sha: merge K[] for sha256 and 512

function old new delta sha_K - 640 +640 sha256_process_block64 440 425 -15 sha512_process_block128 1336 1283 -53 K512_lo 320 - -320 K256 320 - -320 ------------------------------------------------------------------------------ (add/remove: 1/2 grow/shrink: 0/2 up/down: 640/-708) Total: -68 bytes
author: Denis Vlasenko <vda.linux@googlemail.com> 2009-03-15 04:56:51 +0000
committer: Denis Vlasenko <vda.linux@googlemail.com> 2009-03-15 04:56:51 +0000
commit: 823f10b8f0f3ad23231ab378d68b6cc884b570ef (patch)
tree: a88ebcca87011522bc58723fe6226fd4e0c695f1
parent: 8ec8d5e3db47398d4799f1a7c6aa0ced043c3e5f (diff)
download: busybox-w32-823f10b8f0f3ad23231ab378d68b6cc884b570ef.tar.gz
busybox-w32-823f10b8f0f3ad23231ab378d68b6cc884b570ef.tar.bz2
busybox-w32-823f10b8f0f3ad23231ab378d68b6cc884b570ef.zip
1 files changed, 96 insertions, 125 deletions
diff --git a/libbb/sha1.c b/libbb/sha1.c
index ccc317667..a07435919 100644
--- a/libbb/sha1.c
+++ b/libbb/sha1.c
@@ -53,24 +53,20 @@ static inline uint64_t hton64(uint64_t v)
 #endif
-#define SHA1_BLOCK_SIZE  64
-#define SHA1_MASK        (SHA1_BLOCK_SIZE - 1)
 static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx)
 {
-        unsigned i;
+        unsigned t;
-        uint32_t w[80], a, b, c, d, e, t;
+        uint32_t W[80], a, b, c, d, e;
-        uint32_t *words;
+        const uint32_t *words = (uint32_t*) ctx->wbuffer;
-        words = (uint32_t*) ctx->wbuffer;
+        for (t = 0; t < 16; ++t) {
-        for (i = 0; i < SHA1_BLOCK_SIZE / 4; ++i) {
+                W[t] = ntohl(*words);
-                w[i] = ntohl(*words);
                words++;
        }
-        for (/*i = SHA1_BLOCK_SIZE / 4*/; i < 80; ++i) {
+        for (/*t = 16*/; t < 80; ++t) {
-                t = w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16];
+                uint32_t T = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
-                w[i] = rotl32(t, 1);
+                W[t] = rotl32(T, 1);
        }
        a = ctx->hash[0];
@@ -87,20 +83,24 @@ static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx)
 /* partial loop unrolling and is optimised for the Pentium 4    */
 #define rnd(f,k) \
        do { \
-                t = a; a = rotl32(a,5) + f(b,c,d) + e + k + w[i]; \
+                uint32_t T = a; \
-                e = d; d = c; c = rotl32(b, 30); b = t; \
+                a = rotl32(a, 5) + f(b, c, d) + e + k + W[t]; \
+                e = d; \
+                d = c; \
+                c = rotl32(b, 30); \
+                b = T; \
        } while (0)
-        for (i = 0; i < 20; ++i)
+        for (t = 0; t < 20; ++t)
                rnd(ch, 0x5a827999);
-        for (/*i = 20*/; i < 40; ++i)
+        for (/*t = 20*/; t < 40; ++t)
                rnd(parity, 0x6ed9eba1);
-        for (/*i = 40*/; i < 60; ++i)
+        for (/*t = 40*/; t < 60; ++t)
                rnd(maj, 0x8f1bbcdc);
-        for (/*i = 60*/; i < 80; ++i)
+        for (/*t = 60*/; t < 80; ++t)
                rnd(parity, 0xca62c1d6);
 #undef ch
 #undef parity
@@ -114,107 +114,58 @@ static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx)
        ctx->hash[4] += e;
 }
-/* Constants for SHA256 from FIPS 180-2:4.2.2.  */
+/* Constants for SHA512 from FIPS 180-2:4.2.3.
-static const uint32_t K256[80] = {
+ * SHA256 constants from FIPS 180-2:4.2.2
-        0x428a2f98, 0x71374491,
+ * are the most significant half of first 64 elements
-        0xb5c0fbcf, 0xe9b5dba5,
+ * of the same array.
