soft.rs source code [crates/sha1/src/compress/soft.rs]

1	#![allow(clippy::many_single_char_names)]
2	use super::BLOCK_SIZE;
3	use core::convert::TryInto;
4
5	const K: [u32; `4`] = [`0x5A827999`, `0x6ED9EBA1`, `0x8F1BBCDC`, `0xCA62C1D6`];
6
7	#[inline(always)]
8	fn add(a: [u32; `4`], b: [u32; `4`]) -> [u32; `4`] {
9	[
10	a[`0`].wrapping_add(b[`0`]),
11	a[`1`].wrapping_add(b[`1`]),
12	a[`2`].wrapping_add(b[`2`]),
13	a[`3`].wrapping_add(b[`3`]),
14	]
15	}
16
17	#[inline(always)]
18	fn xor(a: [u32; `4`], b: [u32; `4`]) -> [u32; `4`] {
19	[a[`0`] ^ b[`0`], a[`1`] ^ b[`1`], a[`2`] ^ b[`2`], a[`3`] ^ b[`3`]]
20	}
21
22	#[inline]
23	pub fn sha1_first_add(e: u32, w0: [u32; `4`]) -> [u32; `4`] {
24	let [a: u32, b: u32, c: u32, d: u32] = w0;
25	[e.wrapping_add(a), b, c, d]
26	}
27
28	fn sha1msg1(a: [u32; `4`], b: [u32; `4`]) -> [u32; `4`] {
29	let [_, _, w2: u32, w3: u32] = a;
30	let [w4: u32, w5: u32, _, _] = b;
31	[a[`0`] ^ w2, a[`1`] ^ w3, a[`2`] ^ w4, a[`3`] ^ w5]
32	}
33
34	fn sha1msg2(a: [u32; `4`], b: [u32; `4`]) -> [u32; `4`] {
35	let [x0: u32, x1: u32, x2: u32, x3: u32] = a;
36	let [_, w13: u32, w14: u32, w15: u32] = b;
37
38	let w16: u32 = (x0 ^ w13).rotate_left(`1`);
39	let w17: u32 = (x1 ^ w14).rotate_left(`1`);
40	let w18: u32 = (x2 ^ w15).rotate_left(`1`);
41	let w19: u32 = (x3 ^ w16).rotate_left(`1`);
42
43	[w16, w17, w18, w19]
44	}
45
46	#[inline]
47	fn sha1_first_half(abcd: [u32; `4`], msg: [u32; `4`]) -> [u32; `4`] {
48	sha1_first_add(e:abcd[`0`].rotate_left(`30`), w0:msg)
49	}
50
51	fn sha1_digest_round_x4(abcd: [u32; `4`], work: [u32; `4`], i: i8) -> [u32; `4`] {
52	match i {
53	`0` => sha1rnds4c(abcd, msg:add(a:work, [K[`0`]; `4`])),
54	`1` => sha1rnds4p(abcd, msg:add(a:work, [K[`1`]; `4`])),
55	`2` => sha1rnds4m(abcd, msg:add(a:work, [K[`2`]; `4`])),
56	`3` => sha1rnds4p(abcd, msg:add(a:work, [K[`3`]; `4`])),
57	_ => unreachable!("unknown icosaround index"),
58	}
59	}
60
61	fn sha1rnds4c(abcd: [u32; `4`], msg: [u32; `4`]) -> [u32; `4`] {
62	let [mut a, mut b, mut c, mut d] = abcd;
63	let [t, u, v, w] = msg;
64	let mut e = `0u32`;
65
66	macro_rules! bool3ary_202 {
67	($a:expr, $b:expr, $c:expr) => {
68	$c ^ ($a & ($b ^ $c))
69	};
70	} // Choose, MD5F, SHA1C
71
72	e = e
73	.wrapping_add(a.rotate_left(`5`))
74	.wrapping_add(bool3ary_202!(b, c, d))
75	.wrapping_add(t);
76	b = b.rotate_left(`30`);
77
78	d = d
79	.wrapping_add(e.rotate_left(`5`))
80	.wrapping_add(bool3ary_202!(a, b, c))
81	.wrapping_add(u);
82	a = a.rotate_left(`30`);
83
84	c = c
85	.wrapping_add(d.rotate_left(`5`))
86	.wrapping_add(bool3ary_202!(e, a, b))
87	.wrapping_add(v);
