root/maint/gnulib/lib/sha512.c

/* [previous][next][first][last][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. sha512_init_ctx
  2. sha384_init_ctx
  3. set_uint64
  4. sha512_read_ctx
  5. sha384_read_ctx
  6. sha512_conclude_ctx
  7. sha512_finish_ctx
  8. sha384_finish_ctx
  9. sha512_buffer
  10. sha384_buffer
  11. sha512_process_bytes
  12. sha512_process_block
   1 /* sha512.c - Functions to compute SHA512 and SHA384 message digest of files or
   2    memory blocks according to the NIST specification FIPS-180-2.
   3 
   4    Copyright (C) 2005-2006, 2008-2021 Free Software Foundation, Inc.
   5 
   6    This file is free software: you can redistribute it and/or modify
   7    it under the terms of the GNU Lesser General Public License as
   8    published by the Free Software Foundation; either version 2.1 of the
   9    License, or (at your option) any later version.
  10 
  11    This file is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU Lesser General Public License for more details.
  15 
  16    You should have received a copy of the GNU Lesser General Public License
  17    along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
  18 
  19 /* Written by David Madore, considerably copypasting from
  20    Scott G. Miller's sha1.c
  21 */
  22 
  23 #include <config.h>
  24 
  25 /* Specification.  */
  26 #if HAVE_OPENSSL_SHA512
  27 # define GL_OPENSSL_INLINE _GL_EXTERN_INLINE
  28 #endif
  29 #include "sha512.h"
  30 
  31 #include <stdalign.h>
  32 #include <stdint.h>
  33 #include <string.h>
  34 
  35 #include <byteswap.h>
  36 #ifdef WORDS_BIGENDIAN
  37 # define SWAP(n) (n)
  38 #else
  39 # define SWAP(n) bswap_64 (n)
  40 #endif
  41 
  42 #if ! HAVE_OPENSSL_SHA512
  43 
  44 /* This array contains the bytes used to pad the buffer to the next
  45    128-byte boundary.  */
  46 static const unsigned char fillbuf[128] = { 0x80, 0 /* , 0, 0, ...  */ };
  47 
  48 
  49 /*
  50   Takes a pointer to a 512 bit block of data (eight 64 bit ints) and
  51   initializes it to the start constants of the SHA512 algorithm.  This
  52   must be called before using hash in the call to sha512_hash
  53 */
  54 void
  55 sha512_init_ctx (struct sha512_ctx *ctx)
     /* [previous][next][first][last][top][bottom][index][help] */
  56 {
  57   ctx->state[0] = u64hilo (0x6a09e667, 0xf3bcc908);
  58   ctx->state[1] = u64hilo (0xbb67ae85, 0x84caa73b);
  59   ctx->state[2] = u64hilo (0x3c6ef372, 0xfe94f82b);
  60   ctx->state[3] = u64hilo (0xa54ff53a, 0x5f1d36f1);
  61   ctx->state[4] = u64hilo (0x510e527f, 0xade682d1);
  62   ctx->state[5] = u64hilo (0x9b05688c, 0x2b3e6c1f);
  63   ctx->state[6] = u64hilo (0x1f83d9ab, 0xfb41bd6b);
  64   ctx->state[7] = u64hilo (0x5be0cd19, 0x137e2179);
  65 
  66   ctx->total[0] = ctx->total[1] = u64lo (0);
  67   ctx->buflen = 0;
  68 }
  69 
  70 void
  71 sha384_init_ctx (struct sha512_ctx *ctx)
     /* [previous][next][first][last][top][bottom][index][help] */
  72 {
  73   ctx->state[0] = u64hilo (0xcbbb9d5d, 0xc1059ed8);
  74   ctx->state[1] = u64hilo (0x629a292a, 0x367cd507);
  75   ctx->state[2] = u64hilo (0x9159015a, 0x3070dd17);
  76   ctx->state[3] = u64hilo (0x152fecd8, 0xf70e5939);
  77   ctx->state[4] = u64hilo (0x67332667, 0xffc00b31);
  78   ctx->state[5] = u64hilo (0x8eb44a87, 0x68581511);
  79   ctx->state[6] = u64hilo (0xdb0c2e0d, 0x64f98fa7);
  80   ctx->state[7] = u64hilo (0x47b5481d, 0xbefa4fa4);
  81 
  82   ctx->total[0] = ctx->total[1] = u64lo (0);
  83   ctx->buflen = 0;
  84 }
  85 
  86 /* Copy the value from V into the memory location pointed to by *CP,
  87    If your architecture allows unaligned access, this is equivalent to
  88    * (__typeof__ (v) *) cp = v  */
  89 static void
  90 set_uint64 (char *cp, u64 v)
     /* [previous][next][first][last][top][bottom][index][help] */
  91 {
  92   memcpy (cp, &v, sizeof v);
  93 }
  94 
  95 /* Put result from CTX in first 64 bytes following RESBUF.
