/src/boringssl/crypto/fipsmodule/sha/sha1.c.inc
Line | Count | Source (jump to first uncovered line) |
1 | | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
2 | | * All rights reserved. |
3 | | * |
4 | | * This package is an SSL implementation written |
5 | | * by Eric Young (eay@cryptsoft.com). |
6 | | * The implementation was written so as to conform with Netscapes SSL. |
7 | | * |
8 | | * This library is free for commercial and non-commercial use as long as |
9 | | * the following conditions are aheared to. The following conditions |
10 | | * apply to all code found in this distribution, be it the RC4, RSA, |
11 | | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
12 | | * included with this distribution is covered by the same copyright terms |
13 | | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
14 | | * |
15 | | * Copyright remains Eric Young's, and as such any Copyright notices in |
16 | | * the code are not to be removed. |
17 | | * If this package is used in a product, Eric Young should be given attribution |
18 | | * as the author of the parts of the library used. |
19 | | * This can be in the form of a textual message at program startup or |
20 | | * in documentation (online or textual) provided with the package. |
21 | | * |
22 | | * Redistribution and use in source and binary forms, with or without |
23 | | * modification, are permitted provided that the following conditions |
24 | | * are met: |
25 | | * 1. Redistributions of source code must retain the copyright |
26 | | * notice, this list of conditions and the following disclaimer. |
27 | | * 2. Redistributions in binary form must reproduce the above copyright |
28 | | * notice, this list of conditions and the following disclaimer in the |
29 | | * documentation and/or other materials provided with the distribution. |
30 | | * 3. All advertising materials mentioning features or use of this software |
31 | | * must display the following acknowledgement: |
32 | | * "This product includes cryptographic software written by |
33 | | * Eric Young (eay@cryptsoft.com)" |
34 | | * The word 'cryptographic' can be left out if the rouines from the library |
35 | | * being used are not cryptographic related :-). |
36 | | * 4. If you include any Windows specific code (or a derivative thereof) from |
37 | | * the apps directory (application code) you must include an acknowledgement: |
38 | | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
39 | | * |
40 | | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
41 | | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
42 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
43 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
44 | | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
45 | | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
46 | | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
47 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
48 | | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
49 | | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
50 | | * SUCH DAMAGE. |
51 | | * |
52 | | * The licence and distribution terms for any publically available version or |
53 | | * derivative of this code cannot be changed. i.e. this code cannot simply be |
54 | | * copied and put under another distribution licence |
55 | | * [including the GNU Public Licence.] */ |
56 | | |
57 | | #include <string.h> |
58 | | |
59 | | #include <openssl/mem.h> |
60 | | |
61 | | #include "../bcm_interface.h" |
62 | | #include "../../internal.h" |
63 | | #include "../digest/md32_common.h" |
64 | | #include "../service_indicator/internal.h" |
65 | | #include "internal.h" |
66 | | |
67 | | |
68 | 17.0k | bcm_infallible BCM_sha1_init(SHA_CTX *sha) { |
69 | 17.0k | OPENSSL_memset(sha, 0, sizeof(SHA_CTX)); |
70 | 17.0k | sha->h[0] = 0x67452301UL; |
71 | 17.0k | sha->h[1] = 0xefcdab89UL; |
72 | 17.0k | sha->h[2] = 0x98badcfeUL; |
73 | 17.0k | sha->h[3] = 0x10325476UL; |
74 | 17.0k | sha->h[4] = 0xc3d2e1f0UL; |
75 | 17.0k | return bcm_infallible_approved; |
