##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sha1dc: import latest version from github...
Augie Fackler -
r44509:7dddc225 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,30 b''
1 MIT License
2
3 Copyright (c) 2017:
4 Marc Stevens
5 Cryptology Group
6 Centrum Wiskunde & Informatica
7 P.O. Box 94079, 1090 GB Amsterdam, Netherlands
8 marc@marc-stevens.nl
9
10 Dan Shumow
11 Microsoft Research
12 danshu@microsoft.com
13
14 Permission is hereby granted, free of charge, to any person obtaining a copy
15 of this software and associated documentation files (the "Software"), to deal
16 in the Software without restriction, including without limitation the rights
17 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
18 copies of the Software, and to permit persons to whom the Software is
19 furnished to do so, subject to the following conditions:
20
21 The above copyright notice and this permission notice shall be included in all
22 copies or substantial portions of the Software.
23
24 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
25 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
26 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
27 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
28 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
29 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30 SOFTWARE.
Show file before | Show file after | Hide comments
@@ -0,0 +1,145 b''
1 # sha1collisiondetection
2 Library and command line tool to detect SHA-1 collisions in files
3
4 Copyright 2017 Marc Stevens <marc@marc-stevens.nl>
5
6 Distributed under the MIT Software License.
7
8 See accompanying file LICENSE.txt or copy at https://opensource.org/licenses/MIT.
9
10 ## Developers
11
12 - Marc Stevens, CWI Amsterdam (https://marc-stevens.nl)
13 - Dan Shumow, Microsoft Research (https://www.microsoft.com/en-us/research/people/danshu/)
14
15 ## About
16 This library and command line tool were designed as near drop-in replacements for common SHA-1 libraries and sha1sum.
17 They will compute the SHA-1 hash of any given file and additionally will detect cryptanalytic collision attacks against SHA-1 present in each file. It is very fast and takes less than twice the amount of time as regular SHA-1.
18
19 More specifically they will detect any cryptanalytic collision attack against SHA-1 using any of the top 32 SHA-1 disturbance vectors with probability 1:
20 ```
21 I(43,0), I(44,0), I(45,0), I(46,0), I(47,0), I(48,0), I(49,0), I(50,0), I(51,0), I(52,0),
22 I(46,2), I(47,2), I(48,2), I(49,2), I(50,2), I(51,2),
23 II(45,0), II(46,0), II(47,0), II(48,0), II(49,0), II(50,0), II(51,0), II(52,0), II(53,0), II(54,0), II(55,0), II(56,0),
24 II(46,2), II(49,2), II(50,2), II(51,2)
25 ```
26 The possibility of false positives can be neglected as the probability is smaller than 2^-90.
27
28 The library supports both an indicator flag that applications can check and act on, as well as a special _safe-hash_ mode that returns the real SHA-1 hash when no collision was detected and a different _safe_ hash when a collision was detected.
29 Colliding files will have the same SHA-1 hash, but will have different unpredictable safe-hashes.
30 This essentially enables protection of applications against SHA-1 collisions with no further changes in the application, e.g., digital signature forgeries based on SHA-1 collisions automatically become invalid.
31
32 For the theoretical explanation of collision detection see the award-winning paper on _Counter-Cryptanalysis_:
33
34 Counter-cryptanalysis, Marc Stevens, CRYPTO 2013, Lecture Notes in Computer Science, vol. 8042, Springer, 2013, pp. 129-146,
35 https://marc-stevens.nl/research/papers/C13-S.pdf
36
37 ## Compiling
38
39 Run:
40 ```
41 make
42 ```
43
44 ## Command-line usage
45
46 There are two programs `bin/sha1dcsum` and `bin/sha1dcsum_partialcoll`.
47 The first program `bin/sha1dcsum` will detect and warn for files that were generated with a cryptanalytic SHA-1 collision attack like the one documented at https://shattered.io/.
48 The second program `bin/sha1dcsum_partialcoll` will detect and warn for files that were generated with a cryptanalytic collision attack against reduced-round SHA-1 (of which there are a few examples so far).
49
50 Examples:
51 ```
52 bin/sha1dcsum test/sha1_reducedsha_coll.bin test/shattered-1.pdf
53 bin/sha1dcsum_partialcoll test/sha1reducedsha_coll.bin test/shattered-1.pdf
54 pipe_data | bin/sha1dcsum -
55 ```
56
57 ## Library usage
58
59 See the documentation in `lib/sha1.h`. Here is a simple example code snippet:
60 ```
61 #include <sha1dc/sha1.h>
62
63 SHA1_CTX ctx;
64 unsigned char hash[20];
65 SHA1DCInit(&ctx);
66
67 /** disable safe-hash mode (safe-hash mode is enabled by default) **/
68 // SHA1DCSetSafeHash(&ctx, 0);
69 /** disable use of unavoidable attack conditions to speed up detection (enabled by default) **/
70 // SHA1DCSetUseUBC(&ctx, 0);
71
72 SHA1DCUpdate(&ctx, buffer, (unsigned)(size));
73
74 int iscoll = SHA1DCFinal(hash,&ctx);
75 if (iscoll)
76 printf("collision detected");
77 else
78 printf("no collision detected");
79 ```
80
81 ## Inclusion in other programs
82
83 In order to make it easier to include these sources in other project
84 there are several preprocessor macros that the code uses. Rather than
85 copy/pasting and customizing or specializing the code, first see if
86 setting any of these defines appropriately will allow you to avoid
87 modifying the code yourself.
88
89 - SHA1DC_NO_STANDARD_INCLUDES
90
91 Skips including standard headers. Use this if your project for
92 whatever reason wishes to do its own header includes.
93
94 - SHA1DC_CUSTOM_INCLUDE_SHA1_C
95
96 Includes a custom header at the top of sha1.c. Usually this would be
97 set in conjunction with SHA1DC_NO_STANDARD_INCLUDES to point to a
98 header file which includes various standard headers.
99
100 - SHA1DC_INIT_SAFE_HASH_DEFAULT
101
102 Sets the default for safe_hash in SHA1DCInit(). Valid values are 0
103 and 1. If unset 1 is the default.
104
105 - SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
106
107 Includes a custom trailer in sha1.c. Useful for any extra utility
108 functions that make use of the functions already defined in sha1.c.
109
110 - SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H
111
112 Includes a custom trailer in sha1.h. Useful for defining the
113 prototypes of the functions or code included by
114 SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C.
115
116 - SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C
117
118 Includes a custom header at the top of ubc_check.c.
119
120 - SHA1DC_CUSTOM_TRAILING_INCLUDE_UBC_CHECK_C
121
122 Includes a custom trailer in ubc_check.c.
123
124 - SHA1DC_CUSTOM_TRAILING_INCLUDE_UBC_CHECK_H
125
126 Includes a custom trailer in ubc_check.H.
127
128 This code will try to auto-detect certain things based on
129 CPU/platform. Unless you're running on some really obscure CPU or
130 porting to a new platform you should not need to tweak this. If you do
131 please open an issue at
132 https://github.com/cr-marcstevens/sha1collisiondetection
133
134 - SHA1DC_FORCE_LITTLEENDIAN / SHA1DC_FORCE_BIGENDIAN
135
136 Override the check for processor endianenss and force either
137 Little-Endian or Big-Endian.
138
139 - SHA1DC_FORCE_UNALIGNED_ACCESS
140
141 Permit unaligned access. This will fail on e.g. SPARC processors, so
142 it's only permitted on a whitelist of processors. If your CPU isn't
143 detected as allowing this, and allows unaligned access, setting this
144 may improve performance (or make it worse, if the kernel has to
145 catch and emulate such access on its own).
Show file before | Show file after | Hide comments
This diff has been collapsed as it changes many lines, (1911 lines changed) Show them Hide them
@@ -0,0 +1,1911 b''
1 /***
2 * Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow (danshu@microsoft.com)
3 * Distributed under the MIT Software License.
4 * See accompanying file LICENSE.txt or copy at
5 * https://opensource.org/licenses/MIT
6 ***/
7
8 #ifndef SHA1DC_NO_STANDARD_INCLUDES
9 #include <string.h>
10 #include <memory.h>
11 #include <stdio.h>
12 #include <stdlib.h>
13 #ifdef __unix__
14 #include <sys/types.h> /* make sure macros like _BIG_ENDIAN visible */
15 #endif
16 #endif
17
18 #ifdef SHA1DC_CUSTOM_INCLUDE_SHA1_C
19 #include SHA1DC_CUSTOM_INCLUDE_SHA1_C
20 #endif
21
22 #ifndef SHA1DC_INIT_SAFE_HASH_DEFAULT
23 #define SHA1DC_INIT_SAFE_HASH_DEFAULT 1
24 #endif
25
26 #include "sha1.h"
27 #include "ubc_check.h"
28
29 #if (defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || \
30 defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__) || \
31 defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || \
32 defined(_X86_) || defined(__THW_INTEL__) || defined(__I86__) || defined(__INTEL__) || \
33 defined(__386) || defined(_M_X64) || defined(_M_AMD64))
34 #define SHA1DC_ON_INTEL_LIKE_PROCESSOR
35 #endif
36
37 /*
38 Because Little-Endian architectures are most common,
39 we only set SHA1DC_BIGENDIAN if one of these conditions is met.
40 Note that all MSFT platforms are little endian,
41 so none of these will be defined under the MSC compiler.
42 If you are compiling on a big endian platform and your compiler does not define one of these,
43 you will have to add whatever macros your tool chain defines to indicate Big-Endianness.
44 */
45
46 #if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__)
47 /*
48 * Should detect Big Endian under GCC since at least 4.6.0 (gcc svn
49 * rev #165881). See
50 * https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
51 *
52 * This also works under clang since 3.2, it copied the GCC-ism. See
53 * clang.git's 3b198a97d2 ("Preprocessor: add __BYTE_ORDER__
54 * predefined macro", 2012-07-27)
55 */
56 #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
57 #define SHA1DC_BIGENDIAN
58 #endif
59
60 /* Not under GCC-alike */
61 #elif defined(__BYTE_ORDER) && defined(__BIG_ENDIAN)
62 /*
63 * Should detect Big Endian under glibc.git since 14245eb70e ("entered
64 * into RCS", 1992-11-25). Defined in <endian.h> which will have been
65 * brought in by standard headers. See glibc.git and
66 * https://sourceforge.net/p/predef/wiki/Endianness/
67 */
68 #if __BYTE_ORDER == __BIG_ENDIAN
69 #define SHA1DC_BIGENDIAN
70 #endif
71
72 /* Not under GCC-alike or glibc */
73 #elif defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN)
74 /*
75 * *BSD and newlib (embeded linux, cygwin, etc).
76 * the defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN) part prevents
77 * this condition from matching with Solaris/sparc.
78 * (Solaris defines only one endian macro)
79 */
80 #if _BYTE_ORDER == _BIG_ENDIAN
81 #define SHA1DC_BIGENDIAN
82 #endif
83
84 /* Not under GCC-alike or glibc or *BSD or newlib */
85 #elif (defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
86 defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || \
87 defined(__sparc))
88 /*
89 * Should define Big Endian for a whitelist of known processors. See
90 * https://sourceforge.net/p/predef/wiki/Endianness/ and
91 * http://www.oracle.com/technetwork/server-storage/solaris/portingtosolaris-138514.html
92 */
93 #define SHA1DC_BIGENDIAN
94
95 /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> */
96 #elif (defined(_AIX) || defined(__hpux))
97
98 /*
99 * Defines Big Endian on a whitelist of OSs that are known to be Big
100 * Endian-only. See
101 * https://public-inbox.org/git/93056823-2740-d072-1ebd-46b440b33d7e@felt.demon.nl/
102 */
103 #define SHA1DC_BIGENDIAN
104
105 /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> */
106 #elif defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
107 /*
108 * As a last resort before we do anything else we're not 100% sure
109 * about below, we blacklist specific processors here. We could add
110 * more, see e.g. https://wiki.debian.org/ArchitectureSpecificsMemo
111 */
112 #else /* Not under GCC-alike or glibc or *BSD or newlib or <processor whitelist> or <os whitelist> or <processor blacklist> */
113
114 /* We do nothing more here for now */
115 /*#error "Uncomment this to see if you fall through all the detection"*/
116
117 #endif /* Big Endian detection */
118
119 #if (defined(SHA1DC_FORCE_LITTLEENDIAN) && defined(SHA1DC_BIGENDIAN))
120 #undef SHA1DC_BIGENDIAN
121 #endif
122 #if (defined(SHA1DC_FORCE_BIGENDIAN) && !defined(SHA1DC_BIGENDIAN))
123 #define SHA1DC_BIGENDIAN
124 #endif
125 /*ENDIANNESS SELECTION*/
126
127 #ifndef SHA1DC_FORCE_ALIGNED_ACCESS
128 #if defined(SHA1DC_FORCE_UNALIGNED_ACCESS) || defined(SHA1DC_ON_INTEL_LIKE_PROCESSOR)
129 #define SHA1DC_ALLOW_UNALIGNED_ACCESS
130 #endif /*UNALIGNED ACCESS DETECTION*/
131 #endif /*FORCE ALIGNED ACCESS*/
132
133 #define rotate_right(x,n) (((x)>>(n))|((x)<<(32-(n))))
134 #define rotate_left(x,n) (((x)<<(n))|((x)>>(32-(n))))
135
136 #define sha1_bswap32(x) \
137 {x = ((x << 8) & 0xFF00FF00) | ((x >> 8) & 0xFF00FF); x = (x << 16) | (x >> 16);}
138
139 #define sha1_mix(W, t) (rotate_left(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1))
140
141 #ifdef SHA1DC_BIGENDIAN
142 #define sha1_load(m, t, temp) { temp = m[t]; }
143 #else
144 #define sha1_load(m, t, temp) { temp = m[t]; sha1_bswap32(temp); }
145 #endif
146
147 #define sha1_store(W, t, x) *(volatile uint32_t *)&W[t] = x
148
149 #define sha1_f1(b,c,d) ((d)^((b)&((c)^(d))))
150 #define sha1_f2(b,c,d) ((b)^(c)^(d))
151 #define sha1_f3(b,c,d) (((b)&(c))+((d)&((b)^(c))))
152 #define sha1_f4(b,c,d) ((b)^(c)^(d))
153
154 #define HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, m, t) \
155 { e += rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; b = rotate_left(b, 30); }
156 #define HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, m, t) \
157 { e += rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; b = rotate_left(b, 30); }
158 #define HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, m, t) \
159 { e += rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; b = rotate_left(b, 30); }
160 #define HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, m, t) \
161 { e += rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; b = rotate_left(b, 30); }
162
163 #define HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, m, t) \
164 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999 + m[t]; }
165 #define HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, m, t) \
166 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1 + m[t]; }
167 #define HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, m, t) \
168 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC + m[t]; }
169 #define HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, m, t) \
170 { b = rotate_right(b, 30); e -= rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6 + m[t]; }
171
172 #define SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, t, temp) \
173 {sha1_load(m, t, temp); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30);}
174
175 #define SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(a, b, c, d, e, W, t, temp) \
176 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f1(b,c,d) + 0x5A827999; b = rotate_left(b, 30); }
177
178 #define SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, t, temp) \
179 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f2(b,c,d) + 0x6ED9EBA1; b = rotate_left(b, 30); }
180
