diff options
| author | jsing <> | 2024-03-28 07:06:12 +0000 |
|---|---|---|
| committer | jsing <> | 2024-03-28 07:06:12 +0000 |
| commit | 4be5efb14e205dde35b546a8e4a47b57af0dcce3 (patch) | |
| tree | e521c98a888402be1972dab5bee5a5899e5e423b | |
| parent | 744061de9eaff441a8068d51688a38f9c96dd03f (diff) | |
| download | openbsd-4be5efb14e205dde35b546a8e4a47b57af0dcce3.tar.gz openbsd-4be5efb14e205dde35b546a8e4a47b57af0dcce3.tar.bz2 openbsd-4be5efb14e205dde35b546a8e4a47b57af0dcce3.zip | |
Demacro sha1.
Replace macros with static inline functions and use names that follow
the spec more closely. Unlike SHA256/SHA512, the functions and constants do
not align with the number of words loaded, which means we cannot easily loop
and just end up just unrolling everything.
ok joshua@ tb@
| -rw-r--r-- | src/lib/libcrypto/sha/sha1.c | 416 |
1 files changed, 252 insertions, 164 deletions
diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c index 8bcc5e0431..32007d5d52 100644 --- a/src/lib/libcrypto/sha/sha1.c +++ b/src/lib/libcrypto/sha/sha1.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sha1.c,v 1.13 2024/03/26 12:54:22 jsing Exp $ */ | 1 | /* $OpenBSD: sha1.c,v 1.14 2024/03/28 07:06:12 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -71,92 +71,114 @@ | |||
| 71 | /* Ensure that SHA_LONG and uint32_t are equivalent sizes. */ | 71 | /* Ensure that SHA_LONG and uint32_t are equivalent sizes. */ |
| 72 | CTASSERT(sizeof(SHA_LONG) == sizeof(uint32_t)); | 72 | CTASSERT(sizeof(SHA_LONG) == sizeof(uint32_t)); |
| 73 | 73 | ||
| 74 | #define DATA_ORDER_IS_BIG_ENDIAN | 74 | #ifdef SHA1_ASM |
| 75 | void sha1_block_data_order(SHA_CTX *ctx, const void *p, size_t num); | ||
| 76 | #endif | ||
| 75 | 77 | ||
| 76 | #define HASH_LONG SHA_LONG | 78 | #ifndef SHA1_ASM |
| 77 | #define HASH_CTX SHA_CTX | 79 | static inline SHA_LONG |
| 78 | #define HASH_CBLOCK SHA_CBLOCK | 80 | Ch(SHA_LONG x, SHA_LONG y, SHA_LONG z) |
| 81 | { | ||
| 82 | return (x & y) ^ (~x & z); | ||
| 83 | } | ||
| 79 | 84 | ||
| 80 | #define HASH_BLOCK_DATA_ORDER sha1_block_data_order | 85 | static inline SHA_LONG |
| 81 | #define Xupdate(a, ix, ia, ib, ic, id) ( (a)=(ia^ib^ic^id), \ | 86 | Parity(SHA_LONG x, SHA_LONG y, SHA_LONG z) |
| 82 | ix=(a)=ROTATE((a),1) \ | 87 | { |
| 83 | ) | 88 | return x ^ y ^ z; |
| 89 | } | ||
| 84 | 90 | ||
| 85 | #ifndef SHA1_ASM | 91 | static inline SHA_LONG |
| 86 | static | 92 | Maj(SHA_LONG x, SHA_LONG y, SHA_LONG z) |
| 87 | #endif | 93 | { |
| 88 | void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); | 94 | return (x & y) ^ (x & z) ^ (y & z); |
| 95 | } | ||
| 96 | |||
| 97 | static inline void | ||
