/src/boringssl/crypto/fipsmodule/sha/sha1.c.inc
Line | Count | Source (jump to first uncovered line) |
1 | | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
2 | | * All rights reserved. |
3 | | * |
4 | | * This package is an SSL implementation written |
5 | | * by Eric Young (eay@cryptsoft.com). |
6 | | * The implementation was written so as to conform with Netscapes SSL. |
7 | | * |
8 | | * This library is free for commercial and non-commercial use as long as |
9 | | * the following conditions are aheared to. The following conditions |
10 | | * apply to all code found in this distribution, be it the RC4, RSA, |
11 | | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
12 | | * included with this distribution is covered by the same copyright terms |
13 | | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
14 | | * |
15 | | * Copyright remains Eric Young's, and as such any Copyright notices in |
16 | | * the code are not to be removed. |
17 | | * If this package is used in a product, Eric Young should be given attribution |
18 | | * as the author of the parts of the library used. |
19 | | * This can be in the form of a textual message at program startup or |
20 | | * in documentation (online or textual) provided with the package. |
21 | | * |
22 | | * Redistribution and use in source and binary forms, with or without |
23 | | * modification, are permitted provided that the following conditions |
24 | | * are met: |
25 | | * 1. Redistributions of source code must retain the copyright |
26 | | * notice, this list of conditions and the following disclaimer. |
27 | | * 2. Redistributions in binary form must reproduce the above copyright |
28 | | * notice, this list of conditions and the following disclaimer in the |
29 | | * documentation and/or other materials provided with the distribution. |
30 | | * 3. All advertising materials mentioning features or use of this software |
31 | | * must display the following acknowledgement: |
32 | | * "This product includes cryptographic software written by |
33 | | * Eric Young (eay@cryptsoft.com)" |
34 | | * The word 'cryptographic' can be left out if the rouines from the library |
35 | | * being used are not cryptographic related :-). |
36 | | * 4. If you include any Windows specific code (or a derivative thereof) from |
37 | | * the apps directory (application code) you must include an acknowledgement: |
38 | | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
39 | | * |
40 | | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
41 | | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
42 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
43 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
44 | | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
45 | | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
46 | | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
47 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
48 | | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
49 | | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
50 | | * SUCH DAMAGE. |
51 | | * |
52 | | * The licence and distribution terms for any publically available version or |
53 | | * derivative of this code cannot be changed. i.e. this code cannot simply be |
54 | | * copied and put under another distribution licence |
55 | | * [including the GNU Public Licence.] */ |
56 | | |
57 | | #include <string.h> |
58 | | |
59 | | #include <openssl/mem.h> |
60 | | |
61 | | #include "../bcm_interface.h" |
62 | | #include "../../internal.h" |
63 | | #include "../digest/md32_common.h" |
64 | | #include "../service_indicator/internal.h" |
65 | | #include "internal.h" |
66 | | |
67 | | |
68 | 0 | bcm_infallible BCM_sha1_init(SHA_CTX *sha) { |
69 | 0 | OPENSSL_memset(sha, 0, sizeof(SHA_CTX)); |
70 | 0 | sha->h[0] = 0x67452301UL; |
71 | 0 | sha->h[1] = 0xefcdab89UL; |
