From 57389ec1d8f5b32e5de97f0f557e5f5c5b7054bb Mon Sep 17 00:00:00 2001
From: Rob Landley <rob@landley.net>
Date: Sat, 24 Nov 2007 22:05:29 -0600
Subject: Re-roll loop, making code smaller.  Also localize all the crypto
 information into a struct that can be blanked in finalize (no more zeroing
 local variables).

---
 toys/sha1.c | 78 +++++++++++++++++++++++++++----------------------------------
 1 file changed, 35 insertions(+), 43 deletions(-)

(limited to 'toys/sha1.c')

diff --git a/toys/sha1.c b/toys/sha1.c
index b57805f9..77228afb 100644
--- a/toys/sha1.c
+++ b/toys/sha1.c
@@ -13,6 +13,7 @@
 
 struct sha1 {
 	uint32_t state[5];
+	uint32_t oldstate[5];
 	uint64_t count;
 	union {
 		unsigned char c[64];
@@ -38,12 +39,7 @@ void sha1_final(struct sha1 *this, unsigned char digest[20]);
 #define blk(i) (block[i&15] = rol(block[(i+13)&15]^block[(i+8)&15] \
 	^block[(i+2)&15]^block[i&15],1))
 
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+static const uint32_t rconsts[]={0x5A827999,0x6ED9EBA1,0x8F1BBCDC,0xCA62C1D6};
 
 void printy(unsigned char *this)
 {
@@ -57,45 +53,41 @@ void printy(unsigned char *this)
 
 void sha1_transform(struct sha1 *this)
 {
-	unsigned int a, b, c, d, e;
+	int i, j, k, count;
 	uint32_t *block = this->buffer.i;
+	uint32_t *rot[5], *temp;
 
 	/* Copy context->state[] to working vars */
-	a = this->state[0];
-	b = this->state[1];
-	c = this->state[2];
-	d = this->state[3];
-	e = this->state[4];
-	/* 4 rounds of 20 operations each. Loop unrolled. */
-	R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
-	R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
-	R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
-	R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
-	R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
-	R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
-	R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
-	R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
-	R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
-	R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
-	R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
-	R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
-	R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
-	R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
-	R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
-	R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
-	R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
-	R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
-	R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
-	R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
-	/* Add the working vars back into context.state[] */
-	this->state[0] += a;
-	this->state[1] += b;
-	this->state[2] += c;
-	this->state[3] += d;
-	this->state[4] += e;
-printy(this->state);
-	/* Wipe variables */
-	a = b = c = d = e = 0;
+	for (i=0; i<5; i++) {
+		this->oldstate[i] = this->state[i];
+		rot[i] = this->state + i;
+	}
+	/* 4 rounds of 20 operations each. */
+	for (i=count=0; i<4; i++) {
+		for (j=0; j<20; j++) {
+			uint32_t work;
+
+			work = *rot[2] ^ *rot[3];
+			if (!i) work = (work & *rot[1]) ^ *rot[3];
+			else {
+				if (i==2)
+					work = ((*rot[1]|*rot[2])&*rot[3])|(*rot[1]&*rot[2]);
+				else work ^= *rot[1];
+			}
+			if (!i && j<16) work += blk0(count);
+			else work += blk(count);
+			*rot[4] += work + rol(*rot[0],5) + rconsts[i];
+			*rot[1] = rol(*rot[1],30);
+
+			// Rotate by one for next time.
+			temp = rot[4];
+			for (k=4; k; k--) rot[k] = rot[k-1];
+			*rot = temp;
+			count++;
+		}
+	}
+	/* Add the previous values of state[] */
+	for (i=0; i<5; i++) this->state[i] += this->oldstate[i];
 }
 
 
@@ -163,7 +155,7 @@ void sha1_final(struct sha1 *this, unsigned char digest[20])
 		 ((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
 	}
 	/* Wipe variables */
-	i = 0;
+	memset(this, 0, sizeof(struct sha1));
 }
 
 
-- 
cgit v1.2.3