  96    The result must be in little endian byte order.  */
  97 void *
  98 sha512_read_ctx (const struct sha512_ctx *ctx, void *resbuf)
     /* [previous][next][first][last][top][bottom][index][help] */
  99 {
 100   int i;
 101   char *r = resbuf;
 102 
 103   for (i = 0; i < 8; i++)
 104     set_uint64 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
 105 
 106   return resbuf;
 107 }
 108 
 109 void *
 110 sha384_read_ctx (const struct sha512_ctx *ctx, void *resbuf)
     /* [previous][next][first][last][top][bottom][index][help] */
 111 {
 112   int i;
 113   char *r = resbuf;
 114 
 115   for (i = 0; i < 6; i++)
 116     set_uint64 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
 117 
 118   return resbuf;
 119 }
 120 
 121 /* Process the remaining bytes in the internal buffer and the usual
 122    prolog according to the standard and write the result to RESBUF.  */
 123 static void
 124 sha512_conclude_ctx (struct sha512_ctx *ctx)
     /* [previous][next][first][last][top][bottom][index][help] */
 125 {
 126   /* Take yet unprocessed bytes into account.  */
 127   size_t bytes = ctx->buflen;
 128   size_t size = (bytes < 112) ? 128 / 8 : 128 * 2 / 8;
 129 
 130   /* Now count remaining bytes.  */
 131   ctx->total[0] = u64plus (ctx->total[0], u64lo (bytes));
 132   if (u64lt (ctx->total[0], u64lo (bytes)))
 133     ctx->total[1] = u64plus (ctx->total[1], u64lo (1));
 134 
 135   /* Put the 128-bit file length in *bits* at the end of the buffer.