181 #define SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, t, temp) \
182 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f3(b,c,d) + 0x8F1BBCDC; b = rotate_left(b, 30); }
183
184 #define SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, t, temp) \
185 {temp = sha1_mix(W, t); sha1_store(W, t, temp); e += temp + rotate_left(a, 5) + sha1_f4(b,c,d) + 0xCA62C1D6; b = rotate_left(b, 30); }
186
187
188 #define SHA1_STORE_STATE(i) states[i][0] = a; states[i][1] = b; states[i][2] = c; states[i][3] = d; states[i][4] = e;
189
190 #ifdef BUILDNOCOLLDETECTSHA1COMPRESSION
191 void sha1_compression(uint32_t ihv[5], const uint32_t m[16])
192 {
193 uint32_t W[80];
194 uint32_t a,b,c,d,e;
195 unsigned i;
196
197 memcpy(W, m, 16 * 4);
198 for (i = 16; i < 80; ++i)
199 W[i] = sha1_mix(W, i);
200
201 a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
202
203 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
204 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
205 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
206 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
207 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
208 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
209 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
210 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
211 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
212 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
213 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
214 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
215 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
216 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
217 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
218 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
219 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
220 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
221 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
222 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
223
224 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
225 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
226 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
227 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
228 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
229 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
230 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
231 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
232 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
233 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
234 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
235 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
236 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
237 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
238 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
239 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
240 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
241 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
242 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
243 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
244
245 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
246 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
247 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
248 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
249 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
250 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
251 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
252 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
253 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
254 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
255 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
256 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
257 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
258 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
259 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
260 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
261 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
262 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
263 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
264 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
265
266 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
267 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
268 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
269 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
270 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
271 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
272 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
273 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
274 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
275 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
276 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
277 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
278 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
279 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
280 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
281 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
282 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
283 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
284 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
285 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
286
287 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
288 }
289 #endif /*BUILDNOCOLLDETECTSHA1COMPRESSION*/
290
291
292 static void sha1_compression_W(uint32_t ihv[5], const uint32_t W[80])
293 {
294 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
295
296 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 0);
297 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 1);
298 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 2);
299 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 3);
300 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 4);
301 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 5);
302 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 6);
303 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 7);
304 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 8);
305 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 9);
306 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 10);
307 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 11);
308 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 12);
309 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 13);
310 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 14);
311 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, W, 15);
312 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, W, 16);
313 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, W, 17);
314 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, W, 18);
315 HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, W, 19);
316
317 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 20);
318 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 21);
319 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 22);
320 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 23);
321 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 24);
322 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 25);
323 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 26);
324 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 27);
325 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 28);
326 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 29);
327 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 30);
328 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 31);
329 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 32);
330 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 33);
331 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 34);
332 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, W, 35);
333 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, W, 36);
334 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, W, 37);
335 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, W, 38);
336 HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, W, 39);
337
338 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 40);
339 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 41);
340 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 42);
341 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 43);
342 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 44);
343 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 45);
344 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 46);
345 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 47);
346 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 48);
347 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 49);
348 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 50);
349 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 51);
350 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 52);
351 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 53);
352 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 54);
353 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, W, 55);
354 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, W, 56);
355 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, W, 57);
356 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, W, 58);
357 HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, W, 59);
358
359 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 60);
360 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 61);
361 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 62);
362 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 63);
363 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 64);
364 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 65);
365 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 66);
366 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 67);
367 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 68);
368 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 69);
369 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 70);
370 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 71);
371 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 72);
372 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 73);
373 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 74);
374 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, W, 75);
375 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, W, 76);
376 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, W, 77);
377 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, W, 78);
378 HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, W, 79);
379
380 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
381 }
382
383
384
385 void sha1_compression_states(uint32_t ihv[5], const uint32_t m[16], uint32_t W[80], uint32_t states[80][5])
386 {
387 uint32_t a = ihv[0], b = ihv[1], c = ihv[2], d = ihv[3], e = ihv[4];
388 uint32_t temp;
389
390 #ifdef DOSTORESTATE00
391 SHA1_STORE_STATE(0)
392 #endif
393 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 0, temp);
394
395 #ifdef DOSTORESTATE01
396 SHA1_STORE_STATE(1)
397 #endif
398 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 1, temp);
399
400 #ifdef DOSTORESTATE02
401 SHA1_STORE_STATE(2)
402 #endif
403 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 2, temp);
404
405 #ifdef DOSTORESTATE03
406 SHA1_STORE_STATE(3)
407 #endif
408 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 3, temp);
409
410 #ifdef DOSTORESTATE04
411 SHA1_STORE_STATE(4)
412 #endif
413 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 4, temp);
414
415 #ifdef DOSTORESTATE05
416 SHA1_STORE_STATE(5)
417 #endif
418 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 5, temp);
419
420 #ifdef DOSTORESTATE06
421 SHA1_STORE_STATE(6)
422 #endif
423 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 6, temp);
424
425 #ifdef DOSTORESTATE07
426 SHA1_STORE_STATE(7)
427 #endif
428 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 7, temp);
429
430 #ifdef DOSTORESTATE08
431 SHA1_STORE_STATE(8)
432 #endif
433 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 8, temp);
434
435 #ifdef DOSTORESTATE09
436 SHA1_STORE_STATE(9)
437 #endif
438 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 9, temp);
439
440 #ifdef DOSTORESTATE10
441 SHA1_STORE_STATE(10)
442 #endif
443 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 10, temp);
444
445 #ifdef DOSTORESTATE11
446 SHA1_STORE_STATE(11)
447 #endif
448 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(e, a, b, c, d, m, W, 11, temp);
449
450 #ifdef DOSTORESTATE12
451 SHA1_STORE_STATE(12)
452 #endif
453 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(d, e, a, b, c, m, W, 12, temp);
454
455 #ifdef DOSTORESTATE13
456 SHA1_STORE_STATE(13)
457 #endif
458 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(c, d, e, a, b, m, W, 13, temp);
459
460 #ifdef DOSTORESTATE14
461 SHA1_STORE_STATE(14)
462 #endif
463 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(b, c, d, e, a, m, W, 14, temp);
464
465 #ifdef DOSTORESTATE15
466 SHA1_STORE_STATE(15)
467 #endif
468 SHA1COMPRESS_FULL_ROUND1_STEP_LOAD(a, b, c, d, e, m, W, 15, temp);
469
470 #ifdef DOSTORESTATE16
471 SHA1_STORE_STATE(16)
472 #endif
473 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(e, a, b, c, d, W, 16, temp);
474
475 #ifdef DOSTORESTATE17
476 SHA1_STORE_STATE(17)
477 #endif
478 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(d, e, a, b, c, W, 17, temp);
479
480 #ifdef DOSTORESTATE18
481 SHA1_STORE_STATE(18)
482 #endif
483 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(c, d, e, a, b, W, 18, temp);
484
485 #ifdef DOSTORESTATE19
486 SHA1_STORE_STATE(19)
487 #endif
488 SHA1COMPRESS_FULL_ROUND1_STEP_EXPAND(b, c, d, e, a, W, 19, temp);
489
490
491
492 #ifdef DOSTORESTATE20
493 SHA1_STORE_STATE(20)
494 #endif
495 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 20, temp);
496
497 #ifdef DOSTORESTATE21
498 SHA1_STORE_STATE(21)
499 #endif
500 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 21, temp);
501
502 #ifdef DOSTORESTATE22
503 SHA1_STORE_STATE(22)
504 #endif
505 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 22, temp);
506
507 #ifdef DOSTORESTATE23
508 SHA1_STORE_STATE(23)
509 #endif
510 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 23, temp);
511
512 #ifdef DOSTORESTATE24
513 SHA1_STORE_STATE(24)
514 #endif
515 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 24, temp);
516
517 #ifdef DOSTORESTATE25
518 SHA1_STORE_STATE(25)
519 #endif
520 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 25, temp);
521
522 #ifdef DOSTORESTATE26
523 SHA1_STORE_STATE(26)
524 #endif
525 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 26, temp);
526
527 #ifdef DOSTORESTATE27
528 SHA1_STORE_STATE(27)
529 #endif
530 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 27, temp);
531
532 #ifdef DOSTORESTATE28
533 SHA1_STORE_STATE(28)
534 #endif
535 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 28, temp);
536
537 #ifdef DOSTORESTATE29
538 SHA1_STORE_STATE(29)
539 #endif
540 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 29, temp);
541
542 #ifdef DOSTORESTATE30
543 SHA1_STORE_STATE(30)
