/rust/registry/src/index.crates.io-1949cf8c6b5b557f/sha1-0.10.6/src/compress/soft.rs

Source
#![allow(clippy::many_single_char_names)]
use super::BLOCK_SIZE;
use core::convert::TryInto;

const K: [u32; 4] = [0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6];

#[inline(always)]
fn add(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
    [
        a[0].wrapping_add(b[0]),
        a[1].wrapping_add(b[1]),
        a[2].wrapping_add(b[2]),
        a[3].wrapping_add(b[3]),
    ]
}

#[inline(always)]
fn xor(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
    [a[0] ^ b[0], a[1] ^ b[1], a[2] ^ b[2], a[3] ^ b[3]]
}

#[inline]
pub fn sha1_first_add(e: u32, w0: [u32; 4]) -> [u32; 4] {
    let [a, b, c, d] = w0;
    [e.wrapping_add(a), b, c, d]
}

fn sha1msg1(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
    let [_, _, w2, w3] = a;
    let [w4, w5, _, _] = b;
    [a[0] ^ w2, a[1] ^ w3, a[2] ^ w4, a[3] ^ w5]
}

fn sha1msg2(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
    let [x0, x1, x2, x3] = a;
    let [_, w13, w14, w15] = b;

    let w16 = (x0 ^ w13).rotate_left(1);
    let w17 = (x1 ^ w14).rotate_left(1);
    let w18 = (x2 ^ w15).rotate_left(1);
    let w19 = (x3 ^ w16).rotate_left(1);

    [w16, w17, w18, w19]
}

#[inline]
fn sha1_first_half(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
    sha1_first_add(abcd[0].rotate_left(30), msg)
}

fn sha1_digest_round_x4(abcd: [u32; 4], work: [u32; 4], i: i8) -> [u32; 4] {
    match i {
        0 => sha1rnds4c(abcd, add(work, [K[0]; 4])),
        1 => sha1rnds4p(abcd, add(work, [K[1]; 4])),
        2 => sha1rnds4m(abcd, add(work, [K[2]; 4])),
        3 => sha1rnds4p(abcd, add(work, [K[3]; 4])),
        _ => unreachable!("unknown icosaround index"),
    }
}

fn sha1rnds4c(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
    let [mut a, mut b, mut c, mut d] = abcd;
    let [t, u, v, w] = msg;
    let mut e = 0u32;

    macro_rules! bool3ary_202 {
        ($a:expr, $b:expr, $c:expr) => {
            $c ^ ($a & ($b ^ $c))
        };
    } // Choose, MD5F, SHA1C

    e = e
        .wrapping_add(a.rotate_left(5))
        .wrapping_add(bool3ary_202!(b, c, d))
        .wrapping_add(t);
    b = b.rotate_left(30);

    d = d
        .wrapping_add(e.rotate_left(5))
        .wrapping_add(bool3ary_202!(a, b, c))
        .wrapping_add(u);
    a = a.rotate_left(30);

    c = c
        .wrapping_add(d.rotate_left(5))
        .wrapping_add(bool3ary_202!(e, a, b))
        .wrapping_add(v);
    e = e.rotate_left(30);

    b = b
        .wrapping_add(c.rotate_left(5))
        .wrapping_add(bool3ary_202!(d, e, a))
        .wrapping_add(w);
    d = d.rotate_left(30);

    [b, c, d, e]
}

fn sha1rnds4p(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
    let [mut a, mut b, mut c, mut d] = abcd;
    let [t, u, v, w] = msg;
    let mut e = 0u32;

    macro_rules! bool3ary_150 {
        ($a:expr, $b:expr, $c:expr) => {
            $a ^ $b ^ $c
        };
    } // Parity, XOR, MD5H, SHA1P

    e = e
        .wrapping_add(a.rotate_left(5))
        .wrapping_add(bool3ary_150!(b, c, d))
        .wrapping_add(t);
    b = b.rotate_left(30);

    d = d
        .wrapping_add(e.rotate_left(5))
        .wrapping_add(bool3ary_150!(a, b, c))
        .wrapping_add(u);
    a = a.rotate_left(30);

    c = c
        .wrapping_add(d.rotate_left(5))
        .wrapping_add(bool3ary_150!(e, a, b))
        .wrapping_add(v);
    e = e.rotate_left(30);

    b = b
        .wrapping_add(c.rotate_left(5))
        .wrapping_add(bool3ary_150!(d, e, a))
        .wrapping_add(w);
    d = d.rotate_left(30);