88	e = e.rotate_left(`30`);
89
90	b = b
91	.wrapping_add(c.rotate_left(`5`))
92	.wrapping_add(bool3ary_202!(d, e, a))
93	.wrapping_add(w);
94	d = d.rotate_left(`30`);
95
96	[b, c, d, e]
97	}
98
99	fn sha1rnds4p(abcd: [u32; `4`], msg: [u32; `4`]) -> [u32; `4`] {
100	let [mut a, mut b, mut c, mut d] = abcd;
101	let [t, u, v, w] = msg;
102	let mut e = `0u32`;
103
104	macro_rules! bool3ary_150 {
105	($a:expr, $b:expr, $c:expr) => {
106	$a ^ $b ^ $c
107	};
108	} // Parity, XOR, MD5H, SHA1P
109
110	e = e
111	.wrapping_add(a.rotate_left(`5`))
112	.wrapping_add(bool3ary_150!(b, c, d))
113	.wrapping_add(t);
114	b = b.rotate_left(`30`);
115
116	d = d
117	.wrapping_add(e.rotate_left(`5`))
118	.wrapping_add(bool3ary_150!(a, b, c))
119	.wrapping_add(u);
120	a = a.rotate_left(`30`);
121
122	c = c
123	.wrapping_add(d.rotate_left(`5`))
124	.wrapping_add(bool3ary_150!(e, a, b))
125	.wrapping_add(v);
126	e = e.rotate_left(`30`);
127
128	b = b
129	.wrapping_add(c.rotate_left(`5`))
130	.wrapping_add(bool3ary_150!(d, e, a))
131	.wrapping_add(w);
132	d = d.rotate_left(`30`);
133
134	[b, c, d, e]
135	}
136
137	fn sha1rnds4m(abcd: [u32; `4`], msg: [u32; `4`]) -> [u32; `4`] {
138	let [mut a, mut b, mut c, mut d] = abcd;
139	let [t, u, v, w] = msg;
140	let mut e = `0u32`;
141
142	macro_rules! bool3ary_232 {
143	($a:expr, $b:expr, $c:expr) => {
144	($a & $b) ^ ($a & $c) ^ ($b & $c)
145	};
146	} // Majority, SHA1M
147
148	e = e
149	.wrapping_add(a.rotate_left(`5`))
150	.wrapping_add(bool3ary_232!(b, c, d))
151	.wrapping_add(t);
152	b = b.rotate_left(`30`);
153
154	d = d
155	.wrapping_add(e.rotate_left(`5`))
156	.wrapping_add(bool3ary_232!(a, b, c))
157	.wrapping_add(u);
158	a = a.rotate_left(`30`);
159
160	c = c
161	.wrapping_add(d.rotate_left(`5`))
162	.wrapping_add(bool3ary_232!(e, a, b))
163	.wrapping_add(v);
164	e = e.rotate_left(`30`);
165
166	b = b
167	.wrapping_add(c.rotate_left(`5`))
168	.wrapping_add(bool3ary_232!(d, e, a))
169	.wrapping_add(w);
170	d = d.rotate_left(`30`);
171
172	[b, c, d, e]
173	}
174
175	macro_rules! rounds4 {
176	($h0:ident, $h1:ident, $wk:expr, $i:expr) => {
177	sha1_digest_round_x4($h0, sha1_first_half($h1, $wk), $i)
178	};
179	}
180
181	macro_rules! schedule {
182	($v0:expr, $v1:expr, $v2:expr, $v3:expr) => {
183	sha1msg2(xor(sha1msg1($v0, $v1), $v2), $v3)
184	};
185	}
186
187	macro_rules! schedule_rounds4 {
188	(
189	$h0:ident, $h1:ident,
190	$w0:expr, $w1:expr, $w2:expr, $w3:expr, $w4:expr,
191	$i:expr
192	) => {
193	$w4 = schedule!($w0, $w1, $w2, $w3);
194	$h1 = rounds4!($h0, $h1, $w4, $i);
195	};
196	}
197
198	#[inline(always)]