544 #endif
545 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 30, temp);
546
547 #ifdef DOSTORESTATE31
548 SHA1_STORE_STATE(31)
549 #endif
550 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 31, temp);
551
552 #ifdef DOSTORESTATE32
553 SHA1_STORE_STATE(32)
554 #endif
555 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 32, temp);
556
557 #ifdef DOSTORESTATE33
558 SHA1_STORE_STATE(33)
559 #endif
560 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 33, temp);
561
562 #ifdef DOSTORESTATE34
563 SHA1_STORE_STATE(34)
564 #endif
565 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 34, temp);
566
567 #ifdef DOSTORESTATE35
568 SHA1_STORE_STATE(35)
569 #endif
570 SHA1COMPRESS_FULL_ROUND2_STEP(a, b, c, d, e, W, 35, temp);
571
572 #ifdef DOSTORESTATE36
573 SHA1_STORE_STATE(36)
574 #endif
575 SHA1COMPRESS_FULL_ROUND2_STEP(e, a, b, c, d, W, 36, temp);
576
577 #ifdef DOSTORESTATE37
578 SHA1_STORE_STATE(37)
579 #endif
580 SHA1COMPRESS_FULL_ROUND2_STEP(d, e, a, b, c, W, 37, temp);
581
582 #ifdef DOSTORESTATE38
583 SHA1_STORE_STATE(38)
584 #endif
585 SHA1COMPRESS_FULL_ROUND2_STEP(c, d, e, a, b, W, 38, temp);
586
587 #ifdef DOSTORESTATE39
588 SHA1_STORE_STATE(39)
589 #endif
590 SHA1COMPRESS_FULL_ROUND2_STEP(b, c, d, e, a, W, 39, temp);
591
592
593
594 #ifdef DOSTORESTATE40
595 SHA1_STORE_STATE(40)
596 #endif
597 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 40, temp);
598
599 #ifdef DOSTORESTATE41
600 SHA1_STORE_STATE(41)
601 #endif
602 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 41, temp);
603
604 #ifdef DOSTORESTATE42
605 SHA1_STORE_STATE(42)
606 #endif
607 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 42, temp);
608
609 #ifdef DOSTORESTATE43
610 SHA1_STORE_STATE(43)
611 #endif
612 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 43, temp);
613
614 #ifdef DOSTORESTATE44
615 SHA1_STORE_STATE(44)
616 #endif
617 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 44, temp);
618
619 #ifdef DOSTORESTATE45
620 SHA1_STORE_STATE(45)
621 #endif
622 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 45, temp);
623
624 #ifdef DOSTORESTATE46
625 SHA1_STORE_STATE(46)
626 #endif
627 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 46, temp);
628
629 #ifdef DOSTORESTATE47
630 SHA1_STORE_STATE(47)
631 #endif
632 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 47, temp);
633
634 #ifdef DOSTORESTATE48
635 SHA1_STORE_STATE(48)
636 #endif
637 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 48, temp);
638
639 #ifdef DOSTORESTATE49
640 SHA1_STORE_STATE(49)
641 #endif
642 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 49, temp);
643
644 #ifdef DOSTORESTATE50
645 SHA1_STORE_STATE(50)
646 #endif
647 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 50, temp);
648
649 #ifdef DOSTORESTATE51
650 SHA1_STORE_STATE(51)
651 #endif
652 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 51, temp);
653
654 #ifdef DOSTORESTATE52
655 SHA1_STORE_STATE(52)
656 #endif
657 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 52, temp);
658
659 #ifdef DOSTORESTATE53
660 SHA1_STORE_STATE(53)
661 #endif
662 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 53, temp);
663
664 #ifdef DOSTORESTATE54
665 SHA1_STORE_STATE(54)
666 #endif
667 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 54, temp);
668
669 #ifdef DOSTORESTATE55
670 SHA1_STORE_STATE(55)
671 #endif
672 SHA1COMPRESS_FULL_ROUND3_STEP(a, b, c, d, e, W, 55, temp);
673
674 #ifdef DOSTORESTATE56
675 SHA1_STORE_STATE(56)
676 #endif
677 SHA1COMPRESS_FULL_ROUND3_STEP(e, a, b, c, d, W, 56, temp);
678
679 #ifdef DOSTORESTATE57
680 SHA1_STORE_STATE(57)
681 #endif
682 SHA1COMPRESS_FULL_ROUND3_STEP(d, e, a, b, c, W, 57, temp);
683
684 #ifdef DOSTORESTATE58
685 SHA1_STORE_STATE(58)
686 #endif
687 SHA1COMPRESS_FULL_ROUND3_STEP(c, d, e, a, b, W, 58, temp);
688
689 #ifdef DOSTORESTATE59
690 SHA1_STORE_STATE(59)
691 #endif
692 SHA1COMPRESS_FULL_ROUND3_STEP(b, c, d, e, a, W, 59, temp);
693
694
695
696
697 #ifdef DOSTORESTATE60
698 SHA1_STORE_STATE(60)
699 #endif
700 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 60, temp);
701
702 #ifdef DOSTORESTATE61
703 SHA1_STORE_STATE(61)
704 #endif
705 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 61, temp);
706
707 #ifdef DOSTORESTATE62
708 SHA1_STORE_STATE(62)
709 #endif
710 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 62, temp);
711
712 #ifdef DOSTORESTATE63
713 SHA1_STORE_STATE(63)
714 #endif
715 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 63, temp);
716
717 #ifdef DOSTORESTATE64
718 SHA1_STORE_STATE(64)
719 #endif
720 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 64, temp);
721
722 #ifdef DOSTORESTATE65
723 SHA1_STORE_STATE(65)
724 #endif
725 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 65, temp);
726
727 #ifdef DOSTORESTATE66
728 SHA1_STORE_STATE(66)
729 #endif
730 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 66, temp);
731
732 #ifdef DOSTORESTATE67
733 SHA1_STORE_STATE(67)
734 #endif
735 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 67, temp);
736
737 #ifdef DOSTORESTATE68
738 SHA1_STORE_STATE(68)
739 #endif
740 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 68, temp);
741
742 #ifdef DOSTORESTATE69
743 SHA1_STORE_STATE(69)
744 #endif
745 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 69, temp);
746
747 #ifdef DOSTORESTATE70
748 SHA1_STORE_STATE(70)
749 #endif
750 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 70, temp);
751
752 #ifdef DOSTORESTATE71
753 SHA1_STORE_STATE(71)
754 #endif
755 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 71, temp);
756
757 #ifdef DOSTORESTATE72
758 SHA1_STORE_STATE(72)
759 #endif
760 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 72, temp);
761
762 #ifdef DOSTORESTATE73
763 SHA1_STORE_STATE(73)
764 #endif
765 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 73, temp);
766
767 #ifdef DOSTORESTATE74
768 SHA1_STORE_STATE(74)
769 #endif
770 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 74, temp);
771
772 #ifdef DOSTORESTATE75
773 SHA1_STORE_STATE(75)
774 #endif
775 SHA1COMPRESS_FULL_ROUND4_STEP(a, b, c, d, e, W, 75, temp);
776
777 #ifdef DOSTORESTATE76
778 SHA1_STORE_STATE(76)
779 #endif
780 SHA1COMPRESS_FULL_ROUND4_STEP(e, a, b, c, d, W, 76, temp);
781
782 #ifdef DOSTORESTATE77
783 SHA1_STORE_STATE(77)
784 #endif
785 SHA1COMPRESS_FULL_ROUND4_STEP(d, e, a, b, c, W, 77, temp);
786
787 #ifdef DOSTORESTATE78
788 SHA1_STORE_STATE(78)
789 #endif
790 SHA1COMPRESS_FULL_ROUND4_STEP(c, d, e, a, b, W, 78, temp);
791
792 #ifdef DOSTORESTATE79
793 SHA1_STORE_STATE(79)
794 #endif
795 SHA1COMPRESS_FULL_ROUND4_STEP(b, c, d, e, a, W, 79, temp);
796
797
798
799 ihv[0] += a; ihv[1] += b; ihv[2] += c; ihv[3] += d; ihv[4] += e;
800 }
801
802
803
804
805 #define SHA1_RECOMPRESS(t) \
806 static void sha1recompress_fast_ ## t (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]) \
807 { \
808 uint32_t a = state[0], b = state[1], c = state[2], d = state[3], e = state[4]; \
809 if (t > 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 79); \
810 if (t > 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 78); \
811 if (t > 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 77); \
812 if (t > 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 76); \
813 if (t > 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 75); \
814 if (t > 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 74); \
815 if (t > 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 73); \
816 if (t > 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 72); \
817 if (t > 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 71); \
818 if (t > 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 70); \
819 if (t > 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 69); \
820 if (t > 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 68); \
821 if (t > 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 67); \
822 if (t > 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 66); \
823 if (t > 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 65); \
824 if (t > 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(b, c, d, e, a, me2, 64); \
825 if (t > 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(c, d, e, a, b, me2, 63); \
826 if (t > 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(d, e, a, b, c, me2, 62); \
827 if (t > 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(e, a, b, c, d, me2, 61); \
828 if (t > 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP_BW(a, b, c, d, e, me2, 60); \
829 if (t > 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 59); \
830 if (t > 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 58); \
831 if (t > 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 57); \
832 if (t > 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 56); \
833 if (t > 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 55); \
834 if (t > 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 54); \
835 if (t > 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 53); \
836 if (t > 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 52); \
837 if (t > 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 51); \
838 if (t > 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 50); \
839 if (t > 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 49); \
840 if (t > 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 48); \
841 if (t > 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 47); \
842 if (t > 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 46); \
843 if (t > 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 45); \
844 if (t > 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(b, c, d, e, a, me2, 44); \
845 if (t > 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(c, d, e, a, b, me2, 43); \
846 if (t > 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(d, e, a, b, c, me2, 42); \
847 if (t > 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(e, a, b, c, d, me2, 41); \
848 if (t > 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP_BW(a, b, c, d, e, me2, 40); \
849 if (t > 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 39); \
850 if (t > 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 38); \
851 if (t > 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 37); \
852 if (t > 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 36); \
853 if (t > 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 35); \
854 if (t > 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 34); \
855 if (t > 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 33); \
856 if (t > 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 32); \
857 if (t > 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 31); \
858 if (t > 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 30); \
859 if (t > 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 29); \
860 if (t > 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 28); \
861 if (t > 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 27); \
862 if (t > 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 26); \
863 if (t > 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 25); \
864 if (t > 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(b, c, d, e, a, me2, 24); \
865 if (t > 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(c, d, e, a, b, me2, 23); \
866 if (t > 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(d, e, a, b, c, me2, 22); \
867 if (t > 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(e, a, b, c, d, me2, 21); \
868 if (t > 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP_BW(a, b, c, d, e, me2, 20); \
869 if (t > 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 19); \
870 if (t > 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 18); \
871 if (t > 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 17); \
872 if (t > 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 16); \
873 if (t > 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 15); \
874 if (t > 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 14); \
875 if (t > 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 13); \
876 if (t > 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 12); \
877 if (t > 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 11); \
878 if (t > 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 10); \
879 if (t > 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 9); \
880 if (t > 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 8); \
881 if (t > 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 7); \
882 if (t > 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 6); \
883 if (t > 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 5); \
884 if (t > 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(b, c, d, e, a, me2, 4); \
885 if (t > 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(c, d, e, a, b, me2, 3); \
886 if (t > 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(d, e, a, b, c, me2, 2); \
887 if (t > 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(e, a, b, c, d, me2, 1); \
888 if (t > 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP_BW(a, b, c, d, e, me2, 0); \
889 ihvin[0] = a; ihvin[1] = b; ihvin[2] = c; ihvin[3] = d; ihvin[4] = e; \
890 a = state[0]; b = state[1]; c = state[2]; d = state[3]; e = state[4]; \
891 if (t <= 0) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 0); \
892 if (t <= 1) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 1); \
893 if (t <= 2) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 2); \
894 if (t <= 3) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 3); \
895 if (t <= 4) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 4); \
896 if (t <= 5) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 5); \
897 if (t <= 6) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 6); \
898 if (t <= 7) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 7); \
899 if (t <= 8) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 8); \
900 if (t <= 9) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 9); \
901 if (t <= 10) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 10); \
902 if (t <= 11) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 11); \
903 if (t <= 12) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 12); \
904 if (t <= 13) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 13); \
905 if (t <= 14) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 14); \
906 if (t <= 15) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(a, b, c, d, e, me2, 15); \
907 if (t <= 16) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(e, a, b, c, d, me2, 16); \
908 if (t <= 17) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(d, e, a, b, c, me2, 17); \
909 if (t <= 18) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(c, d, e, a, b, me2, 18); \
910 if (t <= 19) HASHCLASH_SHA1COMPRESS_ROUND1_STEP(b, c, d, e, a, me2, 19); \
911 if (t <= 20) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 20); \
912 if (t <= 21) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 21); \
913 if (t <= 22) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 22); \
914 if (t <= 23) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 23); \
915 if (t <= 24) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 24); \
916 if (t <= 25) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 25); \
