void sha512_compress(sha512_ctx *ctx, const void *sbuf)
{
kludge64 a, b, c, d, e, f, g, h;
- kludge64 buf[80];
+ kludge64 m[16];
+ const kludge64 *k;
+ const octet *p;
int i;
static const kludge64 K[80] = {
X64(5fcb6fab, 3ad6faec), X64(6c44198c, 4a475817)
};
- /* --- Fetch the chaining variables --- */
-
- a = ctx->a;
- b = ctx->b;
- c = ctx->c;
- d = ctx->d;
- e = ctx->e;
- f = ctx->f;
- g = ctx->g;
- h = ctx->h;
+ a = ctx->a; b = ctx->b; c = ctx->c; d = ctx->d;
+ e = ctx->e; f = ctx->f; g = ctx->g; h = ctx->h;
+ for (p = sbuf, i = 0; i < 16; i++, p += 8) LOAD64_(m[i], p);
/* --- Definitions for round functions --- */
#define T(a, b, c, d, e, f, g, h, i) do { \
kludge64 t1, t2, x; \
- ADD64(t1, buf[i], K[i]); ADD64(t1, t1, h); \
+ ADD64(t1, m[i], k[i]); ADD64(t1, t1, h); \
S1(x, e); ADD64(t1, t1, x); CH(x, e, f, g); ADD64(t1, t1, x); \
S0(t2, a); MAJ(x, a, b, c); ADD64(t2, t2, x); \
ADD64(d, d, t1); ADD64(h, t1, t2); \
} while (0)
- /* --- Fetch and expand the buffer contents --- */
-
- {
- const octet *p;
-
- for (i = 0, p = sbuf; i < 16; i++, p += 8)
- LOAD64_(buf[i], p);
- for (i = 16; i < 80; i++) {
- kludge64 x;
- buf[i] = buf[i - 7]; s1(x, buf[i - 2]); ADD64(buf[i], buf[i], x);
- s0(x, buf[i - 15]); ADD64(buf[i], buf[i], x);
- ADD64(buf[i], buf[i], buf[i - 16]);
- }
- }
+#define M(i, i2, i7, i15) do { \
+ kludge64 t; \
+ ADD64(m[i], m[i], m[i7]); \
+ s1(t, m[i2]); ADD64(m[i], m[i], t); \
+ s0(t, m[i15]); ADD64(m[i], m[i], t); \
+} while (0)
/* --- The main compression function --- */
- for (i = 0; i < 80; i += 8) {
- T(a, b, c, d, e, f, g, h, i + 0);
- T(h, a, b, c, d, e, f, g, i + 1);
- T(g, h, a, b, c, d, e, f, i + 2);
- T(f, g, h, a, b, c, d, e, i + 3);
- T(e, f, g, h, a, b, c, d, i + 4);
- T(d, e, f, g, h, a, b, c, i + 5);
- T(c, d, e, f, g, h, a, b, i + 6);
- T(b, c, d, e, f, g, h, a, i + 7);
+ for (i = 0, k = K; i < 64; i += 16, k += 16) {
+ T(a, b, c, d, e, f, g, h, 0); M( 0, 14, 9, 1);
+ T(h, a, b, c, d, e, f, g, 1); M( 1, 15, 10, 2);
+ T(g, h, a, b, c, d, e, f, 2); M( 2, 0, 11, 3);
+ T(f, g, h, a, b, c, d, e, 3); M( 3, 1, 12, 4);
+ T(e, f, g, h, a, b, c, d, 4); M( 4, 2, 13, 5);
+ T(d, e, f, g, h, a, b, c, 5); M( 5, 3, 14, 6);
+ T(c, d, e, f, g, h, a, b, 6); M( 6, 4, 15, 7);
+ T(b, c, d, e, f, g, h, a, 7); M( 7, 5, 0, 8);
+ T(a, b, c, d, e, f, g, h, 8); M( 8, 6, 1, 9);
+ T(h, a, b, c, d, e, f, g, 9); M( 9, 7, 2, 10);
+ T(g, h, a, b, c, d, e, f, 10); M(10, 8, 3, 11);
+ T(f, g, h, a, b, c, d, e, 11); M(11, 9, 4, 12);
+ T(e, f, g, h, a, b, c, d, 12); M(12, 10, 5, 13);
+ T(d, e, f, g, h, a, b, c, 13); M(13, 11, 6, 14);
+ T(c, d, e, f, g, h, a, b, 14); M(14, 12, 7, 15);
+ T(b, c, d, e, f, g, h, a, 15); M(15, 13, 8, 0);
}
+ T(a, b, c, d, e, f, g, h, 0);
+ T(h, a, b, c, d, e, f, g, 1);
+ T(g, h, a, b, c, d, e, f, 2);
+ T(f, g, h, a, b, c, d, e, 3);
+ T(e, f, g, h, a, b, c, d, 4);
+ T(d, e, f, g, h, a, b, c, 5);
+ T(c, d, e, f, g, h, a, b, 6);
+ T(b, c, d, e, f, g, h, a, 7);
+ T(a, b, c, d, e, f, g, h, 8);
+ T(h, a, b, c, d, e, f, g, 9);
+ T(g, h, a, b, c, d, e, f, 10);
+ T(f, g, h, a, b, c, d, e, 11);
+ T(e, f, g, h, a, b, c, d, 12);
+ T(d, e, f, g, h, a, b, c, 13);
+ T(c, d, e, f, g, h, a, b, 14);
+ T(b, c, d, e, f, g, h, a, 15);
+
/* --- Update the chaining variables --- */
- ADD64(ctx->a, ctx->a, a);
- ADD64(ctx->b, ctx->b, b);
- ADD64(ctx->c, ctx->c, c);
- ADD64(ctx->d, ctx->d, d);
- ADD64(ctx->e, ctx->e, e);
- ADD64(ctx->f, ctx->f, f);
- ADD64(ctx->g, ctx->g, g);
- ADD64(ctx->h, ctx->h, h);
+ ADD64(ctx->a, ctx->a, a); ADD64(ctx->b, ctx->b, b);
+ ADD64(ctx->c, ctx->c, c); ADD64(ctx->d, ctx->d, d);
+ ADD64(ctx->e, ctx->e, e); ADD64(ctx->f, ctx->f, f);
+ ADD64(ctx->g, ctx->g, g); ADD64(ctx->h, ctx->h, h);
}
/* --- @sha512_init@, etc. --- *
LOAD64_(ctx->h, p + 56);
ctx->off = 0;
ctx->nl = U32(count);
- ctx->nh = U32(((count & ~MASK32) >> 16) >> 16);
+ ctx->nh = U32(((count & ~(unsigned long)MASK32) >> 16) >> 16);
}
/* --- @sha512_hash@, @sha384_hash@ --- *