    [b, c, d, e]
}

fn sha1rnds4m(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
    let [mut a, mut b, mut c, mut d] = abcd;
    let [t, u, v, w] = msg;
    let mut e = 0u32;

    macro_rules! bool3ary_232 {
        ($a:expr, $b:expr, $c:expr) => {
            ($a & $b) ^ ($a & $c) ^ ($b & $c)
        };
    } // Majority, SHA1M

    e = e
        .wrapping_add(a.rotate_left(5))
        .wrapping_add(bool3ary_232!(b, c, d))
        .wrapping_add(t);
    b = b.rotate_left(30);

    d = d
        .wrapping_add(e.rotate_left(5))
        .wrapping_add(bool3ary_232!(a, b, c))
        .wrapping_add(u);
    a = a.rotate_left(30);

    c = c
        .wrapping_add(d.rotate_left(5))
        .wrapping_add(bool3ary_232!(e, a, b))
        .wrapping_add(v);
    e = e.rotate_left(30);

    b = b
        .wrapping_add(c.rotate_left(5))
        .wrapping_add(bool3ary_232!(d, e, a))
        .wrapping_add(w);
    d = d.rotate_left(30);

    [b, c, d, e]
}

macro_rules! rounds4 {
    ($h0:ident, $h1:ident, $wk:expr, $i:expr) => {
        sha1_digest_round_x4($h0, sha1_first_half($h1, $wk), $i)
    };
}

macro_rules! schedule {
    ($v0:expr, $v1:expr, $v2:expr, $v3:expr) => {
        sha1msg2(xor(sha1msg1($v0, $v1), $v2), $v3)
    };
}

macro_rules! schedule_rounds4 {
    (
        $h0:ident, $h1:ident,
        $w0:expr, $w1:expr, $w2:expr, $w3:expr, $w4:expr,
        $i:expr
    ) => {
        $w4 = schedule!($w0, $w1, $w2, $w3);
        $h1 = rounds4!($h0, $h1, $w4, $i);
    };
}

#[inline(always)]
fn sha1_digest_block_u32(state: &mut [u32; 5], block: &[u32; 16]) {
    let mut w0 = [block[0], block[1], block[2], block[3]];
    let mut w1 = [block[4], block[5], block[6], block[7]];
    let mut w2 = [block[8], block[9], block[10], block[11]];
    let mut w3 = [block[12], block[13], block[14], block[15]];
    #[allow(clippy::needless_late_init)]
    let mut w4;

    let mut h0 = [state[0], state[1], state[2], state[3]];
    let mut h1 = sha1_first_add(state[4], w0);

    // Rounds 0..20
    h1 = sha1_digest_round_x4(h0, h1, 0);
    h0 = rounds4!(h1, h0, w1, 0);
    h1 = rounds4!(h0, h1, w2, 0);
    h0 = rounds4!(h1, h0, w3, 0);
    schedule_rounds4!(h0, h1, w0, w1, w2, w3, w4, 0);

    // Rounds 20..40
    schedule_rounds4!(h1, h0, w1, w2, w3, w4, w0, 1);
    schedule_rounds4!(h0, h1, w2, w3, w4, w0, w1, 1);
    schedule_rounds4!(h1, h0, w3, w4, w0, w1, w2, 1);
    schedule_rounds4!(h0, h1, w4, w0, w1, w2, w3, 1);
    schedule_rounds4!(h1, h0, w0, w1, w2, w3, w4, 1);

    // Rounds 40..60
    schedule_rounds4!(h0, h1, w1, w2, w3, w4, w0, 2);
    schedule_rounds4!(h1, h0, w2, w3, w4, w0, w1, 2);
    schedule_rounds4!(h0, h1, w3, w4, w0, w1, w2, 2);
    schedule_rounds4!(h1, h0, w4, w0, w1, w2, w3, 2);
    schedule_rounds4!(h0, h1, w0, w1, w2, w3, w4, 2);