917 if (t <= 26) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 26); \
918 if (t <= 27) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 27); \
919 if (t <= 28) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 28); \
920 if (t <= 29) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 29); \
921 if (t <= 30) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 30); \
922 if (t <= 31) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 31); \
923 if (t <= 32) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 32); \
924 if (t <= 33) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 33); \
925 if (t <= 34) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 34); \
926 if (t <= 35) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(a, b, c, d, e, me2, 35); \
927 if (t <= 36) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(e, a, b, c, d, me2, 36); \
928 if (t <= 37) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(d, e, a, b, c, me2, 37); \
929 if (t <= 38) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(c, d, e, a, b, me2, 38); \
930 if (t <= 39) HASHCLASH_SHA1COMPRESS_ROUND2_STEP(b, c, d, e, a, me2, 39); \
931 if (t <= 40) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 40); \
932 if (t <= 41) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 41); \
933 if (t <= 42) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 42); \
934 if (t <= 43) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 43); \
935 if (t <= 44) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 44); \
936 if (t <= 45) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 45); \
937 if (t <= 46) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 46); \
938 if (t <= 47) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 47); \
939 if (t <= 48) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 48); \
940 if (t <= 49) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 49); \
941 if (t <= 50) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 50); \
942 if (t <= 51) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 51); \
943 if (t <= 52) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 52); \
944 if (t <= 53) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 53); \
945 if (t <= 54) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 54); \
946 if (t <= 55) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(a, b, c, d, e, me2, 55); \
947 if (t <= 56) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(e, a, b, c, d, me2, 56); \
948 if (t <= 57) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(d, e, a, b, c, me2, 57); \
949 if (t <= 58) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(c, d, e, a, b, me2, 58); \
950 if (t <= 59) HASHCLASH_SHA1COMPRESS_ROUND3_STEP(b, c, d, e, a, me2, 59); \
951 if (t <= 60) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 60); \
952 if (t <= 61) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 61); \
953 if (t <= 62) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 62); \
954 if (t <= 63) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 63); \
955 if (t <= 64) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 64); \
956 if (t <= 65) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 65); \
957 if (t <= 66) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 66); \
958 if (t <= 67) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 67); \
959 if (t <= 68) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 68); \
960 if (t <= 69) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 69); \
961 if (t <= 70) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 70); \
962 if (t <= 71) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 71); \
963 if (t <= 72) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 72); \
964 if (t <= 73) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 73); \
965 if (t <= 74) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 74); \
966 if (t <= 75) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(a, b, c, d, e, me2, 75); \
967 if (t <= 76) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(e, a, b, c, d, me2, 76); \
968 if (t <= 77) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(d, e, a, b, c, me2, 77); \
969 if (t <= 78) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(c, d, e, a, b, me2, 78); \
970 if (t <= 79) HASHCLASH_SHA1COMPRESS_ROUND4_STEP(b, c, d, e, a, me2, 79); \
971 ihvout[0] = ihvin[0] + a; ihvout[1] = ihvin[1] + b; ihvout[2] = ihvin[2] + c; ihvout[3] = ihvin[3] + d; ihvout[4] = ihvin[4] + e; \
972 }
973
974 #ifdef _MSC_VER
975 #pragma warning(push)
976 #pragma warning(disable: 4127) /* Compiler complains about the checks in the above macro being constant. */
977 #endif
978
979 #ifdef DOSTORESTATE0
980 SHA1_RECOMPRESS(0)
981 #endif
982
983 #ifdef DOSTORESTATE1
984 SHA1_RECOMPRESS(1)
985 #endif
986
987 #ifdef DOSTORESTATE2
988 SHA1_RECOMPRESS(2)
989 #endif
990
991 #ifdef DOSTORESTATE3
992 SHA1_RECOMPRESS(3)
993 #endif
994
995 #ifdef DOSTORESTATE4
996 SHA1_RECOMPRESS(4)
997 #endif
998
999 #ifdef DOSTORESTATE5
1000 SHA1_RECOMPRESS(5)
1001 #endif
1002
1003 #ifdef DOSTORESTATE6
1004 SHA1_RECOMPRESS(6)
1005 #endif
1006
1007 #ifdef DOSTORESTATE7
1008 SHA1_RECOMPRESS(7)
1009 #endif
1010
1011 #ifdef DOSTORESTATE8
1012 SHA1_RECOMPRESS(8)
1013 #endif
1014
1015 #ifdef DOSTORESTATE9
1016 SHA1_RECOMPRESS(9)
1017 #endif
1018
1019 #ifdef DOSTORESTATE10
1020 SHA1_RECOMPRESS(10)
1021 #endif
1022
1023 #ifdef DOSTORESTATE11
1024 SHA1_RECOMPRESS(11)
1025 #endif
1026
1027 #ifdef DOSTORESTATE12
1028 SHA1_RECOMPRESS(12)
1029 #endif
1030
1031 #ifdef DOSTORESTATE13
1032 SHA1_RECOMPRESS(13)
1033 #endif
1034
1035 #ifdef DOSTORESTATE14
1036 SHA1_RECOMPRESS(14)
1037 #endif
1038
1039 #ifdef DOSTORESTATE15
1040 SHA1_RECOMPRESS(15)
1041 #endif
1042
1043 #ifdef DOSTORESTATE16
1044 SHA1_RECOMPRESS(16)
1045 #endif
1046
1047 #ifdef DOSTORESTATE17
1048 SHA1_RECOMPRESS(17)
1049 #endif
1050
1051 #ifdef DOSTORESTATE18
1052 SHA1_RECOMPRESS(18)
1053 #endif
1054
1055 #ifdef DOSTORESTATE19
1056 SHA1_RECOMPRESS(19)
1057 #endif
1058
1059 #ifdef DOSTORESTATE20
1060 SHA1_RECOMPRESS(20)
1061 #endif
1062
1063 #ifdef DOSTORESTATE21
1064 SHA1_RECOMPRESS(21)
1065 #endif
1066
1067 #ifdef DOSTORESTATE22
1068 SHA1_RECOMPRESS(22)
1069 #endif
1070
1071 #ifdef DOSTORESTATE23
1072 SHA1_RECOMPRESS(23)
1073 #endif
1074
1075 #ifdef DOSTORESTATE24
1076 SHA1_RECOMPRESS(24)
1077 #endif
1078
1079 #ifdef DOSTORESTATE25
1080 SHA1_RECOMPRESS(25)
1081 #endif
1082
1083 #ifdef DOSTORESTATE26
1084 SHA1_RECOMPRESS(26)
1085 #endif
1086
1087 #ifdef DOSTORESTATE27
1088 SHA1_RECOMPRESS(27)
1089 #endif
1090
1091 #ifdef DOSTORESTATE28
1092 SHA1_RECOMPRESS(28)
1093 #endif
1094
1095 #ifdef DOSTORESTATE29
1096 SHA1_RECOMPRESS(29)
1097 #endif
1098
1099 #ifdef DOSTORESTATE30
1100 SHA1_RECOMPRESS(30)
1101 #endif
1102
1103 #ifdef DOSTORESTATE31
1104 SHA1_RECOMPRESS(31)
1105 #endif
1106
1107 #ifdef DOSTORESTATE32
1108 SHA1_RECOMPRESS(32)
1109 #endif
1110
1111 #ifdef DOSTORESTATE33
1112 SHA1_RECOMPRESS(33)
1113 #endif
1114
1115 #ifdef DOSTORESTATE34
1116 SHA1_RECOMPRESS(34)
1117 #endif
1118
1119 #ifdef DOSTORESTATE35
1120 SHA1_RECOMPRESS(35)
1121 #endif
1122
1123 #ifdef DOSTORESTATE36
1124 SHA1_RECOMPRESS(36)
1125 #endif
1126
1127 #ifdef DOSTORESTATE37
1128 SHA1_RECOMPRESS(37)
1129 #endif
1130
1131 #ifdef DOSTORESTATE38
1132 SHA1_RECOMPRESS(38)
1133 #endif
1134
1135 #ifdef DOSTORESTATE39
1136 SHA1_RECOMPRESS(39)
1137 #endif
1138
1139 #ifdef DOSTORESTATE40
1140 SHA1_RECOMPRESS(40)
1141 #endif
1142
1143 #ifdef DOSTORESTATE41
1144 SHA1_RECOMPRESS(41)
1145 #endif
1146
1147 #ifdef DOSTORESTATE42
1148 SHA1_RECOMPRESS(42)
1149 #endif
1150
1151 #ifdef DOSTORESTATE43
1152 SHA1_RECOMPRESS(43)
1153 #endif
1154
1155 #ifdef DOSTORESTATE44
1156 SHA1_RECOMPRESS(44)
1157 #endif
1158
1159 #ifdef DOSTORESTATE45
1160 SHA1_RECOMPRESS(45)
1161 #endif
1162
1163 #ifdef DOSTORESTATE46
1164 SHA1_RECOMPRESS(46)
1165 #endif
1166
1167 #ifdef DOSTORESTATE47
1168 SHA1_RECOMPRESS(47)
1169 #endif
1170
1171 #ifdef DOSTORESTATE48
1172 SHA1_RECOMPRESS(48)
1173 #endif
1174
1175 #ifdef DOSTORESTATE49
1176 SHA1_RECOMPRESS(49)
1177 #endif
1178
1179 #ifdef DOSTORESTATE50
1180 SHA1_RECOMPRESS(50)
1181 #endif
1182
1183 #ifdef DOSTORESTATE51
1184 SHA1_RECOMPRESS(51)
1185 #endif
1186
1187 #ifdef DOSTORESTATE52
1188 SHA1_RECOMPRESS(52)
1189 #endif
1190
1191 #ifdef DOSTORESTATE53
1192 SHA1_RECOMPRESS(53)
1193 #endif
1194
1195 #ifdef DOSTORESTATE54
1196 SHA1_RECOMPRESS(54)
1197 #endif
1198
1199 #ifdef DOSTORESTATE55
1200 SHA1_RECOMPRESS(55)
1201 #endif
1202
1203 #ifdef DOSTORESTATE56
1204 SHA1_RECOMPRESS(56)
1205 #endif
1206
1207 #ifdef DOSTORESTATE57
1208 SHA1_RECOMPRESS(57)
1209 #endif
1210
1211 #ifdef DOSTORESTATE58
1212 SHA1_RECOMPRESS(58)
1213 #endif
1214
1215 #ifdef DOSTORESTATE59
1216 SHA1_RECOMPRESS(59)
1217 #endif
1218
1219 #ifdef DOSTORESTATE60
1220 SHA1_RECOMPRESS(60)
1221 #endif
1222
1223 #ifdef DOSTORESTATE61
1224 SHA1_RECOMPRESS(61)
1225 #endif
1226
1227 #ifdef DOSTORESTATE62
1228 SHA1_RECOMPRESS(62)
1229 #endif
1230
1231 #ifdef DOSTORESTATE63
1232 SHA1_RECOMPRESS(63)
1233 #endif
1234
1235 #ifdef DOSTORESTATE64
1236 SHA1_RECOMPRESS(64)
1237 #endif
1238
1239 #ifdef DOSTORESTATE65
1240 SHA1_RECOMPRESS(65)
1241 #endif
1242
1243 #ifdef DOSTORESTATE66
1244 SHA1_RECOMPRESS(66)
1245 #endif
1246
1247 #ifdef DOSTORESTATE67
1248 SHA1_RECOMPRESS(67)
1249 #endif
1250
1251 #ifdef DOSTORESTATE68
1252 SHA1_RECOMPRESS(68)
1253 #endif
1254
1255 #ifdef DOSTORESTATE69
1256 SHA1_RECOMPRESS(69)
1257 #endif
1258
1259 #ifdef DOSTORESTATE70
1260 SHA1_RECOMPRESS(70)
1261 #endif
1262
1263 #ifdef DOSTORESTATE71
1264 SHA1_RECOMPRESS(71)
1265 #endif
1266
1267 #ifdef DOSTORESTATE72
1268 SHA1_RECOMPRESS(72)
1269 #endif
1270
1271 #ifdef DOSTORESTATE73
1272 SHA1_RECOMPRESS(73)
1273 #endif
1274
1275 #ifdef DOSTORESTATE74
1276 SHA1_RECOMPRESS(74)
1277 #endif
1278
1279 #ifdef DOSTORESTATE75
1280 SHA1_RECOMPRESS(75)
1281 #endif
1282
1283 #ifdef DOSTORESTATE76
1284 SHA1_RECOMPRESS(76)
1285 #endif
1286
1287 #ifdef DOSTORESTATE77
1288 SHA1_RECOMPRESS(77)
1289 #endif
1290
1291 #ifdef DOSTORESTATE78
1292 SHA1_RECOMPRESS(78)
1293 #endif
1294
1295 #ifdef DOSTORESTATE79
1296 SHA1_RECOMPRESS(79)
1297 #endif
1298
1299 #ifdef _MSC_VER
1300 #pragma warning(pop)
1301 #endif
1302
1303 static void sha1_recompression_step(uint32_t step, uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5])
1304 {
1305 switch (step)
1306 {
1307 #ifdef DOSTORESTATE0
1308 case 0:
1309 sha1recompress_fast_0(ihvin, ihvout, me2, state);
1310 break;
1311 #endif
1312 #ifdef DOSTORESTATE1
1313 case 1:
1314 sha1recompress_fast_1(ihvin, ihvout, me2, state);
1315 break;
1316 #endif
1317 #ifdef DOSTORESTATE2
1318 case 2:
1319 sha1recompress_fast_2(ihvin, ihvout, me2, state);
1320 break;
1321 #endif
1322 #ifdef DOSTORESTATE3
1323 case 3:
1324 sha1recompress_fast_3(ihvin, ihvout, me2, state);
1325 break;
1326 #endif
1327 #ifdef DOSTORESTATE4
1328 case 4:
1329 sha1recompress_fast_4(ihvin, ihvout, me2, state);
1330 break;
1331 #endif
1332 #ifdef DOSTORESTATE5
1333 case 5:
1334 sha1recompress_fast_5(ihvin, ihvout, me2, state);
1335 break;
1336 #endif
1337 #ifdef DOSTORESTATE6
1338 case 6:
1339 sha1recompress_fast_6(ihvin, ihvout, me2, state);
1340 break;
1341 #endif
1342 #ifdef DOSTORESTATE7
1343 case 7:
1344 sha1recompress_fast_7(ihvin, ihvout, me2, state);
1345 break;
1346 #endif
1347 #ifdef DOSTORESTATE8
1348 case 8:
1349 sha1recompress_fast_8(ihvin, ihvout, me2, state);
1350 break;
1351 #endif
1352 #ifdef DOSTORESTATE9
1353 case 9:
1354 sha1recompress_fast_9(ihvin, ihvout, me2, state);
1355 break;
1356 #endif
1357 #ifdef DOSTORESTATE10
1358 case 10:
1359 sha1recompress_fast_10(ihvin, ihvout, me2, state);
1360 break;
1361 #endif
1362 #ifdef DOSTORESTATE11
1363 case 11:
1364 sha1recompress_fast_11(ihvin, ihvout, me2, state);
1365 break;
1366 #endif
1367 #ifdef DOSTORESTATE12
1368 case 12:
1369 sha1recompress_fast_12(ihvin, ihvout, me2, state);
1370 break;
1371 #endif
1372 #ifdef DOSTORESTATE13
1373 case 13:
1374 sha1recompress_fast_13(ihvin, ihvout, me2, state);
1375 break;
1376 #endif
1377 #ifdef DOSTORESTATE14
1378 case 14:
1379 sha1recompress_fast_14(ihvin, ihvout, me2, state);
1380 break;
1381 #endif
1382 #ifdef DOSTORESTATE15
1383 case 15:
1384 sha1recompress_fast_15(ihvin, ihvout, me2, state);
1385 break;
1386 #endif
1387 #ifdef DOSTORESTATE16
1388 case 16:
1389 sha1recompress_fast_16(ihvin, ihvout, me2, state);
1390 break;
1391 #endif
1392 #ifdef DOSTORESTATE17
1393 case 17:
1394 sha1recompress_fast_17(ihvin, ihvout, me2, state);
1395 break;
1396 #endif
1397 #ifdef DOSTORESTATE18
1398 case 18:
1399 sha1recompress_fast_18(ihvin, ihvout, me2, state);
1400 break;
1401 #endif
1402 #ifdef DOSTORESTATE19
1403 case 19:
1404 sha1recompress_fast_19(ihvin, ihvout, me2, state);
1405 break;
1406 #endif
1407 #ifdef DOSTORESTATE20
1408 case 20:
1409 sha1recompress_fast_20(ihvin, ihvout, me2, state);
1410 break;
1411 #endif
1412 #ifdef DOSTORESTATE21
1413 case 21:
1414 sha1recompress_fast_21(ihvin, ihvout, me2, state);
1415 break;
1416 #endif
1417 #ifdef DOSTORESTATE22
1418 case 22:
1419 sha1recompress_fast_22(ihvin, ihvout, me2, state);
1420 break;
1421 #endif
1422 #ifdef DOSTORESTATE23
1423 case 23:
1424 sha1recompress_fast_23(ihvin, ihvout, me2, state);
1425 break;
1426 #endif
1427 #ifdef DOSTORESTATE24
1428 case 24:
1429 sha1recompress_fast_24(ihvin, ihvout, me2, state);
1430 break;
1431 #endif
1432 #ifdef DOSTORESTATE25
1433 case 25:
1434 sha1recompress_fast_25(ihvin, ihvout, me2, state);
1435 break;
1436 #endif
1437 #ifdef DOSTORESTATE26
1438 case 26:
1439 sha1recompress_fast_26(ihvin, ihvout, me2, state);
1440 break;
1441 #endif
1442 #ifdef DOSTORESTATE27
1443 case 27:
1444 sha1recompress_fast_27(ihvin, ihvout, me2, state);
1445 break;
1446 #endif
1447 #ifdef DOSTORESTATE28
1448 case 28:
1449 sha1recompress_fast_28(ihvin, ihvout, me2, state);
1450 break;
1451 #endif
1452 #ifdef DOSTORESTATE29
1453 case 29:
1454 sha1recompress_fast_29(ihvin, ihvout, me2, state);
1455 break;
1456 #endif
1457 #ifdef DOSTORESTATE30
1458 case 30:
1459 sha1recompress_fast_30(ihvin, ihvout, me2, state);
1460 break;
1461 #endif
1462 #ifdef DOSTORESTATE31
1463 case 31:
1464 sha1recompress_fast_31(ihvin, ihvout, me2, state);
1465 break;
1466 #endif
1467 #ifdef DOSTORESTATE32
1468 case 32:
1469 sha1recompress_fast_32(ihvin, ihvout, me2, state);
1470 break;
1471 #endif
1472 #ifdef DOSTORESTATE33
1473 case 33:
1474 sha1recompress_fast_33(ihvin, ihvout, me2, state);
1475 break;
1476 #endif
1477 #ifdef DOSTORESTATE34
1478 case 34:
1479 sha1recompress_fast_34(ihvin, ihvout, me2, state);
1480 break;
1481 #endif
1482 #ifdef DOSTORESTATE35
1483 case 35:
1484 sha1recompress_fast_35(ihvin, ihvout, me2, state);
1485 break;
1486 #endif
1487 #ifdef DOSTORESTATE36
1488 case 36:
1489 sha1recompress_fast_36(ihvin, ihvout, me2, state);
1490 break;
1491 #endif
1492 #ifdef DOSTORESTATE37
1493 case 37:
1494 sha1recompress_fast_37(ihvin, ihvout, me2, state);
1495 break;
1496 #endif
1497 #ifdef DOSTORESTATE38
1498 case 38:
1499 sha1recompress_fast_38(ihvin, ihvout, me2, state);
1500 break;
1501 #endif
1502 #ifdef DOSTORESTATE39
1503 case 39:
1504 sha1recompress_fast_39(ihvin, ihvout, me2, state);
1505 break;
1506 #endif
1507 #ifdef DOSTORESTATE40
1508 case 40:
1509 sha1recompress_fast_40(ihvin, ihvout, me2, state);
1510 break;
1511 #endif
1512 #ifdef DOSTORESTATE41