76 | 17.0k | } |
77 | | |
78 | | #if !defined(SHA1_ASM) |
79 | | static void sha1_block_data_order(uint32_t state[5], const uint8_t *data, |
80 | | size_t num); |
81 | | #endif |
82 | | |
83 | 0 | bcm_infallible BCM_sha1_transform(SHA_CTX *c, const uint8_t data[SHA_CBLOCK]) { |
84 | 0 | sha1_block_data_order(c->h, data, 1); |
85 | 0 | return bcm_infallible_approved; |
86 | 0 | } |
87 | | |
88 | 40.1k | bcm_infallible BCM_sha1_update(SHA_CTX *c, const void *data, size_t len) { |
89 | 40.1k | crypto_md32_update(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num, |
90 | 40.1k | &c->Nh, &c->Nl, data, len); |
91 | 40.1k | return bcm_infallible_approved; |
92 | 40.1k | } |
93 | | |
94 | | static void sha1_output_state(uint8_t out[SHA_DIGEST_LENGTH], |
95 | 21.1k | const SHA_CTX *ctx) { |
96 | 21.1k | CRYPTO_store_u32_be(out, ctx->h[0]); |
97 | 21.1k | CRYPTO_store_u32_be(out + 4, ctx->h[1]); |
98 | 21.1k | CRYPTO_store_u32_be(out + 8, ctx->h[2]); |
99 | 21.1k | CRYPTO_store_u32_be(out + 12, ctx->h[3]); |
100 | 21.1k | CRYPTO_store_u32_be(out + 16, ctx->h[4]); |
101 | 21.1k | } |
102 | | |
103 | 21.1k | bcm_infallible BCM_sha1_final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *c) { |
104 | 21.1k | crypto_md32_final(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num, |
105 | 21.1k | c->Nh, c->Nl, /*is_big_endian=*/1); |
106 | | |
107 | 21.1k | sha1_output_state(out, c); |
108 | 21.1k | FIPS_service_indicator_update_state(); |
109 | 21.1k | return bcm_infallible_approved; |
110 | 21.1k | } |
111 | | |
112 | | bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len, |
113 | 0 | const uint8_t xkey[SHA_DIGEST_LENGTH]) { |
114 | | // XKEY and XVAL are 160-bit values, but are internally right-padded up to |
115 | | // block size. See FIPS 186-2, Appendix 3.3. This buffer maintains both the |
116 | | // current value of XKEY and the padding. |
117 | 0 | uint8_t block[SHA_CBLOCK] = {0}; |
118 | 0 | OPENSSL_memcpy(block, xkey, SHA_DIGEST_LENGTH); |
119 | |
|
120 | 0 | while (out_len != 0) { |
121 | | // We always use a zero XSEED, so we can merge the inner and outer loops. |
122 | | // XVAL is also always equal to XKEY. |
123 | 0 | SHA_CTX ctx; |
124 | 0 | BCM_sha1_init(&ctx); |
125 | 0 | BCM_sha1_transform(&ctx, block); |
126 | | |
127 | | // XKEY = (1 + XKEY + w_i) mod 2^b |
128 | 0 | uint32_t carry = 1; |
129 | 0 | for (int i = 4; i >= 0; i--) { |
130 | 0 | uint32_t tmp = CRYPTO_load_u32_be(block + i * 4); |
131 | 0 | tmp = CRYPTO_addc_u32(tmp, ctx.h[i], carry, &carry); |
132 | 0 | CRYPTO_store_u32_be(block + i * 4, tmp); |
133 | 0 | } |
134 | | |
135 | | // Output w_i. |
136 | 0 | if (out_len < SHA_DIGEST_LENGTH) { |
137 | 0 | uint8_t buf[SHA_DIGEST_LENGTH]; |
138 | 0 | sha1_output_state(buf, &ctx); |
139 | 0 | OPENSSL_memcpy(out, buf, out_len); |
140 | 0 | break; |
141 | 0 | } |
142 | 0 | sha1_output_state(out, &ctx); |
143 | 0 | out += SHA_DIGEST_LENGTH; |
144 | 0 | out_len -= SHA_DIGEST_LENGTH; |
145 | 0 | } |
146 | 0 | return bcm_infallible_not_approved; |
147 | 0 | } |
148 | | |
149 | | #define Xupdate(a, ix, ia, ib, ic, id) \ |
150 | 14.5M | do { \ |
151 | 14.5M | (a) = ((ia) ^ (ib) ^ (ic) ^ (id)); \ |
152 | 14.5M | (ix) = (a) = CRYPTO_rotl_u32((a), 1); \ |
153 | 14.5M | } while (0) |
154 | | |
155 | 4.56M | #define K_00_19 0x5a827999UL |
156 | 4.56M | #define K_20_39 0x6ed9eba1UL |
157 | 4.56M | #define K_40_59 0x8f1bbcdcUL |
158 | 4.56M | #define K_60_79 0xca62c1d6UL |
159 | | |
160 | | // As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be simplified |
161 | | // to the code in F_00_19. Wei attributes these optimisations to Peter |
162 | | // Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define |
163 | | // F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) I've just become aware of another |
164 | | // tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a |
165 | 4.56M | #define F_00_19(b, c, d) ((((c) ^ (d)) & (b)) ^ (d)) |
166 | 9.12M | #define F_20_39(b, c, d) ((b) ^ (c) ^ (d)) |
167 | 4.56M | #define F_40_59(b, c, d) (((b) & (c)) | (((b) | (c)) & (d))) |