-        0x3956c25b, 0x59f111f1,
+ */
-        0x923f82a4, 0xab1c5ed5,
+static const uint64_t sha_K[80] = {
-        0xd807aa98, 0x12835b01,
+        0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
-        0x243185be, 0x550c7dc3,
+        0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
-        0x72be5d74, 0x80deb1fe,
+        0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
-        0x9bdc06a7, 0xc19bf174,
+        0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
-        0xe49b69c1, 0xefbe4786,
+        0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
-        0x0fc19dc6, 0x240ca1cc,
+        0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
-        0x2de92c6f, 0x4a7484aa,
+        0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
-        0x5cb0a9dc, 0x76f988da,
+        0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
-        0x983e5152, 0xa831c66d,
+        0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
-        0xb00327c8, 0xbf597fc7,
+        0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
-        0xc6e00bf3, 0xd5a79147,
+        0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
-        0x06ca6351, 0x14292967,
+        0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
-        0x27b70a85, 0x2e1b2138,
+        0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
-        0x4d2c6dfc, 0x53380d13,
+        0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
-        0x650a7354, 0x766a0abb,
+        0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
-        0x81c2c92e, 0x92722c85,
+        0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
-        0xa2bfe8a1, 0xa81a664b,
+        0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
-        0xc24b8b70, 0xc76c51a3,
+        0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
-        0xd192e819, 0xd6990624,
+        0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
-        0xf40e3585, 0x106aa070,
+        0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
-        0x19a4c116, 0x1e376c08,
+        0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
-        0x2748774c, 0x34b0bcb5,
+        0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
-        0x391c0cb3, 0x4ed8aa4a,
+        0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
-        0x5b9cca4f, 0x682e6ff3,
+        0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
-        0x748f82ee, 0x78a5636f,
+        0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
-        0x84c87814, 0x8cc70208,
+        0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
-        0x90befffa, 0xa4506ceb,
+        0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
-        0xbef9a3f7, 0xc67178f2,
+        0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
-        0xca273ece, 0xd186b8c7, /* [64]+ are used for sha512 only */
+        0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
-        0xeada7dd6, 0xf57d4f7f,
+        0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
-        0x06f067aa, 0x0a637dc5,
+        0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
-        0x113f9804, 0x1b710b35,
+        0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
-        0x28db77f5, 0x32caab7b,
+        0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, /* [64]+ are used for sha512 only */
-        0x3c9ebe0a, 0x431d67c4,
+        0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
-        0x4cc5d4be, 0x597f299c,
+        0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
-        0x5fcb6fab, 0x6c44198c
+        0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
-};
+        0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
-/* Constants for SHA512 from FIPS 180-2:4.2.3.  */
+        0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
-static const uint32_t K512_lo[80] = {
+        0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
-        0xd728ae22, 0x23ef65cd,
+        0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
-        0xec4d3b2f, 0x8189dbbc,
-        0xf348b538, 0xb605d019,
-        0xaf194f9b, 0xda6d8118,
-        0xa3030242, 0x45706fbe,
-        0x4ee4b28c, 0xd5ffb4e2,
-        0xf27b896f, 0x3b1696b1,
-        0x25c71235, 0xcf692694,
-        0x9ef14ad2, 0x384f25e3,
-        0x8b8cd5b5, 0x77ac9c65,
-        0x592b0275, 0x6ea6e483,
-        0xbd41fbd4, 0x831153b5,
-        0xee66dfab, 0x2db43210,
-        0x98fb213f, 0xbeef0ee4,
-        0x3da88fc2, 0x930aa725,
-        0xe003826f, 0x0a0e6e70,
-        0x46d22ffc, 0x5c26c926,
-        0x5ac42aed, 0x9d95b3df,
-        0x8baf63de, 0x3c77b2a8,
-        0x47edaee6, 0x1482353b,
-        0x4cf10364, 0xbc423001,
-        0xd0f89791, 0x0654be30,
-        0xd6ef5218, 0x5565a910,
-        0x5771202a, 0x32bbd1b8,
-        0xb8d2d0c8, 0x5141ab53,
-        0xdf8eeb99, 0xe19b48a8,
-        0xc5c95a63, 0xe3418acb,
-        0x7763e373, 0xd6b2b8a3,
-        0x5defb2fc, 0x43172f60,
-        0xa1f0ab72, 0x1a6439ec,
-        0x23631e28, 0xde82bde9,
-        0xb2c67915, 0xe372532b,
-        0xea26619c, 0x21c0c207,
-        0xcde0eb1e, 0xee6ed178,
-        0x72176fba, 0xa2c898a6,
-        0xbef90dae, 0x131c471b,
-        0x23047d84, 0x40c72493,
-        0x15c9bebc, 0x9c100d4c,
-        0xcb3e42b6, 0xfc657e2a,
-        0x3ad6faec, 0x4a475817
 };
-/* Process LEN bytes of BUFFER, accumulating context into CTX.