1513 case 41:
1514 sha1recompress_fast_41(ihvin, ihvout, me2, state);
1515 break;
1516 #endif
1517 #ifdef DOSTORESTATE42
1518 case 42:
1519 sha1recompress_fast_42(ihvin, ihvout, me2, state);
1520 break;
1521 #endif
1522 #ifdef DOSTORESTATE43
1523 case 43:
1524 sha1recompress_fast_43(ihvin, ihvout, me2, state);
1525 break;
1526 #endif
1527 #ifdef DOSTORESTATE44
1528 case 44:
1529 sha1recompress_fast_44(ihvin, ihvout, me2, state);
1530 break;
1531 #endif
1532 #ifdef DOSTORESTATE45
1533 case 45:
1534 sha1recompress_fast_45(ihvin, ihvout, me2, state);
1535 break;
1536 #endif
1537 #ifdef DOSTORESTATE46
1538 case 46:
1539 sha1recompress_fast_46(ihvin, ihvout, me2, state);
1540 break;
1541 #endif
1542 #ifdef DOSTORESTATE47
1543 case 47:
1544 sha1recompress_fast_47(ihvin, ihvout, me2, state);
1545 break;
1546 #endif
1547 #ifdef DOSTORESTATE48
1548 case 48:
1549 sha1recompress_fast_48(ihvin, ihvout, me2, state);
1550 break;
1551 #endif
1552 #ifdef DOSTORESTATE49
1553 case 49:
1554 sha1recompress_fast_49(ihvin, ihvout, me2, state);
1555 break;
1556 #endif
1557 #ifdef DOSTORESTATE50
1558 case 50:
1559 sha1recompress_fast_50(ihvin, ihvout, me2, state);
1560 break;
1561 #endif
1562 #ifdef DOSTORESTATE51
1563 case 51:
1564 sha1recompress_fast_51(ihvin, ihvout, me2, state);
1565 break;
1566 #endif
1567 #ifdef DOSTORESTATE52
1568 case 52:
1569 sha1recompress_fast_52(ihvin, ihvout, me2, state);
1570 break;
1571 #endif
1572 #ifdef DOSTORESTATE53
1573 case 53:
1574 sha1recompress_fast_53(ihvin, ihvout, me2, state);
1575 break;
1576 #endif
1577 #ifdef DOSTORESTATE54
1578 case 54:
1579 sha1recompress_fast_54(ihvin, ihvout, me2, state);
1580 break;
1581 #endif
1582 #ifdef DOSTORESTATE55
1583 case 55:
1584 sha1recompress_fast_55(ihvin, ihvout, me2, state);
1585 break;
1586 #endif
1587 #ifdef DOSTORESTATE56
1588 case 56:
1589 sha1recompress_fast_56(ihvin, ihvout, me2, state);
1590 break;
1591 #endif
1592 #ifdef DOSTORESTATE57
1593 case 57:
1594 sha1recompress_fast_57(ihvin, ihvout, me2, state);
1595 break;
1596 #endif
1597 #ifdef DOSTORESTATE58
1598 case 58:
1599 sha1recompress_fast_58(ihvin, ihvout, me2, state);
1600 break;
1601 #endif
1602 #ifdef DOSTORESTATE59
1603 case 59:
1604 sha1recompress_fast_59(ihvin, ihvout, me2, state);
1605 break;
1606 #endif
1607 #ifdef DOSTORESTATE60
1608 case 60:
1609 sha1recompress_fast_60(ihvin, ihvout, me2, state);
1610 break;
1611 #endif
1612 #ifdef DOSTORESTATE61
1613 case 61:
1614 sha1recompress_fast_61(ihvin, ihvout, me2, state);
1615 break;
1616 #endif
1617 #ifdef DOSTORESTATE62
1618 case 62:
1619 sha1recompress_fast_62(ihvin, ihvout, me2, state);
1620 break;
1621 #endif
1622 #ifdef DOSTORESTATE63
1623 case 63:
1624 sha1recompress_fast_63(ihvin, ihvout, me2, state);
1625 break;
1626 #endif
1627 #ifdef DOSTORESTATE64
1628 case 64:
1629 sha1recompress_fast_64(ihvin, ihvout, me2, state);
1630 break;
1631 #endif
1632 #ifdef DOSTORESTATE65
1633 case 65:
1634 sha1recompress_fast_65(ihvin, ihvout, me2, state);
1635 break;
1636 #endif
1637 #ifdef DOSTORESTATE66
1638 case 66:
1639 sha1recompress_fast_66(ihvin, ihvout, me2, state);
1640 break;
1641 #endif
1642 #ifdef DOSTORESTATE67
1643 case 67:
1644 sha1recompress_fast_67(ihvin, ihvout, me2, state);
1645 break;
1646 #endif
1647 #ifdef DOSTORESTATE68
1648 case 68:
1649 sha1recompress_fast_68(ihvin, ihvout, me2, state);
1650 break;
1651 #endif
1652 #ifdef DOSTORESTATE69
1653 case 69:
1654 sha1recompress_fast_69(ihvin, ihvout, me2, state);
1655 break;
1656 #endif
1657 #ifdef DOSTORESTATE70
1658 case 70:
1659 sha1recompress_fast_70(ihvin, ihvout, me2, state);
1660 break;
1661 #endif
1662 #ifdef DOSTORESTATE71
1663 case 71:
1664 sha1recompress_fast_71(ihvin, ihvout, me2, state);
1665 break;
1666 #endif
1667 #ifdef DOSTORESTATE72
1668 case 72:
1669 sha1recompress_fast_72(ihvin, ihvout, me2, state);
1670 break;
1671 #endif
1672 #ifdef DOSTORESTATE73
1673 case 73:
1674 sha1recompress_fast_73(ihvin, ihvout, me2, state);
1675 break;
1676 #endif
1677 #ifdef DOSTORESTATE74
1678 case 74:
1679 sha1recompress_fast_74(ihvin, ihvout, me2, state);
1680 break;
1681 #endif
1682 #ifdef DOSTORESTATE75
1683 case 75:
1684 sha1recompress_fast_75(ihvin, ihvout, me2, state);
1685 break;
1686 #endif
1687 #ifdef DOSTORESTATE76
1688 case 76:
1689 sha1recompress_fast_76(ihvin, ihvout, me2, state);
1690 break;
1691 #endif
1692 #ifdef DOSTORESTATE77
1693 case 77:
1694 sha1recompress_fast_77(ihvin, ihvout, me2, state);
1695 break;
1696 #endif
1697 #ifdef DOSTORESTATE78
1698 case 78:
1699 sha1recompress_fast_78(ihvin, ihvout, me2, state);
1700 break;
1701 #endif
1702 #ifdef DOSTORESTATE79
1703 case 79:
1704 sha1recompress_fast_79(ihvin, ihvout, me2, state);
1705 break;
1706 #endif
1707 default:
1708 abort();
1709 }
1710
1711 }
1712
1713
1714
1715 static void sha1_process(SHA1_CTX* ctx, const uint32_t block[16])
1716 {
1717 unsigned i, j;
1718 uint32_t ubc_dv_mask[DVMASKSIZE] = { 0xFFFFFFFF };
1719 uint32_t ihvtmp[5];
1720
1721 ctx->ihv1[0] = ctx->ihv[0];
1722 ctx->ihv1[1] = ctx->ihv[1];
1723 ctx->ihv1[2] = ctx->ihv[2];
1724 ctx->ihv1[3] = ctx->ihv[3];
1725 ctx->ihv1[4] = ctx->ihv[4];
1726
1727 sha1_compression_states(ctx->ihv, block, ctx->m1, ctx->states);
1728
1729 if (ctx->detect_coll)
1730 {
1731 if (ctx->ubc_check)
1732 {
1733 ubc_check(ctx->m1, ubc_dv_mask);
1734 }
1735
1736 if (ubc_dv_mask[0] != 0)
1737 {
1738 for (i = 0; sha1_dvs[i].dvType != 0; ++i)
1739 {
1740 if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb))
1741 {
1742 for (j = 0; j < 80; ++j)
1743 ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j];
1744
1745 sha1_recompression_step(sha1_dvs[i].testt, ctx->ihv2, ihvtmp, ctx->m2, ctx->states[sha1_dvs[i].testt]);
1746
1747 /* to verify SHA-1 collision detection code with collisions for reduced-step SHA-1 */
1748 if ((0 == ((ihvtmp[0] ^ ctx->ihv[0]) | (ihvtmp[1] ^ ctx->ihv[1]) | (ihvtmp[2] ^ ctx->ihv[2]) | (ihvtmp[3] ^ ctx->ihv[3]) | (ihvtmp[4] ^ ctx->ihv[4])))
1749 || (ctx->reduced_round_coll && 0==((ctx->ihv1[0] ^ ctx->ihv2[0]) | (ctx->ihv1[1] ^ ctx->ihv2[1]) | (ctx->ihv1[2] ^ ctx->ihv2[2]) | (ctx->ihv1[3] ^ ctx->ihv2[3]) | (ctx->ihv1[4] ^ ctx->ihv2[4]))))
1750 {
1751 ctx->found_collision = 1;
1752
1753 if (ctx->safe_hash)
1754 {
1755 sha1_compression_W(ctx->ihv, ctx->m1);
1756 sha1_compression_W(ctx->ihv, ctx->m1);
1757 }
1758
1759 break;
1760 }
1761 }
1762 }
1763 }
1764 }
1765 }
1766
1767 void SHA1DCInit(SHA1_CTX* ctx)
1768 {
1769 ctx->total = 0;
1770 ctx->ihv[0] = 0x67452301;
1771 ctx->ihv[1] = 0xEFCDAB89;
1772 ctx->ihv[2] = 0x98BADCFE;
1773 ctx->ihv[3] = 0x10325476;
1774 ctx->ihv[4] = 0xC3D2E1F0;
1775 ctx->found_collision = 0;
1776 ctx->safe_hash = SHA1DC_INIT_SAFE_HASH_DEFAULT;
1777 ctx->ubc_check = 1;
1778 ctx->detect_coll = 1;
1779 ctx->reduced_round_coll = 0;
1780 ctx->callback = NULL;
1781 }
1782
1783 void SHA1DCSetSafeHash(SHA1_CTX* ctx, int safehash)
1784 {
1785 if (safehash)
1786 ctx->safe_hash = 1;
1787 else
1788 ctx->safe_hash = 0;
1789 }
1790
1791
1792 void SHA1DCSetUseUBC(SHA1_CTX* ctx, int ubc_check)
1793 {
1794 if (ubc_check)
1795 ctx->ubc_check = 1;
1796 else
1797 ctx->ubc_check = 0;
1798 }
1799
1800 void SHA1DCSetUseDetectColl(SHA1_CTX* ctx, int detect_coll)
1801 {
1802 if (detect_coll)
1803 ctx->detect_coll = 1;
1804 else
1805 ctx->detect_coll = 0;
1806 }
1807
1808 void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX* ctx, int reduced_round_coll)
1809 {
1810 if (reduced_round_coll)
1811 ctx->reduced_round_coll = 1;
1812 else
1813 ctx->reduced_round_coll = 0;
1814 }
1815
1816 void SHA1DCSetCallback(SHA1_CTX* ctx, collision_block_callback callback)
1817 {
1818 ctx->callback = callback;
1819 }
1820
1821 void SHA1DCUpdate(SHA1_CTX* ctx, const char* buf, size_t len)
1822 {
1823 unsigned left, fill;
1824
1825 if (len == 0)
1826 return;
1827
1828 left = ctx->total & 63;
1829 fill = 64 - left;
1830
1831 if (left && len >= fill)
1832 {
1833 ctx->total += fill;
1834 memcpy(ctx->buffer + left, buf, fill);
1835 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1836 buf += fill;
1837 len -= fill;
1838 left = 0;
1839 }
1840 while (len >= 64)
1841 {
1842 ctx->total += 64;
1843
1844 #if defined(SHA1DC_ALLOW_UNALIGNED_ACCESS)
1845 sha1_process(ctx, (uint32_t*)(buf));
1846 #else
1847 memcpy(ctx->buffer, buf, 64);
1848 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1849 #endif /* defined(SHA1DC_ALLOW_UNALIGNED_ACCESS) */
1850 buf += 64;
1851 len -= 64;
1852 }
1853 if (len > 0)
1854 {
1855 ctx->total += len;
1856 memcpy(ctx->buffer + left, buf, len);
1857 }
1858 }
1859
1860 static const unsigned char sha1_padding[64] =
1861 {
1862 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1863 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1864 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1865 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1866 };
1867
1868 int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
1869 {
1870 uint32_t last = ctx->total & 63;
1871 uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
1872 uint64_t total;
1873 SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
1874
1875 total = ctx->total - padn;
1876 total <<= 3;
1877 ctx->buffer[56] = (unsigned char)(total >> 56);
1878 ctx->buffer[57] = (unsigned char)(total >> 48);
1879 ctx->buffer[58] = (unsigned char)(total >> 40);
1880 ctx->buffer[59] = (unsigned char)(total >> 32);
1881 ctx->buffer[60] = (unsigned char)(total >> 24);
1882 ctx->buffer[61] = (unsigned char)(total >> 16);
1883 ctx->buffer[62] = (unsigned char)(total >> 8);
1884 ctx->buffer[63] = (unsigned char)(total);
1885 sha1_process(ctx, (uint32_t*)(ctx->buffer));
1886 output[0] = (unsigned char)(ctx->ihv[0] >> 24);
1887 output[1] = (unsigned char)(ctx->ihv[0] >> 16);
1888 output[2] = (unsigned char)(ctx->ihv[0] >> 8);
1889 output[3] = (unsigned char)(ctx->ihv[0]);
1890 output[4] = (unsigned char)(ctx->ihv[1] >> 24);
1891 output[5] = (unsigned char)(ctx->ihv[1] >> 16);
1892 output[6] = (unsigned char)(ctx->ihv[1] >> 8);
1893 output[7] = (unsigned char)(ctx->ihv[1]);
1894 output[8] = (unsigned char)(ctx->ihv[2] >> 24);
1895 output[9] = (unsigned char)(ctx->ihv[2] >> 16);
1896 output[10] = (unsigned char)(ctx->ihv[2] >> 8);
1897 output[11] = (unsigned char)(ctx->ihv[2]);
1898 output[12] = (unsigned char)(ctx->ihv[3] >> 24);
1899 output[13] = (unsigned char)(ctx->ihv[3] >> 16);
1900 output[14] = (unsigned char)(ctx->ihv[3] >> 8);
1901 output[15] = (unsigned char)(ctx->ihv[3]);
1902 output[16] = (unsigned char)(ctx->ihv[4] >> 24);
1903 output[17] = (unsigned char)(ctx->ihv[4] >> 16);
1904 output[18] = (unsigned char)(ctx->ihv[4] >> 8);
1905 output[19] = (unsigned char)(ctx->ihv[4]);
1906 return ctx->found_collision;
1907 }
1908
1909 #ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1910 #include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C
1911 #endif
Show file before | Show file after | Hide comments
@@ -0,0 +1,110 b''
1 /***
2 * Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow <danshu@microsoft.com>
3 * Distributed under the MIT Software License.
4 * See accompanying file LICENSE.txt or copy at
5 * https://opensource.org/licenses/MIT
6 ***/
7
8 #ifndef SHA1DC_SHA1_H
9 #define SHA1DC_SHA1_H
10
11 #if defined(__cplusplus)
12 extern "C" {
13 #endif
14
15 #ifndef SHA1DC_NO_STANDARD_INCLUDES
16 #include <stdint.h>
17 #endif
18
19 /* sha-1 compression function that takes an already expanded message, and additionally store intermediate states */
20 /* only stores states ii (the state between step ii-1 and step ii) when DOSTORESTATEii is defined in ubc_check.h */
21 void sha1_compression_states(uint32_t[5], const uint32_t[16], uint32_t[80], uint32_t[80][5]);
22
23 /*
24 // Function type for sha1_recompression_step_T (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]).
25 // Where 0 <= T < 80
26 // me2 is an expanded message (the expansion of an original message block XOR'ed with a disturbance vector's message block difference.)
27 // state is the internal state (a,b,c,d,e) before step T of the SHA-1 compression function while processing the original message block.
28 // The function will return:
29 // ihvin: The reconstructed input chaining value.
30 // ihvout: The reconstructed output chaining value.
31 */
32 typedef void(*sha1_recompression_type)(uint32_t*, uint32_t*, const uint32_t*, const uint32_t*);
33
34 /* A callback function type that can be set to be called when a collision block has been found: */
35 /* void collision_block_callback(uint64_t byteoffset, const uint32_t ihvin1[5], const uint32_t ihvin2[5], const uint32_t m1[80], const uint32_t m2[80]) */
36 typedef void(*collision_block_callback)(uint64_t, const uint32_t*, const uint32_t*, const uint32_t*, const uint32_t*);
37
38 /* The SHA-1 context. */
39 typedef struct {
40 uint64_t total;
41 uint32_t ihv[5];
42 unsigned char buffer[64];
43 int found_collision;
44 int safe_hash;
45 int detect_coll;
46 int ubc_check;
47 int reduced_round_coll;
48 collision_block_callback callback;
49
50 uint32_t ihv1[5];
51 uint32_t ihv2[5];
52 uint32_t m1[80];
53 uint32_t m2[80];
54 uint32_t states[80][5];
55 } SHA1_CTX;
56
57 /* Initialize SHA-1 context. */
58 void SHA1DCInit(SHA1_CTX*);
59
60 /*
61 Function to enable safe SHA-1 hashing:
62 Collision attacks are thwarted by hashing a detected near-collision block 3 times.
63 Think of it as extending SHA-1 from 80-steps to 240-steps for such blocks:
64 The best collision attacks against SHA-1 have complexity about 2^60,
65 thus for 240-steps an immediate lower-bound for the best cryptanalytic attacks would be 2^180.
66 An attacker would be better off using a generic birthday search of complexity 2^80.
67
68 Enabling safe SHA-1 hashing will result in the correct SHA-1 hash for messages where no collision attack was detected,
69 but it will result in a different SHA-1 hash for messages where a collision attack was detected.
70 This will automatically invalidate SHA-1 based digital signature forgeries.
71 Enabled by default.
72 */
73 void SHA1DCSetSafeHash(SHA1_CTX*, int);
74
75 /*
76 Function to disable or enable the use of Unavoidable Bitconditions (provides a significant speed up).
77 Enabled by default
78 */
79 void SHA1DCSetUseUBC(SHA1_CTX*, int);
80
81 /*
82 Function to disable or enable the use of Collision Detection.
83 Enabled by default.
84 */
85 void SHA1DCSetUseDetectColl(SHA1_CTX*, int);
86
87 /* function to disable or enable the detection of reduced-round SHA-1 collisions */
88 /* disabled by default */
89 void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX*, int);
90
91 /* function to set a callback function, pass NULL to disable */
92 /* by default no callback set */
93 void SHA1DCSetCallback(SHA1_CTX*, collision_block_callback);
94
95 /* update SHA-1 context with buffer contents */
96 void SHA1DCUpdate(SHA1_CTX*, const char*, size_t);
97
98 /* obtain SHA-1 hash from SHA-1 context */
99 /* returns: 0 = no collision detected, otherwise = collision found => warn user for active attack */
100 int SHA1DCFinal(unsigned char[20], SHA1_CTX*);
101
102 #if defined(__cplusplus)
103 }
104 #endif
105
106 #ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H
107 #include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H
108 #endif
109
110 #endif
Show file before | Show file after | Hide comments
@@ -0,0 +1,372 b''
1 /***
2 * Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow <danshu@microsoft.com>
3 * Distributed under the MIT Software License.