 136      Use set_uint64 rather than a simple assignment, to avoid risk of
 137      unaligned access.  */
 138   set_uint64 ((char *) &ctx->buffer[size - 2],
 139               SWAP (u64or (u64shl (ctx->total[1], 3),
 140                            u64shr (ctx->total[0], 61))));
 141   set_uint64 ((char *) &ctx->buffer[size - 1],
 142               SWAP (u64shl (ctx->total[0], 3)));
 143 
 144   memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 8 - bytes);
 145 
 146   /* Process last bytes.  */
 147   sha512_process_block (ctx->buffer, size * 8, ctx);
 148 }
 149 
 150 void *
 151 sha512_finish_ctx (struct sha512_ctx *ctx, void *resbuf)
     /* [previous][next][first][last][top][bottom][index][help] */
 152 {
 153   sha512_conclude_ctx (ctx);
 154   return sha512_read_ctx (ctx, resbuf);
 155 }
 156 
 157 void *
 158 sha384_finish_ctx (struct sha512_ctx *ctx, void *resbuf)
     /* [previous][next][first][last][top][bottom][index][help] */
 159 {
 160   sha512_conclude_ctx (ctx);
 161   return sha384_read_ctx (ctx, resbuf);
 162 }
 163 
 164 /* Compute SHA512 message digest for LEN bytes beginning at BUFFER.  The
 165    result is always in little endian byte order, so that a byte-wise
 166    output yields to the wanted ASCII representation of the message
 167    digest.  */
 168 void *
 169 sha512_buffer (const char *buffer, size_t len, void *resblock)
     /* [previous][next][first][last][top][bottom][index][help] */
 170 {
 171   struct sha512_ctx ctx;
 172 
 173   /* Initialize the computation context.  */
 174   sha512_init_ctx (&ctx);
 175 
 176   /* Process whole buffer but last len % 128 bytes.  */
 177   sha512_process_bytes (buffer, len, &ctx);
 178 
 179   /* Put result in desired memory area.  */
 180   return sha512_finish_ctx (&ctx, resblock);
 181 }
 182 
 183 void *
 184 sha384_buffer (const char *buffer, size_t len, void *resblock)
     /* [previous][next][first][last][top][bottom][index][help] */
 185 {
 186   struct sha512_ctx ctx;
 187 
 188   /* Initialize the computation context.  */
 189   sha384_init_ctx (&ctx);
 190 
 191   /* Process whole buffer but last len % 128 bytes.  */
 192   sha512_process_bytes (buffer, len, &ctx);
 193 
 194   /* Put result in desired memory area.  */
 195   return sha384_finish_ctx (&ctx, resblock);
 196 }
 197 
 198 void
 199 sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx)
     /* [previous][next][first][last][top][bottom][index][help] */
 200 {
 201   /* When we already have some bits in our internal buffer concatenate
 202      both inputs first.  */
 203   if (ctx->buflen != 0)
 204     {
 205       size_t left_over = ctx->buflen;
 206       size_t add = 256 - left_over > len ? len : 256 - left_over;
 207 
 208       memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
 209       ctx->buflen += add;
 210 
 211       if (ctx->buflen > 128)
 212         {
 213           sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx);
 214 
 215           ctx->buflen &= 127;
 216           /* The regions in the following copy operation cannot overlap,
 217              because ctx->buflen < 128 ≤ (left_over + add) & ~127.  */
 218           memcpy (ctx->buffer,
 219                   &((char *) ctx->buffer)[(left_over + add) & ~127],
