sha1/compress/
soft.rs

1#![allow(clippy::many_single_char_names)]
2use crate::consts::K;
3
4#[inline(always)]
5fn add(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
6    [
7        a[0].wrapping_add(b[0]),
8        a[1].wrapping_add(b[1]),
9        a[2].wrapping_add(b[2]),
10        a[3].wrapping_add(b[3]),
11    ]
12}
13
14#[inline(always)]
15fn xor(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
16    [a[0] ^ b[0], a[1] ^ b[1], a[2] ^ b[2], a[3] ^ b[3]]
17}
18
19#[inline]
20fn sha1_first_add(e: u32, w0: [u32; 4]) -> [u32; 4] {
21    let [a, b, c, d] = w0;
22    [e.wrapping_add(a), b, c, d]
23}
24
25fn sha1msg1(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
26    let [_, _, w2, w3] = a;
27    let [w4, w5, _, _] = b;
28    [a[0] ^ w2, a[1] ^ w3, a[2] ^ w4, a[3] ^ w5]
29}
30
31fn sha1msg2(a: [u32; 4], b: [u32; 4]) -> [u32; 4] {
32    let [x0, x1, x2, x3] = a;
33    let [_, w13, w14, w15] = b;
34
35    let w16 = (x0 ^ w13).rotate_left(1);
36    let w17 = (x1 ^ w14).rotate_left(1);
37    let w18 = (x2 ^ w15).rotate_left(1);
38    let w19 = (x3 ^ w16).rotate_left(1);
39
40    [w16, w17, w18, w19]
41}
42
43#[inline]
44fn sha1_first_half(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
45    sha1_first_add(abcd[0].rotate_left(30), msg)
46}
47
48fn sha1_digest_round_x4(abcd: [u32; 4], work: [u32; 4], i: i8) -> [u32; 4] {
49    match i {
50        0 => sha1rnds4c(abcd, add(work, [K[0]; 4])),
51        1 => sha1rnds4p(abcd, add(work, [K[1]; 4])),
52        2 => sha1rnds4m(abcd, add(work, [K[2]; 4])),
53        3 => sha1rnds4p(abcd, add(work, [K[3]; 4])),
54        _ => unreachable!("unknown icosaround index"),
55    }
56}
57
58fn sha1rnds4c(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
59    let [mut a, mut b, mut c, mut d] = abcd;
60    let [t, u, v, w] = msg;
61    let mut e = 0u32;
62
63    macro_rules! bool3ary_202 {
64        ($a:expr, $b:expr, $c:expr) => {
65            $c ^ ($a & ($b ^ $c))
66        };
67    } // Choose, MD5F, SHA1C
68
69    e = e
70        .wrapping_add(a.rotate_left(5))
71        .wrapping_add(bool3ary_202!(b, c, d))
72        .wrapping_add(t);
73    b = b.rotate_left(30);
74
75    d = d
76        .wrapping_add(e.rotate_left(5))
77        .wrapping_add(bool3ary_202!(a, b, c))
78        .wrapping_add(u);
79    a = a.rotate_left(30);
80
81    c = c
82        .wrapping_add(d.rotate_left(5))
83        .wrapping_add(bool3ary_202!(e, a, b))
84        .wrapping_add(v);
85    e = e.rotate_left(30);
86
87    b = b
88        .wrapping_add(c.rotate_left(5))
89        .wrapping_add(bool3ary_202!(d, e, a))
90        .wrapping_add(w);
91    d = d.rotate_left(30);
92
93    [b, c, d, e]
94}
95
96fn sha1rnds4p(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
97    let [mut a, mut b, mut c, mut d] = abcd;
98    let [t, u, v, w] = msg;
99    let mut e = 0u32;
100
101    macro_rules! bool3ary_150 {
102        ($a:expr, $b:expr, $c:expr) => {
103            $a ^ $b ^ $c
104        };
105    } // Parity, XOR, MD5H, SHA1P
106
107    e = e
108        .wrapping_add(a.rotate_left(5))
109        .wrapping_add(bool3ary_150!(b, c, d))
110        .wrapping_add(t);
111    b = b.rotate_left(30);
112
113    d = d
114        .wrapping_add(e.rotate_left(5))
115        .wrapping_add(bool3ary_150!(a, b, c))
116        .wrapping_add(u);
117    a = a.rotate_left(30);
118
119    c = c
120        .wrapping_add(d.rotate_left(5))
121        .wrapping_add(bool3ary_150!(e, a, b))
122        .wrapping_add(v);
123    e = e.rotate_left(30);
124
125    b = b
126        .wrapping_add(c.rotate_left(5))
127        .wrapping_add(bool3ary_150!(d, e, a))
128        .wrapping_add(w);
129    d = d.rotate_left(30);
130
131    [b, c, d, e]
132}
133
134fn sha1rnds4m(abcd: [u32; 4], msg: [u32; 4]) -> [u32; 4] {
135    let [mut a, mut b, mut c, mut d] = abcd;
136    let [t, u, v, w] = msg;
137    let mut e = 0u32;
138
