undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0330344e0f
git-commit-vandalism/sha1dc/sha1.c
Jeff King 8325e43b82 Makefile: add DC_SHA1 knob 
This knob lets you use the sha1dc implementation from:

      https://github.com/cr-marcstevens/sha1collisiondetection

which can detect certain types of collision attacks (even
when we only see half of the colliding pair). So it
mitigates any attack which consists of getting the "good"
half of a collision into a trusted repository, and then
later replacing it with the "bad" half. The "good" half is
rejected by the victim's version of Git (and even if they
run an old version of Git, any sha1dc-enabled git will
complain loudly if it ever has to interact with the object).

The big downside is that it's slower than either the openssl
or block-sha1 implementations.

Here are some timings based off of linux.git:

  - compute sha1 over whole packfile
      sha1dc: 3.580s
    blk-sha1: 2.046s (-43%)
     openssl: 1.335s (-62%)

  - rev-list --all --objects
      sha1dc: 33.512s
    blk-sha1: 33.514s (+0.0%)
     openssl: 33.650s (+0.4%)

  - git log --no-merges -10000 -p
      sha1dc: 8.124s
    blk-sha1: 7.986s (-1.6%)
     openssl: 8.203s (+0.9%)

  - index-pack --verify
      sha1dc: 4m19s
    blk-sha1: 2m57s (-32%)
     openssl: 2m19s (-42%)

So overall the sha1 computation with collision detection is
about 1.75x slower than block-sha1, and 2.7x slower than
sha1. But of course most operations do more than just sha1.
Normal object access isn't really slowed at all (both the
+/- changes there are well within the run-to-run noise); any
changes are drowned out by the other work Git is doing.

The most-affected operation is `index-pack --verify`, which
is essentially just computing the sha1 on every object. This
is similar to the `index-pack` invocation that the receiver
of a push or fetch would perform. So clearly there's some
extra CPU load here.

There will also be some latency for the user, though keep in
mind that such an operation will generally be network bound
(this is about a 1.2GB packfile). Some of that extra CPU is
"free" in the sense that we use it while the pack is
streaming in anyway. But most of it comes during the
delta-resolution phase, after the whole pack has been
received. So we can imagine that for this (quite large)
push, the user might have to wait an extra 100 seconds over
openssl (which is what we use now). If we assume they can
push to us at 20Mbit/s, that's 480s for a 1.2GB pack, which
is only 20% slower.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-03-17 10:40:25 -07:00