 220                   ctx->buflen);
 221         }
 222 
 223       buffer = (const char *) buffer + add;
 224       len -= add;
 225     }
 226 
 227   /* Process available complete blocks.  */
 228   if (len >= 128)
 229     {
 230 #if !(_STRING_ARCH_unaligned || _STRING_INLINE_unaligned)
 231 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (u64) != 0)
 232       if (UNALIGNED_P (buffer))
 233         while (len > 128)
 234           {
 235             sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128, ctx);
 236             buffer = (const char *) buffer + 128;
 237             len -= 128;
 238           }
 239       else
 240 #endif
 241         {
 242           sha512_process_block (buffer, len & ~127, ctx);
 243           buffer = (const char *) buffer + (len & ~127);
 244           len &= 127;
 245         }
 246     }
 247 
 248   /* Move remaining bytes in internal buffer.  */
 249   if (len > 0)
 250     {
 251       size_t left_over = ctx->buflen;
 252 
 253       memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
 254       left_over += len;
 255       if (left_over >= 128)
 256         {
 257           sha512_process_block (ctx->buffer, 128, ctx);
 258           left_over -= 128;
 259           /* The regions in the following copy operation cannot overlap,
 260              because left_over ≤ 128.  */
 261           memcpy (ctx->buffer, &ctx->buffer[16], left_over);
 262         }
 263       ctx->buflen = left_over;
 264     }
 265 }
 266 
 267 /* --- Code below is the primary difference between sha1.c and sha512.c --- */
 268 
 269 /* SHA512 round constants */
 270 #define K(I) sha512_round_constants[I]
 271 static u64 const sha512_round_constants[80] = {
 272   u64init (0x428a2f98, 0xd728ae22), u64init (0x71374491, 0x23ef65cd),
 273   u64init (0xb5c0fbcf, 0xec4d3b2f), u64init (0xe9b5dba5, 0x8189dbbc),
 274   u64init (0x3956c25b, 0xf348b538), u64init (0x59f111f1, 0xb605d019),
 275   u64init (0x923f82a4, 0xaf194f9b), u64init (0xab1c5ed5, 0xda6d8118),
 276   u64init (0xd807aa98, 0xa3030242), u64init (0x12835b01, 0x45706fbe),
 277   u64init (0x243185be, 0x4ee4b28c), u64init (0x550c7dc3, 0xd5ffb4e2),
 278   u64init (0x72be5d74, 0xf27b896f), u64init (0x80deb1fe, 0x3b1696b1),
 279   u64init (0x9bdc06a7, 0x25c71235), u64init (0xc19bf174, 0xcf692694),
 280   u64init (0xe49b69c1, 0x9ef14ad2), u64init (0xefbe4786, 0x384f25e3),
 281   u64init (0x0fc19dc6, 0x8b8cd5b5), u64init (0x240ca1cc, 0x77ac9c65),
 282   u64init (0x2de92c6f, 0x592b0275), u64init (0x4a7484aa, 0x6ea6e483),
 283   u64init (0x5cb0a9dc, 0xbd41fbd4), u64init (0x76f988da, 0x831153b5),
 284   u64init (0x983e5152, 0xee66dfab), u64init (0xa831c66d, 0x2db43210),
 285   u64init (0xb00327c8, 0x98fb213f), u64init (0xbf597fc7, 0xbeef0ee4),
 286   u64init (0xc6e00bf3, 0x3da88fc2), u64init (0xd5a79147, 0x930aa725),
 287   u64init (0x06ca6351, 0xe003826f), u64init (0x14292967, 0x0a0e6e70),
 288   u64init (0x27b70a85, 0x46d22ffc), u64init (0x2e1b2138, 0x5c26c926),
 289   u64init (0x4d2c6dfc, 0x5ac42aed), u64init (0x53380d13, 0x9d95b3df),
 290   u64init (0x650a7354, 0x8baf63de), u64init (0x766a0abb, 0x3c77b2a8),
 291   u64init (0x81c2c92e, 0x47edaee6), u64init (0x92722c85, 0x1482353b),
