 4);
	for (i = 16; i < 80; ++i)
199
		W[i] = sha1_mix(W, i);
200

201
	a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288

	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);

	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);

	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);

	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);

	ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
}
289
#endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
290 291


292
static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329
{
	uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];

	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
	HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);

	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
330
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
	HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);

	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
	HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);

	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
	HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);

	ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
}



385
void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
386 387
{
	uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
388
	uint32_t temp;
389 390 391 392

#ifdef DOSTORESTATE00
	SHA1_STORE_STATE(0)
#endif
393
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
394 395 396 397

#ifdef DOSTORESTATE01
	SHA1_STORE_STATE(1)
#endif
398
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
399 400 401 402

#ifdef DOSTORESTATE02
	SHA1_STORE_STATE(2)
#endif
403
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
404 405 406 407

#ifdef DOSTORESTATE03
	SHA1_STORE_STATE(3)
#endif
408
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
409 410 411 412

#ifdef DOSTORESTATE04
	SHA1_STORE_STATE(4)
#endif
413
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
414 415 416 417

#ifdef DOSTORESTATE05
	SHA1_STORE_STATE(5)
#endif
418
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
419 420 421 422

#ifdef DOSTORESTATE06
	SHA1_STORE_STATE(6)
#endif
423
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
424 425 426 427

#ifdef DOSTORESTATE07
	SHA1_STORE_STATE(7)
#endif
428
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
429 430 431 432

#ifdef DOSTORESTATE08
	SHA1_STORE_STATE(8)
#endif
433
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
434 435 436 437

#ifdef DOSTORESTATE09
	SHA1_STORE_STATE(9)
#endif
438
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
439 440 441 442

#ifdef DOSTORESTATE10
	SHA1_STORE_STATE(10)
#endif
443
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
444 445 446 447

#ifdef DOSTORESTATE11
	SHA1_STORE_STATE(11)
#endif
448
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
449 450 451 452

#ifdef DOSTORESTATE12
	SHA1_STORE_STATE(12)
#endif
453
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
454 455 456 457

#ifdef DOSTORESTATE13
	SHA1_STORE_STATE(13)
#endif
458
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
459 460 461 462

#ifdef DOSTORESTATE14
	SHA1_STORE_STATE(14)
#endif
463
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
464 465 466 467

#ifdef DOSTORESTATE15
	SHA1_STORE_STATE(15)
#endif
468
	SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
469 470 471 472

#ifdef DOSTORESTATE16
	SHA1_STORE_STATE(16)
#endif
473
	SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
474 475 476 477

#ifdef DOSTORESTATE17
	SHA1_STORE_STATE(17)
#endif
478
	SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
479 480 481 482

#ifdef DOSTORESTATE18
	SHA1_STORE_STATE(18)
#endif
483
	SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
484 485 486 487

#ifdef DOSTORESTATE19
	SHA1_STORE_STATE(19)
#endif
488
	SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
489 490 491 492 493 494



#ifdef DOSTORESTATE20
	SHA1_STORE_STATE(20)
#endif
495
	SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
496 497 498 499

#ifdef DOSTORESTATE21
	SHA1_STORE_STATE(21)
#endif
500 501
	SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);

502 503 504
#ifdef DOSTORESTATE22
	SHA1_STORE_STATE(22)
#endif
505 506
	SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);

507 508 509
#ifdef DOSTORESTATE23
	SHA1_STORE_STATE(23)
#endif
510
	SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
511 512 513 514

#ifdef DOSTORESTATE24
	SHA1_STORE_STATE(24)
#endif
515
	SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
516 517 518 519

#ifdef DOSTORESTATE25
	SHA1_STORE_STATE(25)
#endif
520
	SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
521 522 523 524

#ifdef DOSTORESTATE26
	SHA1_STORE_STATE(26)
#endif
525
	SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
526 527 528 529

#ifdef DOSTORESTATE27
	SHA1_STORE_STATE(27)
#endif
530 531
	SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);

532 533 534
#ifdef DOSTORESTATE28
	SHA1_STORE_STATE(28)
#endif
535 536
	SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);

537 538 539
#ifdef DOSTORESTATE29
	SHA1_STORE_STATE(29)
#endif
540 541
	SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);