-   LEN is rounded _down_ to 64.  */
 static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx)
 {
        unsigned t;
-        uint32_t W[64];
+        uint32_t W[64], a, b, c, d, e, f, g, h;
-        uint32_t a = ctx->hash[0];
-        uint32_t b = ctx->hash[1];
-        uint32_t c = ctx->hash[2];
-        uint32_t d = ctx->hash[3];
-        uint32_t e = ctx->hash[4];
-        uint32_t f = ctx->hash[5];
-        uint32_t g = ctx->hash[6];
-        uint32_t h = ctx->hash[7];
        const uint32_t *words = (uint32_t*) ctx->wbuffer;
        /* Operators defined in FIPS 180-2:4.1.2.  */
@@ -234,9 +185,24 @@ static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx)
        for (/*t = 16*/; t < 64; ++t)
                W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
+        a = ctx->hash[0];
+        b = ctx->hash[1];
+        c = ctx->hash[2];
+        d = ctx->hash[3];
+        e = ctx->hash[4];
+        f = ctx->hash[5];
+        g = ctx->hash[6];
+        h = ctx->hash[7];
        /* The actual computation according to FIPS 180-2:6.2.2 step 3.  */
        for (t = 0; t < 64; ++t) {
-                uint32_t T1 = h + S1(e) + Ch(e, f, g) + K256[t] + W[t];
+                /* Need to fetch upper half of sha_K[t] */
+#if BB_BIG_ENDIAN
+                uint32_t K_t = ((uint32_t*)(sha_K + t))[0];
+#else
+                uint32_t K_t = ((uint32_t*)(sha_K + t))[1];
+#endif
+                uint32_t T1 = h + S1(e) + Ch(e, f, g) + K_t + W[t];
                uint32_t T2 = S0(a) + Maj(a, b, c);
                h = g;
                g = f;
@@ -264,12 +230,14 @@ static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx)
        ctx->hash[6] += g;
        ctx->hash[7] += h;
 }
-/* Process LEN bytes of BUFFER, accumulating context into CTX.
-   LEN is rounded _down_ to 128.  */
 static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx)
 {
        unsigned t;
        uint64_t W[80];
+        /* On i386, having assignments here (not later as sha256 does)
+         * produces 99 bytes smaller code with gcc 4.3.1
+         */
        uint64_t a = ctx->hash[0];
        uint64_t b = ctx->hash[1];
        uint64_t c = ctx->hash[2];
@@ -298,8 +266,7 @@ static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx)
        /* The actual computation according to FIPS 180-2:6.3.2 step 3.  */
        for (t = 0; t < 80; ++t) {
-                uint64_t K512_t = ((uint64_t)(K256[t]) << 32) + K512_lo[t];
+                uint64_t T1 = h + S1(e) + Ch(e, f, g) + sha_K[t] + W[t];
-                uint64_t T1 = h + S1(e) + Ch(e, f, g) + K512_t + W[t];
                uint64_t T2 = S0(a) + Maj(a, b, c);
                h = g;
                g = f;
@@ -360,6 +327,7 @@ static const uint32_t init512_lo[] = {
        0xfb41bd6b,
        0x137e2179
 };
 /* Initialize structure containing state of computation.