72 | 0 | sha->h[2] = 0x98badcfeUL; |
73 | 0 | sha->h[3] = 0x10325476UL; |
74 | 0 | sha->h[4] = 0xc3d2e1f0UL; |
75 | 0 | return bcm_infallible_approved; |
76 | 0 | } |
77 | | |
78 | | #if !defined(SHA1_ASM) |
79 | | static void sha1_block_data_order(uint32_t state[5], const uint8_t *data, |
80 | | size_t num); |
81 | | #endif |
82 | | |
83 | 0 | bcm_infallible BCM_sha1_transform(SHA_CTX *c, const uint8_t data[SHA_CBLOCK]) { |
84 | 0 | sha1_block_data_order(c->h, data, 1); |
85 | 0 | return bcm_infallible_approved; |
86 | 0 | } |
87 | | |
88 | 0 | bcm_infallible BCM_sha1_update(SHA_CTX *c, const void *data, size_t len) { |
89 | 0 | crypto_md32_update(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num, |
90 | 0 | &c->Nh, &c->Nl, data, len); |
91 | 0 | return bcm_infallible_approved; |
92 | 0 | } |
93 | | |
94 | | static void sha1_output_state(uint8_t out[SHA_DIGEST_LENGTH], |
95 | 0 | const SHA_CTX *ctx) { |
96 | 0 | CRYPTO_store_u32_be(out, ctx->h[0]); |
97 | 0 | CRYPTO_store_u32_be(out + 4, ctx->h[1]); |
98 | 0 | CRYPTO_store_u32_be(out + 8, ctx->h[2]); |
99 | 0 | CRYPTO_store_u32_be(out + 12, ctx->h[3]); |
100 | 0 | CRYPTO_store_u32_be(out + 16, ctx->h[4]); |
101 | 0 | } |
102 | | |
103 | 0 | bcm_infallible BCM_sha1_final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *c) { |
104 | 0 | crypto_md32_final(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num, |
105 | 0 | c->Nh, c->Nl, /*is_big_endian=*/1); |
106 | |
|
107 | 0 | sha1_output_state(out, c); |
108 | 0 | FIPS_service_indicator_update_state(); |
109 | 0 | return bcm_infallible_approved; |
110 | 0 | } |
111 | | |
112 | | bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len, |
113 | 0 | const uint8_t xkey[SHA_DIGEST_LENGTH]) { |
114 | | // XKEY and XVAL are 160-bit values, but are internally right-padded up to |
115 | | // block size. See FIPS 186-2, Appendix 3.3. This buffer maintains both the |
116 | | // current value of XKEY and the padding. |
117 | 0 | uint8_t block[SHA_CBLOCK] = {0}; |
118 | 0 | OPENSSL_memcpy(block, xkey, SHA_DIGEST_LENGTH); |
119 | |
|
120 | 0 | while (out_len != 0) { |
121 | | // We always use a zero XSEED, so we can merge the inner and outer loops. |
122 | | // XVAL is also always equal to XKEY. |
123 | 0 | SHA_CTX ctx; |
124 | 0 | BCM_sha1_init(&ctx); |
125 | 0 | BCM_sha1_transform(&ctx, block); |
126 | | |
127 | | // XKEY = (1 + XKEY + w_i) mod 2^b |
128 | 0 | uint32_t carry = 1; |
129 | 0 | for (int i = 4; i >= 0; i--) { |
130 | 0 | uint32_t tmp = CRYPTO_load_u32_be(block + i * 4); |
131 | 0 | tmp = CRYPTO_addc_u32(tmp, ctx.h[i], carry, &carry); |
132 | 0 | CRYPTO_store_u32_be(block + i * 4, tmp); |
133 | 0 | } |
134 | | |
135 | | // Output w_i. |
136 | 0 | if (out_len < SHA_DIGEST_LENGTH) { |
137 | 0 | uint8_t buf[SHA_DIGEST_LENGTH]; |
138 | 0 | sha1_output_state(buf, &ctx); |
139 | 0 | OPENSSL_memcpy(out, buf, out_len); |
140 | 0 | break; |
141 | 0 | } |
142 | 0 | sha1_output_state(out, &ctx); |
143 | 0 | out += SHA_DIGEST_LENGTH; |
144 | 0 | out_len -= SHA_DIGEST_LENGTH; |
145 | 0 | } |
146 | 0 | return bcm_infallible_not_approved; |
147 | 0 | } |
148 | | |
149 | | #define Xupdate(a, ix, ia, ib, ic, id) \ |
150 | | do { \ |
151 | | (a) = ((ia) ^ (ib) ^ (ic) ^ (id)); \ |
152 | | (ix) = (a) = CRYPTO_rotl_u32((a), 1); \ |
153 | | } while (0) |
154 | | |
155 | | #define K_00_19 0x5a827999UL |
156 | | #define K_20_39 0x6ed9eba1UL |
157 | | #define K_40_59 0x8f1bbcdcUL |
158 | | #define K_60_79 0xca62c1d6UL |
159 | | |
160 | | // As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be simplified |
161 | | // to the code in F_00_19. Wei attributes these optimisations to Peter |
162 | | // Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define |
163 | | // F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) I've just become aware of another |