542 543 544
#ifdef DOSTORESTATE30
	SHA1_STORE_STATE(30)
#endif
545 546
	SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);

547 548 549
#ifdef DOSTORESTATE31
	SHA1_STORE_STATE(31)
#endif
550 551
	SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);

552 553 554
#ifdef DOSTORESTATE32
	SHA1_STORE_STATE(32)
#endif
555
	SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
556 557 558 559

#ifdef DOSTORESTATE33
	SHA1_STORE_STATE(33)
#endif
560
	SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
561 562 563 564

#ifdef DOSTORESTATE34
	SHA1_STORE_STATE(34)
#endif
565
	SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
566 567 568 569

#ifdef DOSTORESTATE35
	SHA1_STORE_STATE(35)
#endif
570 571
	SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);

572 573 574
#ifdef DOSTORESTATE36
	SHA1_STORE_STATE(36)
#endif
575 576
	SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);

577 578 579
#ifdef DOSTORESTATE37
	SHA1_STORE_STATE(37)
#endif
580 581
	SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);

582 583 584
#ifdef DOSTORESTATE38
	SHA1_STORE_STATE(38)
#endif
585 586
	SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);

587 588 589
#ifdef DOSTORESTATE39
	SHA1_STORE_STATE(39)
#endif
590
	SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
591 592 593 594 595 596



#ifdef DOSTORESTATE40
	SHA1_STORE_STATE(40)
#endif
597
	SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
598 599 600 601

#ifdef DOSTORESTATE41
	SHA1_STORE_STATE(41)
#endif
602
	SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
603 604 605 606

#ifdef DOSTORESTATE42
	SHA1_STORE_STATE(42)
#endif
607
	SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
608 609 610 611

#ifdef DOSTORESTATE43
	SHA1_STORE_STATE(43)
#endif
612
	SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
613 614 615 616

#ifdef DOSTORESTATE44
	SHA1_STORE_STATE(44)
#endif
617
	SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
618 619 620 621

#ifdef DOSTORESTATE45
	SHA1_STORE_STATE(45)
#endif
622
	SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
623 624 625 626

#ifdef DOSTORESTATE46
	SHA1_STORE_STATE(46)
#endif
627
	SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
628 629 630 631

#ifdef DOSTORESTATE47
	SHA1_STORE_STATE(47)
#endif
632
	SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
633 634 635 636

#ifdef DOSTORESTATE48
	SHA1_STORE_STATE(48)
#endif
637
	SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
638 639 640 641

#ifdef DOSTORESTATE49
	SHA1_STORE_STATE(49)
#endif
642
	SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
643 644 645 646

#ifdef DOSTORESTATE50
	SHA1_STORE_STATE(50)
#endif
647
	SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
648 649 650 651

#ifdef DOSTORESTATE51
	SHA1_STORE_STATE(51)
#endif
652
	SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
653 654 655 656

#ifdef DOSTORESTATE52
	SHA1_STORE_STATE(52)
#endif
657
	SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
658 659 660 661

#ifdef DOSTORESTATE53
	SHA1_STORE_STATE(53)
#endif
662
	SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
663 664 665 666

#ifdef DOSTORESTATE54
	SHA1_STORE_STATE(54)
#endif
667
	SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
668 669 670 671

#ifdef DOSTORESTATE55
	SHA1_STORE_STATE(55)
#endif
672
	SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
673 674 675 676

#ifdef DOSTORESTATE56
	SHA1_STORE_STATE(56)
#endif
677
	SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
678 679 680 681

#ifdef DOSTORESTATE57
	SHA1_STORE_STATE(57)
#endif
682
	SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
683 684 685 686

#ifdef DOSTORESTATE58
	SHA1_STORE_STATE(58)
#endif
687
	SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
688 689 690 691

#ifdef DOSTORESTATE59
	SHA1_STORE_STATE(59)
#endif
692 693
	SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);

694 695 696 697 698 699



#ifdef DOSTORESTATE60
	SHA1_STORE_STATE(60)
#endif
700
	SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
701 702 703 704

#ifdef DOSTORESTATE61
	SHA1_STORE_STATE(61)
#endif
705
	SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
706 707 708 709

#ifdef DOSTORESTATE62
	SHA1_STORE_STATE(62)
#endif
710
	SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
711 712 713 714