   (FIPS 180-2:5.3.2)  */
 void FAST_FUNC sha256_begin(sha256_ctx_t *ctx)
@@ -368,6 +336,7 @@ void FAST_FUNC sha256_begin(sha256_ctx_t *ctx)
        ctx->total64 = 0;
        ctx->process_block = sha256_process_block64;
 }
 /* Initialize structure containing state of computation.
   (FIPS 180-2:5.3.3)  */
 void FAST_FUNC sha512_begin(sha512_ctx_t *ctx)
@@ -379,10 +348,11 @@ void FAST_FUNC sha512_begin(sha512_ctx_t *ctx)
 }
+/* Used also for sha256 */
 void FAST_FUNC sha1_hash(const void *buffer, size_t len, sha1_ctx_t *ctx)
 {
-        unsigned in_buf = ctx->total64 & SHA1_MASK;
+        unsigned in_buf = ctx->total64 & 63;
-        unsigned add = SHA1_BLOCK_SIZE - in_buf;
+        unsigned add = 64 - in_buf;
        ctx->total64 += len;
@@ -390,7 +360,7 @@ void FAST_FUNC sha1_hash(const void *buffer, size_t len, sha1_ctx_t *ctx)
                memcpy(ctx->wbuffer + in_buf, buffer, add);
                buffer = (const char *)buffer + add;
                len -= add;
-                add = SHA1_BLOCK_SIZE;
+                add = 64;
                in_buf = 0;
                ctx->process_block(ctx);
        }
@@ -423,17 +393,18 @@ void FAST_FUNC sha512_hash(const void *buffer, size_t len, sha512_ctx_t *ctx)
 }
+/* Used also for sha256 */
 void FAST_FUNC sha1_end(void *resbuf, sha1_ctx_t *ctx)
 {
        unsigned i, pad, in_buf;
-        in_buf = ctx->total64 & SHA1_MASK;
+        in_buf = ctx->total64 & 63;
        /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */
        ctx->wbuffer[in_buf++] = 0x80;
        /* This loop iterates either once or twice, no more, no less */
        while (1) {
-                pad = SHA1_BLOCK_SIZE - in_buf;
+                pad = 64 - in_buf;
                memset(ctx->wbuffer + in_buf, 0, pad);
                in_buf = 0;
                /* Do we have enough space for the length count? */
@@ -442,7 +413,7 @@ void FAST_FUNC sha1_end(void *resbuf, sha1_ctx_t *ctx)
                        uint64_t t = ctx->total64 << 3;
                        t = hton64(t);
                        /* wbuffer is suitably aligned for this */
-                        *(uint64_t *) (&ctx->wbuffer[SHA1_BLOCK_SIZE - 8]) = t;
+                        *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t;
                }
                ctx->process_block(ctx);
                if (pad >= 8)
author	Denis Vlasenko <vda.linux@googlemail.com>	2009-03-15 04:56:51 +0000
committer	Denis Vlasenko <vda.linux@googlemail.com>	2009-03-15 04:56:51 +0000
commit	823f10b8f0f3ad23231ab378d68b6cc884b570ef (patch)
tree	a88ebcca87011522bc58723fe6226fd4e0c695f1
parent	8ec8d5e3db47398d4799f1a7c6aa0ced043c3e5f (diff)
download	busybox-w32-823f10b8f0f3ad23231ab378d68b6cc884b570ef.tar.gz busybox-w32-823f10b8f0f3ad23231ab378d68b6cc884b570ef.tar.bz2 busybox-w32-823f10b8f0f3ad23231ab378d68b6cc884b570ef.zip