| 98 | sha1_msg_schedule_update(SHA_LONG *W0, SHA_LONG W2, SHA_LONG W8, SHA_LONG W13) | ||
| 99 | { | ||
| 100 | *W0 = crypto_rol_u32(W13 ^ W8 ^ W2 ^ *W0, 1); | ||
| 101 | } | ||
| 89 | 102 | ||
| 90 | #define HASH_NO_UPDATE | 103 | static inline void |
| 91 | #define HASH_NO_TRANSFORM | 104 | sha1_round1(SHA_LONG *a, SHA_LONG *b, SHA_LONG *c, SHA_LONG *d, SHA_LONG *e, |
| 92 | #define HASH_NO_FINAL | 105 | SHA_LONG Wt) |
| 106 | { | ||
| 107 | SHA_LONG Kt, T; | ||
| 93 | 108 | ||
| 94 | #include "md32_common.h" | 109 | Kt = 0x5a827999UL; |
| 110 | T = crypto_rol_u32(*a, 5) + Ch(*b, *c, *d) + *e + Kt + Wt; | ||
| 95 | 111 | ||
| 96 | #define K_00_19 0x5a827999UL | 112 | *e = *d; |
| 97 | #define K_20_39 0x6ed9eba1UL | 113 | *d = *c; |
| 98 | #define K_40_59 0x8f1bbcdcUL | 114 | *c = crypto_rol_u32(*b, 30); |
| 99 | #define K_60_79 0xca62c1d6UL | 115 | *b = *a; |
| 116 | *a = T; | ||
| 117 | } | ||
| 118 | |||
| 119 | static inline void | ||
| 120 | sha1_round2(SHA_LONG *a, SHA_LONG *b, SHA_LONG *c, SHA_LONG *d, SHA_LONG *e, | ||
| 121 | SHA_LONG Wt) | ||
| 122 | { | ||
| 123 | SHA_LONG Kt, T; | ||
| 124 | |||
| 125 | Kt = 0x6ed9eba1UL; | ||
| 126 | T = crypto_rol_u32(*a, 5) + Parity(*b, *c, *d) + *e + Kt + Wt; | ||
| 127 | |||
| 128 | *e = *d; | ||
| 129 | *d = *c; | ||
| 130 | *c = crypto_rol_u32(*b, 30); | ||
| 131 | *b = *a; | ||
| 132 | *a = T; | ||
| 133 | } | ||
| 134 | |||
| 135 | static inline void | ||
| 136 | sha1_round3(SHA_LONG *a, SHA_LONG *b, SHA_LONG *c, SHA_LONG *d, SHA_LONG *e, | ||
| 137 | SHA_LONG Wt) | ||
| 138 | { | ||
| 139 | SHA_LONG Kt, T; | ||
| 140 | |||
| 141 | Kt = 0x8f1bbcdcUL; | ||
| 142 | T = crypto_rol_u32(*a, 5) + Maj(*b, *c, *d) + *e + Kt + Wt; | ||
| 143 | |||
| 144 | *e = *d; | ||
| 145 | *d = *c; | ||
| 146 | *c = crypto_rol_u32(*b, 30); | ||
| 147 | *b = *a; | ||
| 148 | *a = T; | ||
| 149 | } | ||
| 150 | |||
| 151 | static inline void | ||
| 152 | sha1_round4(SHA_LONG *a, SHA_LONG *b, SHA_LONG *c, SHA_LONG *d, SHA_LONG *e, | ||
| 153 | SHA_LONG Wt) | ||
| 154 | { | ||
| 155 | SHA_LONG Kt, T; | ||
| 156 | |||
| 157 | Kt = 0xca62c1d6UL; | ||
| 158 | T = crypto_rol_u32(*a, 5) + Parity(*b, *c, *d) + *e + Kt + Wt; | ||
| 159 | |||
| 160 | *e = *d; | ||
| 161 | *d = *c; | ||
| 162 | *c = crypto_rol_u32(*b, 30); | ||
| 163 | *b = *a; | ||
| 164 | *a = T; | ||
| 165 | } | ||
| 100 | 166 | ||
| 101 | /* As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be | ||
| 102 | * simplified to the code in F_00_19. Wei attributes these optimisations | ||
| 103 | * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. | ||
| 104 | * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) | ||