#ifdef DOSTORESTATE63
	SHA1_STORE_STATE(63)
#endif
715
	SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
716 717 718 719

#ifdef DOSTORESTATE64
	SHA1_STORE_STATE(64)
#endif
720
	SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
721 722 723 724

#ifdef DOSTORESTATE65
	SHA1_STORE_STATE(65)
#endif
725
	SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
726 727 728 729

#ifdef DOSTORESTATE66
	SHA1_STORE_STATE(66)
#endif
730
	SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
731 732 733 734

#ifdef DOSTORESTATE67
	SHA1_STORE_STATE(67)
#endif
735
	SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
736 737 738 739

#ifdef DOSTORESTATE68
	SHA1_STORE_STATE(68)
#endif
740
	SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
741 742 743 744

#ifdef DOSTORESTATE69
	SHA1_STORE_STATE(69)
#endif
745
	SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
746 747 748 749

#ifdef DOSTORESTATE70
	SHA1_STORE_STATE(70)
#endif
750
	SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
751 752 753 754

#ifdef DOSTORESTATE71
	SHA1_STORE_STATE(71)
#endif
755
	SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
756 757 758 759

#ifdef DOSTORESTATE72
	SHA1_STORE_STATE(72)
#endif
760
	SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
761 762 763 764

#ifdef DOSTORESTATE73
	SHA1_STORE_STATE(73)
#endif
765
	SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
766 767 768 769

#ifdef DOSTORESTATE74
	SHA1_STORE_STATE(74)
#endif
770
	SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
771 772 773 774

#ifdef DOSTORESTATE75
	SHA1_STORE_STATE(75)
#endif
775
	SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
776 777 778 779

#ifdef DOSTORESTATE76
	SHA1_STORE_STATE(76)
#endif
780
	SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
781 782 783 784

#ifdef DOSTORESTATE77
	SHA1_STORE_STATE(77)
#endif
785
	SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
786 787 788 789

#ifdef DOSTORESTATE78
	SHA1_STORE_STATE(78)
#endif
790
	SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
791 792 793 794

#ifdef DOSTORESTATE79
	SHA1_STORE_STATE(79)
#endif
795
	SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
796 797 798 799 800 801 802 803 804 805



	ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
}




#define SHA1_RECOMPRESS(t) \
806
static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971
{ \
	uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
	if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
	if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
	if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
	if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
	if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
	if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
	if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
	if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
	if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
	if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
	if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
	if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
	if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
	if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
	if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
	if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
	if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
	if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
	if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
	if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
	if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
	if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
	if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
	if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
	if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
	if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
	if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
	if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
	if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
	if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
	if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
	if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
	if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
	if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
	if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
	if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
	if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
	if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
	if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
	if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
	if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
	if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
	if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
	if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
	if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
	if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
	if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
	if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
	if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
	if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
	if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
	if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
	if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
	if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
	if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
	if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
	if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
	if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
	if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
	if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
	if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
	if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
	if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
	if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
	if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
	if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
	if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
	if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
	if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
	if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
	if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
	if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
	if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
	if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
	if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
	if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
	if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
	if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
	if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
	if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
	ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
	a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
	if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
	if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
	if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
	if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
	if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
	if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
	if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
	if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
	if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
	if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
	if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
	if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
	if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
	if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
	if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
	if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
	if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
	if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
	if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
	if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
	if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
	if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
	if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
	if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
	if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
	if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
	if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
	if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
	if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
	if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
	if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
	if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
	if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
	if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
	if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
	if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
	if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
	if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
	if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
	if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
	if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
	if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
	if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
	if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
	if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
	if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
	if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
	if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
	if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
	if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
	if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
	if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
	if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
	if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
	if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
	if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
	if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
	if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
	if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
	if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
	if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
	if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
	if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
	if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
	if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
	if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
	if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
	if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
	if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
	if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
	if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
	if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
	if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
	if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
	if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
	if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
	if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
	if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
	if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
	if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
	ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
972
}
973

974 975
#ifdef _MSC_VER
#pragma warning(push)
976
#pragma warning(disable: 4127)  /* Compiler complains about the checks in the above macro being constant. */
977 978
#endif