diff --git a/libbb/sha1.c b/libbb/sha1.c index ccc317667..a07435919 100644 --- a/libbb/sha1.c +++ b/libbb/sha1.c
@@ -53,24 +53,20 @@ static inline uint64_t hton64(uint64_t v)
53	#endif	53	#endif
54		54
55		55
56	#define SHA1_BLOCK_SIZE 64
57	#define SHA1_MASK (SHA1_BLOCK_SIZE - 1)
58
59	static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx)	56	static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx)
60	{	57	{
61	unsigned i;	58	unsigned t;
62	uint32_t w[80], a, b, c, d, e, t;	59	uint32_t W[80], a, b, c, d, e;
63	uint32_t *words;	60	const uint32_t words = (uint32_t) ctx->wbuffer;
64		61
65	words = (uint32_t*) ctx->wbuffer;	62	for (t = 0; t < 16; ++t) {
66	for (i = 0; i < SHA1_BLOCK_SIZE / 4; ++i) {	63	W[t] = ntohl(*words);
67	w[i] = ntohl(*words);
68	words++;	64	words++;
69	}	65	}
70		66
71	for (/i = SHA1_BLOCK_SIZE / 4/; i < 80; ++i) {	67	for (/t = 16/; t < 80; ++t) {
72	t = w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16];	68	uint32_t T = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
73	w[i] = rotl32(t, 1);	69	W[t] = rotl32(T, 1);
74	}	70	}
75		71
76	a = ctx->hash[0];	72	a = ctx->hash[0];
@@ -87,20 +83,24 @@ static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx)
87	/* partial loop unrolling and is optimised for the Pentium 4 */	83	/* partial loop unrolling and is optimised for the Pentium 4 */
88	#define rnd(f,k) \	84	#define rnd(f,k) \
89	do { \	85	do { \
90	t = a; a = rotl32(a,5) + f(b,c,d) + e + k + w[i]; \	86	uint32_t T = a; \
91	e = d; d = c; c = rotl32(b, 30); b = t; \	87	a = rotl32(a, 5) + f(b, c, d) + e + k + W[t]; \
		88	e = d; \
		89	d = c; \
		90	c = rotl32(b, 30); \
		91	b = T; \
92	} while (0)	92	} while (0)
93		93
94	for (i = 0; i < 20; ++i)	94	for (t = 0; t < 20; ++t)
95	rnd(ch, 0x5a827999);	95	rnd(ch, 0x5a827999);
96		96
97	for (/i = 20/; i < 40; ++i)	97	for (/t = 20/; t < 40; ++t)
98	rnd(parity, 0x6ed9eba1);	98	rnd(parity, 0x6ed9eba1);
99		99
100	for (/i = 40/; i < 60; ++i)	100	for (/t = 40/; t < 60; ++t)
101	rnd(maj, 0x8f1bbcdc);	101	rnd(maj, 0x8f1bbcdc);
102		102
103	for (/i = 60/; i < 80; ++i)	103	for (/t = 60/; t < 80; ++t)
104	rnd(parity, 0xca62c1d6);	104	rnd(parity, 0xca62c1d6);
105	#undef ch	105	#undef ch
106	#undef parity	106	#undef parity
@@ -114,107 +114,58 @@ static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx)
114	ctx->hash[4] += e;	114	ctx->hash[4] += e;
115	}	115	}
116		116
117	/* Constants for SHA256 from FIPS 180-2:4.2.2. */	117	/* Constants for SHA512 from FIPS 180-2:4.2.3.
118	static const uint32_t K256[80] = {	118	* SHA256 constants from FIPS 180-2:4.2.2
119	0x428a2f98, 0x71374491,	119	* are the most significant half of first 64 elements
120	0xb5c0fbcf, 0xe9b5dba5,	120	* of the same array.