| 105 | * I've just become aware of another tweak to be made, again from Wei Dai, | ||
| 106 | * in F_40_59, (x&a)|(y&a) -> (x|y)&a | ||
| 107 | */ | ||
| 108 | #define F_00_19(b, c, d) ((((c) ^ (d)) & (b)) ^ (d)) | ||
| 109 | #define F_20_39(b, c, d) ((b) ^ (c) ^ (d)) | ||
| 110 | #define F_40_59(b, c, d) (((b) & (c)) | (((b)|(c)) & (d))) | ||
| 111 | #define F_60_79(b, c, d) F_20_39(b, c, d) | ||
| 112 | |||
| 113 | |||
| 114 | #define BODY_00_15(i, a, b, c, d, e, f, xi) \ | ||
| 115 | (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ | ||
| 116 | (b)=ROTATE((b),30); | ||
| 117 | |||
| 118 | #define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \ | ||
| 119 | Xupdate(f, xi, xa, xb, xc, xd); \ | ||
| 120 | (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ | ||
| 121 | (b)=ROTATE((b),30); | ||
| 122 | |||
| 123 | #define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \ | ||
| 124 | Xupdate(f, xi, xa, xb, xc, xd); \ | ||
| 125 | (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ | ||
| 126 | (b)=ROTATE((b),30); | ||
| 127 | |||
| 128 | #define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd) \ | ||
| 129 | Xupdate(f, xa, xa, xb, xc, xd); \ | ||
| 130 | (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ | ||
| 131 | (b)=ROTATE((b),30); | ||
| 132 | |||
| 133 | #define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd) \ | ||
| 134 | Xupdate(f, xa, xa, xb, xc, xd); \ | ||
| 135 | (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ | ||
| 136 | (b)=ROTATE((b),30); | ||
| 137 | |||
| 138 | #define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd) \ | ||
| 139 | Xupdate(f, xa, xa, xb, xc, xd); \ | ||
| 140 | (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ | ||
| 141 | (b)=ROTATE((b),30); | ||
| 142 | |||
| 143 | #if !defined(SHA1_ASM) | ||
| 144 | #include <endian.h> | ||
| 145 | static void | 167 | static void |
| 146 | sha1_block_data_order(SHA_CTX *c, const void *_in, size_t num) | 168 | sha1_block_data_order(SHA_CTX *ctx, const void *_in, size_t num) |
| 147 | { | 169 | { |
| 148 | const uint8_t *in = _in; | 170 | const uint8_t *in = _in; |
| 149 | const SHA_LONG *in32; | 171 | const SHA_LONG *in32; |
| 150 | unsigned int A, B, C, D, E, T; | 172 | unsigned int a, b, c, d, e; |
| 151 | unsigned int X0, X1, X2, X3, X4, X5, X6, X7, | 173 | unsigned int X0, X1, X2, X3, X4, X5, X6, X7, |
| 152 | X8, X9, X10, X11, X12, X13, X14, X15; | 174 | X8, X9, X10, X11, X12, X13, X14, X15; |
| 153 | 175 | ||
| 154 | while (num--) { | 176 | while (num--) { |
| 155 | A = c->h0; | 177 | a = ctx->h0; |
| 156 | B = c->h1; | 178 | b = ctx->h1; |