139    macro_rules! bool3ary_232 {
140        ($a:expr, $b:expr, $c:expr) => {
141            ($a & $b) ^ ($a & $c) ^ ($b & $c)
142        };
143    } // Majority, SHA1M
144
145    e = e
146        .wrapping_add(a.rotate_left(5))
147        .wrapping_add(bool3ary_232!(b, c, d))
148        .wrapping_add(t);
149    b = b.rotate_left(30);
150
151    d = d
152        .wrapping_add(e.rotate_left(5))
153        .wrapping_add(bool3ary_232!(a, b, c))
154        .wrapping_add(u);
155    a = a.rotate_left(30);
156
157    c = c
158        .wrapping_add(d.rotate_left(5))
159        .wrapping_add(bool3ary_232!(e, a, b))
160        .wrapping_add(v);
161    e = e.rotate_left(30);
162
163    b = b
164        .wrapping_add(c.rotate_left(5))
165        .wrapping_add(bool3ary_232!(d, e, a))
166        .wrapping_add(w);
167    d = d.rotate_left(30);
168
169    [b, c, d, e]
170}
171
172macro_rules! rounds4 {
173    ($h0:ident, $h1:ident, $wk:expr, $i:expr) => {
174        sha1_digest_round_x4($h0, sha1_first_half($h1, $wk), $i)
175    };
176}
177
178macro_rules! schedule {
179    ($v0:expr, $v1:expr, $v2:expr, $v3:expr) => {
180        sha1msg2(xor(sha1msg1($v0, $v1), $v2), $v3)
181    };
182}
183
184macro_rules! schedule_rounds4 {
185    (
186        $h0:ident, $h1:ident,
187        $w0:expr, $w1:expr, $w2:expr, $w3:expr, $w4:expr,
188        $i:expr
189    ) => {
190        $w4 = schedule!($w0, $w1, $w2, $w3);
191        $h1 = rounds4!($h0, $h1, $w4, $i);
192    };
193}
194
195#[inline(always)]
196fn digest_block(state: &mut [u32; 5], block: [u32; 16]) {
197    let mut w0 = [block[0], block[1], block[2], block[3]];
198    let mut w1 = [block[4], block[5], block[6], block[7]];
199    let mut w2 = [block[8], block[9], block[10], block[11]];
200    let mut w3 = [block[12], block[13], block[14], block[15]];
201    #[allow(clippy::needless_late_init)]
202    let mut w4;
203
204    let mut h0 = [state[0], state[1], state[2], state[3]];
205    let mut h1 = sha1_first_add(state[4], w0);
206
207    // Rounds 0..20
208    h1 = sha1_digest_round_x4(h0, h1, 0);
209    h0 = rounds4!(h1, h0, w1, 0);
210    h1 = rounds4!(h0, h1, w2, 0);
211    h0 = rounds4!(h1, h0, w3, 0);
212    schedule_rounds4!(h0, h1, w0, w1, w2, w3, w4, 0);
213
214    // Rounds 20..40
215    schedule_rounds4!(h1, h0, w1, w2, w3, w4, w0, 1);
216    schedule_rounds4!(h0, h1, w2, w3, w4, w0, w1, 1);
217    schedule_rounds4!(h1, h0, w3, w4, w0, w1, w2, 1);
218    schedule_rounds4!(h0, h1, w4, w0, w1, w2, w3, 1);
219    schedule_rounds4!(h1, h0, w0, w1, w2, w3, w4, 1);
220
221    // Rounds 40..60
222    schedule_rounds4!(h0, h1, w1, w2, w3, w4, w0, 2);
223    schedule_rounds4!(h1, h0, w2, w3, w4, w0, w1, 2);
224    schedule_rounds4!(h0, h1, w3, w4, w0, w1, w2, 2);
225    schedule_rounds4!(h1, h0, w4, w0, w1, w2, w3, 2);
226    schedule_rounds4!(h0, h1, w0, w1, w2, w3, w4, 2);
227
228    // Rounds 60..80
229    schedule_rounds4!(h1, h0, w1, w2, w3, w4, w0, 3);
230    schedule_rounds4!(h0, h1, w2, w3, w4, w0, w1, 3);
231    schedule_rounds4!(h1, h0, w3, w4, w0, w1, w2, 3);
232    schedule_rounds4!(h0, h1, w4, w0, w1, w2, w3, 3);
233    schedule_rounds4!(h1, h0, w0, w1, w2, w3, w4, 3);
234
235    let e = h1[0].rotate_left(30);
236    let [a, b, c, d] = h0;
237
238    state[0] = state[0].wrapping_add(a);
239    state[1] = state[1].wrapping_add(b);
240    state[2] = state[2].wrapping_add(c);
241    state[3] = state[3].wrapping_add(d);
242    state[4] = state[4].wrapping_add(e);
243}
244
245fn read_block(block: &[u8; 64]) -> [u32; 16] {
246    core::array::from_fn(|i| {
247        let chunk = &block[4 * i..][..4];
248        u32::from_be_bytes(chunk.try_into().unwrap())
249    })
250}
251
252pub(crate) fn compress(state: &mut [u32; 5], blocks: &[[u8; 64]]) {
253    for block in blocks.iter().map(read_block) {
254        digest_block(state, block);
255    }
256}
sha1/compress/soft.rs

sha1/compress/
soft.rs