 292   u64init (0xa2bfe8a1, 0x4cf10364), u64init (0xa81a664b, 0xbc423001),
 293   u64init (0xc24b8b70, 0xd0f89791), u64init (0xc76c51a3, 0x0654be30),
 294   u64init (0xd192e819, 0xd6ef5218), u64init (0xd6990624, 0x5565a910),
 295   u64init (0xf40e3585, 0x5771202a), u64init (0x106aa070, 0x32bbd1b8),
 296   u64init (0x19a4c116, 0xb8d2d0c8), u64init (0x1e376c08, 0x5141ab53),
 297   u64init (0x2748774c, 0xdf8eeb99), u64init (0x34b0bcb5, 0xe19b48a8),
 298   u64init (0x391c0cb3, 0xc5c95a63), u64init (0x4ed8aa4a, 0xe3418acb),
 299   u64init (0x5b9cca4f, 0x7763e373), u64init (0x682e6ff3, 0xd6b2b8a3),
 300   u64init (0x748f82ee, 0x5defb2fc), u64init (0x78a5636f, 0x43172f60),
 301   u64init (0x84c87814, 0xa1f0ab72), u64init (0x8cc70208, 0x1a6439ec),
 302   u64init (0x90befffa, 0x23631e28), u64init (0xa4506ceb, 0xde82bde9),
 303   u64init (0xbef9a3f7, 0xb2c67915), u64init (0xc67178f2, 0xe372532b),
 304   u64init (0xca273ece, 0xea26619c), u64init (0xd186b8c7, 0x21c0c207),
 305   u64init (0xeada7dd6, 0xcde0eb1e), u64init (0xf57d4f7f, 0xee6ed178),
 306   u64init (0x06f067aa, 0x72176fba), u64init (0x0a637dc5, 0xa2c898a6),
 307   u64init (0x113f9804, 0xbef90dae), u64init (0x1b710b35, 0x131c471b),
 308   u64init (0x28db77f5, 0x23047d84), u64init (0x32caab7b, 0x40c72493),
 309   u64init (0x3c9ebe0a, 0x15c9bebc), u64init (0x431d67c4, 0x9c100d4c),
 310   u64init (0x4cc5d4be, 0xcb3e42b6), u64init (0x597f299c, 0xfc657e2a),
 311   u64init (0x5fcb6fab, 0x3ad6faec), u64init (0x6c44198c, 0x4a475817),
 312 };
 313 
 314 /* Round functions.  */
 315 #define F2(A, B, C) u64or (u64and (A, B), u64and (C, u64or (A, B)))
 316 #define F1(E, F, G) u64xor (G, u64and (E, u64xor (F, G)))
 317 
 318 /* Process LEN bytes of BUFFER, accumulating context into CTX.
 319    It is assumed that LEN % 128 == 0.
 320    Most of this code comes from GnuPG's cipher/sha1.c.  */
 321 
 322 void
 323 sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx)
     /* [previous][next][first][last][top][bottom][index][help] */
 324 {
 325   u64 const *words = buffer;
 326   u64 const *endp = words + len / sizeof (u64);
 327   u64 x[16];
 328   u64 a = ctx->state[0];
 329   u64 b = ctx->state[1];
 330   u64 c = ctx->state[2];
 331   u64 d = ctx->state[3];
 332   u64 e = ctx->state[4];
 333   u64 f = ctx->state[5];
 334   u64 g = ctx->state[6];
 335   u64 h = ctx->state[7];
 336   u64 lolen = u64size (len);
 337 
 338   /* First increment the byte count.  FIPS PUB 180-2 specifies the possible
 339      length of the file up to 2^128 bits.  Here we only compute the
 340      number of bytes.  Do a double word increment.  */
 341   ctx->total[0] = u64plus (ctx->total[0], lolen);
 342   ctx->total[1] = u64plus (ctx->total[1],
 343                            u64plus (u64size (len >> 31 >> 31 >> 2),
 344                                     u64lo (u64lt (ctx->total[0], lolen))));
 345 
 346 #define S0(x) u64xor (u64rol(x, 63), u64xor (u64rol (x, 56), u64shr (x, 7)))
 347 #define S1(x) u64xor (u64rol (x, 45), u64xor (u64rol (x, 3), u64shr (x, 6)))
 348 #define SS0(x) u64xor (u64rol (x, 36), u64xor (u64rol (x, 30), u64rol (x, 25)))
 349 #define SS1(x) u64xor (u64rol(x, 50), u64xor (u64rol (x, 46), u64rol (x, 23)))
 350 