1809 lines
53 KiB
C
Raw Blame History

/***
* Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
* Distributed under the MIT Software License.
* See accompanying file LICENSE.txt or copy at
* https://opensource.org/licenses/MIT
***/
#include "cache.h"
#include "sha1dc/sha1.h"
#include "sha1dc/ubc_check.h"
/*
Because Little-Endian architectures are most common,
we only set BIGENDIAN if one of these conditions is met.
Note that all MSFT platforms are little endian,
so none of these will be defined under the MSC compiler.
If you are compiling on a big endian platform and your compiler does not define one of these,
you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
*/
#if (defined(__BYTE_ORDER) && (__BYTE_ORDER == __BIG_ENDIAN)) || \
(defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __BIG_ENDIAN__)) || \
defined(__BIG_ENDIAN__) || defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__)
#define BIGENDIAN (1)
#endif /*ENDIANNESS SELECTION*/
#define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
#define rotate_left(x,n) (((x)<<(n))|((x)>>(32-(n))))
#define sha1_bswap32(x) \
{x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}
#define sha1_mix(W, t) (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
#if defined(BIGENDIAN)
#define sha1_load(m, t, temp) { temp = m[t]; }
#else
#define sha1_load(m, t, temp) { temp = m[t]; sha1_bswap32(temp); }
#endif /*define(BIGENDIAN)*/
#define sha1_store(W, t, x) *(volatile uint32_t *)&W[t] = x
#define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
#define sha1_f2(b,c,d) ((b)^(c)^(d))
#define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
#define sha1_f4(b,c,d) ((b)^(c)^(d))
#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
{ e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
{ e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
{ e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
{ e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }
#define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
{ b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
#define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
{ b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
#define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
{ b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
#define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
{ b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }
#define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
{sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
#define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
{temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
#define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
{temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
#define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
{temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
#define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
{temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }
#define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
#ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
{
uint32_t W[80];
uint32_t a,b,c,d,e;
unsigned i;
memcpy(W, m, 16 * 4);
for (i = 16; i < 80; ++i)
W[i] = sha1_mix(W, i);
a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
}
#endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
{
uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
}
void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
{
uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
uint32_t temp;
#ifdef DOSTORESTATE00
SHA1_STORE_STATE(0)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
#ifdef DOSTORESTATE01
SHA1_STORE_STATE(1)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
#ifdef DOSTORESTATE02
SHA1_STORE_STATE(2)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
#ifdef DOSTORESTATE03
SHA1_STORE_STATE(3)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
#ifdef DOSTORESTATE04
SHA1_STORE_STATE(4)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
#ifdef DOSTORESTATE05
SHA1_STORE_STATE(5)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
#ifdef DOSTORESTATE06
SHA1_STORE_STATE(6)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
#ifdef DOSTORESTATE07
SHA1_STORE_STATE(7)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
#ifdef DOSTORESTATE08
SHA1_STORE_STATE(8)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
#ifdef DOSTORESTATE09
SHA1_STORE_STATE(9)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