979
#ifdef DOSTORESTATE0
980
SHA1_RECOMPRESS(0)
981 982 983
#endif

#ifdef DOSTORESTATE1
984
SHA1_RECOMPRESS(1)
985 986 987
#endif

#ifdef DOSTORESTATE2
988
SHA1_RECOMPRESS(2)
989 990 991
#endif

#ifdef DOSTORESTATE3
992
SHA1_RECOMPRESS(3)
993 994 995
#endif

#ifdef DOSTORESTATE4
996
SHA1_RECOMPRESS(4)
997 998 999
#endif

#ifdef DOSTORESTATE5
1000
SHA1_RECOMPRESS(5)
1001 1002 1003
#endif

#ifdef DOSTORESTATE6
1004
SHA1_RECOMPRESS(6)
1005 1006 1007
#endif

#ifdef DOSTORESTATE7
1008
SHA1_RECOMPRESS(7)
1009 1010 1011
#endif

#ifdef DOSTORESTATE8
1012
SHA1_RECOMPRESS(8)
1013 1014 1015
#endif

#ifdef DOSTORESTATE9
1016
SHA1_RECOMPRESS(9)
1017
#endif
1018

1019
#ifdef DOSTORESTATE10
1020
SHA1_RECOMPRESS(10)
1021 1022 1023
#endif

#ifdef DOSTORESTATE11
1024
SHA1_RECOMPRESS(11)
1025 1026 1027
#endif

#ifdef DOSTORESTATE12
1028
SHA1_RECOMPRESS(12)
1029 1030 1031
#endif

#ifdef DOSTORESTATE13
1032
SHA1_RECOMPRESS(13)
1033 1034 1035
#endif

#ifdef DOSTORESTATE14
1036
SHA1_RECOMPRESS(14)
1037 1038 1039
#endif

#ifdef DOSTORESTATE15
1040
SHA1_RECOMPRESS(15)
1041 1042 1043
#endif

#ifdef DOSTORESTATE16
1044
SHA1_RECOMPRESS(16)
1045 1046 1047
#endif

#ifdef DOSTORESTATE17
1048
SHA1_RECOMPRESS(17)
1049 1050 1051
#endif

#ifdef DOSTORESTATE18
1052
SHA1_RECOMPRESS(18)
1053 1054 1055
#endif

#ifdef DOSTORESTATE19
1056
SHA1_RECOMPRESS(19)
1057
#endif
1058

1059
#ifdef DOSTORESTATE20
1060
SHA1_RECOMPRESS(20)
1061 1062 1063
#endif

#ifdef DOSTORESTATE21
1064
SHA1_RECOMPRESS(21)
1065 1066 1067
#endif

#ifdef DOSTORESTATE22
1068
SHA1_RECOMPRESS(22)
1069 1070 1071
#endif

#ifdef DOSTORESTATE23
1072
SHA1_RECOMPRESS(23)
1073 1074 1075
#endif

#ifdef DOSTORESTATE24
1076
SHA1_RECOMPRESS(24)
1077 1078 1079
#endif

#ifdef DOSTORESTATE25
1080
SHA1_RECOMPRESS(25)
1081 1082 1083
#endif

#ifdef DOSTORESTATE26
1084
SHA1_RECOMPRESS(26)
1085 1086 1087
#endif

#ifdef DOSTORESTATE27
1088
SHA1_RECOMPRESS(27)
1089 1090 1091
#endif

#ifdef DOSTORESTATE28
1092
SHA1_RECOMPRESS(28)
1093 1094 1095
#endif

#ifdef DOSTORESTATE29
1096
SHA1_RECOMPRESS(29)
1097
#endif
1098

1099
#ifdef DOSTORESTATE30
1100
SHA1_RECOMPRESS(30)
1101 1102 1103
#endif

#ifdef DOSTORESTATE31
1104
SHA1_RECOMPRESS(31)
1105 1106 1107
#endif

#ifdef DOSTORESTATE32
1108
SHA1_RECOMPRESS(32)
1109 1110 1111
#endif

#ifdef DOSTORESTATE33
1112
SHA1_RECOMPRESS(33)
1113 1114 1115
#endif

#ifdef DOSTORESTATE34
1116
SHA1_RECOMPRESS(34)
1117 1118 1119
#endif

#ifdef DOSTORESTATE35
1120
SHA1_RECOMPRESS(35)
1121 1122 1123
#endif

#ifdef DOSTORESTATE36
1124
SHA1_RECOMPRESS(36)
1125 1126 1127
#endif

#ifdef DOSTORESTATE37
1128
SHA1_RECOMPRESS(37)
1129 1130 1131
#endif

#ifdef DOSTORESTATE38
1132
SHA1_RECOMPRESS(38)
1133 1134 1135
#endif

#ifdef DOSTORESTATE39
1136
SHA1_RECOMPRESS(39)
1137
#endif
1138

1139
#ifdef DOSTORESTATE40
1140
SHA1_RECOMPRESS(40)
1141 1142 1143
#endif

#ifdef DOSTORESTATE41
1144
SHA1_RECOMPRESS(41)
1145 1146 1147
#endif

#ifdef DOSTORESTATE42
1148
SHA1_RECOMPRESS(42)
1149 1150 1151
#endif

#ifdef DOSTORESTATE43
1152
SHA1_RECOMPRESS(43)
1153 1154 1155
#endif

#ifdef DOSTORESTATE44
1156
SHA1_RECOMPRESS(44)
1157 1158 1159
#endif

#ifdef DOSTORESTATE45
1160
SHA1_RECOMPRESS(45)
1161 1162 1163
#endif

#ifdef DOSTORESTATE46
1164
SHA1_RECOMPRESS(46)
1165 1166 1167
#endif

#ifdef DOSTORESTATE47
1168
SHA1_RECOMPRESS(47)
1169 1170 1171
#endif

#ifdef DOSTORESTATE48
1172
SHA1_RECOMPRESS(48)
1173
#endif
1174

1175 1176 1177 1178 1179
#ifdef DOSTORESTATE49
SHA1_RECOMPRESS(49)
#endif

#ifdef DOSTORESTATE50
1180
SHA1_RECOMPRESS(50)
1181 1182 1183
#endif

#ifdef DOSTORESTATE51
1184
SHA1_RECOMPRESS(51)
1185 1186 1187
#endif

#ifdef DOSTORESTATE52
1188
SHA1_RECOMPRESS(52)
1189 1190 1191
#endif

#ifdef DOSTORESTATE53
1192
SHA1_RECOMPRESS(53)
1193 1194 1195
#endif

#ifdef DOSTORESTATE54
1196
SHA1_RECOMPRESS(54)
1197 1198 1199
#endif

#ifdef DOSTORESTATE55
1200
SHA1_RECOMPRESS(55)
1201 1202 1203
#endif

#ifdef DOSTORESTATE56
1204
SHA1_RECOMPRESS(56)
1205 1206 1207
#endif

#ifdef DOSTORESTATE57
1208
SHA1_RECOMPRESS(57)
1209 1210 1211
#endif

#ifdef DOSTORESTATE58
1212
SHA1_RECOMPRESS(58)
1213 1214 1215
#endif

#ifdef DOSTORESTATE59
1216
SHA1_RECOMPRESS(59)
1217
#endif
1218

1219
#ifdef DOSTORESTATE60
1220
SHA1_RECOMPRESS(60)
1221 1222 1223
#endif

#ifdef DOSTORESTATE61
1224
SHA1_RECOMPRESS(61)
1225 1226 1227
#endif

#ifdef DOSTORESTATE62
1228
SHA1_RECOMPRESS(62)
1229 1230 1231
#endif