| 157 | C = c->h2; | 179 | c = ctx->h2; |
| 158 | D = c->h3; | 180 | d = ctx->h3; |
| 159 | E = c->h4; | 181 | e = ctx->h4; |
| 160 | 182 | ||
| 161 | if ((size_t)in % 4 == 0) { | 183 | if ((size_t)in % 4 == 0) { |
| 162 | /* Input is 32 bit aligned. */ | 184 | /* Input is 32 bit aligned. */ |
| @@ -198,102 +220,168 @@ sha1_block_data_order(SHA_CTX *c, const void *_in, size_t num) | |||
| 198 | } | 220 | } |
| 199 | in += SHA_CBLOCK; | 221 | in += SHA_CBLOCK; |
| 200 | 222 | ||
| 201 | BODY_00_15( 0, A, B, C, D, E, T, X0); | 223 | sha1_round1(&a, &b, &c, &d, &e, X0); |
| 202 | BODY_00_15( 1, T, A, B, C, D, E, X1); | 224 | sha1_round1(&a, &b, &c, &d, &e, X1); |
| 203 | BODY_00_15( 2, E, T, A, B, C, D, X2); | 225 | sha1_round1(&a, &b, &c, &d, &e, X2); |
| 204 | BODY_00_15( 3, D, E, T, A, B, C, X3); | 226 | sha1_round1(&a, &b, &c, &d, &e, X3); |
| 205 | BODY_00_15( 4, C, D, E, T, A, B, X4); | 227 | sha1_round1(&a, &b, &c, &d, &e, X4); |
| 206 | BODY_00_15( 5, B, C, D, E, T, A, X5); | 228 | sha1_round1(&a, &b, &c, &d, &e, X5); |
| 207 | BODY_00_15( 6, A, B, C, D, E, T, X6); | 229 | sha1_round1(&a, &b, &c, &d, &e, X6); |
| 208 | BODY_00_15( 7, T, A, B, C, D, E, X7); | 230 | sha1_round1(&a, &b, &c, &d, &e, X7); |
| 209 | BODY_00_15( 8, E, T, A, B, C, D, X8); | 231 | sha1_round1(&a, &b, &c, &d, &e, X8); |
| 210 | BODY_00_15( 9, D, E, T, A, B, C, X9); | 232 | sha1_round1(&a, &b, &c, &d, &e, X9); |
| 211 | BODY_00_15(10, C, D, E, T, A, B, X10); | 233 | sha1_round1(&a, &b, &c, &d, &e, X10); |
| 212 | BODY_00_15(11, B, C, D, E, T, A, X11); | 234 | sha1_round1(&a, &b, &c, &d, &e, X11); |
| 213 | BODY_00_15(12, A, B, C, D, E, T, X12); | 235 | sha1_round1(&a, &b, &c, &d, &e, X12); |
| 214 | BODY_00_15(13, T, A, B, C, D, E, X13); | 236 | sha1_round1(&a, &b, &c, &d, &e, X13); |
| 215 | BODY_00_15(14, E, T, A, B, C, D, X14); | 237 | sha1_round1(&a, &b, &c, &d, &e, X14); |
| 216 | BODY_00_15(15, D, E, T, A, B, C, X15); | 238 | sha1_round1(&a, &b, &c, &d, &e, X15); |
| 217 | 239 | ||
| 218 | BODY_16_19(16, C, D, E, T, A, B, X0, X0, X2, X8, X13); | 240 | sha1_msg_schedule_update(&X0, X2, X8, X13); |
| 219 | BODY_16_19(17, B, C, D, E, T, A, X1, X1, X3, X9, X14); | 241 | sha1_msg_schedule_update(&X1, X3, X9, X14); |
| 220 | BODY_16_19(18, A, B, C, D, E, T, X2, X2, X4, X10, X15); | 242 | sha1_msg_schedule_update(&X2, X4, X10, X15); |
| 221 | BODY_16_19(19, T, A, B, C, D, E, X3, X3, X5, X11, X0); | 243 | sha1_msg_schedule_update(&X3, X5, X11, X0); |
| 222 | 244 | sha1_msg_schedule_update(&X4, X6, X12, X1); | |
| 223 | BODY_20_31(20, E, T, A, B, C, D, X4, X4, X6, X12, X1); | 245 | sha1_msg_schedule_update(&X5, X7, X13, X2); |