121	0x3956c25b, 0x59f111f1,	121	*/
122	0x923f82a4, 0xab1c5ed5,	122	static const uint64_t sha_K[80] = {
123	0xd807aa98, 0x12835b01,	123	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
124	0x243185be, 0x550c7dc3,	124	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
125	0x72be5d74, 0x80deb1fe,	125	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
126	0x9bdc06a7, 0xc19bf174,	126	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
127	0xe49b69c1, 0xefbe4786,	127	0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
128	0x0fc19dc6, 0x240ca1cc,	128	0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
129	0x2de92c6f, 0x4a7484aa,	129	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
130	0x5cb0a9dc, 0x76f988da,	130	0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
131	0x983e5152, 0xa831c66d,	131	0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
132	0xb00327c8, 0xbf597fc7,	132	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
133	0xc6e00bf3, 0xd5a79147,	133	0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
134	0x06ca6351, 0x14292967,	134	0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
135	0x27b70a85, 0x2e1b2138,	135	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
136	0x4d2c6dfc, 0x53380d13,	136	0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
137	0x650a7354, 0x766a0abb,	137	0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
138	0x81c2c92e, 0x92722c85,	138	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
139	0xa2bfe8a1, 0xa81a664b,	139	0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
140	0xc24b8b70, 0xc76c51a3,	140	0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
141	0xd192e819, 0xd6990624,	141	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
142	0xf40e3585, 0x106aa070,	142	0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
143	0x19a4c116, 0x1e376c08,	143	0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
144	0x2748774c, 0x34b0bcb5,	144	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
145	0x391c0cb3, 0x4ed8aa4a,	145	0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
146	0x5b9cca4f, 0x682e6ff3,	146	0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
147	0x748f82ee, 0x78a5636f,	147	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
148	0x84c87814, 0x8cc70208,	148	0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
149	0x90befffa, 0xa4506ceb,	149	0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
150	0xbef9a3f7, 0xc67178f2,	150	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
151	0xca273ece, 0xd186b8c7, /* [64]+ are used for sha512 only */	151	0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
152	0xeada7dd6, 0xf57d4f7f,	152	0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
153	0x06f067aa, 0x0a637dc5,	153	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
154	0x113f9804, 0x1b710b35,	154	0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
155	0x28db77f5, 0x32caab7b,	155	0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, /* [64]+ are used for sha512 only */
156	0x3c9ebe0a, 0x431d67c4,	156	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
157	0x4cc5d4be, 0x597f299c,	157	0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
158	0x5fcb6fab, 0x6c44198c	158	0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
159	};	159	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
160	/* Constants for SHA512 from FIPS 180-2:4.2.3. */	160	0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
161	static const uint32_t K512_lo[80] = {	161	0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
162	0xd728ae22, 0x23ef65cd,	162	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
163	0xec4d3b2f, 0x8189dbbc,
164	0xf348b538, 0xb605d019,
165	0xaf194f9b, 0xda6d8118,
166	0xa3030242, 0x45706fbe,
167	0x4ee4b28c, 0xd5ffb4e2,
168	0xf27b896f, 0x3b1696b1,
169	0x25c71235, 0xcf692694,
170	0x9ef14ad2, 0x384f25e3,
171	0x8b8cd5b5, 0x77ac9c65,
172	0x592b0275, 0x6ea6e483,
173	0xbd41fbd4, 0x831153b5,
174	0xee66dfab, 0x2db43210,
175	0x98fb213f, 0xbeef0ee4,
176	0x3da88fc2, 0x930aa725,
177	0xe003826f, 0x0a0e6e70,
178	0x46d22ffc, 0x5c26c926,
179	0x5ac42aed, 0x9d95b3df,
180	0x8baf63de, 0x3c77b2a8,
181	0x47edaee6, 0x1482353b,
182	0x4cf10364, 0xbc423001,
183	0xd0f89791, 0x0654be30,
184	0xd6ef5218, 0x5565a910,
185	0x5771202a, 0x32bbd1b8,
186	0xb8d2d0c8, 0x5141ab53,
187	0xdf8eeb99, 0xe19b48a8,
188	0xc5c95a63, 0xe3418acb,
189	0x7763e373, 0xd6b2b8a3,
190	0x5defb2fc, 0x43172f60,
191	0xa1f0ab72, 0x1a6439ec,
192	0x23631e28, 0xde82bde9,
193	0xb2c67915, 0xe372532b,
194	0xea26619c, 0x21c0c207,
195	0xcde0eb1e, 0xee6ed178,
196	0x72176fba, 0xa2c898a6,
197	0xbef90dae, 0x131c471b,
198	0x23047d84, 0x40c72493,
199	0x15c9bebc, 0x9c100d4c,
200	0xcb3e42b6, 0xfc657e2a,
201	0x3ad6faec, 0x4a475817
202	};	163	};
203		164
204	/* Process LEN bytes of BUFFER, accumulating context into CTX.