#ifdef DOSTORESTATE63
1232
SHA1_RECOMPRESS(63)
1233 1234 1235
#endif

#ifdef DOSTORESTATE64
1236
SHA1_RECOMPRESS(64)
1237 1238 1239
#endif

#ifdef DOSTORESTATE65
1240
SHA1_RECOMPRESS(65)
1241 1242 1243
#endif

#ifdef DOSTORESTATE66
1244
SHA1_RECOMPRESS(66)
1245 1246 1247
#endif

#ifdef DOSTORESTATE67
1248
SHA1_RECOMPRESS(67)
1249 1250 1251
#endif

#ifdef DOSTORESTATE68
1252
SHA1_RECOMPRESS(68)
1253 1254 1255
#endif

#ifdef DOSTORESTATE69
1256
SHA1_RECOMPRESS(69)
1257
#endif
1258

1259
#ifdef DOSTORESTATE70
1260
SHA1_RECOMPRESS(70)
1261 1262 1263
#endif

#ifdef DOSTORESTATE71
1264
SHA1_RECOMPRESS(71)
1265 1266 1267
#endif

#ifdef DOSTORESTATE72
1268
SHA1_RECOMPRESS(72)
1269 1270 1271
#endif

#ifdef DOSTORESTATE73
1272
SHA1_RECOMPRESS(73)
1273 1274 1275
#endif

#ifdef DOSTORESTATE74
1276
SHA1_RECOMPRESS(74)
1277 1278 1279
#endif

#ifdef DOSTORESTATE75
1280
SHA1_RECOMPRESS(75)
1281 1282 1283
#endif

#ifdef DOSTORESTATE76
1284
SHA1_RECOMPRESS(76)
1285 1286 1287
#endif

#ifdef DOSTORESTATE77
1288
SHA1_RECOMPRESS(77)
1289 1290 1291
#endif

#ifdef DOSTORESTATE78
1292
SHA1_RECOMPRESS(78)
1293 1294 1295
#endif

#ifdef DOSTORESTATE79
1296
SHA1_RECOMPRESS(79)
1297
#endif
1298

1299 1300 1301 1302
#ifdef _MSC_VER
#pragma warning(pop)
#endif

1303
static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
1304
{
1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709
	switch (step)
	{
#ifdef DOSTORESTATE0
	case 0:
		sha1recompress_fast_0(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE1
	case 1:
		sha1recompress_fast_1(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE2
	case 2:
		sha1recompress_fast_2(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE3
	case 3:
		sha1recompress_fast_3(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE4
	case 4:
		sha1recompress_fast_4(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE5
	case 5:
		sha1recompress_fast_5(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE6
	case 6:
		sha1recompress_fast_6(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE7
	case 7:
		sha1recompress_fast_7(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE8
	case 8:
		sha1recompress_fast_8(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE9
	case 9:
		sha1recompress_fast_9(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE10
	case 10:
		sha1recompress_fast_10(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE11
	case 11:
		sha1recompress_fast_11(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE12
	case 12:
		sha1recompress_fast_12(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE13
	case 13:
		sha1recompress_fast_13(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE14
	case 14:
		sha1recompress_fast_14(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE15
	case 15:
		sha1recompress_fast_15(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE16
	case 16:
		sha1recompress_fast_16(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE17
	case 17:
		sha1recompress_fast_17(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE18
	case 18:
		sha1recompress_fast_18(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE19
	case 19:
		sha1recompress_fast_19(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE20
	case 20:
		sha1recompress_fast_20(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE21
	case 21:
		sha1recompress_fast_21(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE22
	case 22:
		sha1recompress_fast_22(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE23
	case 23:
		sha1recompress_fast_23(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE24
	case 24:
		sha1recompress_fast_24(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE25
	case 25:
		sha1recompress_fast_25(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE26
	case 26:
		sha1recompress_fast_26(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE27
	case 27:
		sha1recompress_fast_27(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE28
	case 28:
		sha1recompress_fast_28(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE29
	case 29:
		sha1recompress_fast_29(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE30
	case 30:
		sha1recompress_fast_30(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE31
	case 31:
		sha1recompress_fast_31(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE32
	case 32:
		sha1recompress_fast_32(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE33