| 224 | BODY_20_31(21, D, E, T, A, B, C, X5, X5, X7, X13, X2); | 246 | sha1_msg_schedule_update(&X6, X8, X14, X3); |
| 225 | BODY_20_31(22, C, D, E, T, A, B, X6, X6, X8, X14, X3); | 247 | sha1_msg_schedule_update(&X7, X9, X15, X4); |
| 226 | BODY_20_31(23, B, C, D, E, T, A, X7, X7, X9, X15, X4); | 248 | sha1_msg_schedule_update(&X8, X10, X0, X5); |
| 227 | BODY_20_31(24, A, B, C, D, E, T, X8, X8, X10, X0, X5); | 249 | sha1_msg_schedule_update(&X9, X11, X1, X6); |
| 228 | BODY_20_31(25, T, A, B, C, D, E, X9, X9, X11, X1, X6); | 250 | sha1_msg_schedule_update(&X10, X12, X2, X7); |
| 229 | BODY_20_31(26, E, T, A, B, C, D, X10, X10, X12, X2, X7); | 251 | sha1_msg_schedule_update(&X11, X13, X3, X8); |
| 230 | BODY_20_31(27, D, E, T, A, B, C, X11, X11, X13, X3, X8); | 252 | sha1_msg_schedule_update(&X12, X14, X4, X9); |
| 231 | BODY_20_31(28, C, D, E, T, A, B, X12, X12, X14, X4, X9); | 253 | sha1_msg_schedule_update(&X13, X15, X5, X10); |
| 232 | BODY_20_31(29, B, C, D, E, T, A, X13, X13, X15, X5, X10); | 254 | sha1_msg_schedule_update(&X14, X0, X6, X11); |
| 233 | BODY_20_31(30, A, B, C, D, E, T, X14, X14, X0, X6, X11); | 255 | sha1_msg_schedule_update(&X15, X1, X7, X12); |
| 234 | BODY_20_31(31, T, A, B, C, D, E, X15, X15, X1, X7, X12); | 256 | |
| 235 | 257 | sha1_round1(&a, &b, &c, &d, &e, X0); | |
| 236 | BODY_32_39(32, E, T, A, B, C, D, X0, X2, X8, X13); | 258 | sha1_round1(&a, &b, &c, &d, &e, X1); |
| 237 | BODY_32_39(33, D, E, T, A, B, C, X1, X3, X9, X14); | 259 | sha1_round1(&a, &b, &c, &d, &e, X2); |
| 238 | BODY_32_39(34, C, D, E, T, A, B, X2, X4, X10, X15); | 260 | sha1_round1(&a, &b, &c, &d, &e, X3); |
| 239 | BODY_32_39(35, B, C, D, E, T, A, X3, X5, X11, X0); | 261 | sha1_round2(&a, &b, &c, &d, &e, X4); |
| 240 | BODY_32_39(36, A, B, C, D, E, T, X4, X6, X12, X1); | 262 | sha1_round2(&a, &b, &c, &d, &e, X5); |
| 241 | BODY_32_39(37, T, A, B, C, D, E, X5, X7, X13, X2); | 263 | sha1_round2(&a, &b, &c, &d, &e, X6); |
| 242 | BODY_32_39(38, E, T, A, B, C, D, X6, X8, X14, X3); | 264 | sha1_round2(&a, &b, &c, &d, &e, X7); |
| 243 | BODY_32_39(39, D, E, T, A, B, C, X7, X9, X15, X4); | 265 | sha1_round2(&a, &b, &c, &d, &e, X8); |
| 244 | 266 | sha1_round2(&a, &b, &c, &d, &e, X9); | |
| 245 | BODY_40_59(40, C, D, E, T, A, B, X8, X10, X0, X5); | 267 | sha1_round2(&a, &b, &c, &d, &e, X10); |
| 246 | BODY_40_59(41, B, C, D, E, T, A, X9, X11, X1, X6); | 268 | sha1_round2(&a, &b, &c, &d, &e, X11); |
| 247 | BODY_40_59(42, A, B, C, D, E, T, X10, X12, X2, X7); | 269 | sha1_round2(&a, &b, &c, &d, &e, X12); |
| 248 | BODY_40_59(43, T, A, B, C, D, E, X11, X13, X3, X8); | 270 | sha1_round2(&a, &b, &c, &d, &e, X13); |