    // Rounds 60..80
    schedule_rounds4!(h1, h0, w1, w2, w3, w4, w0, 3);
    schedule_rounds4!(h0, h1, w2, w3, w4, w0, w1, 3);
    schedule_rounds4!(h1, h0, w3, w4, w0, w1, w2, 3);
    schedule_rounds4!(h0, h1, w4, w0, w1, w2, w3, 3);
    schedule_rounds4!(h1, h0, w0, w1, w2, w3, w4, 3);

    let e = h1[0].rotate_left(30);
    let [a, b, c, d] = h0;

    state[0] = state[0].wrapping_add(a);
    state[1] = state[1].wrapping_add(b);
    state[2] = state[2].wrapping_add(c);
    state[3] = state[3].wrapping_add(d);
    state[4] = state[4].wrapping_add(e);
}

pub fn compress(state: &mut [u32; 5], blocks: &[[u8; BLOCK_SIZE]]) {
    let mut block_u32 = [0u32; BLOCK_SIZE / 4];
    // since LLVM can't properly use aliasing yet it will make
    // unnecessary state stores without this copy
    let mut state_cpy = *state;
    for block in blocks.iter() {
        for (o, chunk) in block_u32.iter_mut().zip(block.chunks_exact(4)) {
            *o = u32::from_be_bytes(chunk.try_into().unwrap());
        }
        sha1_digest_block_u32(&mut state_cpy, &block_u32);
    }
    *state = state_cpy;
}