#ifdef DOSTORESTATE10
SHA1_STORE_STATE(10)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
#ifdef DOSTORESTATE11
SHA1_STORE_STATE(11)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
#ifdef DOSTORESTATE12
SHA1_STORE_STATE(12)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
#ifdef DOSTORESTATE13
SHA1_STORE_STATE(13)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
#ifdef DOSTORESTATE14
SHA1_STORE_STATE(14)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
#ifdef DOSTORESTATE15
SHA1_STORE_STATE(15)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
#ifdef DOSTORESTATE16
SHA1_STORE_STATE(16)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
#ifdef DOSTORESTATE17
SHA1_STORE_STATE(17)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
#ifdef DOSTORESTATE18
SHA1_STORE_STATE(18)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
#ifdef DOSTORESTATE19
SHA1_STORE_STATE(19)
#endif
SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
#ifdef DOSTORESTATE20
SHA1_STORE_STATE(20)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
#ifdef DOSTORESTATE21
SHA1_STORE_STATE(21)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
#ifdef DOSTORESTATE22
SHA1_STORE_STATE(22)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
#ifdef DOSTORESTATE23
SHA1_STORE_STATE(23)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
#ifdef DOSTORESTATE24
SHA1_STORE_STATE(24)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
#ifdef DOSTORESTATE25
SHA1_STORE_STATE(25)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
#ifdef DOSTORESTATE26
SHA1_STORE_STATE(26)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
#ifdef DOSTORESTATE27
SHA1_STORE_STATE(27)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
#ifdef DOSTORESTATE28
SHA1_STORE_STATE(28)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
#ifdef DOSTORESTATE29
SHA1_STORE_STATE(29)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
#ifdef DOSTORESTATE30
SHA1_STORE_STATE(30)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
#ifdef DOSTORESTATE31
SHA1_STORE_STATE(31)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
#ifdef DOSTORESTATE32
SHA1_STORE_STATE(32)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
#ifdef DOSTORESTATE33
SHA1_STORE_STATE(33)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
#ifdef DOSTORESTATE34
SHA1_STORE_STATE(34)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
#ifdef DOSTORESTATE35
SHA1_STORE_STATE(35)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
#ifdef DOSTORESTATE36
SHA1_STORE_STATE(36)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
#ifdef DOSTORESTATE37
SHA1_STORE_STATE(37)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
#ifdef DOSTORESTATE38
SHA1_STORE_STATE(38)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
#ifdef DOSTORESTATE39
SHA1_STORE_STATE(39)
#endif
SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
#ifdef DOSTORESTATE40
SHA1_STORE_STATE(40)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
#ifdef DOSTORESTATE41
SHA1_STORE_STATE(41)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
#ifdef DOSTORESTATE42
SHA1_STORE_STATE(42)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
#ifdef DOSTORESTATE43
SHA1_STORE_STATE(43)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
#ifdef DOSTORESTATE44
SHA1_STORE_STATE(44)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
#ifdef DOSTORESTATE45
SHA1_STORE_STATE(45)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
#ifdef DOSTORESTATE46
SHA1_STORE_STATE(46)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
#ifdef DOSTORESTATE47
SHA1_STORE_STATE(47)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
#ifdef DOSTORESTATE48
SHA1_STORE_STATE(48)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
#ifdef DOSTORESTATE49
SHA1_STORE_STATE(49)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
#ifdef DOSTORESTATE50
SHA1_STORE_STATE(50)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
#ifdef DOSTORESTATE51
SHA1_STORE_STATE(51)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
#ifdef DOSTORESTATE52
SHA1_STORE_STATE(52)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
#ifdef DOSTORESTATE53
SHA1_STORE_STATE(53)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
#ifdef DOSTORESTATE54
SHA1_STORE_STATE(54)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
#ifdef DOSTORESTATE55
SHA1_STORE_STATE(55)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
#ifdef DOSTORESTATE56
SHA1_STORE_STATE(56)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