	case 33:
		sha1recompress_fast_33(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE34
	case 34:
		sha1recompress_fast_34(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE35
	case 35:
		sha1recompress_fast_35(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE36
	case 36:
		sha1recompress_fast_36(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE37
	case 37:
		sha1recompress_fast_37(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE38
	case 38:
		sha1recompress_fast_38(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE39
	case 39:
		sha1recompress_fast_39(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE40
	case 40:
		sha1recompress_fast_40(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE41
	case 41:
		sha1recompress_fast_41(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE42
	case 42:
		sha1recompress_fast_42(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE43
	case 43:
		sha1recompress_fast_43(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE44
	case 44:
		sha1recompress_fast_44(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE45
	case 45:
		sha1recompress_fast_45(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE46
	case 46:
		sha1recompress_fast_46(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE47
	case 47:
		sha1recompress_fast_47(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE48
	case 48:
		sha1recompress_fast_48(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE49
	case 49:
		sha1recompress_fast_49(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE50
	case 50:
		sha1recompress_fast_50(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE51
	case 51:
		sha1recompress_fast_51(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE52
	case 52:
		sha1recompress_fast_52(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE53
	case 53:
		sha1recompress_fast_53(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE54
	case 54:
		sha1recompress_fast_54(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE55
	case 55:
		sha1recompress_fast_55(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE56
	case 56:
		sha1recompress_fast_56(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE57
	case 57:
		sha1recompress_fast_57(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE58
	case 58:
		sha1recompress_fast_58(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE59
	case 59:
		sha1recompress_fast_59(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE60
	case 60:
		sha1recompress_fast_60(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE61
	case 61:
		sha1recompress_fast_61(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE62
	case 62:
		sha1recompress_fast_62(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE63
	case 63:
		sha1recompress_fast_63(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE64
	case 64:
		sha1recompress_fast_64(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE65
	case 65:
		sha1recompress_fast_65(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE66
	case 66:
		sha1recompress_fast_66(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE67
	case 67:
		sha1recompress_fast_67(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE68
	case 68:
		sha1recompress_fast_68(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE69
	case 69:
		sha1recompress_fast_69(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE70
	case 70:
		sha1recompress_fast_70(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE71
	case 71:
		sha1recompress_fast_71(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE72
	case 72:
		sha1recompress_fast_72(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE73
	case 73:
		sha1recompress_fast_73(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE74
	case 74:
		sha1recompress_fast_74(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE75
	case 75:
		sha1recompress_fast_75(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE76
	case 76:
		sha1recompress_fast_76(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE77
	case 77:
		sha1recompress_fast_77(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE78
	case 78:
		sha1recompress_fast_78(ihvin, ihvout, me2, state);
		break;
#endif
#ifdef DOSTORESTATE79
	case 79:
		sha1recompress_fast_79(ihvin, ihvout, me2, state);
		break;
#endif
	default:
		abort();
	}
1710