Coverage Report

Created: 2026-01-17 07:12

Line	Count	Source
1		#![allow(clippy::many_single_char_names)]
2		use super::BLOCK_SIZE;
3		use core::convert::TryInto;
4
5		const K: [u32; 4] = [0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6];
6
7		#[inline(always)]
8	26.9M	fn add(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
9	26.9M	[
10	26.9M	a[0].wrapping_add(b[0]),
11	26.9M	a[1].wrapping_add(b[1]),
12	26.9M	a[2].wrapping_add(b[2]),
13	26.9M	a[3].wrapping_add(b[3]),
14	26.9M	]
15	26.9M	}
16
17		#[inline(always)]
18	21.5M	fn xor(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
19	21.5M	[a[0] ^ b[0], a[1] ^ b[1], a[2] ^ b[2], a[3] ^ b[3]]
20	21.5M	}
21
22		#[inline]
23	26.9M	pub fn sha1_first_add(e: u32, w0: [u32; 4]) -> [u32; 4] {
24	26.9M	let [a, b, c, d] = w0;
25	26.9M	[e.wrapping_add(a), b, c, d]
26	26.9M	}
27
28	21.5M	fn sha1msg1(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
29	21.5M	let [_, _, w2, w3] = a;
30	21.5M	let [w4, w5, _, _] = b;
31	21.5M	[a[0] ^ w2, a[1] ^ w3, a[2] ^ w4, a[3] ^ w5]
32	21.5M	}
33
34	21.5M	fn sha1msg2(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
35	21.5M	let [x0, x1, x2, x3] = a;
36	21.5M	let [_, w13, w14, w15] = b;
37
38	21.5M	let w16 = (x0 ^ w13).rotate_left(1);
39	21.5M	let w17 = (x1 ^ w14).rotate_left(1);
40	21.5M	let w18 = (x2 ^ w15).rotate_left(1);
41	21.5M	let w19 = (x3 ^ w16).rotate_left(1);
42
43	21.5M	[w16, w17, w18, w19]
44	21.5M	}
45
46		#[inline]
47	25.6M	fn sha1_first_half(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
48	25.6M	sha1_first_add(abcd[0].rotate_left(30), msg)
49	25.6M	}
50
51	26.9M	fn sha1_digest_round_x4(abcd: [u32; 4], work: [u32; 4], i: i8) -> [u32; 4] {
52	26.9M	match i {
53	6.74M	0 => sha1rnds4c(abcd, add(work, [K[0]; 4])),
54	6.74M	1 => sha1rnds4p(abcd, add(work, [K[1]; 4])),
55	6.74M	2 => sha1rnds4m(abcd, add(work, [K[2]; 4])),
56	6.74M	3 => sha1rnds4p(abcd, add(work, [K[3]; 4])),
57	0	_ => unreachable!("unknown icosaround index"),
58		}
59	26.9M	}
60
61	6.74M	fn sha1rnds4c(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
62	6.74M	let [mut a, mut b, mut c, mut d] = abcd;
63	6.74M	let [t, u, v, w] = msg;
64	6.74M	let mut e = 0u32;
65
66		macro_rules! bool3ary_202 {
67		($a:expr, $b:expr, $c:expr) => {
68		$c ^ ($a & ($b ^ $c))
69		};
70		} // Choose, MD5F, SHA1C
71
72	6.74M	e = e
73	6.74M	.wrapping_add(a.rotate_left(5))
74	6.74M	.wrapping_add(bool3ary_202!(b, c, d))
75	6.74M	.wrapping_add(t);
76	6.74M	b = b.rotate_left(30);
77
78	6.74M	d = d
79	6.74M	.wrapping_add(e.rotate_left(5))
80	6.74M	.wrapping_add(bool3ary_202!(a, b, c))
81	6.74M	.wrapping_add(u);
82	6.74M	a = a.rotate_left(30);
83
84	6.74M	c = c
85	6.74M	.wrapping_add(d.rotate_left(5))
86	6.74M	.wrapping_add(bool3ary_202!(e, a, b))
87	6.74M	.wrapping_add(v);
88	6.74M	e = e.rotate_left(30);
89
90	6.74M	b = b
91	6.74M	.wrapping_add(c.rotate_left(5))
92	6.74M	.wrapping_add(bool3ary_202!(d, e, a))
93	6.74M	.wrapping_add(w);
94	6.74M	d = d.rotate_left(30);
95
96	6.74M	[b, c, d, e]
97	6.74M	}
98
99	13.4M	fn sha1rnds4p(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
100	13.4M	let [mut a, mut b, mut c, mut d] = abcd;
101	13.4M	let [t, u, v, w] = msg;
102	13.4M	let mut e = 0u32;
103
104		macro_rules! bool3ary_150 {
105		($a:expr, $b:expr, $c:expr) => {
106		$a ^ $b ^ $c
107		};
108		} // Parity, XOR, MD5H, SHA1P
109
110	13.4M	e = e
111	13.4M	.wrapping_add(a.rotate_left(5))
112	13.4M	.wrapping_add(bool3ary_150!(b, c, d))
113	13.4M	.wrapping_add(t);
114	13.4M	b = b.rotate_left(30);
115
116	13.4M	d = d
117	13.4M	.wrapping_add(e.rotate_left(5))
118	13.4M	.wrapping_add(bool3ary_150!(a, b, c))
119	13.4M	.wrapping_add(u);
120	13.4M	a = a.rotate_left(30);
121
122	13.4M	c = c
123	13.4M	.wrapping_add(d.rotate_left(5))
124	13.4M	.wrapping_add(bool3ary_150!(e, a, b))
125	13.4M	.wrapping_add(v);
126	13.4M	e = e.rotate_left(30);
127
128	13.4M	b = b
129	13.4M	.wrapping_add(c.rotate_left(5))
130	13.4M	.wrapping_add(bool3ary_150!(d, e, a))
131	13.4M	.wrapping_add(w);
132	13.4M	d = d.rotate_left(30);
133
134	13.4M	[b, c, d, e]
135	13.4M	}
136
137	6.74M	fn sha1rnds4m(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
138	6.74M	let [mut a, mut b, mut c, mut d] = abcd;