4 * See accompanying file LICENSE.txt or copy at
5 * https://opensource.org/licenses/MIT
6 ***/
7
8 /*
9 // this file was generated by the 'parse_bitrel' program in the tools section
10 // using the data files from directory 'tools/data/3565'
11 //
12 // sha1_dvs contains a list of SHA-1 Disturbance Vectors (DV) to check
13 // dvType, dvK and dvB define the DV: I(K,B) or II(K,B) (see the paper)
14 // dm[80] is the expanded message block XOR-difference defined by the DV
15 // testt is the step to do the recompression from for collision detection
16 // maski and maskb define the bit to check for each DV in the dvmask returned by ubc_check
17 //
18 // ubc_check takes as input an expanded message block and verifies the unavoidable bitconditions for all listed DVs
19 // it returns a dvmask where each bit belonging to a DV is set if all unavoidable bitconditions for that DV have been met
20 // thus one needs to do the recompression check for each DV that has its bit set
21 //
22 // ubc_check is programmatically generated and the unavoidable bitconditions have been hardcoded
23 // a directly verifiable version named ubc_check_verify can be found in ubc_check_verify.c
24 // ubc_check has been verified against ubc_check_verify using the 'ubc_check_test' program in the tools section
25 */
26
27 #ifndef SHA1DC_NO_STANDARD_INCLUDES
28 #include <stdint.h>
29 #endif
30 #ifdef SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C
31 #include SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C
32 #endif
33 #include "ubc_check.h"
34
35 static const uint32_t DV_I_43_0_bit = (uint32_t)(1) << 0;
36 static const uint32_t DV_I_44_0_bit = (uint32_t)(1) << 1;
37 static const uint32_t DV_I_45_0_bit = (uint32_t)(1) << 2;
38 static const uint32_t DV_I_46_0_bit = (uint32_t)(1) << 3;
39 static const uint32_t DV_I_46_2_bit = (uint32_t)(1) << 4;
40 static const uint32_t DV_I_47_0_bit = (uint32_t)(1) << 5;
41 static const uint32_t DV_I_47_2_bit = (uint32_t)(1) << 6;
42 static const uint32_t DV_I_48_0_bit = (uint32_t)(1) << 7;
43 static const uint32_t DV_I_48_2_bit = (uint32_t)(1) << 8;
44 static const uint32_t DV_I_49_0_bit = (uint32_t)(1) << 9;
45 static const uint32_t DV_I_49_2_bit = (uint32_t)(1) << 10;
46 static const uint32_t DV_I_50_0_bit = (uint32_t)(1) << 11;
47 static const uint32_t DV_I_50_2_bit = (uint32_t)(1) << 12;
48 static const uint32_t DV_I_51_0_bit = (uint32_t)(1) << 13;
49 static const uint32_t DV_I_51_2_bit = (uint32_t)(1) << 14;
50 static const uint32_t DV_I_52_0_bit = (uint32_t)(1) << 15;
51 static const uint32_t DV_II_45_0_bit = (uint32_t)(1) << 16;
52 static const uint32_t DV_II_46_0_bit = (uint32_t)(1) << 17;
53 static const uint32_t DV_II_46_2_bit = (uint32_t)(1) << 18;
54 static const uint32_t DV_II_47_0_bit = (uint32_t)(1) << 19;
55 static const uint32_t DV_II_48_0_bit = (uint32_t)(1) << 20;
56 static const uint32_t DV_II_49_0_bit = (uint32_t)(1) << 21;
57 static const uint32_t DV_II_49_2_bit = (uint32_t)(1) << 22;
58 static const uint32_t DV_II_50_0_bit = (uint32_t)(1) << 23;
59 static const uint32_t DV_II_50_2_bit = (uint32_t)(1) << 24;
60 static const uint32_t DV_II_51_0_bit = (uint32_t)(1) << 25;
61 static const uint32_t DV_II_51_2_bit = (uint32_t)(1) << 26;
62 static const uint32_t DV_II_52_0_bit = (uint32_t)(1) << 27;
63 static const uint32_t DV_II_53_0_bit = (uint32_t)(1) << 28;
64 static const uint32_t DV_II_54_0_bit = (uint32_t)(1) << 29;
65 static const uint32_t DV_II_55_0_bit = (uint32_t)(1) << 30;
66 static const uint32_t DV_II_56_0_bit = (uint32_t)(1) << 31;
67
68 dv_info_t sha1_dvs[] =
69 {
70 {1,43,0,58,0,0, { 0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202,0x00000018,0x00000164,0x00000408,0x800000e6,0x8000004c,0x00000803,0x80000161,0x80000599 } }
71 , {1,44,0,58,0,1, { 0xb4000008,0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202,0x00000018,0x00000164,0x00000408,0x800000e6,0x8000004c,0x00000803,0x80000161 } }
72 , {1,45,0,58,0,2, { 0xf4000014,0xb4000008,0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202,0x00000018,0x00000164,0x00000408,0x800000e6,0x8000004c,0x00000803 } }
73 , {1,46,0,58,0,3, { 0x2c000010,0xf4000014,0xb4000008,0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202,0x00000018,0x00000164,0x00000408,0x800000e6,0x8000004c } }
74 , {1,46,2,58,0,4, { 0xb0000040,0xd0000053,0xd0000022,0x20000000,0x60000032,0x60000043,0x20000040,0xe0000042,0x60000002,0x80000001,0x00000020,0x00000003,0x40000052,0x40000040,0xe0000052,0xa0000000,0x80000040,0x20000001,0x20000060,0x80000001,0x40000042,0xc0000043,0x40000022,0x00000003,0x40000042,0xc0000043,0xc0000022,0x00000001,0x40000002,0xc0000043,0x40000062,0x80000001,0x40000042,0x40000042,0x40000002,0x00000002,0x00000040,0x80000002,0x80000000,0x80000002,0x80000040,0x00000000,0x80000040,0x80000000,0x00000040,0x80000000,0x00000040,0x80000002,0x00000000,0x80000000,0x80000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000004,0x00000080,0x00000004,0x00000009,0x00000101,0x00000009,0x00000012,0x00000202,0x0000001a,0x00000124,0x0000040c,0x00000026,0x0000004a,0x0000080a,0x00000060,0x00000590,0x00001020,0x0000039a,0x00000132 } }
75 , {1,47,0,58,0,5, { 0xc8000010,0x2c000010,0xf4000014,0xb4000008,0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202,0x00000018,0x00000164,0x00000408,0x800000e6 } }
76 , {1,47,2,58,0,6, { 0x20000043,0xb0000040,0xd0000053,0xd0000022,0x20000000,0x60000032,0x60000043,0x20000040,0xe0000042,0x60000002,0x80000001,0x00000020,0x00000003,0x40000052,0x40000040,0xe0000052,0xa0000000,0x80000040,0x20000001,0x20000060,0x80000001,0x40000042,0xc0000043,0x40000022,0x00000003,0x40000042,0xc0000043,0xc0000022,0x00000001,0x40000002,0xc0000043,0x40000062,0x80000001,0x40000042,0x40000042,0x40000002,0x00000002,0x00000040,0x80000002,0x80000000,0x80000002,0x80000040,0x00000000,0x80000040,0x80000000,0x00000040,0x80000000,0x00000040,0x80000002,0x00000000,0x80000000,0x80000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000004,0x00000080,0x00000004,0x00000009,0x00000101,0x00000009,0x00000012,0x00000202,0x0000001a,0x00000124,0x0000040c,0x00000026,0x0000004a,0x0000080a,0x00000060,0x00000590,0x00001020,0x0000039a } }
77 , {1,48,0,58,0,7, { 0xb800000a,0xc8000010,0x2c000010,0xf4000014,0xb4000008,0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202,0x00000018,0x00000164,0x00000408 } }
78 , {1,48,2,58,0,8, { 0xe000002a,0x20000043,0xb0000040,0xd0000053,0xd0000022,0x20000000,0x60000032,0x60000043,0x20000040,0xe0000042,0x60000002,0x80000001,0x00000020,0x00000003,0x40000052,0x40000040,0xe0000052,0xa0000000,0x80000040,0x20000001,0x20000060,0x80000001,0x40000042,0xc0000043,0x40000022,0x00000003,0x40000042,0xc0000043,0xc0000022,0x00000001,0x40000002,0xc0000043,0x40000062,0x80000001,0x40000042,0x40000042,0x40000002,0x00000002,0x00000040,0x80000002,0x80000000,0x80000002,0x80000040,0x00000000,0x80000040,0x80000000,0x00000040,0x80000000,0x00000040,0x80000002,0x00000000,0x80000000,0x80000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000004,0x00000080,0x00000004,0x00000009,0x00000101,0x00000009,0x00000012,0x00000202,0x0000001a,0x00000124,0x0000040c,0x00000026,0x0000004a,0x0000080a,0x00000060,0x00000590,0x00001020 } }
79 , {1,49,0,58,0,9, { 0x18000000,0xb800000a,0xc8000010,0x2c000010,0xf4000014,0xb4000008,0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202,0x00000018,0x00000164 } }
80 , {1,49,2,58,0,10, { 0x60000000,0xe000002a,0x20000043,0xb0000040,0xd0000053,0xd0000022,0x20000000,0x60000032,0x60000043,0x20000040,0xe0000042,0x60000002,0x80000001,0x00000020,0x00000003,0x40000052,0x40000040,0xe0000052,0xa0000000,0x80000040,0x20000001,0x20000060,0x80000001,0x40000042,0xc0000043,0x40000022,0x00000003,0x40000042,0xc0000043,0xc0000022,0x00000001,0x40000002,0xc0000043,0x40000062,0x80000001,0x40000042,0x40000042,0x40000002,0x00000002,0x00000040,0x80000002,0x80000000,0x80000002,0x80000040,0x00000000,0x80000040,0x80000000,0x00000040,0x80000000,0x00000040,0x80000002,0x00000000,0x80000000,0x80000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000004,0x00000080,0x00000004,0x00000009,0x00000101,0x00000009,0x00000012,0x00000202,0x0000001a,0x00000124,0x0000040c,0x00000026,0x0000004a,0x0000080a,0x00000060,0x00000590 } }
81 , {1,50,0,65,0,11, { 0x0800000c,0x18000000,0xb800000a,0xc8000010,0x2c000010,0xf4000014,0xb4000008,0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202,0x00000018 } }
82 , {1,50,2,65,0,12, { 0x20000030,0x60000000,0xe000002a,0x20000043,0xb0000040,0xd0000053,0xd0000022,0x20000000,0x60000032,0x60000043,0x20000040,0xe0000042,0x60000002,0x80000001,0x00000020,0x00000003,0x40000052,0x40000040,0xe0000052,0xa0000000,0x80000040,0x20000001,0x20000060,0x80000001,0x40000042,0xc0000043,0x40000022,0x00000003,0x40000042,0xc0000043,0xc0000022,0x00000001,0x40000002,0xc0000043,0x40000062,0x80000001,0x40000042,0x40000042,0x40000002,0x00000002,0x00000040,0x80000002,0x80000000,0x80000002,0x80000040,0x00000000,0x80000040,0x80000000,0x00000040,0x80000000,0x00000040,0x80000002,0x00000000,0x80000000,0x80000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000004,0x00000080,0x00000004,0x00000009,0x00000101,0x00000009,0x00000012,0x00000202,0x0000001a,0x00000124,0x0000040c,0x00000026,0x0000004a,0x0000080a,0x00000060 } }
83 , {1,51,0,65,0,13, { 0xe8000000,0x0800000c,0x18000000,0xb800000a,0xc8000010,0x2c000010,0xf4000014,0xb4000008,0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012,0x80000202 } }
84 , {1,51,2,65,0,14, { 0xa0000003,0x20000030,0x60000000,0xe000002a,0x20000043,0xb0000040,0xd0000053,0xd0000022,0x20000000,0x60000032,0x60000043,0x20000040,0xe0000042,0x60000002,0x80000001,0x00000020,0x00000003,0x40000052,0x40000040,0xe0000052,0xa0000000,0x80000040,0x20000001,0x20000060,0x80000001,0x40000042,0xc0000043,0x40000022,0x00000003,0x40000042,0xc0000043,0xc0000022,0x00000001,0x40000002,0xc0000043,0x40000062,0x80000001,0x40000042,0x40000042,0x40000002,0x00000002,0x00000040,0x80000002,0x80000000,0x80000002,0x80000040,0x00000000,0x80000040,0x80000000,0x00000040,0x80000000,0x00000040,0x80000002,0x00000000,0x80000000,0x80000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000004,0x00000080,0x00000004,0x00000009,0x00000101,0x00000009,0x00000012,0x00000202,0x0000001a,0x00000124,0x0000040c,0x00000026,0x0000004a,0x0000080a } }
85 , {1,52,0,65,0,15, { 0x04000010,0xe8000000,0x0800000c,0x18000000,0xb800000a,0xc8000010,0x2c000010,0xf4000014,0xb4000008,0x08000000,0x9800000c,0xd8000010,0x08000010,0xb8000010,0x98000000,0x60000000,0x00000008,0xc0000000,0x90000014,0x10000010,0xb8000014,0x28000000,0x20000010,0x48000000,0x08000018,0x60000000,0x90000010,0xf0000010,0x90000008,0xc0000000,0x90000010,0xf0000010,0xb0000008,0x40000000,0x90000000,0xf0000010,0x90000018,0x60000000,0x90000010,0x90000010,0x90000000,0x80000000,0x00000010,0xa0000000,0x20000000,0xa0000000,0x20000010,0x00000000,0x20000010,0x20000000,0x00000010,0x20000000,0x00000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000040,0x40000002,0x80000004,0x80000080,0x80000006,0x00000049,0x00000103,0x80000009,0x80000012 } }
86 , {2,45,0,58,0,16, { 0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b,0x80000107,0x00000089,0x00000014,0x8000024b,0x0000011b,0x8000016d,0x8000041a,0x000002e4,0x80000054,0x00000967 } }
87 , {2,46,0,58,0,17, { 0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b,0x80000107,0x00000089,0x00000014,0x8000024b,0x0000011b,0x8000016d,0x8000041a,0x000002e4,0x80000054 } }