| 249 | BODY_40_59(44, E, T, A, B, C, D, X12, X14, X4, X9); | 271 | sha1_round2(&a, &b, &c, &d, &e, X14); |
| 250 | BODY_40_59(45, D, E, T, A, B, C, X13, X15, X5, X10); | 272 | sha1_round2(&a, &b, &c, &d, &e, X15); |
| 251 | BODY_40_59(46, C, D, E, T, A, B, X14, X0, X6, X11); | 273 | |
| 252 | BODY_40_59(47, B, C, D, E, T, A, X15, X1, X7, X12); | 274 | sha1_msg_schedule_update(&X0, X2, X8, X13); |
| 253 | BODY_40_59(48, A, B, C, D, E, T, X0, X2, X8, X13); | 275 | sha1_msg_schedule_update(&X1, X3, X9, X14); |
| 254 | BODY_40_59(49, T, A, B, C, D, E, X1, X3, X9, X14); | 276 | sha1_msg_schedule_update(&X2, X4, X10, X15); |
| 255 | BODY_40_59(50, E, T, A, B, C, D, X2, X4, X10, X15); | 277 | sha1_msg_schedule_update(&X3, X5, X11, X0); |
| 256 | BODY_40_59(51, D, E, T, A, B, C, X3, X5, X11, X0); | 278 | sha1_msg_schedule_update(&X4, X6, X12, X1); |
| 257 | BODY_40_59(52, C, D, E, T, A, B, X4, X6, X12, X1); | 279 | sha1_msg_schedule_update(&X5, X7, X13, X2); |
| 258 | BODY_40_59(53, B, C, D, E, T, A, X5, X7, X13, X2); | 280 | sha1_msg_schedule_update(&X6, X8, X14, X3); |
| 259 | BODY_40_59(54, A, B, C, D, E, T, X6, X8, X14, X3); | 281 | sha1_msg_schedule_update(&X7, X9, X15, X4); |
| 260 | BODY_40_59(55, T, A, B, C, D, E, X7, X9, X15, X4); | 282 | sha1_msg_schedule_update(&X8, X10, X0, X5); |
| 261 | BODY_40_59(56, E, T, A, B, C, D, X8, X10, X0, X5); | 283 | sha1_msg_schedule_update(&X9, X11, X1, X6); |
| 262 | BODY_40_59(57, D, E, T, A, B, C, X9, X11, X1, X6); | 284 | sha1_msg_schedule_update(&X10, X12, X2, X7); |
| 263 | BODY_40_59(58, C, D, E, T, A, B, X10, X12, X2, X7); | 285 | sha1_msg_schedule_update(&X11, X13, X3, X8); |
| 264 | BODY_40_59(59, B, C, D, E, T, A, X11, X13, X3, X8); | 286 | sha1_msg_schedule_update(&X12, X14, X4, X9); |
| 265 | 287 | sha1_msg_schedule_update(&X13, X15, X5, X10); | |
| 266 | BODY_60_79(60, A, B, C, D, E, T, X12, X14, X4, X9); | 288 | sha1_msg_schedule_update(&X14, X0, X6, X11); |
| 267 | BODY_60_79(61, T, A, B, C, D, E, X13, X15, X5, X10); | 289 | sha1_msg_schedule_update(&X15, X1, X7, X12); |
| 268 | BODY_60_79(62, E, T, A, B, C, D, X14, X0, X6, X11); | 290 | |
| 269 | BODY_60_79(63, D, E, T, A, B, C, X15, X1, X7, X12); | 291 | sha1_round2(&a, &b, &c, &d, &e, X0); |
| 270 | BODY_60_79(64, C, D, E, T, A, B, X0, X2, X8, X13); | 292 | sha1_round2(&a, &b, &c, &d, &e, X1); |
| 271 | BODY_60_79(65, B, C, D, E, T, A, X1, X3, X9, X14); | 293 | sha1_round2(&a, &b, &c, &d, &e, X2); |
| 272 | BODY_60_79(66, A, B, C, D, E, T, X2, X4, X10, X15); | 294 | sha1_round2(&a, &b, &c, &d, &e, X3); |
| 273 | BODY_60_79(67, T, A, B, C, D, E, X3, X5, X11, X0); | 295 | sha1_round2(&a, &b, &c, &d, &e, X4); |