205	LEN is rounded _down_ to 64. */
206	static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx)	165	static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx)
207	{	166	{
208	unsigned t;	167	unsigned t;
209	uint32_t W[64];	168	uint32_t W[64], a, b, c, d, e, f, g, h;
210	uint32_t a = ctx->hash[0];
211	uint32_t b = ctx->hash[1];
212	uint32_t c = ctx->hash[2];
213	uint32_t d = ctx->hash[3];
214	uint32_t e = ctx->hash[4];
215	uint32_t f = ctx->hash[5];
216	uint32_t g = ctx->hash[6];
217	uint32_t h = ctx->hash[7];
218	const uint32_t words = (uint32_t) ctx->wbuffer;	169	const uint32_t words = (uint32_t) ctx->wbuffer;
219		170
220	/* Operators defined in FIPS 180-2:4.1.2. */	171	/* Operators defined in FIPS 180-2:4.1.2. */
@@ -234,9 +185,24 @@ static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx)
234	for (/t = 16/; t < 64; ++t)	185	for (/t = 16/; t < 64; ++t)
235	W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];	186	W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
236		187
		188	a = ctx->hash[0];
		189	b = ctx->hash[1];
		190	c = ctx->hash[2];
		191	d = ctx->hash[3];
		192	e = ctx->hash[4];
		193	f = ctx->hash[5];
		194	g = ctx->hash[6];
		195	h = ctx->hash[7];
		196
237	/* The actual computation according to FIPS 180-2:6.2.2 step 3. */	197	/* The actual computation according to FIPS 180-2:6.2.2 step 3. */
238	for (t = 0; t < 64; ++t) {	198	for (t = 0; t < 64; ++t) {
239	uint32_t T1 = h + S1(e) + Ch(e, f, g) + K256[t] + W[t];	199	/* Need to fetch upper half of sha_K[t] */
		200	#if BB_BIG_ENDIAN
		201	uint32_t K_t = ((uint32_t*)(sha_K + t))[0];
		202	#else
		203	uint32_t K_t = ((uint32_t*)(sha_K + t))[1];
		204	#endif
		205	uint32_t T1 = h + S1(e) + Ch(e, f, g) + K_t + W[t];
240	uint32_t T2 = S0(a) + Maj(a, b, c);	206	uint32_t T2 = S0(a) + Maj(a, b, c);
241	h = g;	207	h = g;
242	g = f;	208	g = f;
@@ -264,12 +230,14 @@ static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx)
264	ctx->hash[6] += g;	230	ctx->hash[6] += g;
265	ctx->hash[7] += h;	231	ctx->hash[7] += h;
266	}	232	}
267	/* Process LEN bytes of BUFFER, accumulating context into CTX.	233
268	LEN is rounded _down_ to 128. */
269	static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx)	234	static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx)
270	{	235	{
271	unsigned t;	236	unsigned t;
272	uint64_t W[80];	237	uint64_t W[80];
		238	/* On i386, having assignments here (not later as sha256 does)
		239	* produces 99 bytes smaller code with gcc 4.3.1
		240	*/
273	uint64_t a = ctx->hash[0];	241	uint64_t a = ctx->hash[0];
274	uint64_t b = ctx->hash[1];	242	uint64_t b = ctx->hash[1];
275	uint64_t c = ctx->hash[2];	243	uint64_t c = ctx->hash[2];
@@ -298,8 +266,7 @@ static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx)
298		266
299	/* The actual computation according to FIPS 180-2:6.3.2 step 3. */	267	/* The actual computation according to FIPS 180-2:6.3.2 step 3. */
300	for (t = 0; t < 80; ++t) {	268	for (t = 0; t < 80; ++t) {
301	uint64_t K512_t = ((uint64_t)(K256[t]) << 32) + K512_lo[t];	269	uint64_t T1 = h + S1(e) + Ch(e, f, g) + sha_K[t] + W[t];
302	uint64_t T1 = h + S1(e) + Ch(e, f, g) + K512_t + W[t];
303	uint64_t T2 = S0(a) + Maj(a, b, c);	270	uint64_t T2 = S0(a) + Maj(a, b, c);
304	h = g;	271	h = g;
305	g = f;	272	g = f;
@@ -360,6 +327,7 @@ static const uint32_t init512_lo[] = {
360	0xfb41bd6b,	327	0xfb41bd6b,
361	0x137e2179	328	0x137e2179
362	};	329	};
		330
363	/* Initialize structure containing state of computation.	331	/* Initialize structure containing state of computation.