164 | | // tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a |
165 | | #define F_00_19(b, c, d) ((((c) ^ (d)) & (b)) ^ (d)) |
166 | | #define F_20_39(b, c, d) ((b) ^ (c) ^ (d)) |
167 | | #define F_40_59(b, c, d) (((b) & (c)) | (((b) | (c)) & (d))) |
168 | | #define F_60_79(b, c, d) F_20_39(b, c, d) |
169 | | |
170 | | #define BODY_00_15(i, a, b, c, d, e, f, xi) \ |
171 | | do { \ |
172 | | (f) = (xi) + (e) + K_00_19 + CRYPTO_rotl_u32((a), 5) + \ |
173 | | F_00_19((b), (c), (d)); \ |
174 | | (b) = CRYPTO_rotl_u32((b), 30); \ |
175 | | } while (0) |
176 | | |
177 | | #define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \ |
178 | | do { \ |
179 | | Xupdate(f, xi, xa, xb, xc, xd); \ |
180 | | (f) += (e) + K_00_19 + CRYPTO_rotl_u32((a), 5) + F_00_19((b), (c), (d)); \ |
181 | | (b) = CRYPTO_rotl_u32((b), 30); \ |
182 | | } while (0) |
183 | | |
184 | | #define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \ |
185 | | do { \ |
186 | | Xupdate(f, xi, xa, xb, xc, xd); \ |
187 | | (f) += (e) + K_20_39 + CRYPTO_rotl_u32((a), 5) + F_20_39((b), (c), (d)); \ |
188 | | (b) = CRYPTO_rotl_u32((b), 30); \ |
189 | | } while (0) |
190 | | |
191 | | #define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd) \ |
192 | | do { \ |
193 | | Xupdate(f, xa, xa, xb, xc, xd); \ |
194 | | (f) += (e) + K_20_39 + CRYPTO_rotl_u32((a), 5) + F_20_39((b), (c), (d)); \ |
195 | | (b) = CRYPTO_rotl_u32((b), 30); \ |
196 | | } while (0) |
197 | | |
198 | | #define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd) \ |
199 | | do { \ |
200 | | Xupdate(f, xa, xa, xb, xc, xd); \ |
201 | | (f) += (e) + K_40_59 + CRYPTO_rotl_u32((a), 5) + F_40_59((b), (c), (d)); \ |
202 | | (b) = CRYPTO_rotl_u32((b), 30); \ |
203 | | } while (0) |
204 | | |
205 | | #define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd) \ |
206 | | do { \ |
207 | | Xupdate(f, xa, xa, xb, xc, xd); \ |
208 | | (f) = (xa) + (e) + K_60_79 + CRYPTO_rotl_u32((a), 5) + \ |
209 | | F_60_79((b), (c), (d)); \ |
210 | | (b) = CRYPTO_rotl_u32((b), 30); \ |
211 | | } while (0) |
212 | | |
213 | | #ifdef X |
214 | | #undef X |
215 | | #endif |
216 | | |
217 | | /* Originally X was an array. As it's automatic it's natural |
218 | | * to expect RISC compiler to accomodate at least part of it in |
219 | | * the register bank, isn't it? Unfortunately not all compilers |
220 | | * "find" this expectation reasonable:-( On order to make such |
221 | | * compilers generate better code I replace X[] with a bunch of |
222 | | * X0, X1, etc. See the function body below... |
223 | | * <appro@fy.chalmers.se> */ |
224 | | #define X(i) XX##i |
225 | | |
226 | | #if !defined(SHA1_ASM) |
227 | | |
228 | | #if !defined(SHA1_ASM_NOHW) |
229 | | static void sha1_block_data_order_nohw(uint32_t state[5], const uint8_t *data, |
230 | | size_t num) { |
231 | | register uint32_t A, B, C, D, E, T; |
232 | | uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, |
233 | | XX11, XX12, XX13, XX14, XX15; |
234 | | |
235 | | A = state[0]; |
236 | | B = state[1]; |
237 | | C = state[2]; |
238 | | D = state[3]; |
239 | | E = state[4]; |
240 | | |
241 | | for (;;) { |
242 | | X(0) = CRYPTO_load_u32_be(data); |
243 | | data += 4; |
244 | | X(1) = CRYPTO_load_u32_be(data); |
245 | | data += 4; |
246 | | BODY_00_15(0, A, B, C, D, E, T, X(0)); |
247 | | X(2) = CRYPTO_load_u32_be(data); |
248 | | data += 4; |
249 | | BODY_00_15(1, T, A, B, C, D, E, X(1)); |
250 | | X(3) = CRYPTO_load_u32_be(data); |
251 | | data += 4; |
252 | | BODY_00_15(2, E, T, A, B, C, D, X(2)); |
253 | | X(4) = CRYPTO_load_u32_be(data); |
254 | | data += 4; |
255 | | BODY_00_15(3, D, E, T, A, B, C, X(3)); |
256 | | X(5) = CRYPTO_load_u32_be(data); |
257 | | data += 4; |
258 | | BODY_00_15(4, C, D, E, T, A, B, X(4)); |
259 | | X(6) = CRYPTO_load_u32_be(data); |
260 | | data += 4; |
261 | | BODY_00_15(5, B, C, D, E, T, A, X(5)); |