88 , {2,46,2,58,0,18, { 0x90000070,0xb0000053,0x30000008,0x00000043,0xd0000072,0xb0000010,0xf0000062,0xc0000042,0x00000030,0xe0000042,0x20000060,0xe0000041,0x20000050,0xc0000041,0xe0000072,0xa0000003,0xc0000012,0x60000041,0xc0000032,0x20000001,0xc0000002,0xe0000042,0x60000042,0x80000002,0x00000000,0x00000000,0x80000000,0x00000002,0x00000040,0x00000000,0x80000040,0x80000000,0x00000040,0x80000001,0x00000060,0x80000003,0x40000002,0xc0000040,0xc0000002,0x80000000,0x80000000,0x80000002,0x00000040,0x00000002,0x80000000,0x80000000,0x80000000,0x00000002,0x00000040,0x00000000,0x80000040,0x80000002,0x00000000,0x80000000,0x80000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000004,0x00000080,0x00000004,0x00000009,0x00000105,0x00000089,0x00000016,0x0000020b,0x0000011b,0x0000012d,0x0000041e,0x00000224,0x00000050,0x0000092e,0x0000046c,0x000005b6,0x0000106a,0x00000b90,0x00000152 } }
89 , {2,47,0,58,0,19, { 0x20000010,0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b,0x80000107,0x00000089,0x00000014,0x8000024b,0x0000011b,0x8000016d,0x8000041a,0x000002e4 } }
90 , {2,48,0,58,0,20, { 0xbc00001a,0x20000010,0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b,0x80000107,0x00000089,0x00000014,0x8000024b,0x0000011b,0x8000016d,0x8000041a } }
91 , {2,49,0,58,0,21, { 0x3c000004,0xbc00001a,0x20000010,0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b,0x80000107,0x00000089,0x00000014,0x8000024b,0x0000011b,0x8000016d } }
92 , {2,49,2,58,0,22, { 0xf0000010,0xf000006a,0x80000040,0x90000070,0xb0000053,0x30000008,0x00000043,0xd0000072,0xb0000010,0xf0000062,0xc0000042,0x00000030,0xe0000042,0x20000060,0xe0000041,0x20000050,0xc0000041,0xe0000072,0xa0000003,0xc0000012,0x60000041,0xc0000032,0x20000001,0xc0000002,0xe0000042,0x60000042,0x80000002,0x00000000,0x00000000,0x80000000,0x00000002,0x00000040,0x00000000,0x80000040,0x80000000,0x00000040,0x80000001,0x00000060,0x80000003,0x40000002,0xc0000040,0xc0000002,0x80000000,0x80000000,0x80000002,0x00000040,0x00000002,0x80000000,0x80000000,0x80000000,0x00000002,0x00000040,0x00000000,0x80000040,0x80000002,0x00000000,0x80000000,0x80000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000004,0x00000080,0x00000004,0x00000009,0x00000105,0x00000089,0x00000016,0x0000020b,0x0000011b,0x0000012d,0x0000041e,0x00000224,0x00000050,0x0000092e,0x0000046c,0x000005b6 } }
93 , {2,50,0,65,0,23, { 0xb400001c,0x3c000004,0xbc00001a,0x20000010,0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b,0x80000107,0x00000089,0x00000014,0x8000024b,0x0000011b } }
94 , {2,50,2,65,0,24, { 0xd0000072,0xf0000010,0xf000006a,0x80000040,0x90000070,0xb0000053,0x30000008,0x00000043,0xd0000072,0xb0000010,0xf0000062,0xc0000042,0x00000030,0xe0000042,0x20000060,0xe0000041,0x20000050,0xc0000041,0xe0000072,0xa0000003,0xc0000012,0x60000041,0xc0000032,0x20000001,0xc0000002,0xe0000042,0x60000042,0x80000002,0x00000000,0x00000000,0x80000000,0x00000002,0x00000040,0x00000000,0x80000040,0x80000000,0x00000040,0x80000001,0x00000060,0x80000003,0x40000002,0xc0000040,0xc0000002,0x80000000,0x80000000,0x80000002,0x00000040,0x00000002,0x80000000,0x80000000,0x80000000,0x00000002,0x00000040,0x00000000,0x80000040,0x80000002,0x00000000,0x80000000,0x80000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000004,0x00000080,0x00000004,0x00000009,0x00000105,0x00000089,0x00000016,0x0000020b,0x0000011b,0x0000012d,0x0000041e,0x00000224,0x00000050,0x0000092e,0x0000046c } }
95 , {2,51,0,65,0,25, { 0xc0000010,0xb400001c,0x3c000004,0xbc00001a,0x20000010,0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b,0x80000107,0x00000089,0x00000014,0x8000024b } }
96 , {2,51,2,65,0,26, { 0x00000043,0xd0000072,0xf0000010,0xf000006a,0x80000040,0x90000070,0xb0000053,0x30000008,0x00000043,0xd0000072,0xb0000010,0xf0000062,0xc0000042,0x00000030,0xe0000042,0x20000060,0xe0000041,0x20000050,0xc0000041,0xe0000072,0xa0000003,0xc0000012,0x60000041,0xc0000032,0x20000001,0xc0000002,0xe0000042,0x60000042,0x80000002,0x00000000,0x00000000,0x80000000,0x00000002,0x00000040,0x00000000,0x80000040,0x80000000,0x00000040,0x80000001,0x00000060,0x80000003,0x40000002,0xc0000040,0xc0000002,0x80000000,0x80000000,0x80000002,0x00000040,0x00000002,0x80000000,0x80000000,0x80000000,0x00000002,0x00000040,0x00000000,0x80000040,0x80000002,0x00000000,0x80000000,0x80000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000004,0x00000080,0x00000004,0x00000009,0x00000105,0x00000089,0x00000016,0x0000020b,0x0000011b,0x0000012d,0x0000041e,0x00000224,0x00000050,0x0000092e } }
97 , {2,52,0,65,0,27, { 0x0c000002,0xc0000010,0xb400001c,0x3c000004,0xbc00001a,0x20000010,0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b,0x80000107,0x00000089,0x00000014 } }
98 , {2,53,0,65,0,28, { 0xcc000014,0x0c000002,0xc0000010,0xb400001c,0x3c000004,0xbc00001a,0x20000010,0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b,0x80000107,0x00000089 } }
99 , {2,54,0,65,0,29, { 0x0400001c,0xcc000014,0x0c000002,0xc0000010,0xb400001c,0x3c000004,0xbc00001a,0x20000010,0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b,0x80000107 } }
100 , {2,55,0,65,0,30, { 0x00000010,0x0400001c,0xcc000014,0x0c000002,0xc0000010,0xb400001c,0x3c000004,0xbc00001a,0x20000010,0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046,0x4000004b } }
101 , {2,56,0,65,0,31, { 0x2600001a,0x00000010,0x0400001c,0xcc000014,0x0c000002,0xc0000010,0xb400001c,0x3c000004,0xbc00001a,0x20000010,0x2400001c,0xec000014,0x0c000002,0xc0000010,0xb400001c,0x2c000004,0xbc000018,0xb0000010,0x0000000c,0xb8000010,0x08000018,0x78000010,0x08000014,0x70000010,0xb800001c,0xe8000000,0xb0000004,0x58000010,0xb000000c,0x48000000,0xb0000000,0xb8000010,0x98000010,0xa0000000,0x00000000,0x00000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0x20000000,0x00000010,0x60000000,0x00000018,0xe0000000,0x90000000,0x30000010,0xb0000000,0x20000000,0x20000000,0xa0000000,0x00000010,0x80000000,0x20000000,0x20000000,0x20000000,0x80000000,0x00000010,0x00000000,0x20000010,0xa0000000,0x00000000,0x20000000,0x20000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000001,0x00000020,0x00000001,0x40000002,0x40000041,0x40000022,0x80000005,0xc0000082,0xc0000046 } }
102 , {0,0,0,0,0,0, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}
103 };
104 void ubc_check(const uint32_t W[80], uint32_t dvmask[1])
105 {
106 uint32_t mask = ~((uint32_t)(0));
107 mask &= (((((W[44]^W[45])>>29)&1)-1) | ~(DV_I_48_0_bit|DV_I_51_0_bit|DV_I_52_0_bit|DV_II_45_0_bit|DV_II_46_0_bit|DV_II_50_0_bit|DV_II_51_0_bit));
108 mask &= (((((W[49]^W[50])>>29)&1)-1) | ~(DV_I_46_0_bit|DV_II_45_0_bit|DV_II_50_0_bit|DV_II_51_0_bit|DV_II_55_0_bit|DV_II_56_0_bit));
109 mask &= (((((W[48]^W[49])>>29)&1)-1) | ~(DV_I_45_0_bit|DV_I_52_0_bit|DV_II_49_0_bit|DV_II_50_0_bit|DV_II_54_0_bit|DV_II_55_0_bit));
110 mask &= ((((W[47]^(W[50]>>25))&(1<<4))-(1<<4)) | ~(DV_I_47_0_bit|DV_I_49_0_bit|DV_I_51_0_bit|DV_II_45_0_bit|DV_II_51_0_bit|DV_II_56_0_bit));
111 mask &= (((((W[47]^W[48])>>29)&1)-1) | ~(DV_I_44_0_bit|DV_I_51_0_bit|DV_II_48_0_bit|DV_II_49_0_bit|DV_II_53_0_bit|DV_II_54_0_bit));
112 mask &= (((((W[46]>>4)^(W[49]>>29))&1)-1) | ~(DV_I_46_0_bit|DV_I_48_0_bit|DV_I_50_0_bit|DV_I_52_0_bit|DV_II_50_0_bit|DV_II_55_0_bit));
113 mask &= (((((W[46]^W[47])>>29)&1)-1) | ~(DV_I_43_0_bit|DV_I_50_0_bit|DV_II_47_0_bit|DV_II_48_0_bit|DV_II_52_0_bit|DV_II_53_0_bit));
114 mask &= (((((W[45]>>4)^(W[48]>>29))&1)-1) | ~(DV_I_45_0_bit|DV_I_47_0_bit|DV_I_49_0_bit|DV_I_51_0_bit|DV_II_49_0_bit|DV_II_54_0_bit));
115 mask &= (((((W[45]^W[46])>>29)&1)-1) | ~(DV_I_49_0_bit|DV_I_52_0_bit|DV_II_46_0_bit|DV_II_47_0_bit|DV_II_51_0_bit|DV_II_52_0_bit));
116 mask &= (((((W[44]>>4)^(W[47]>>29))&1)-1) | ~(DV_I_44_0_bit|DV_I_46_0_bit|DV_I_48_0_bit|DV_I_50_0_bit|DV_II_48_0_bit|DV_II_53_0_bit));
117 mask &= (((((W[43]>>4)^(W[46]>>29))&1)-1) | ~(DV_I_43_0_bit|DV_I_45_0_bit|DV_I_47_0_bit|DV_I_49_0_bit|DV_II_47_0_bit|DV_II_52_0_bit));
118 mask &= (((((W[43]^W[44])>>29)&1)-1) | ~(DV_I_47_0_bit|DV_I_50_0_bit|DV_I_51_0_bit|DV_II_45_0_bit|DV_II_49_0_bit|DV_II_50_0_bit));
119 mask &= (((((W[42]>>4)^(W[45]>>29))&1)-1) | ~(DV_I_44_0_bit|DV_I_46_0_bit|DV_I_48_0_bit|DV_I_52_0_bit|DV_II_46_0_bit|DV_II_51_0_bit));
120 mask &= (((((W[41]>>4)^(W[44]>>29))&1)-1) | ~(DV_I_43_0_bit|DV_I_45_0_bit|DV_I_47_0_bit|DV_I_51_0_bit|DV_II_45_0_bit|DV_II_50_0_bit));
121 mask &= (((((W[40]^W[41])>>29)&1)-1) | ~(DV_I_44_0_bit|DV_I_47_0_bit|DV_I_48_0_bit|DV_II_46_0_bit|DV_II_47_0_bit|DV_II_56_0_bit));
122 mask &= (((((W[54]^W[55])>>29)&1)-1) | ~(DV_I_51_0_bit|DV_II_47_0_bit|DV_II_50_0_bit|DV_II_55_0_bit|DV_II_56_0_bit));
123 mask &= (((((W[53]^W[54])>>29)&1)-1) | ~(DV_I_50_0_bit|DV_II_46_0_bit|DV_II_49_0_bit|DV_II_54_0_bit|DV_II_55_0_bit));
124 mask &= (((((W[52]^W[53])>>29)&1)-1) | ~(DV_I_49_0_bit|DV_II_45_0_bit|DV_II_48_0_bit|DV_II_53_0_bit|DV_II_54_0_bit));
125 mask &= ((((W[50]^(W[53]>>25))&(1<<4))-(1<<4)) | ~(DV_I_50_0_bit|DV_I_52_0_bit|DV_II_46_0_bit|DV_II_48_0_bit|DV_II_54_0_bit));
126 mask &= (((((W[50]^W[51])>>29)&1)-1) | ~(DV_I_47_0_bit|DV_II_46_0_bit|DV_II_51_0_bit|DV_II_52_0_bit|DV_II_56_0_bit));
127 mask &= ((((W[49]^(W[52]>>25))&(1<<4))-(1<<4)) | ~(DV_I_49_0_bit|DV_I_51_0_bit|DV_II_45_0_bit|DV_II_47_0_bit|DV_II_53_0_bit));
128 mask &= ((((W[48]^(W[51]>>25))&(1<<4))-(1<<4)) | ~(DV_I_48_0_bit|DV_I_50_0_bit|DV_I_52_0_bit|DV_II_46_0_bit|DV_II_52_0_bit));
129 mask &= (((((W[42]^W[43])>>29)&1)-1) | ~(DV_I_46_0_bit|DV_I_49_0_bit|DV_I_50_0_bit|DV_II_48_0_bit|DV_II_49_0_bit));
130 mask &= (((((W[41]^W[42])>>29)&1)-1) | ~(DV_I_45_0_bit|DV_I_48_0_bit|DV_I_49_0_bit|DV_II_47_0_bit|DV_II_48_0_bit));
131 mask &= (((((W[40]>>4)^(W[43]>>29))&1)-1) | ~(DV_I_44_0_bit|DV_I_46_0_bit|DV_I_50_0_bit|DV_II_49_0_bit|DV_II_56_0_bit));
132 mask &= (((((W[39]>>4)^(W[42]>>29))&1)-1) | ~(DV_I_43_0_bit|DV_I_45_0_bit|DV_I_49_0_bit|DV_II_48_0_bit|DV_II_55_0_bit));
133 if (mask & (DV_I_44_0_bit|DV_I_48_0_bit|DV_II_47_0_bit|DV_II_54_0_bit|DV_II_56_0_bit))
134 mask &= (((((W[38]>>4)^(W[41]>>29))&1)-1) | ~(DV_I_44_0_bit|DV_I_48_0_bit|DV_II_47_0_bit|DV_II_54_0_bit|DV_II_56_0_bit));
135 mask &= (((((W[37]>>4)^(W[40]>>29))&1)-1) | ~(DV_I_43_0_bit|DV_I_47_0_bit|DV_II_46_0_bit|DV_II_53_0_bit|DV_II_55_0_bit));
136 if (mask & (DV_I_52_0_bit|DV_II_48_0_bit|DV_II_51_0_bit|DV_II_56_0_bit))
137 mask &= (((((W[55]^W[56])>>29)&1)-1) | ~(DV_I_52_0_bit|DV_II_48_0_bit|DV_II_51_0_bit|DV_II_56_0_bit));
138 if (mask & (DV_I_52_0_bit|DV_II_48_0_bit|DV_II_50_0_bit|DV_II_56_0_bit))
139 mask &= ((((W[52]^(W[55]>>25))&(1<<4))-(1<<4)) | ~(DV_I_52_0_bit|DV_II_48_0_bit|DV_II_50_0_bit|DV_II_56_0_bit));
140 if (mask & (DV_I_51_0_bit|DV_II_47_0_bit|DV_II_49_0_bit|DV_II_55_0_bit))
141 mask &= ((((W[51]^(W[54]>>25))&(1<<4))-(1<<4)) | ~(DV_I_51_0_bit|DV_II_47_0_bit|DV_II_49_0_bit|DV_II_55_0_bit));
142 if (mask & (DV_I_48_0_bit|DV_II_47_0_bit|DV_II_52_0_bit|DV_II_53_0_bit))
143 mask &= (((((W[51]^W[52])>>29)&1)-1) | ~(DV_I_48_0_bit|DV_II_47_0_bit|DV_II_52_0_bit|DV_II_53_0_bit));
144 if (mask & (DV_I_46_0_bit|DV_I_49_0_bit|DV_II_45_0_bit|DV_II_48_0_bit))
145 mask &= (((((W[36]>>4)^(W[40]>>29))&1)-1) | ~(DV_I_46_0_bit|DV_I_49_0_bit|DV_II_45_0_bit|DV_II_48_0_bit));
146 if (mask & (DV_I_52_0_bit|DV_II_48_0_bit|DV_II_49_0_bit))
147 mask &= ((0-(((W[53]^W[56])>>29)&1)) | ~(DV_I_52_0_bit|DV_II_48_0_bit|DV_II_49_0_bit));
148 if (mask & (DV_I_50_0_bit|DV_II_46_0_bit|DV_II_47_0_bit))
149 mask &= ((0-(((W[51]^W[54])>>29)&1)) | ~(DV_I_50_0_bit|DV_II_46_0_bit|DV_II_47_0_bit));
150 if (mask & (DV_I_49_0_bit|DV_I_51_0_bit|DV_II_45_0_bit))
151 mask &= ((0-(((W[50]^W[52])>>29)&1)) | ~(DV_I_49_0_bit|DV_I_51_0_bit|DV_II_45_0_bit));
152 if (mask & (DV_I_48_0_bit|DV_I_50_0_bit|DV_I_52_0_bit))
153 mask &= ((0-(((W[49]^W[51])>>29)&1)) | ~(DV_I_48_0_bit|DV_I_50_0_bit|DV_I_52_0_bit));
154 if (mask & (DV_I_47_0_bit|DV_I_49_0_bit|DV_I_51_0_bit))
155 mask &= ((0-(((W[48]^W[50])>>29)&1)) | ~(DV_I_47_0_bit|DV_I_49_0_bit|DV_I_51_0_bit));
156 if (mask & (DV_I_46_0_bit|DV_I_48_0_bit|DV_I_50_0_bit))
157 mask &= ((0-(((W[47]^W[49])>>29)&1)) | ~(DV_I_46_0_bit|DV_I_48_0_bit|DV_I_50_0_bit));
158 if (mask & (DV_I_45_0_bit|DV_I_47_0_bit|DV_I_49_0_bit))
159 mask &= ((0-(((W[46]^W[48])>>29)&1)) | ~(DV_I_45_0_bit|DV_I_47_0_bit|DV_I_49_0_bit));
160 mask &= ((((W[45]^W[47])&(1<<6))-(1<<6)) | ~(DV_I_47_2_bit|DV_I_49_2_bit|DV_I_51_2_bit));