364	(FIPS 180-2:5.3.2) */	332	(FIPS 180-2:5.3.2) */
365	void FAST_FUNC sha256_begin(sha256_ctx_t *ctx)	333	void FAST_FUNC sha256_begin(sha256_ctx_t *ctx)
@@ -368,6 +336,7 @@ void FAST_FUNC sha256_begin(sha256_ctx_t *ctx)
368	ctx->total64 = 0;	336	ctx->total64 = 0;
369	ctx->process_block = sha256_process_block64;	337	ctx->process_block = sha256_process_block64;
370	}	338	}
		339
371	/* Initialize structure containing state of computation.	340	/* Initialize structure containing state of computation.
372	(FIPS 180-2:5.3.3) */	341	(FIPS 180-2:5.3.3) */
373	void FAST_FUNC sha512_begin(sha512_ctx_t *ctx)	342	void FAST_FUNC sha512_begin(sha512_ctx_t *ctx)
@@ -379,10 +348,11 @@ void FAST_FUNC sha512_begin(sha512_ctx_t *ctx)
379	}	348	}
380		349
381		350
		351	/* Used also for sha256 */
382	void FAST_FUNC sha1_hash(const void buffer, size_t len, sha1_ctx_t ctx)	352	void FAST_FUNC sha1_hash(const void buffer, size_t len, sha1_ctx_t ctx)
383	{	353	{
384	unsigned in_buf = ctx->total64 & SHA1_MASK;	354	unsigned in_buf = ctx->total64 & 63;
385	unsigned add = SHA1_BLOCK_SIZE - in_buf;	355	unsigned add = 64 - in_buf;
386		356
387	ctx->total64 += len;	357	ctx->total64 += len;
388		358
@@ -390,7 +360,7 @@ void FAST_FUNC sha1_hash(const void buffer, size_t len, sha1_ctx_t ctx)
390	memcpy(ctx->wbuffer + in_buf, buffer, add);	360	memcpy(ctx->wbuffer + in_buf, buffer, add);
391	buffer = (const char *)buffer + add;	361	buffer = (const char *)buffer + add;
392	len -= add;	362	len -= add;
393	add = SHA1_BLOCK_SIZE;	363	add = 64;
394	in_buf = 0;	364	in_buf = 0;
395	ctx->process_block(ctx);	365	ctx->process_block(ctx);
396	}	366	}
@@ -423,17 +393,18 @@ void FAST_FUNC sha512_hash(const void buffer, size_t len, sha512_ctx_t ctx)
423	}	393	}
424		394
425		395
		396	/* Used also for sha256 */
426	void FAST_FUNC sha1_end(void resbuf, sha1_ctx_t ctx)	397	void FAST_FUNC sha1_end(void resbuf, sha1_ctx_t ctx)
427	{	398	{
428	unsigned i, pad, in_buf;	399	unsigned i, pad, in_buf;
429		400
430	in_buf = ctx->total64 & SHA1_MASK;	401	in_buf = ctx->total64 & 63;
431	/* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */	402	/* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */
432	ctx->wbuffer[in_buf++] = 0x80;	403	ctx->wbuffer[in_buf++] = 0x80;
433		404
434	/* This loop iterates either once or twice, no more, no less */	405	/* This loop iterates either once or twice, no more, no less */
435	while (1) {	406	while (1) {
436	pad = SHA1_BLOCK_SIZE - in_buf;	407	pad = 64 - in_buf;
437	memset(ctx->wbuffer + in_buf, 0, pad);	408	memset(ctx->wbuffer + in_buf, 0, pad);
438	in_buf = 0;	409	in_buf = 0;
439	/* Do we have enough space for the length count? */	410	/* Do we have enough space for the length count? */
@@ -442,7 +413,7 @@ void FAST_FUNC sha1_end(void resbuf, sha1_ctx_t ctx)
442	uint64_t t = ctx->total64 << 3;	413	uint64_t t = ctx->total64 << 3;
443	t = hton64(t);	414	t = hton64(t);
444	/* wbuffer is suitably aligned for this */	415	/* wbuffer is suitably aligned for this */
445	(uint64_t ) (&ctx->wbuffer[SHA1_BLOCK_SIZE - 8]) = t;	416	(uint64_t ) (&ctx->wbuffer[64 - 8]) = t;
446	}	417	}
447	ctx->process_block(ctx);	418	ctx->process_block(ctx);
448	if (pad >= 8)	419	if (pad >= 8)