 351 #define M(I) (x[(I) & 15]                                                 \
 352               = u64plus (x[(I) & 15],                                     \
 353                          u64plus (S1 (x[((I) - 2) & 15]),                 \
 354                                   u64plus (x[((I) - 7) & 15],             \
 355                                            S0 (x[((I) - 15) & 15])))))
 356 
 357 #define R(A, B, C, D, E, F, G, H, K, M)                                   \
 358   do                                                                      \
 359     {                                                                     \
 360       u64 t0 = u64plus (SS0 (A), F2 (A, B, C));                           \
 361       u64 t1 =                                                            \
 362         u64plus (H, u64plus (SS1 (E),                                     \
 363                              u64plus (F1 (E, F, G), u64plus (K, M))));    \
 364       D = u64plus (D, t1);                                                \
 365       H = u64plus (t0, t1);                                               \
 366     }                                                                     \
 367   while (0)
 368 
 369   while (words < endp)
 370     {
 371       int t;
 372       /* FIXME: see sha1.c for a better implementation.  */
 373       for (t = 0; t < 16; t++)
 374         {
 375           x[t] = SWAP (*words);
 376           words++;
 377         }
 378 
 379       R( a, b, c, d, e, f, g, h, K( 0), x[ 0] );
 380       R( h, a, b, c, d, e, f, g, K( 1), x[ 1] );
 381       R( g, h, a, b, c, d, e, f, K( 2), x[ 2] );
 382       R( f, g, h, a, b, c, d, e, K( 3), x[ 3] );
 383       R( e, f, g, h, a, b, c, d, K( 4), x[ 4] );
 384       R( d, e, f, g, h, a, b, c, K( 5), x[ 5] );
 385       R( c, d, e, f, g, h, a, b, K( 6), x[ 6] );
 386       R( b, c, d, e, f, g, h, a, K( 7), x[ 7] );
 387       R( a, b, c, d, e, f, g, h, K( 8), x[ 8] );
 388       R( h, a, b, c, d, e, f, g, K( 9), x[ 9] );
 389       R( g, h, a, b, c, d, e, f, K(10), x[10] );
 390       R( f, g, h, a, b, c, d, e, K(11), x[11] );
 391       R( e, f, g, h, a, b, c, d, K(12), x[12] );
 392       R( d, e, f, g, h, a, b, c, K(13), x[13] );
 393       R( c, d, e, f, g, h, a, b, K(14), x[14] );
 394       R( b, c, d, e, f, g, h, a, K(15), x[15] );
 395       R( a, b, c, d, e, f, g, h, K(16), M(16) );
 396       R( h, a, b, c, d, e, f, g, K(17), M(17) );
 397       R( g, h, a, b, c, d, e, f, K(18), M(18) );
 398       R( f, g, h, a, b, c, d, e, K(19), M(19) );
 399       R( e, f, g, h, a, b, c, d, K(20), M(20) );
 400       R( d, e, f, g, h, a, b, c, K(21), M(21) );
 401       R( c, d, e, f, g, h, a, b, K(22), M(22) );
 402       R( b, c, d, e, f, g, h, a, K(23), M(23) );
 403       R( a, b, c, d, e, f, g, h, K(24), M(24) );
 404       R( h, a, b, c, d, e, f, g, K(25), M(25) );
 405       R( g, h, a, b, c, d, e, f, K(26), M(26) );
 406       R( f, g, h, a, b, c, d, e, K(27), M(27) );
 407       R( e, f, g, h, a, b, c, d, K(28), M(28) );
 408       R( d, e, f, g, h, a, b, c, K(29), M(29) );
 409       R( c, d, e, f, g, h, a, b, K(30), M(30) );
 410       R( b, c, d, e, f, g, h, a, K(31), M(31) );
 411       R( a, b, c, d, e, f, g, h, K(32), M(32) );