161 if (mask & (DV_I_44_0_bit|DV_I_46_0_bit|DV_I_48_0_bit))
162 mask &= ((0-(((W[45]^W[47])>>29)&1)) | ~(DV_I_44_0_bit|DV_I_46_0_bit|DV_I_48_0_bit));
163 mask &= (((((W[44]^W[46])>>6)&1)-1) | ~(DV_I_46_2_bit|DV_I_48_2_bit|DV_I_50_2_bit));
164 if (mask & (DV_I_43_0_bit|DV_I_45_0_bit|DV_I_47_0_bit))
165 mask &= ((0-(((W[44]^W[46])>>29)&1)) | ~(DV_I_43_0_bit|DV_I_45_0_bit|DV_I_47_0_bit));
166 mask &= ((0-((W[41]^(W[42]>>5))&(1<<1))) | ~(DV_I_48_2_bit|DV_II_46_2_bit|DV_II_51_2_bit));
167 mask &= ((0-((W[40]^(W[41]>>5))&(1<<1))) | ~(DV_I_47_2_bit|DV_I_51_2_bit|DV_II_50_2_bit));
168 if (mask & (DV_I_44_0_bit|DV_I_46_0_bit|DV_II_56_0_bit))
169 mask &= ((0-(((W[40]^W[42])>>4)&1)) | ~(DV_I_44_0_bit|DV_I_46_0_bit|DV_II_56_0_bit));
170 mask &= ((0-((W[39]^(W[40]>>5))&(1<<1))) | ~(DV_I_46_2_bit|DV_I_50_2_bit|DV_II_49_2_bit));
171 if (mask & (DV_I_43_0_bit|DV_I_45_0_bit|DV_II_55_0_bit))
172 mask &= ((0-(((W[39]^W[41])>>4)&1)) | ~(DV_I_43_0_bit|DV_I_45_0_bit|DV_II_55_0_bit));
173 if (mask & (DV_I_44_0_bit|DV_II_54_0_bit|DV_II_56_0_bit))
174 mask &= ((0-(((W[38]^W[40])>>4)&1)) | ~(DV_I_44_0_bit|DV_II_54_0_bit|DV_II_56_0_bit));
175 if (mask & (DV_I_43_0_bit|DV_II_53_0_bit|DV_II_55_0_bit))
176 mask &= ((0-(((W[37]^W[39])>>4)&1)) | ~(DV_I_43_0_bit|DV_II_53_0_bit|DV_II_55_0_bit));
177 mask &= ((0-((W[36]^(W[37]>>5))&(1<<1))) | ~(DV_I_47_2_bit|DV_I_50_2_bit|DV_II_46_2_bit));
178 if (mask & (DV_I_45_0_bit|DV_I_48_0_bit|DV_II_47_0_bit))
179 mask &= (((((W[35]>>4)^(W[39]>>29))&1)-1) | ~(DV_I_45_0_bit|DV_I_48_0_bit|DV_II_47_0_bit));
180 if (mask & (DV_I_48_0_bit|DV_II_48_0_bit))
181 mask &= ((0-((W[63]^(W[64]>>5))&(1<<0))) | ~(DV_I_48_0_bit|DV_II_48_0_bit));
182 if (mask & (DV_I_45_0_bit|DV_II_45_0_bit))
183 mask &= ((0-((W[63]^(W[64]>>5))&(1<<1))) | ~(DV_I_45_0_bit|DV_II_45_0_bit));
184 if (mask & (DV_I_47_0_bit|DV_II_47_0_bit))
185 mask &= ((0-((W[62]^(W[63]>>5))&(1<<0))) | ~(DV_I_47_0_bit|DV_II_47_0_bit));
186 if (mask & (DV_I_46_0_bit|DV_II_46_0_bit))
187 mask &= ((0-((W[61]^(W[62]>>5))&(1<<0))) | ~(DV_I_46_0_bit|DV_II_46_0_bit));
188 mask &= ((0-((W[61]^(W[62]>>5))&(1<<2))) | ~(DV_I_46_2_bit|DV_II_46_2_bit));
189 if (mask & (DV_I_45_0_bit|DV_II_45_0_bit))
190 mask &= ((0-((W[60]^(W[61]>>5))&(1<<0))) | ~(DV_I_45_0_bit|DV_II_45_0_bit));
191 if (mask & (DV_II_51_0_bit|DV_II_54_0_bit))
192 mask &= (((((W[58]^W[59])>>29)&1)-1) | ~(DV_II_51_0_bit|DV_II_54_0_bit));
193 if (mask & (DV_II_50_0_bit|DV_II_53_0_bit))
194 mask &= (((((W[57]^W[58])>>29)&1)-1) | ~(DV_II_50_0_bit|DV_II_53_0_bit));
195 if (mask & (DV_II_52_0_bit|DV_II_54_0_bit))
196 mask &= ((((W[56]^(W[59]>>25))&(1<<4))-(1<<4)) | ~(DV_II_52_0_bit|DV_II_54_0_bit));
197 if (mask & (DV_II_51_0_bit|DV_II_52_0_bit))
198 mask &= ((0-(((W[56]^W[59])>>29)&1)) | ~(DV_II_51_0_bit|DV_II_52_0_bit));
199 if (mask & (DV_II_49_0_bit|DV_II_52_0_bit))
200 mask &= (((((W[56]^W[57])>>29)&1)-1) | ~(DV_II_49_0_bit|DV_II_52_0_bit));
201 if (mask & (DV_II_51_0_bit|DV_II_53_0_bit))
202 mask &= ((((W[55]^(W[58]>>25))&(1<<4))-(1<<4)) | ~(DV_II_51_0_bit|DV_II_53_0_bit));
203 if (mask & (DV_II_50_0_bit|DV_II_52_0_bit))
204 mask &= ((((W[54]^(W[57]>>25))&(1<<4))-(1<<4)) | ~(DV_II_50_0_bit|DV_II_52_0_bit));
205 if (mask & (DV_II_49_0_bit|DV_II_51_0_bit))
206 mask &= ((((W[53]^(W[56]>>25))&(1<<4))-(1<<4)) | ~(DV_II_49_0_bit|DV_II_51_0_bit));
207 mask &= ((((W[51]^(W[50]>>5))&(1<<1))-(1<<1)) | ~(DV_I_50_2_bit|DV_II_46_2_bit));
208 mask &= ((((W[48]^W[50])&(1<<6))-(1<<6)) | ~(DV_I_50_2_bit|DV_II_46_2_bit));
209 if (mask & (DV_I_51_0_bit|DV_I_52_0_bit))
210 mask &= ((0-(((W[48]^W[55])>>29)&1)) | ~(DV_I_51_0_bit|DV_I_52_0_bit));
211 mask &= ((((W[47]^W[49])&(1<<6))-(1<<6)) | ~(DV_I_49_2_bit|DV_I_51_2_bit));
212 mask &= ((((W[48]^(W[47]>>5))&(1<<1))-(1<<1)) | ~(DV_I_47_2_bit|DV_II_51_2_bit));
213 mask &= ((((W[46]^W[48])&(1<<6))-(1<<6)) | ~(DV_I_48_2_bit|DV_I_50_2_bit));
214 mask &= ((((W[47]^(W[46]>>5))&(1<<1))-(1<<1)) | ~(DV_I_46_2_bit|DV_II_50_2_bit));
215 mask &= ((0-((W[44]^(W[45]>>5))&(1<<1))) | ~(DV_I_51_2_bit|DV_II_49_2_bit));
216 mask &= ((((W[43]^W[45])&(1<<6))-(1<<6)) | ~(DV_I_47_2_bit|DV_I_49_2_bit));
217 mask &= (((((W[42]^W[44])>>6)&1)-1) | ~(DV_I_46_2_bit|DV_I_48_2_bit));
218 mask &= ((((W[43]^(W[42]>>5))&(1<<1))-(1<<1)) | ~(DV_II_46_2_bit|DV_II_51_2_bit));
219 mask &= ((((W[42]^(W[41]>>5))&(1<<1))-(1<<1)) | ~(DV_I_51_2_bit|DV_II_50_2_bit));
220 mask &= ((((W[41]^(W[40]>>5))&(1<<1))-(1<<1)) | ~(DV_I_50_2_bit|DV_II_49_2_bit));
221 if (mask & (DV_I_52_0_bit|DV_II_51_0_bit))
222 mask &= ((((W[39]^(W[43]>>25))&(1<<4))-(1<<4)) | ~(DV_I_52_0_bit|DV_II_51_0_bit));
223 if (mask & (DV_I_51_0_bit|DV_II_50_0_bit))
224 mask &= ((((W[38]^(W[42]>>25))&(1<<4))-(1<<4)) | ~(DV_I_51_0_bit|DV_II_50_0_bit));
225 if (mask & (DV_I_48_2_bit|DV_I_51_2_bit))
226 mask &= ((0-((W[37]^(W[38]>>5))&(1<<1))) | ~(DV_I_48_2_bit|DV_I_51_2_bit));
227 if (mask & (DV_I_50_0_bit|DV_II_49_0_bit))
228 mask &= ((((W[37]^(W[41]>>25))&(1<<4))-(1<<4)) | ~(DV_I_50_0_bit|DV_II_49_0_bit));
229 if (mask & (DV_II_52_0_bit|DV_II_54_0_bit))
230 mask &= ((0-((W[36]^W[38])&(1<<4))) | ~(DV_II_52_0_bit|DV_II_54_0_bit));
231 mask &= ((0-((W[35]^(W[36]>>5))&(1<<1))) | ~(DV_I_46_2_bit|DV_I_49_2_bit));
232 if (mask & (DV_I_51_0_bit|DV_II_47_0_bit))
233 mask &= ((((W[35]^(W[39]>>25))&(1<<3))-(1<<3)) | ~(DV_I_51_0_bit|DV_II_47_0_bit));
234 if (mask) {
235
236 if (mask & DV_I_43_0_bit)
237 if (
238 !((W[61]^(W[62]>>5)) & (1<<1))
239 || !(!((W[59]^(W[63]>>25)) & (1<<5)))
240 || !((W[58]^(W[63]>>30)) & (1<<0))
241 ) mask &= ~DV_I_43_0_bit;
242 if (mask & DV_I_44_0_bit)
243 if (
244 !((W[62]^(W[63]>>5)) & (1<<1))
245 || !(!((W[60]^(W[64]>>25)) & (1<<5)))
246 || !((W[59]^(W[64]>>30)) & (1<<0))
247 ) mask &= ~DV_I_44_0_bit;
248 if (mask & DV_I_46_2_bit)
249 mask &= ((~((W[40]^W[42])>>2)) | ~DV_I_46_2_bit);
250 if (mask & DV_I_47_2_bit)
251 if (
252 !((W[62]^(W[63]>>5)) & (1<<2))
253 || !(!((W[41]^W[43]) & (1<<6)))
254 ) mask &= ~DV_I_47_2_bit;
255 if (mask & DV_I_48_2_bit)
256 if (
257 !((W[63]^(W[64]>>5)) & (1<<2))
258 || !(!((W[48]^(W[49]<<5)) & (1<<6)))
259 ) mask &= ~DV_I_48_2_bit;
260 if (mask & DV_I_49_2_bit)
261 if (
262 !(!((W[49]^(W[50]<<5)) & (1<<6)))
263 || !((W[42]^W[50]) & (1<<1))
264 || !(!((W[39]^(W[40]<<5)) & (1<<6)))
265 || !((W[38]^W[40]) & (1<<1))
266 ) mask &= ~DV_I_49_2_bit;
267 if (mask & DV_I_50_0_bit)
268 mask &= ((((W[36]^W[37])<<7)) | ~DV_I_50_0_bit);
269 if (mask & DV_I_50_2_bit)
270 mask &= ((((W[43]^W[51])<<11)) | ~DV_I_50_2_bit);
271 if (mask & DV_I_51_0_bit)
272 mask &= ((((W[37]^W[38])<<9)) | ~DV_I_51_0_bit);
273 if (mask & DV_I_51_2_bit)
274 if (
275 !(!((W[51]^(W[52]<<5)) & (1<<6)))
276 || !(!((W[49]^W[51]) & (1<<6)))
277 || !(!((W[37]^(W[37]>>5)) & (1<<1)))
278 || !(!((W[35]^(W[39]>>25)) & (1<<5)))
279 ) mask &= ~DV_I_51_2_bit;
280 if (mask & DV_I_52_0_bit)
281 mask &= ((((W[38]^W[39])<<11)) | ~DV_I_52_0_bit);
282 if (mask & DV_II_46_2_bit)
283 mask &= ((((W[47]^W[51])<<17)) | ~DV_II_46_2_bit);
284 if (mask & DV_II_48_0_bit)
285 if (
286 !(!((W[36]^(W[40]>>25)) & (1<<3)))
287 || !((W[35]^(W[40]<<2)) & (1<<30))
288 ) mask &= ~DV_II_48_0_bit;
289 if (mask & DV_II_49_0_bit)
290 if (
291 !(!((W[37]^(W[41]>>25)) & (1<<3)))
292 || !((W[36]^(W[41]<<2)) & (1<<30))
293 ) mask &= ~DV_II_49_0_bit;
294 if (mask & DV_II_49_2_bit)
295 if (
296 !(!((W[53]^(W[54]<<5)) & (1<<6)))
297 || !(!((W[51]^W[53]) & (1<<6)))
298 || !((W[50]^W[54]) & (1<<1))
299 || !(!((W[45]^(W[46]<<5)) & (1<<6)))
300 || !(!((W[37]^(W[41]>>25)) & (1<<5)))
301 || !((W[36]^(W[41]>>30)) & (1<<0))
302 ) mask &= ~DV_II_49_2_bit;
303 if (mask & DV_II_50_0_bit)
304 if (
305 !((W[55]^W[58]) & (1<<29))
306 || !(!((W[38]^(W[42]>>25)) & (1<<3)))
307 || !((W[37]^(W[42]<<2)) & (1<<30))
308 ) mask &= ~DV_II_50_0_bit;
309 if (mask & DV_II_50_2_bit)
310 if (
311 !(!((W[54]^(W[55]<<5)) & (1<<6)))
312 || !(!((W[52]^W[54]) & (1<<6)))
313 || !((W[51]^W[55]) & (1<<1))
314 || !((W[45]^W[47]) & (1<<1))
315 || !(!((W[38]^(W[42]>>25)) & (1<<5)))
316 || !((W[37]^(W[42]>>30)) & (1<<0))
317 ) mask &= ~DV_II_50_2_bit;
318 if (mask & DV_II_51_0_bit)
319 if (
320 !(!((W[39]^(W[43]>>25)) & (1<<3)))
321 || !((W[38]^(W[43]<<2)) & (1<<30))
322 ) mask &= ~DV_II_51_0_bit;
323 if (mask & DV_II_51_2_bit)
324 if (
325 !(!((W[55]^(W[56]<<5)) & (1<<6)))
326 || !(!((W[53]^W[55]) & (1<<6)))
327 || !((W[52]^W[56]) & (1<<1))
328 || !((W[46]^W[48]) & (1<<1))
329 || !(!((W[39]^(W[43]>>25)) & (1<<5)))
330 || !((W[38]^(W[43]>>30)) & (1<<0))
331 ) mask &= ~DV_II_51_2_bit;
332 if (mask & DV_II_52_0_bit)
333 if (
334 !(!((W[59]^W[60]) & (1<<29)))
335 || !(!((W[40]^(W[44]>>25)) & (1<<3)))
336 || !(!((W[40]^(W[44]>>25)) & (1<<4)))
337 || !((W[39]^(W[44]<<2)) & (1<<30))
338 ) mask &= ~DV_II_52_0_bit;
339 if (mask & DV_II_53_0_bit)
340 if (
341 !((W[58]^W[61]) & (1<<29))
342 || !(!((W[57]^(W[61]>>25)) & (1<<4)))
343 || !(!((W[41]^(W[45]>>25)) & (1<<3)))
344 || !(!((W[41]^(W[45]>>25)) & (1<<4)))
345 ) mask &= ~DV_II_53_0_bit;
346 if (mask & DV_II_54_0_bit)
347 if (
348 !(!((W[58]^(W[62]>>25)) & (1<<4)))
349 || !(!((W[42]^(W[46]>>25)) & (1<<3)))
350 || !(!((W[42]^(W[46]>>25)) & (1<<4)))
351 ) mask &= ~DV_II_54_0_bit;
352 if (mask & DV_II_55_0_bit)
353 if (
354 !(!((W[59]^(W[63]>>25)) & (1<<4)))
355 || !(!((W[57]^(W[59]>>25)) & (1<<4)))
356 || !(!((W[43]^(W[47]>>25)) & (1<<3)))
357 || !(!((W[43]^(W[47]>>25)) & (1<<4)))
358 ) mask &= ~DV_II_55_0_bit;
359 if (mask & DV_II_56_0_bit)
360 if (
361 !(!((W[60]^(W[64]>>25)) & (1<<4)))
362 || !(!((W[44]^(W[48]>>25)) & (1<<3)))
363 || !(!((W[44]^(W[48]>>25)) & (1<<4)))
364 ) mask &= ~DV_II_56_0_bit;
365 }
366
367 dvmask[0]=mask;
368 }
369
370 #ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_UBC_CHECK_C
371 #include SHA1DC_CUSTOM_TRAILING_INCLUDE_UBC_CHECK_C
372 #endif
Show file before | Show file after | Hide comments
@@ -0,0 +1,52 b''
1 /***
2 * Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow <danshu@microsoft.com>
3 * Distributed under the MIT Software License.
4 * See accompanying file LICENSE.txt or copy at
5 * https://opensource.org/licenses/MIT
6 ***/
7
8 /*
9 // this file was generated by the 'parse_bitrel' program in the tools section
10 // using the data files from directory 'tools/data/3565'
11 //
12 // sha1_dvs contains a list of SHA-1 Disturbance Vectors (DV) to check
13 // dvType, dvK and dvB define the DV: I(K,B) or II(K,B) (see the paper)
14 // dm[80] is the expanded message block XOR-difference defined by the DV
15 // testt is the step to do the recompression from for collision detection
16 // maski and maskb define the bit to check for each DV in the dvmask returned by ubc_check
17 //
18 // ubc_check takes as input an expanded message block and verifies the unavoidable bitconditions for all listed DVs
19 // it returns a dvmask where each bit belonging to a DV is set if all unavoidable bitconditions for that DV have been met
20 // thus one needs to do the recompression check for each DV that has its bit set
21 */
22
23 #ifndef SHA1DC_UBC_CHECK_H
24 #define SHA1DC_UBC_CHECK_H
25
26 #if defined(__cplusplus)
27 extern "C" {
28 #endif
29
30 #ifndef SHA1DC_NO_STANDARD_INCLUDES
31 #include <stdint.h>
32 #endif
33
34 #define DVMASKSIZE 1
35 typedef struct { int dvType; int dvK; int dvB; int testt; int maski; int maskb; uint32_t dm[80]; } dv_info_t;
36 extern dv_info_t sha1_dvs[];
37 void ubc_check(const uint32_t W[80], uint32_t dvmask[DVMASKSIZE]);
38
39 #define DOSTORESTATE58
40 #define DOSTORESTATE65
41
42 #define CHECK_DVMASK(_DVMASK) (0 != _DVMASK[0])
43
44 #if defined(__cplusplus)
45 }
46 #endif
47
48 #ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_UBC_CHECK_H
49 #include SHA1DC_CUSTOM_TRAILING_INCLUDE_UBC_CHECK_H
50 #endif
51
52 #endif
General Comments 0
You need to be logged in to leave comments. Login now