1 /* 2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* 7 * The basic framework for this code came from the reference 8 * implementation for MD5. That implementation is Copyright (C) 9 * 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. 10 * 11 * License to copy and use this software is granted provided that it 12 * is identified as the "RSA Data Security, Inc. MD5 Message-Digest 13 * Algorithm" in all material mentioning or referencing this software 14 * or this function. 15 * 16 * License is also granted to make and use derivative works provided 17 * that such works are identified as "derived from the RSA Data 18 * Security, Inc. MD5 Message-Digest Algorithm" in all material 19 * mentioning or referencing the derived work. 20 * 21 * RSA Data Security, Inc. makes no representations concerning either 22 * the merchantability of this software or the suitability of this 23 * software for any particular purpose. It is provided "as is" 24 * without express or implied warranty of any kind. 25 * 26 * These notices must be retained in any copies of any part of this 27 * documentation and/or software. 28 * 29 * NOTE: Cleaned-up and optimized, version of SHA1, based on the FIPS 180-1 30 * standard, available at http://www.itl.nist.gov/fipspubs/fip180-1.htm 31 * Not as fast as one would like -- further optimizations are encouraged 32 * and appreciated. 33 */ 34 35 #ifndef _KERNEL 36 #include <stdint.h> 37 #include <strings.h> 38 #include <stdlib.h> 39 #include <errno.h> 40 #include <sys/systeminfo.h> 41 #endif /* !_KERNEL */ 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/sysmacros.h> 47 #include <sys/sha1.h> 48 #include <sys/sha1_consts.h> 49 50 #ifdef _LITTLE_ENDIAN 51 #include <sys/byteorder.h> 52 #define HAVE_HTONL 53 #endif 54 55 static void Encode(uint8_t *, const uint32_t *, size_t); 56 57 #if defined(__sparc) 58 59 #define SHA1_TRANSFORM(ctx, in) \ 60 SHA1Transform((ctx)->state[0], (ctx)->state[1], (ctx)->state[2], \ 61 (ctx)->state[3], (ctx)->state[4], (ctx), (in)) 62 63 static void SHA1Transform(uint32_t, uint32_t, uint32_t, uint32_t, uint32_t, 64 SHA1_CTX *, const uint8_t *); 65 66 #elif defined(__amd64) 67 68 #define SHA1_TRANSFORM(ctx, in) sha1_block_data_order((ctx), (in), 1) 69 #define SHA1_TRANSFORM_BLOCKS(ctx, in, num) sha1_block_data_order((ctx), \ 70 (in), (num)) 71 72 void sha1_block_data_order(SHA1_CTX *ctx, const void *inpp, size_t num_blocks); 73 74 #else 75 76 #define SHA1_TRANSFORM(ctx, in) SHA1Transform((ctx), (in)) 77 78 static void SHA1Transform(SHA1_CTX *, const uint8_t *); 79 80 #endif 81 82 83 static uint8_t PADDING[64] = { 0x80, /* all zeros */ }; 84 85 /* 86 * F, G, and H are the basic SHA1 functions. 87 */ 88 #define F(b, c, d) (((b) & (c)) | ((~b) & (d))) 89 #define G(b, c, d) ((b) ^ (c) ^ (d)) 90 #define H(b, c, d) (((b) & (c)) | (((b)|(c)) & (d))) 91 92 /* 93 * ROTATE_LEFT rotates x left n bits. 94 */ 95 96 #if defined(__GNUC__) && defined(_LP64) 97 static __inline__ uint64_t 98 ROTATE_LEFT(uint64_t value, uint32_t n) 99 { 100 uint32_t t32; 101 102 t32 = (uint32_t)value; 103 return ((t32 << n) | (t32 >> (32 - n))); 104 } 105 106 #else 107 108 #define ROTATE_LEFT(x, n) \ 109 (((x) << (n)) | ((x) >> ((sizeof (x) * NBBY)-(n)))) 110 111 #endif 112 113 114 /* 115 * SHA1Init() 116 * 117 * purpose: initializes the sha1 context and begins and sha1 digest operation 118 * input: SHA1_CTX * : the context to initializes. 