168 | 4.56M | #define F_60_79(b, c, d) F_20_39(b, c, d) |
169 | | |
170 | | #define BODY_00_15(i, a, b, c, d, e, f, xi) \ |
171 | 3.64M | do { \ |
172 | 3.64M | (f) = (xi) + (e) + K_00_19 + CRYPTO_rotl_u32((a), 5) + \ |
173 | 3.64M | F_00_19((b), (c), (d)); \ |
174 | 3.64M | (b) = CRYPTO_rotl_u32((b), 30); \ |
175 | 3.64M | } while (0) |
176 | | |
177 | | #define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \ |
178 | 912k | do { \ |
179 | 912k | Xupdate(f, xi, xa, xb, xc, xd); \ |
180 | 912k | (f) += (e) + K_00_19 + CRYPTO_rotl_u32((a), 5) + F_00_19((b), (c), (d)); \ |
181 | 912k | (b) = CRYPTO_rotl_u32((b), 30); \ |
182 | 912k | } while (0) |
183 | | |
184 | | #define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \ |
185 | 2.73M | do { \ |
186 | 2.73M | Xupdate(f, xi, xa, xb, xc, xd); \ |
187 | 2.73M | (f) += (e) + K_20_39 + CRYPTO_rotl_u32((a), 5) + F_20_39((b), (c), (d)); \ |
188 | 2.73M | (b) = CRYPTO_rotl_u32((b), 30); \ |
189 | 2.73M | } while (0) |
190 | | |
191 | | #define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd) \ |
192 | 1.82M | do { \ |
193 | 1.82M | Xupdate(f, xa, xa, xb, xc, xd); \ |
194 | 1.82M | (f) += (e) + K_20_39 + CRYPTO_rotl_u32((a), 5) + F_20_39((b), (c), (d)); \ |
195 | 1.82M | (b) = CRYPTO_rotl_u32((b), 30); \ |
196 | 1.82M | } while (0) |
197 | | |
198 | | #define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd) \ |
199 | 4.56M | do { \ |
200 | 4.56M | Xupdate(f, xa, xa, xb, xc, xd); \ |
201 | 4.56M | (f) += (e) + K_40_59 + CRYPTO_rotl_u32((a), 5) + F_40_59((b), (c), (d)); \ |
202 | 4.56M | (b) = CRYPTO_rotl_u32((b), 30); \ |
203 | 4.56M | } while (0) |
204 | | |
205 | | #define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd) \ |
206 | 4.56M | do { \ |
207 | 4.56M | Xupdate(f, xa, xa, xb, xc, xd); \ |
208 | 4.56M | (f) = (xa) + (e) + K_60_79 + CRYPTO_rotl_u32((a), 5) + \ |
209 | 4.56M | F_60_79((b), (c), (d)); \ |
210 | 4.56M | (b) = CRYPTO_rotl_u32((b), 30); \ |
211 | 4.56M | } while (0) |
212 | | |
213 | | #ifdef X |
214 | | #undef X |
215 | | #endif |
216 | | |
217 | | /* Originally X was an array. As it's automatic it's natural |
218 | | * to expect RISC compiler to accomodate at least part of it in |
219 | | * the register bank, isn't it? Unfortunately not all compilers |
220 | | * "find" this expectation reasonable:-( On order to make such |
221 | | * compilers generate better code I replace X[] with a bunch of |
222 | | * X0, X1, etc. See the function body below... |
223 | | * <appro@fy.chalmers.se> */ |
224 | 3.64M | #define X(i) XX##i |
225 | | |
226 | | #if !defined(SHA1_ASM) |
227 | | |
228 | | #if !defined(SHA1_ASM_NOHW) |
229 | | static void sha1_block_data_order_nohw(uint32_t state[5], const uint8_t *data, |
230 | 23.1k | size_t num) { |
231 | 23.1k | register uint32_t A, B, C, D, E, T; |
232 | 23.1k | uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, |
233 | 23.1k | XX11, XX12, XX13, XX14, XX15; |
234 | | |
235 | 23.1k | A = state[0]; |
236 | 23.1k | B = state[1]; |
237 | 23.1k | C = state[2]; |
238 | 23.1k | D = state[3]; |
239 | 23.1k | E = state[4]; |
240 | | |
241 | 228k | for (;;) { |
242 | 228k | X(0) = CRYPTO_load_u32_be(data); |
243 | 228k | data += 4; |
244 | 228k | X(1) = CRYPTO_load_u32_be(data); |
245 | 228k | data += 4; |
246 | 228k | BODY_00_15(0, A, B, C, D, E, T, X(0)); |
247 | 228k | X(2) = CRYPTO_load_u32_be(data); |
248 | 228k | data += 4; |
249 | 228k | BODY_00_15(1, T, A, B, C, D, E, X(1)); |
250 | 228k | X(3) = CRYPTO_load_u32_be(data); |
251 | 228k | data += 4; |
252 | 228k | BODY_00_15(2, E, T, A, B, C, D, X(2)); |
253 | 228k | X(4) = CRYPTO_load_u32_be(data); |
254 | 228k | data += 4; |
255 | 228k | BODY_00_15(3, D, E, T, A, B, C, X(3)); |
256 | 228k | X(5) = CRYPTO_load_u32_be(data); |
257 | 228k | data += 4; |
258 | 228k | BODY_00_15(4, C, D, E, T, A, B, X(4)); |
259 | 228k | X(6) = CRYPTO_load_u32_be(data); |
260 | 228k | data += 4; |
261 | 228k | BODY_00_15(5, B, C, D, E, T, A, X(5)); |
262 | 228k | X(7) = CRYPTO_load_u32_be(data); |
263 | 228k | data += 4; |