1711
}
1712 1713 1714



1715
static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
1716 1717
{
	unsigned i, j;
1718
	uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
1719
	uint32_t ihvtmp[5];
1720

1721 1722 1723 1724 1725
	ctx->ihv1[0] = ctx->ihv[0];
	ctx->ihv1[1] = ctx->ihv[1];
	ctx->ihv1[2] = ctx->ihv[2];
	ctx->ihv1[3] = ctx->ihv[3];
	ctx->ihv1[4] = ctx->ihv[4];
1726 1727 1728

	sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);

1729 1730
	if (ctx->detect_coll)
	{
1731 1732 1733 1734 1735 1736
		if (ctx->ubc_check)
		{
			ubc_check(ctx->m1, ubc_dv_mask);
		}

		if (ubc_dv_mask[0] != 0)
1737
		{
1738
			for (i = 0; sha1_dvs[i].dvType != 0; ++i)
1739
			{
1740
				if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
1741
				{
1742 1743
					for (j = 0; j < 80; ++j)
						ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1744

1745 1746 1747 1748 1749
					sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);

					/* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
					if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
						|| (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
1750
					{
1751
						ctx->found_collision = 1;
1752

1753 1754 1755 1756 1757 1758 1759 1760
						if (ctx->safe_hash)
						{
							sha1_compression_W(ctx->ihv, ctx->m1);
							sha1_compression_W(ctx->ihv, ctx->m1);
						}

						break;
					}
1761 1762 1763 1764 1765 1766
				}
			}
		}
	}
}

1767
void SHA1DCInit(SHA1_CTX* ctx)
1768 1769 1770 1771 1772 1773 1774 1775
{
	ctx->total = 0;
	ctx->ihv[0] = 0x67452301;
	ctx->ihv[1] = 0xEFCDAB89;
	ctx->ihv[2] = 0x98BADCFE;
	ctx->ihv[3] = 0x10325476;
	ctx->ihv[4] = 0xC3D2E1F0;
	ctx->found_collision = 0;
1776
	ctx->safe_hash = SHA1DC_INIT_SAFE_HASH_DEFAULT;
1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820
	ctx->ubc_check = 1;
	ctx->detect_coll = 1;
	ctx->reduced_round_coll = 0;
	ctx->callback = NULL;
}

void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
{
	if (safehash)
		ctx->safe_hash = 1;
	else
		ctx->safe_hash = 0;
}


void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
{
	if (ubc_check)
		ctx->ubc_check = 1;
	else
		ctx->ubc_check = 0;
}

void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
{
	if (detect_coll)
		ctx->detect_coll = 1;
	else
		ctx->detect_coll = 0;
}

void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
{
	if (reduced_round_coll)
		ctx->reduced_round_coll = 1;
	else
		ctx->reduced_round_coll = 0;
}

void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
{
	ctx->callback = callback;
}