#ifdef DOSTORESTATE57
SHA1_STORE_STATE(57)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
#ifdef DOSTORESTATE58
SHA1_STORE_STATE(58)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
#ifdef DOSTORESTATE59
SHA1_STORE_STATE(59)
#endif
SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
#ifdef DOSTORESTATE60
SHA1_STORE_STATE(60)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
#ifdef DOSTORESTATE61
SHA1_STORE_STATE(61)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
#ifdef DOSTORESTATE62
SHA1_STORE_STATE(62)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
#ifdef DOSTORESTATE63
SHA1_STORE_STATE(63)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
#ifdef DOSTORESTATE64
SHA1_STORE_STATE(64)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
#ifdef DOSTORESTATE65
SHA1_STORE_STATE(65)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
#ifdef DOSTORESTATE66
SHA1_STORE_STATE(66)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
#ifdef DOSTORESTATE67
SHA1_STORE_STATE(67)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
#ifdef DOSTORESTATE68
SHA1_STORE_STATE(68)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
#ifdef DOSTORESTATE69
SHA1_STORE_STATE(69)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
#ifdef DOSTORESTATE70
SHA1_STORE_STATE(70)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
#ifdef DOSTORESTATE71
SHA1_STORE_STATE(71)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
#ifdef DOSTORESTATE72
SHA1_STORE_STATE(72)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
#ifdef DOSTORESTATE73
SHA1_STORE_STATE(73)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
#ifdef DOSTORESTATE74
SHA1_STORE_STATE(74)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
#ifdef DOSTORESTATE75
SHA1_STORE_STATE(75)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
#ifdef DOSTORESTATE76
SHA1_STORE_STATE(76)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
#ifdef DOSTORESTATE77
SHA1_STORE_STATE(77)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
#ifdef DOSTORESTATE78
SHA1_STORE_STATE(78)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
#ifdef DOSTORESTATE79
SHA1_STORE_STATE(79)
#endif
SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
}
#define SHA1_RECOMPRESS(t) \
static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
{ \
uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
}
#ifdef DOSTORESTATE0
SHA1_RECOMPRESS(0)
#endif
#ifdef DOSTORESTATE1
SHA1_RECOMPRESS(1)
#endif
#ifdef DOSTORESTATE2
SHA1_RECOMPRESS(2)
#endif
#ifdef DOSTORESTATE3
SHA1_RECOMPRESS(3)
#endif
#ifdef DOSTORESTATE4
SHA1_RECOMPRESS(4)
#endif
#ifdef DOSTORESTATE5
SHA1_RECOMPRESS(5)
#endif
#ifdef DOSTORESTATE6
SHA1_RECOMPRESS(6)
#endif
#ifdef DOSTORESTATE7
SHA1_RECOMPRESS(7)
#endif
#ifdef DOSTORESTATE8
SHA1_RECOMPRESS(8)
#endif
#ifdef DOSTORESTATE9
SHA1_RECOMPRESS(9)
#endif
#ifdef DOSTORESTATE10
SHA1_RECOMPRESS(10)
#endif
#ifdef DOSTORESTATE11
SHA1_RECOMPRESS(11)
#endif
#ifdef DOSTORESTATE12
SHA1_RECOMPRESS(12)
#endif
#ifdef DOSTORESTATE13
SHA1_RECOMPRESS(13)
#endif
#ifdef DOSTORESTATE14
SHA1_RECOMPRESS(14)
#endif
#ifdef DOSTORESTATE15
SHA1_RECOMPRESS(15)
#endif
#ifdef DOSTORESTATE16
SHA1_RECOMPRESS(16)
#endif
#ifdef DOSTORESTATE17
SHA1_RECOMPRESS(17)
#endif
#ifdef DOSTORESTATE18
SHA1_RECOMPRESS(18)
#endif
#ifdef DOSTORESTATE19
SHA1_RECOMPRESS(19)
#endif
#ifdef DOSTORESTATE20
SHA1_RECOMPRESS(20)
#endif
#ifdef DOSTORESTATE21
SHA1_RECOMPRESS(21)
#endif
#ifdef DOSTORESTATE22
SHA1_RECOMPRESS(22)
#endif
#ifdef DOSTORESTATE23
SHA1_RECOMPRESS(23)
#endif
#ifdef DOSTORESTATE24
SHA1_RECOMPRESS(24)
#endif
#ifdef DOSTORESTATE25
SHA1_RECOMPRESS(25)
#endif
#ifdef DOSTORESTATE26
SHA1_RECOMPRESS(26)
#endif
#ifdef DOSTORESTATE27
SHA1_RECOMPRESS(27)
#endif
#ifdef DOSTORESTATE28
SHA1_RECOMPRESS(28)
#endif
#ifdef DOSTORESTATE29
SHA1_RECOMPRESS(29)
#endif
#ifdef DOSTORESTATE30
SHA1_RECOMPRESS(30)
#endif
#ifdef DOSTORESTATE31
SHA1_RECOMPRESS(31)
#endif
#ifdef DOSTORESTATE32
SHA1_RECOMPRESS(32)
#endif
#ifdef DOSTORESTATE33
SHA1_RECOMPRESS(33)
#endif
#ifdef DOSTORESTATE34
SHA1_RECOMPRESS(34)
#endif
#ifdef DOSTORESTATE35
SHA1_RECOMPRESS(35)
#endif
#ifdef DOSTORESTATE36
SHA1_RECOMPRESS(36)
#endif
#ifdef DOSTORESTATE37
SHA1_RECOMPRESS(37)
#endif
#ifdef DOSTORESTATE38
SHA1_RECOMPRESS(38)
#endif
#ifdef DOSTORESTATE39
SHA1_RECOMPRESS(39)
#endif
#ifdef DOSTORESTATE40
SHA1_RECOMPRESS(40)
#endif
#ifdef DOSTORESTATE41
SHA1_RECOMPRESS(41)
#endif
#ifdef DOSTORESTATE42
SHA1_RECOMPRESS(42)
#endif
#ifdef DOSTORESTATE43