264 | 228k | BODY_00_15(6, A, B, C, D, E, T, X(6)); |
265 | 228k | X(8) = CRYPTO_load_u32_be(data); |
266 | 228k | data += 4; |
267 | 228k | BODY_00_15(7, T, A, B, C, D, E, X(7)); |
268 | 228k | X(9) = CRYPTO_load_u32_be(data); |
269 | 228k | data += 4; |
270 | 228k | BODY_00_15(8, E, T, A, B, C, D, X(8)); |
271 | 228k | X(10) = CRYPTO_load_u32_be(data); |
272 | 228k | data += 4; |
273 | 228k | BODY_00_15(9, D, E, T, A, B, C, X(9)); |
274 | 228k | X(11) = CRYPTO_load_u32_be(data); |
275 | 228k | data += 4; |
276 | 228k | BODY_00_15(10, C, D, E, T, A, B, X(10)); |
277 | 228k | X(12) = CRYPTO_load_u32_be(data); |
278 | 228k | data += 4; |
279 | 228k | BODY_00_15(11, B, C, D, E, T, A, X(11)); |
280 | 228k | X(13) = CRYPTO_load_u32_be(data); |
281 | 228k | data += 4; |
282 | 228k | BODY_00_15(12, A, B, C, D, E, T, X(12)); |
283 | 228k | X(14) = CRYPTO_load_u32_be(data); |
284 | 228k | data += 4; |
285 | 228k | BODY_00_15(13, T, A, B, C, D, E, X(13)); |
286 | 228k | X(15) = CRYPTO_load_u32_be(data); |
287 | 228k | data += 4; |
288 | 228k | BODY_00_15(14, E, T, A, B, C, D, X(14)); |
289 | 228k | BODY_00_15(15, D, E, T, A, B, C, X(15)); |
290 | | |
291 | 228k | BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13)); |
292 | 228k | BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14)); |
293 | 228k | BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15)); |
294 | 228k | BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0)); |
295 | | |
296 | 228k | BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1)); |
297 | 228k | BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2)); |
298 | 228k | BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3)); |
299 | 228k | BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4)); |
300 | 228k | BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5)); |
301 | 228k | BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6)); |
302 | 228k | BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7)); |
303 | 228k | BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8)); |
304 | 228k | BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9)); |
305 | 228k | BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10)); |
306 | 228k | BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11)); |
307 | 228k | BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12)); |
308 | | |
309 | 228k | BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13)); |
310 | 228k | BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14)); |
311 | 228k | BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15)); |
312 | 228k | BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0)); |
313 | 228k | BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1)); |
314 | 228k | BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2)); |
315 | 228k | BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3)); |
316 | 228k | BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4)); |
317 | | |
318 | 228k | BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5)); |
319 | 228k | BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6)); |
320 | 228k | BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7)); |
321 | 228k | BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8)); |
322 | 228k | BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9)); |
323 | 228k | BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10)); |
324 | 228k | BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11)); |
325 | 228k | BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12)); |
326 | 228k | BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13)); |
327 | 228k | BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14)); |
328 | 228k | BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15)); |
329 | 228k | BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0)); |
330 | 228k | BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1)); |
331 | 228k | BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2)); |