262 | | X(7) = CRYPTO_load_u32_be(data); |
263 | | data += 4; |
264 | | BODY_00_15(6, A, B, C, D, E, T, X(6)); |
265 | | X(8) = CRYPTO_load_u32_be(data); |
266 | | data += 4; |
267 | | BODY_00_15(7, T, A, B, C, D, E, X(7)); |
268 | | X(9) = CRYPTO_load_u32_be(data); |
269 | | data += 4; |
270 | | BODY_00_15(8, E, T, A, B, C, D, X(8)); |
271 | | X(10) = CRYPTO_load_u32_be(data); |
272 | | data += 4; |
273 | | BODY_00_15(9, D, E, T, A, B, C, X(9)); |
274 | | X(11) = CRYPTO_load_u32_be(data); |
275 | | data += 4; |
276 | | BODY_00_15(10, C, D, E, T, A, B, X(10)); |
277 | | X(12) = CRYPTO_load_u32_be(data); |
278 | | data += 4; |
279 | | BODY_00_15(11, B, C, D, E, T, A, X(11)); |
280 | | X(13) = CRYPTO_load_u32_be(data); |
281 | | data += 4; |
282 | | BODY_00_15(12, A, B, C, D, E, T, X(12)); |
283 | | X(14) = CRYPTO_load_u32_be(data); |
284 | | data += 4; |
285 | | BODY_00_15(13, T, A, B, C, D, E, X(13)); |
286 | | X(15) = CRYPTO_load_u32_be(data); |
287 | | data += 4; |
288 | | BODY_00_15(14, E, T, A, B, C, D, X(14)); |
289 | | BODY_00_15(15, D, E, T, A, B, C, X(15)); |
290 | | |
291 | | BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13)); |
292 | | BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14)); |
293 | | BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15)); |
294 | | BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0)); |
295 | | |
296 | | BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1)); |
297 | | BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2)); |
298 | | BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3)); |
299 | | BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4)); |
300 | | BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5)); |
301 | | BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6)); |
302 | | BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7)); |
303 | | BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8)); |
304 | | BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9)); |
305 | | BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10)); |
306 | | BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11)); |
307 | | BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12)); |
308 | | |
309 | | BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13)); |
310 | | BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14)); |
311 | | BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15)); |
312 | | BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0)); |
313 | | BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1)); |
314 | | BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2)); |
315 | | BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3)); |
316 | | BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4)); |
317 | | |
318 | | BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5)); |
319 | | BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6)); |
320 | | BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7)); |
321 | | BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8)); |
322 | | BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9)); |
323 | | BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10)); |
324 | | BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11)); |
325 | | BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12)); |
326 | | BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13)); |
327 | | BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14)); |
328 | | BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15)); |
329 | | BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0)); |
330 | | BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1)); |
331 | | BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2)); |
332 | | BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3)); |