SHA1_RECOMPRESS(43)
#endif
#ifdef DOSTORESTATE44
SHA1_RECOMPRESS(44)
#endif
#ifdef DOSTORESTATE45
SHA1_RECOMPRESS(45)
#endif
#ifdef DOSTORESTATE46
SHA1_RECOMPRESS(46)
#endif
#ifdef DOSTORESTATE47
SHA1_RECOMPRESS(47)
#endif
#ifdef DOSTORESTATE48
SHA1_RECOMPRESS(48)
#endif
#ifdef DOSTORESTATE49
SHA1_RECOMPRESS(49)
#endif
#ifdef DOSTORESTATE50
SHA1_RECOMPRESS(50)
#endif
#ifdef DOSTORESTATE51
SHA1_RECOMPRESS(51)
#endif
#ifdef DOSTORESTATE52
SHA1_RECOMPRESS(52)
#endif
#ifdef DOSTORESTATE53
SHA1_RECOMPRESS(53)
#endif
#ifdef DOSTORESTATE54
SHA1_RECOMPRESS(54)
#endif
#ifdef DOSTORESTATE55
SHA1_RECOMPRESS(55)
#endif
#ifdef DOSTORESTATE56
SHA1_RECOMPRESS(56)
#endif
#ifdef DOSTORESTATE57
SHA1_RECOMPRESS(57)
#endif
#ifdef DOSTORESTATE58
SHA1_RECOMPRESS(58)
#endif
#ifdef DOSTORESTATE59
SHA1_RECOMPRESS(59)
#endif
#ifdef DOSTORESTATE60
SHA1_RECOMPRESS(60)
#endif
#ifdef DOSTORESTATE61
SHA1_RECOMPRESS(61)
#endif
#ifdef DOSTORESTATE62
SHA1_RECOMPRESS(62)
#endif
#ifdef DOSTORESTATE63
SHA1_RECOMPRESS(63)
#endif
#ifdef DOSTORESTATE64
SHA1_RECOMPRESS(64)
#endif
#ifdef DOSTORESTATE65
SHA1_RECOMPRESS(65)
#endif
#ifdef DOSTORESTATE66
SHA1_RECOMPRESS(66)
#endif
#ifdef DOSTORESTATE67
SHA1_RECOMPRESS(67)
#endif
#ifdef DOSTORESTATE68
SHA1_RECOMPRESS(68)
#endif
#ifdef DOSTORESTATE69
SHA1_RECOMPRESS(69)
#endif
#ifdef DOSTORESTATE70
SHA1_RECOMPRESS(70)
#endif
#ifdef DOSTORESTATE71
SHA1_RECOMPRESS(71)
#endif
#ifdef DOSTORESTATE72
SHA1_RECOMPRESS(72)
#endif
#ifdef DOSTORESTATE73
SHA1_RECOMPRESS(73)
#endif
#ifdef DOSTORESTATE74
SHA1_RECOMPRESS(74)
#endif
#ifdef DOSTORESTATE75
SHA1_RECOMPRESS(75)
#endif
#ifdef DOSTORESTATE76
SHA1_RECOMPRESS(76)
#endif
#ifdef DOSTORESTATE77
SHA1_RECOMPRESS(77)
#endif
#ifdef DOSTORESTATE78
SHA1_RECOMPRESS(78)
#endif
#ifdef DOSTORESTATE79
SHA1_RECOMPRESS(79)
#endif
static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
{
switch (step)
{
#ifdef DOSTORESTATE0
case 0:
sha1recompress_fast_0(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE1
case 1:
sha1recompress_fast_1(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE2
case 2:
sha1recompress_fast_2(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE3
case 3:
sha1recompress_fast_3(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE4
case 4:
sha1recompress_fast_4(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE5
case 5:
sha1recompress_fast_5(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE6
case 6:
sha1recompress_fast_6(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE7
case 7:
sha1recompress_fast_7(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE8
case 8:
sha1recompress_fast_8(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE9
case 9:
sha1recompress_fast_9(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE10
case 10:
sha1recompress_fast_10(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE11
case 11:
sha1recompress_fast_11(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE12
case 12:
sha1recompress_fast_12(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE13
case 13:
sha1recompress_fast_13(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE14
case 14:
sha1recompress_fast_14(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE15
case 15:
sha1recompress_fast_15(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE16
case 16:
sha1recompress_fast_16(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE17
case 17:
sha1recompress_fast_17(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE18
case 18:
sha1recompress_fast_18(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE19
case 19:
sha1recompress_fast_19(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE20
case 20:
sha1recompress_fast_20(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE21
case 21:
sha1recompress_fast_21(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE22
case 22:
sha1recompress_fast_22(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE23
case 23:
sha1recompress_fast_23(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE24
case 24:
sha1recompress_fast_24(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE25
case 25:
sha1recompress_fast_25(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE26
case 26:
sha1recompress_fast_26(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE27
case 27:
sha1recompress_fast_27(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE28
case 28:
sha1recompress_fast_28(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE29
case 29:
sha1recompress_fast_29(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE30