332 | 228k | BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3)); |
333 | 228k | BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4)); |
334 | 228k | BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5)); |
335 | 228k | BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6)); |
336 | 228k | BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7)); |
337 | 228k | BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8)); |
338 | | |
339 | 228k | BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9)); |
340 | 228k | BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10)); |
341 | 228k | BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11)); |
342 | 228k | BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12)); |
343 | 228k | BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13)); |
344 | 228k | BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14)); |
345 | 228k | BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15)); |
346 | 228k | BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0)); |
347 | 228k | BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1)); |
348 | 228k | BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2)); |
349 | 228k | BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3)); |
350 | 228k | BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4)); |
351 | 228k | BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5)); |
352 | 228k | BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6)); |
353 | 228k | BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7)); |
354 | 228k | BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8)); |
355 | 228k | BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9)); |
356 | 228k | BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10)); |
357 | 228k | BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11)); |
358 | 228k | BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12)); |
359 | | |
360 | 228k | state[0] = (state[0] + E) & 0xffffffffL; |
361 | 228k | state[1] = (state[1] + T) & 0xffffffffL; |
362 | 228k | state[2] = (state[2] + A) & 0xffffffffL; |
363 | 228k | state[3] = (state[3] + B) & 0xffffffffL; |
364 | 228k | state[4] = (state[4] + C) & 0xffffffffL; |
365 | | |
366 | 228k | if (--num == 0) { |
367 | 23.1k | break; |
368 | 23.1k | } |
369 | | |
370 | 204k | A = state[0]; |
371 | 204k | B = state[1]; |
372 | 204k | C = state[2]; |
373 | 204k | D = state[3]; |
374 | 204k | E = state[4]; |
375 | 204k | } |
376 | 23.1k | } |
377 | | #endif // !SHA1_ASM_NOHW |
378 | | |
379 | | static void sha1_block_data_order(uint32_t state[5], const uint8_t *data, |
380 | 23.1k | size_t num) { |
381 | | #if defined(SHA1_ASM_HW) |
382 | | if (sha1_hw_capable()) { |
383 | | sha1_block_data_order_hw(state, data, num); |
384 | | return; |
385 | | } |
386 | | #endif |
387 | | #if defined(SHA1_ASM_AVX2) |
388 | | if (sha1_avx2_capable()) { |
389 | | sha1_block_data_order_avx2(state, data, num); |
390 | | return; |
391 | | } |
392 | | #endif |
393 | | #if defined(SHA1_ASM_AVX) |
394 | | if (sha1_avx_capable()) { |
395 | | sha1_block_data_order_avx(state, data, num); |
396 | | return; |
397 | | } |
398 | | #endif |
399 | | #if defined(SHA1_ASM_SSSE3) |
400 | | if (sha1_ssse3_capable()) { |
401 | | sha1_block_data_order_ssse3(state, data, num); |
402 | | return; |
403 | | } |
404 | | #endif |
405 | | #if defined(SHA1_ASM_NEON) |
406 | | if (CRYPTO_is_NEON_capable()) { |
407 | | sha1_block_data_order_neon(state, data, num); |
408 | | return; |
409 | | } |
410 | | #endif |
411 | 23.1k | sha1_block_data_order_nohw(state, data, num); |
412 | 23.1k | } |
413 | | |
414 | | #endif // !SHA1_ASM |
415 | | |
416 | | #undef Xupdate |
417 | | #undef K_00_19 |
418 | | #undef K_20_39 |
419 | | #undef K_40_59 |
420 | | #undef K_60_79 |
421 | | #undef F_00_19 |
422 | | #undef F_20_39 |
423 | | #undef F_40_59 |
424 | | #undef F_60_79 |
425 | | #undef BODY_00_15 |
426 | | #undef BODY_16_19 |
427 | | #undef BODY_20_31 |
428 | | #undef BODY_32_39 |
429 | | #undef BODY_40_59 |
430 | | #undef BODY_60_79 |
431 | | #undef X |