1821
void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
1822 1823
{
	unsigned left, fill;
1824

1825
	if (len == 0)
1826 1827 1828 1829 1830
		return;

	left = ctx->total & 63;
	fill = 64 - left;

1831
	if (left && len >= fill)
1832 1833 1834 1835 1836 1837 1838 1839
	{
		ctx->total += fill;
		memcpy(ctx->buffer + left, buf, fill);
		sha1_process(ctx, (uint32_t*)(ctx->buffer));
		buf += fill;
		len -= fill;
		left = 0;
	}
1840
	while (len >= 64)
1841 1842
	{
		ctx->total += 64;
1843 1844

#if defined(SHA1DC_ALLOW_UNALIGNED_ACCESS)
1845
		sha1_process(ctx, (uint32_t*)(buf));
1846 1847 1848 1849
#else
		memcpy(ctx->buffer, buf, 64);
		sha1_process(ctx, (uint32_t*)(ctx->buffer));
#endif /* defined(SHA1DC_ALLOW_UNALIGNED_ACCESS) */
1850 1851 1852
		buf += 64;
		len -= 64;
	}
1853
	if (len > 0)
1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873
	{
		ctx->total += len;
		memcpy(ctx->buffer + left, buf, len);
	}
}

static const unsigned char sha1_padding[64] =
{
	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
{
	uint32_t last = ctx->total & 63;
	uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
	uint64_t total;
	SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
1874

1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907
	total = ctx->total - padn;
	total <<= 3;
	ctx->buffer[56] = (unsigned char)(total >> 56);
	ctx->buffer[57] = (unsigned char)(total >> 48);
	ctx->buffer[58] = (unsigned char)(total >> 40);
	ctx->buffer[59] = (unsigned char)(total >> 32);
	ctx->buffer[60] = (unsigned char)(total >> 24);
	ctx->buffer[61] = (unsigned char)(total >> 16);
	ctx->buffer[62] = (unsigned char)(total >> 8);
	ctx->buffer[63] = (unsigned char)(total);
	sha1_process(ctx, (uint32_t*)(ctx->buffer));
	output[0] = (unsigned char)(ctx->ihv[0] >> 24);
	output[1] = (unsigned char)(ctx->ihv[0] >> 16);
	output[2] = (unsigned char)(ctx->ihv[0] >> 8);
	output[3] = (unsigned char)(ctx->ihv[0]);
	output[4] = (unsigned char)(ctx->ihv[1] >> 24);
	output[5] = (unsigned char)(ctx->ihv[1] >> 16);
	output[6] = (unsigned char)(ctx->ihv[1] >> 8);
	output[7] = (unsigned char)(ctx->ihv[1]);
	output[8] = (unsigned char)(ctx->ihv[2] >> 24);
	output[9] = (unsigned char)(ctx->ihv[2] >> 16);
	output[10] = (unsigned char)(ctx->ihv[2] >> 8);
	output[11] = (unsigned char)(ctx->ihv[2]);
	output[12] = (unsigned char)(ctx->ihv[3] >> 24);
	output[13] = (unsigned char)(ctx->ihv[3] >> 16);
	output[14] = (unsigned char)(ctx->ihv[3] >> 8);
	output[15] = (unsigned char)(ctx->ihv[3]);
	output[16] = (unsigned char)(ctx->ihv[4] >> 24);
	output[17] = (unsigned char)(ctx->ihv[4] >> 16);
	output[18] = (unsigned char)(ctx->ihv[4] >> 8);
	output[19] = (unsigned char)(ctx->ihv[4]);
	return ctx->found_collision;
}
1908 1909 1910 1911

#ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
#include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
#endif