case 30:
sha1recompress_fast_30(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE31
case 31:
sha1recompress_fast_31(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE32
case 32:
sha1recompress_fast_32(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE33
case 33:
sha1recompress_fast_33(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE34
case 34:
sha1recompress_fast_34(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE35
case 35:
sha1recompress_fast_35(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE36
case 36:
sha1recompress_fast_36(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE37
case 37:
sha1recompress_fast_37(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE38
case 38:
sha1recompress_fast_38(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE39
case 39:
sha1recompress_fast_39(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE40
case 40:
sha1recompress_fast_40(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE41
case 41:
sha1recompress_fast_41(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE42
case 42:
sha1recompress_fast_42(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE43
case 43:
sha1recompress_fast_43(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE44
case 44:
sha1recompress_fast_44(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE45
case 45:
sha1recompress_fast_45(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE46
case 46:
sha1recompress_fast_46(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE47
case 47:
sha1recompress_fast_47(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE48
case 48:
sha1recompress_fast_48(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE49
case 49:
sha1recompress_fast_49(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE50
case 50:
sha1recompress_fast_50(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE51
case 51:
sha1recompress_fast_51(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE52
case 52:
sha1recompress_fast_52(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE53
case 53:
sha1recompress_fast_53(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE54
case 54:
sha1recompress_fast_54(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE55
case 55:
sha1recompress_fast_55(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE56
case 56:
sha1recompress_fast_56(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE57
case 57:
sha1recompress_fast_57(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE58
case 58:
sha1recompress_fast_58(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE59
case 59:
sha1recompress_fast_59(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE60
case 60:
sha1recompress_fast_60(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE61
case 61:
sha1recompress_fast_61(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE62
case 62:
sha1recompress_fast_62(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE63
case 63:
sha1recompress_fast_63(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE64
case 64:
sha1recompress_fast_64(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE65
case 65:
sha1recompress_fast_65(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE66
case 66:
sha1recompress_fast_66(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE67
case 67:
sha1recompress_fast_67(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE68
case 68:
sha1recompress_fast_68(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE69
case 69:
sha1recompress_fast_69(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE70
case 70:
sha1recompress_fast_70(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE71
case 71:
sha1recompress_fast_71(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE72
case 72:
sha1recompress_fast_72(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE73
case 73:
sha1recompress_fast_73(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE74
case 74:
sha1recompress_fast_74(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE75
case 75:
sha1recompress_fast_75(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE76
case 76:
sha1recompress_fast_76(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE77
case 77:
sha1recompress_fast_77(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE78
case 78:
sha1recompress_fast_78(ihvin, ihvout, me2, state);
break;
#endif
#ifdef DOSTORESTATE79
case 79:
sha1recompress_fast_79(ihvin, ihvout, me2, state);
break;
#endif
default:
abort();
}
}