 412       R( h, a, b, c, d, e, f, g, K(33), M(33) );
 413       R( g, h, a, b, c, d, e, f, K(34), M(34) );
 414       R( f, g, h, a, b, c, d, e, K(35), M(35) );
 415       R( e, f, g, h, a, b, c, d, K(36), M(36) );
 416       R( d, e, f, g, h, a, b, c, K(37), M(37) );
 417       R( c, d, e, f, g, h, a, b, K(38), M(38) );
 418       R( b, c, d, e, f, g, h, a, K(39), M(39) );
 419       R( a, b, c, d, e, f, g, h, K(40), M(40) );
 420       R( h, a, b, c, d, e, f, g, K(41), M(41) );
 421       R( g, h, a, b, c, d, e, f, K(42), M(42) );
 422       R( f, g, h, a, b, c, d, e, K(43), M(43) );
 423       R( e, f, g, h, a, b, c, d, K(44), M(44) );
 424       R( d, e, f, g, h, a, b, c, K(45), M(45) );
 425       R( c, d, e, f, g, h, a, b, K(46), M(46) );
 426       R( b, c, d, e, f, g, h, a, K(47), M(47) );
 427       R( a, b, c, d, e, f, g, h, K(48), M(48) );
 428       R( h, a, b, c, d, e, f, g, K(49), M(49) );
 429       R( g, h, a, b, c, d, e, f, K(50), M(50) );
 430       R( f, g, h, a, b, c, d, e, K(51), M(51) );
 431       R( e, f, g, h, a, b, c, d, K(52), M(52) );
 432       R( d, e, f, g, h, a, b, c, K(53), M(53) );
 433       R( c, d, e, f, g, h, a, b, K(54), M(54) );
 434       R( b, c, d, e, f, g, h, a, K(55), M(55) );
 435       R( a, b, c, d, e, f, g, h, K(56), M(56) );
 436       R( h, a, b, c, d, e, f, g, K(57), M(57) );
 437       R( g, h, a, b, c, d, e, f, K(58), M(58) );
 438       R( f, g, h, a, b, c, d, e, K(59), M(59) );
 439       R( e, f, g, h, a, b, c, d, K(60), M(60) );
 440       R( d, e, f, g, h, a, b, c, K(61), M(61) );
 441       R( c, d, e, f, g, h, a, b, K(62), M(62) );
 442       R( b, c, d, e, f, g, h, a, K(63), M(63) );
 443       R( a, b, c, d, e, f, g, h, K(64), M(64) );
 444       R( h, a, b, c, d, e, f, g, K(65), M(65) );
 445       R( g, h, a, b, c, d, e, f, K(66), M(66) );
 446       R( f, g, h, a, b, c, d, e, K(67), M(67) );
 447       R( e, f, g, h, a, b, c, d, K(68), M(68) );
 448       R( d, e, f, g, h, a, b, c, K(69), M(69) );
 449       R( c, d, e, f, g, h, a, b, K(70), M(70) );
 450       R( b, c, d, e, f, g, h, a, K(71), M(71) );
 451       R( a, b, c, d, e, f, g, h, K(72), M(72) );
 452       R( h, a, b, c, d, e, f, g, K(73), M(73) );
 453       R( g, h, a, b, c, d, e, f, K(74), M(74) );
 454       R( f, g, h, a, b, c, d, e, K(75), M(75) );
 455       R( e, f, g, h, a, b, c, d, K(76), M(76) );
 456       R( d, e, f, g, h, a, b, c, K(77), M(77) );
 457       R( c, d, e, f, g, h, a, b, K(78), M(78) );
 458       R( b, c, d, e, f, g, h, a, K(79), M(79) );
 459 
 460       a = ctx->state[0] = u64plus (ctx->state[0], a);
 461       b = ctx->state[1] = u64plus (ctx->state[1], b);
 462       c = ctx->state[2] = u64plus (ctx->state[2], c);
 463       d = ctx->state[3] = u64plus (ctx->state[3], d);
 464       e = ctx->state[4] = u64plus (ctx->state[4], e);
 465       f = ctx->state[5] = u64plus (ctx->state[5], f);
 466       g = ctx->state[6] = u64plus (ctx->state[6], g);
 467       h = ctx->state[7] = u64plus (ctx->state[7], h);
 468     }
 469 }
 470 
 471 #endif
 472 
 473 /*
 474  * Hey Emacs!
 475  * Local Variables:
 476  * coding: utf-8
 477  * End:
 478  */
/* [previous][next][first][last][top][bottom][index][help] */