| 274 | BODY_60_79(68, E, T, A, B, C, D, X4, X6, X12, X1); | 296 | sha1_round2(&a, &b, &c, &d, &e, X5); |
| 275 | BODY_60_79(69, D, E, T, A, B, C, X5, X7, X13, X2); | 297 | sha1_round2(&a, &b, &c, &d, &e, X6); |
| 276 | BODY_60_79(70, C, D, E, T, A, B, X6, X8, X14, X3); | 298 | sha1_round2(&a, &b, &c, &d, &e, X7); |
| 277 | BODY_60_79(71, B, C, D, E, T, A, X7, X9, X15, X4); | 299 | sha1_round3(&a, &b, &c, &d, &e, X8); |
| 278 | BODY_60_79(72, A, B, C, D, E, T, X8, X10, X0, X5); | 300 | sha1_round3(&a, &b, &c, &d, &e, X9); |
| 279 | BODY_60_79(73, T, A, B, C, D, E, X9, X11, X1, X6); | 301 | sha1_round3(&a, &b, &c, &d, &e, X10); |
| 280 | BODY_60_79(74, E, T, A, B, C, D, X10, X12, X2, X7); | 302 | sha1_round3(&a, &b, &c, &d, &e, X11); |
| 281 | BODY_60_79(75, D, E, T, A, B, C, X11, X13, X3, X8); | 303 | sha1_round3(&a, &b, &c, &d, &e, X12); |
| 282 | BODY_60_79(76, C, D, E, T, A, B, X12, X14, X4, X9); | 304 | sha1_round3(&a, &b, &c, &d, &e, X13); |
| 283 | BODY_60_79(77, B, C, D, E, T, A, X13, X15, X5, X10); | 305 | sha1_round3(&a, &b, &c, &d, &e, X14); |
| 284 | BODY_60_79(78, A, B, C, D, E, T, X14, X0, X6, X11); | 306 | sha1_round3(&a, &b, &c, &d, &e, X15); |
| 285 | BODY_60_79(79, T, A, B, C, D, E, X15, X1, X7, X12); | 307 | |
| 286 | 308 | sha1_msg_schedule_update(&X0, X2, X8, X13); | |
| 287 | c->h0 = (c->h0 + E)&0xffffffffL; | 309 | sha1_msg_schedule_update(&X1, X3, X9, X14); |
| 288 | c->h1 = (c->h1 + T)&0xffffffffL; | 310 | sha1_msg_schedule_update(&X2, X4, X10, X15); |
| 289 | c->h2 = (c->h2 + A)&0xffffffffL; | 311 | sha1_msg_schedule_update(&X3, X5, X11, X0); |
| 290 | c->h3 = (c->h3 + B)&0xffffffffL; | 312 | sha1_msg_schedule_update(&X4, X6, X12, X1); |
| 291 | c->h4 = (c->h4 + C)&0xffffffffL; | 313 | sha1_msg_schedule_update(&X5, X7, X13, X2); |
| 314 | sha1_msg_schedule_update(&X6, X8, X14, X3); | ||
| 315 | sha1_msg_schedule_update(&X7, X9, X15, X4); | ||
| 316 | sha1_msg_schedule_update(&X8, X10, X0, X5); | ||
| 317 | sha1_msg_schedule_update(&X9, X11, X1, X6); | ||
| 318 | sha1_msg_schedule_update(&X10, X12, X2, X7); | ||
| 319 | sha1_msg_schedule_update(&X11, X13, X3, X8); | ||
| 320 | sha1_msg_schedule_update(&X12, X14, X4, X9); | ||
| 321 | sha1_msg_schedule_update(&X13, X15, X5, X10); | ||
| 322 | sha1_msg_schedule_update(&X14, X0, X6, X11); | ||
| 323 | sha1_msg_schedule_update(&X15, X1, X7, X12); | ||
| 324 | |||
| 325 | sha1_round3(&a, &b, &c, &d, &e, X0); | ||
| 326 | sha1_round3(&a, &b, &c, &d, &e, X1); | ||
| 327 | sha1_round3(&a, &b, &c, &d, &e, X2); | ||
| 328 | sha1_round3(&a, &b, &c, &d, &e, X3); | ||
| 329 | sha1_round3(&a, &b, &c, &d, &e, X4); | ||