static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
{
unsigned i, j;
uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
uint32_t ihvtmp[5];
ctx->ihv1[0] = ctx->ihv[0];
ctx->ihv1[1] = ctx->ihv[1];
ctx->ihv1[2] = ctx->ihv[2];
ctx->ihv1[3] = ctx->ihv[3];
ctx->ihv1[4] = ctx->ihv[4];
sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
if (ctx->detect_coll)
{
if (ctx->ubc_check)
{
ubc_check(ctx->m1, ubc_dv_mask);
}
if (ubc_dv_mask[0] != 0)
{
for (i = 0; sha1_dvs[i].dvType != 0; ++i)
{
if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
{
for (j = 0; j < 80; ++j)
ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);
/* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
|| (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
{
ctx->found_collision = 1;
if (ctx->safe_hash)
{
sha1_compression_W(ctx->ihv, ctx->m1);
sha1_compression_W(ctx->ihv, ctx->m1);
}
break;
}
}
}
}
}
}
void SHA1DCInit(SHA1_CTX* ctx)
{
ctx->total = 0;
ctx->ihv[0] = 0x67452301;
ctx->ihv[1] = 0xEFCDAB89;
ctx->ihv[2] = 0x98BADCFE;
ctx->ihv[3] = 0x10325476;
ctx->ihv[4] = 0xC3D2E1F0;
ctx->found_collision = 0;
ctx->safe_hash = 0;
ctx->ubc_check = 1;
ctx->detect_coll = 1;
ctx->reduced_round_coll = 0;
ctx->callback = NULL;
}
void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
{
if (safehash)
ctx->safe_hash = 1;
else
ctx->safe_hash = 0;
}
void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
{
if (ubc_check)
ctx->ubc_check = 1;
else
ctx->ubc_check = 0;
}
void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
{
if (detect_coll)
ctx->detect_coll = 1;
else
ctx->detect_coll = 0;
}
void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
{
if (reduced_round_coll)
ctx->reduced_round_coll = 1;
else
ctx->reduced_round_coll = 0;
}
void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
{
ctx->callback = callback;
}
void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
{
unsigned left, fill;
if (len == 0)
return;
left = ctx->total & 63;
fill = 64 - left;
if (left && len >= fill)
{
ctx->total += fill;
memcpy(ctx->buffer + left, buf, fill);
sha1_process(ctx, (uint32_t*)(ctx->buffer));
buf += fill;
len -= fill;
left = 0;
}
while (len >= 64)
{
ctx->total += 64;
sha1_process(ctx, (uint32_t*)(buf));
buf += 64;
len -= 64;
}
if (len > 0)
{
ctx->total += len;
memcpy(ctx->buffer + left, buf, len);
}
}
static const unsigned char sha1_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
{
uint32_t last = ctx->total & 63;
uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
uint64_t total;
SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
total = ctx->total - padn;
total <<= 3;
ctx->buffer[56] = (unsigned char)(total >> 56);
ctx->buffer[57] = (unsigned char)(total >> 48);
ctx->buffer[58] = (unsigned char)(total >> 40);
ctx->buffer[59] = (unsigned char)(total >> 32);
ctx->buffer[60] = (unsigned char)(total >> 24);
ctx->buffer[61] = (unsigned char)(total >> 16);
ctx->buffer[62] = (unsigned char)(total >> 8);
ctx->buffer[63] = (unsigned char)(total);
sha1_process(ctx, (uint32_t*)(ctx->buffer));
output[0] = (unsigned char)(ctx->ihv[0] >> 24);
output[1] = (unsigned char)(ctx->ihv[0] >> 16);
output[2] = (unsigned char)(ctx->ihv[0] >> 8);
output[3] = (unsigned char)(ctx->ihv[0]);
output[4] = (unsigned char)(ctx->ihv[1] >> 24);
output[5] = (unsigned char)(ctx->ihv[1] >> 16);
output[6] = (unsigned char)(ctx->ihv[1] >> 8);
output[7] = (unsigned char)(ctx->ihv[1]);
output[8] = (unsigned char)(ctx->ihv[2] >> 24);
output[9] = (unsigned char)(ctx->ihv[2] >> 16);
output[10] = (unsigned char)(ctx->ihv[2] >> 8);
output[11] = (unsigned char)(ctx->ihv[2]);
output[12] = (unsigned char)(ctx->ihv[3] >> 24);
output[13] = (unsigned char)(ctx->ihv[3] >> 16);
output[14] = (unsigned char)(ctx->ihv[3] >> 8);
output[15] = (unsigned char)(ctx->ihv[3]);
output[16] = (unsigned char)(ctx->ihv[4] >> 24);
output[17] = (unsigned char)(ctx->ihv[4] >> 16);
output[18] = (unsigned char)(ctx->ihv[4] >> 8);
output[19] = (unsigned char)(ctx->ihv[4]);
return ctx->found_collision;
}
void git_SHA1DCFinal(unsigned char hash[20], SHA1_CTX *ctx)
{
if (!SHA1DCFinal(hash, ctx))
return;
die("SHA-1 appears to be part of a collision attack: %s",
sha1_to_hex(hash));
}
void git_SHA1DCUpdate(SHA1_CTX *ctx, const void *vdata, unsigned long len)
{
const char *data = vdata;
/* We expect an unsigned long, but sha1dc only takes an int */
while (len > INT_MAX) {
SHA1DCUpdate(ctx, data, INT_MAX);
data += INT_MAX;
len -= INT_MAX;
}
SHA1DCUpdate(ctx, data, len);
}
Reference in New Issue View Git Blame Copy Permalink