139	6.74M	let [t, u, v, w] = msg;
140	6.74M	let mut e = 0u32;
141
142		macro_rules! bool3ary_232 {
143		($a:expr, $b:expr, $c:expr) => {
144		($a & $b) ^ ($a & $c) ^ ($b & $c)
145		};
146		} // Majority, SHA1M
147
148	6.74M	e = e
149	6.74M	.wrapping_add(a.rotate_left(5))
150	6.74M	.wrapping_add(bool3ary_232!(b, c, d))
151	6.74M	.wrapping_add(t);
152	6.74M	b = b.rotate_left(30);
153
154	6.74M	d = d
155	6.74M	.wrapping_add(e.rotate_left(5))
156	6.74M	.wrapping_add(bool3ary_232!(a, b, c))
157	6.74M	.wrapping_add(u);
158	6.74M	a = a.rotate_left(30);
159
160	6.74M	c = c
161	6.74M	.wrapping_add(d.rotate_left(5))
162	6.74M	.wrapping_add(bool3ary_232!(e, a, b))
163	6.74M	.wrapping_add(v);
164	6.74M	e = e.rotate_left(30);
165
166	6.74M	b = b
167	6.74M	.wrapping_add(c.rotate_left(5))
168	6.74M	.wrapping_add(bool3ary_232!(d, e, a))
169	6.74M	.wrapping_add(w);
170	6.74M	d = d.rotate_left(30);
171
172	6.74M	[b, c, d, e]
173	6.74M	}
174
175		macro_rules! rounds4 {
176		($h0:ident, $h1:ident, $wk:expr, $i:expr) => {
177		sha1_digest_round_x4($h0, sha1_first_half($h1, $wk), $i)
178		};
179		}
180
181		macro_rules! schedule {
182		($v0:expr, $v1:expr, $v2:expr, $v3:expr) => {
183		sha1msg2(xor(sha1msg1($v0, $v1), $v2), $v3)
184		};
185		}
186
187		macro_rules! schedule_rounds4 {
188		(
189		$h0:ident, $h1:ident,
190		$w0:expr, $w1:expr, $w2:expr, $w3:expr, $w4:expr,
191		$i:expr
192		) => {
193		$w4 = schedule!($w0, $w1, $w2, $w3);
194		$h1 = rounds4!($h0, $h1, $w4, $i);
195		};
196		}
197
198		#[inline(always)]
199	1.34M	fn sha1_digest_block_u32(state: &mut [u32; 5], block: &[u32; 16]) {
200	1.34M	let mut w0 = [block[0], block[1], block[2], block[3]];
201	1.34M	let mut w1 = [block[4], block[5], block[6], block[7]];
202	1.34M	let mut w2 = [block[8], block[9], block[10], block[11]];
203	1.34M	let mut w3 = [block[12], block[13], block[14], block[15]];
204		#[allow(clippy::needless_late_init)]
205		let mut w4;
206
207	1.34M	let mut h0 = [state[0], state[1], state[2], state[3]];
208	1.34M	let mut h1 = sha1_first_add(state[4], w0);
209
210		// Rounds 0..20
211	1.34M	h1 = sha1_digest_round_x4(h0, h1, 0);
212	1.34M	h0 = rounds4!(h1, h0, w1, 0);
213	1.34M	h1 = rounds4!(h0, h1, w2, 0);
214	1.34M	h0 = rounds4!(h1, h0, w3, 0);
215	1.34M	schedule_rounds4!(h0, h1, w0, w1, w2, w3, w4, 0);
216
217		// Rounds 20..40
218	1.34M	schedule_rounds4!(h1, h0, w1, w2, w3, w4, w0, 1);
219	1.34M	schedule_rounds4!(h0, h1, w2, w3, w4, w0, w1, 1);
220	1.34M	schedule_rounds4!(h1, h0, w3, w4, w0, w1, w2, 1);
221	1.34M	schedule_rounds4!(h0, h1, w4, w0, w1, w2, w3, 1);
222	1.34M	schedule_rounds4!(h1, h0, w0, w1, w2, w3, w4, 1);
223
224		// Rounds 40..60
225	1.34M	schedule_rounds4!(h0, h1, w1, w2, w3, w4, w0, 2);
226	1.34M	schedule_rounds4!(h1, h0, w2, w3, w4, w0, w1, 2);
227	1.34M	schedule_rounds4!(h0, h1, w3, w4, w0, w1, w2, 2);
228	1.34M	schedule_rounds4!(h1, h0, w4, w0, w1, w2, w3, 2);
229	1.34M	schedule_rounds4!(h0, h1, w0, w1, w2, w3, w4, 2);
230
231		// Rounds 60..80
232	1.34M	schedule_rounds4!(h1, h0, w1, w2, w3, w4, w0, 3);
233	1.34M	schedule_rounds4!(h0, h1, w2, w3, w4, w0, w1, 3);
234	1.34M	schedule_rounds4!(h1, h0, w3, w4, w0, w1, w2, 3);
235	1.34M	schedule_rounds4!(h0, h1, w4, w0, w1, w2, w3, 3);
236	1.34M	schedule_rounds4!(h1, h0, w0, w1, w2, w3, w4, 3);
237
238	1.34M	let e = h1[0].rotate_left(30);
239	1.34M	let [a, b, c, d] = h0;
240
241	1.34M	state[0] = state[0].wrapping_add(a);
242	1.34M	state[1] = state[1].wrapping_add(b);
243	1.34M	state[2] = state[2].wrapping_add(c);
244	1.34M	state[3] = state[3].wrapping_add(d);
245	1.34M	state[4] = state[4].wrapping_add(e);
246	1.34M	}
247
248	1.34M	pub fn compress(state: &mut [u32; 5], blocks: &[[u8; BLOCK_SIZE]]) {
249	1.34M	let mut block_u32 = [0u32; BLOCK_SIZE / 4];
250		// since LLVM can't properly use aliasing yet it will make
251		// unnecessary state stores without this copy
252	1.34M	let mut state_cpy = *state;
253	1.34M	for block in blocks.iter() {
254	21.5M	for (o, chunk) in block_u32.iter_mut().zip(block.chunks_exact(4)) {
255	21.5M	*o = u32::from_be_bytes(chunk.try_into().unwrap());
256	21.5M	}
257	1.34M	sha1_digest_block_u32(&mut state_cpy, &block_u32);
258		}
259	1.34M	*state = state_cpy;
260	1.34M	}