| 330 | sha1_round3(&a, &b, &c, &d, &e, X5); | ||
| 331 | sha1_round3(&a, &b, &c, &d, &e, X6); | ||
| 332 | sha1_round3(&a, &b, &c, &d, &e, X7); | ||
| 333 | sha1_round3(&a, &b, &c, &d, &e, X8); | ||
| 334 | sha1_round3(&a, &b, &c, &d, &e, X9); | ||
| 335 | sha1_round3(&a, &b, &c, &d, &e, X10); | ||
| 336 | sha1_round3(&a, &b, &c, &d, &e, X11); | ||
| 337 | sha1_round4(&a, &b, &c, &d, &e, X12); | ||
| 338 | sha1_round4(&a, &b, &c, &d, &e, X13); | ||
| 339 | sha1_round4(&a, &b, &c, &d, &e, X14); | ||
| 340 | sha1_round4(&a, &b, &c, &d, &e, X15); | ||
| 341 | |||
| 342 | sha1_msg_schedule_update(&X0, X2, X8, X13); | ||
| 343 | sha1_msg_schedule_update(&X1, X3, X9, X14); | ||
| 344 | sha1_msg_schedule_update(&X2, X4, X10, X15); | ||
| 345 | sha1_msg_schedule_update(&X3, X5, X11, X0); | ||
| 346 | sha1_msg_schedule_update(&X4, X6, X12, X1); | ||
| 347 | sha1_msg_schedule_update(&X5, X7, X13, X2); | ||
| 348 | sha1_msg_schedule_update(&X6, X8, X14, X3); | ||
| 349 | sha1_msg_schedule_update(&X7, X9, X15, X4); | ||
| 350 | sha1_msg_schedule_update(&X8, X10, X0, X5); | ||
| 351 | sha1_msg_schedule_update(&X9, X11, X1, X6); | ||
| 352 | sha1_msg_schedule_update(&X10, X12, X2, X7); | ||
| 353 | sha1_msg_schedule_update(&X11, X13, X3, X8); | ||
| 354 | sha1_msg_schedule_update(&X12, X14, X4, X9); | ||
| 355 | sha1_msg_schedule_update(&X13, X15, X5, X10); | ||
| 356 | sha1_msg_schedule_update(&X14, X0, X6, X11); | ||
| 357 | sha1_msg_schedule_update(&X15, X1, X7, X12); | ||
| 358 | |||
| 359 | sha1_round4(&a, &b, &c, &d, &e, X0); | ||
| 360 | sha1_round4(&a, &b, &c, &d, &e, X1); | ||
| 361 | sha1_round4(&a, &b, &c, &d, &e, X2); | ||
| 362 | sha1_round4(&a, &b, &c, &d, &e, X3); | ||
| 363 | sha1_round4(&a, &b, &c, &d, &e, X4); | ||
| 364 | sha1_round4(&a, &b, &c, &d, &e, X5); | ||
| 365 | sha1_round4(&a, &b, &c, &d, &e, X6); | ||
| 366 | sha1_round4(&a, &b, &c, &d, &e, X7); | ||
| 367 | sha1_round4(&a, &b, &c, &d, &e, X8); | ||
| 368 | sha1_round4(&a, &b, &c, &d, &e, X9); | ||
| 369 | sha1_round4(&a, &b, &c, &d, &e, X10); | ||
| 370 | sha1_round4(&a, &b, &c, &d, &e, X11); | ||
| 371 | sha1_round4(&a, &b, &c, &d, &e, X12); | ||
| 372 | sha1_round4(&a, &b, &c, &d, &e, X13); | ||
| 373 | sha1_round4(&a, &b, &c, &d, &e, X14); | ||
| 374 | sha1_round4(&a, &b, &c, &d, &e, X15); | ||
| 375 | |||
| 376 | ctx->h0 += a; | ||
| 377 | ctx->h1 += b; | ||
| 378 | ctx->h2 += c; | ||
| 379 | ctx->h3 += d; | ||
| 380 | ctx->h4 += e; | ||
| 292 | } | 381 | } |
| 293 | } | 382 | } |
| 294 | #endif | 383 | #endif |
| 295 | 384 | ||
| 296 | |||
| 297 | int | 385 | int |
| 298 | SHA1_Init(SHA_CTX *c) | 386 | SHA1_Init(SHA_CTX *c) |
| 299 | { | 387 | { |