199	fn sha1_digest_block_u32(state: &mut [u32; `5`], block: &[u32; `16`]) {
200	let mut w0 = [block[`0`], block[`1`], block[`2`], block[`3`]];
201	let mut w1 = [block[`4`], block[`5`], block[`6`], block[`7`]];
202	let mut w2 = [block[`8`], block[`9`], block[`10`], block[`11`]];
203	let mut w3 = [block[`12`], block[`13`], block[`14`], block[`15`]];
204	#[allow(clippy::needless_late_init)]
205	let mut w4;
206
207	let mut h0 = [state[`0`], state[`1`], state[`2`], state[`3`]];
208	let mut h1 = sha1_first_add(state[`4`], w0);
209
210	// Rounds 0..20
211	h1 = sha1_digest_round_x4(h0, h1, `0`);
212	h0 = rounds4!(h1, h0, w1, `0`);
213	h1 = rounds4!(h0, h1, w2, `0`);
214	h0 = rounds4!(h1, h0, w3, `0`);
215	schedule_rounds4!(h0, h1, w0, w1, w2, w3, w4, `0`);
216
217	// Rounds 20..40
218	schedule_rounds4!(h1, h0, w1, w2, w3, w4, w0, `1`);
219	schedule_rounds4!(h0, h1, w2, w3, w4, w0, w1, `1`);
220	schedule_rounds4!(h1, h0, w3, w4, w0, w1, w2, `1`);
221	schedule_rounds4!(h0, h1, w4, w0, w1, w2, w3, `1`);
222	schedule_rounds4!(h1, h0, w0, w1, w2, w3, w4, `1`);
223
224	// Rounds 40..60
225	schedule_rounds4!(h0, h1, w1, w2, w3, w4, w0, `2`);
226	schedule_rounds4!(h1, h0, w2, w3, w4, w0, w1, `2`);
227	schedule_rounds4!(h0, h1, w3, w4, w0, w1, w2, `2`);
228	schedule_rounds4!(h1, h0, w4, w0, w1, w2, w3, `2`);
229	schedule_rounds4!(h0, h1, w0, w1, w2, w3, w4, `2`);
230
231	// Rounds 60..80
232	schedule_rounds4!(h1, h0, w1, w2, w3, w4, w0, `3`);
233	schedule_rounds4!(h0, h1, w2, w3, w4, w0, w1, `3`);
234	schedule_rounds4!(h1, h0, w3, w4, w0, w1, w2, `3`);
235	schedule_rounds4!(h0, h1, w4, w0, w1, w2, w3, `3`);
236	schedule_rounds4!(h1, h0, w0, w1, w2, w3, w4, `3`);
237
238	let e = h1[`0`].rotate_left(`30`);
239	let [a, b, c, d] = h0;
240
241	state[`0`] = state[`0`].wrapping_add(a);
242	state[`1`] = state[`1`].wrapping_add(b);
243	state[`2`] = state[`2`].wrapping_add(c);
244	state[`3`] = state[`3`].wrapping_add(d);
245	state[`4`] = state[`4`].wrapping_add(e);
246	}
247
248	pub fn compress(state: &mut [u32; `5`], blocks: &[[u8; BLOCK_SIZE]]) {
249	let mut block_u32: [u32; 16] = [`0u32`; BLOCK_SIZE / `4`];
250	// since LLVM can't properly use aliasing yet it will make
251	// unnecessary state stores without this copy
252	let mut state_cpy: [u32; 5] = *state;
253	for block: &[u8; 64] in blocks.iter() {
254	for (o: &mut u32, chunk: &[u8]) in block_u32.iter_mut().zip(block.chunks_exact(chunk_size:`4`)) {
255	o = u32*::from_be_bytes(chunk.try_into().unwrap());
256	}
257	sha1_digest_block_u32(&mut state_cpy, &block_u32);
258	}
259	*state = state_cpy;
260	}
261