333 | | BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4)); |
334 | | BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5)); |
335 | | BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6)); |
336 | | BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7)); |
337 | | BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8)); |
338 | | |
339 | | BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9)); |
340 | | BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10)); |
341 | | BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11)); |
342 | | BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12)); |
343 | | BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13)); |
344 | | BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14)); |
345 | | BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15)); |
346 | | BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0)); |
347 | | BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1)); |
348 | | BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2)); |
349 | | BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3)); |
350 | | BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4)); |
351 | | BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5)); |
352 | | BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6)); |
353 | | BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7)); |
354 | | BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8)); |
355 | | BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9)); |
356 | | BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10)); |
357 | | BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11)); |
358 | | BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12)); |
359 | | |
360 | | state[0] = (state[0] + E) & 0xffffffffL; |
361 | | state[1] = (state[1] + T) & 0xffffffffL; |
362 | | state[2] = (state[2] + A) & 0xffffffffL; |
363 | | state[3] = (state[3] + B) & 0xffffffffL; |
364 | | state[4] = (state[4] + C) & 0xffffffffL; |
365 | | |
366 | | if (--num == 0) { |
367 | | break; |
368 | | } |
369 | | |
370 | | A = state[0]; |
371 | | B = state[1]; |
372 | | C = state[2]; |
373 | | D = state[3]; |
374 | | E = state[4]; |
375 | | } |
376 | | } |
377 | | #endif // !SHA1_ASM_NOHW |
378 | | |
379 | | static void sha1_block_data_order(uint32_t state[5], const uint8_t *data, |
380 | 0 | size_t num) { |
381 | 0 | #if defined(SHA1_ASM_HW) |
382 | 0 | if (sha1_hw_capable()) { |
383 | 0 | sha1_block_data_order_hw(state, data, num); |
384 | 0 | return; |
385 | 0 | } |
386 | 0 | #endif |
387 | 0 | #if defined(SHA1_ASM_AVX2) |
388 | 0 | if (sha1_avx2_capable()) { |
389 | 0 | sha1_block_data_order_avx2(state, data, num); |
390 | 0 | return; |
391 | 0 | } |
392 | 0 | #endif |
393 | 0 | #if defined(SHA1_ASM_AVX) |
394 | 0 | if (sha1_avx_capable()) { |
395 | 0 | sha1_block_data_order_avx(state, data, num); |
396 | 0 | return; |
397 | 0 | } |
398 | 0 | #endif |
399 | 0 | #if defined(SHA1_ASM_SSSE3) |
400 | 0 | if (sha1_ssse3_capable()) { |
401 | 0 | sha1_block_data_order_ssse3(state, data, num); |
402 | 0 | return; |
403 | 0 | } |
404 | 0 | #endif |
405 | | #if defined(SHA1_ASM_NEON) |
406 | | if (CRYPTO_is_NEON_capable()) { |
407 | | sha1_block_data_order_neon(state, data, num); |
408 | | return; |
409 | | } |
410 | | #endif |
411 | 0 | sha1_block_data_order_nohw(state, data, num); |
412 | 0 | } |
413 | | |
414 | | #endif // !SHA1_ASM |
415 | | |
416 | | #undef Xupdate |
417 | | #undef K_00_19 |
418 | | #undef K_20_39 |
419 | | #undef K_40_59 |
420 | | #undef K_60_79 |
421 | | #undef F_00_19 |
422 | | #undef F_20_39 |
423 | | #undef F_40_59 |
424 | | #undef F_60_79 |
425 | | #undef BODY_00_15 |
426 | | #undef BODY_16_19 |
427 | | #undef BODY_20_31 |
428 | | #undef BODY_32_39 |
429 | | #undef BODY_40_59 |
430 | | #undef BODY_60_79 |
431 | | #undef X |