119 * output: void 120 */ 121 122 void 123 SHA1Init(SHA1_CTX *ctx) 124 { 125 ctx->count[0] = ctx->count[1] = 0; 126 127 /* 128 * load magic initialization constants. Tell lint 129 * that these constants are unsigned by using U. 130 */ 131 132 ctx->state[0] = 0x67452301U; 133 ctx->state[1] = 0xefcdab89U; 134 ctx->state[2] = 0x98badcfeU; 135 ctx->state[3] = 0x10325476U; 136 ctx->state[4] = 0xc3d2e1f0U; 137 } 138 139 #ifdef VIS_SHA1 140 #ifdef _KERNEL 141 142 #include <sys/regset.h> 143 #include <sys/vis.h> 144 #include <sys/fpu/fpusystm.h> 145 146 /* the alignment for block stores to save fp registers */ 147 #define VIS_ALIGN (64) 148 149 extern int sha1_savefp(kfpu_t *, int); 150 extern void sha1_restorefp(kfpu_t *); 151 152 uint32_t vis_sha1_svfp_threshold = 128; 153 154 #endif /* _KERNEL */ 155 156 /* 157 * VIS SHA-1 consts. 158 */ 159 static uint64_t VIS[] = { 160 0x8000000080000000ULL, 161 0x0002000200020002ULL, 162 0x5a8279996ed9eba1ULL, 163 0x8f1bbcdcca62c1d6ULL, 164 0x012389ab456789abULL}; 165 166 extern void SHA1TransformVIS(uint64_t *, uint32_t *, uint32_t *, uint64_t *); 167 168 169 /* 170 * SHA1Update() 171 * 172 * purpose: continues an sha1 digest operation, using the message block 173 * to update the context. 174 * input: SHA1_CTX * : the context to update 175 * void * : the message block 176 * size_t : the length of the message block in bytes 177 * output: void 178 */ 179 180 void 181 SHA1Update(SHA1_CTX *ctx, const void *inptr, size_t input_len) 182 { 183 uint32_t i, buf_index, buf_len; 184 uint64_t X0[40], input64[8]; 185 const uint8_t *input = inptr; 186 #ifdef _KERNEL 187 int usevis = 0; 188 #else 189 int usevis = 1; 190 #endif /* _KERNEL */ 191 192 /* check for noop */ 193 if (input_len == 0) 194 return; 195 196 /* compute number of bytes mod 64 */ 197 buf_index = (ctx->count[1] >> 3) & 0x3F; 198 199 /* update number of bits */ 200 if ((ctx->count[1] += (input_len << 3)) < (input_len << 3)) 201 ctx->count[0]++; 202 203 ctx->count[0] += (input_len >> 29); 204 205 buf_len = 64 - buf_index; 206 207 /* transform as many times as possible */ 208 i = 0; 209 if (input_len >= buf_len) { 210 #ifdef _KERNEL 211 kfpu_t *fpu; 212 if (fpu_exists) { 213 uint8_t fpua[sizeof (kfpu_t) + GSR_SIZE + VIS_ALIGN]; 214 uint32_t len = (input_len + buf_index) & ~0x3f; 215 int svfp_ok; 216 217 fpu = (kfpu_t *)P2ROUNDUP((uintptr_t)fpua, 64); 218 svfp_ok = ((len >= vis_sha1_svfp_threshold) ? 1 : 0); 219 usevis = fpu_exists && sha1_savefp(fpu, svfp_ok); 220 } else { 221 usevis = 0; 222 } 223 #endif /* _KERNEL */ 224 225 /* 226 * general optimization: 227 * 228 * only do initial bcopy() and SHA1Transform() if 229 * buf_index != 0. if buf_index == 0, we're just 230 * wasting our time doing the bcopy() since there 231 * wasn't any data left over from a previous call to 232 * SHA1Update(). 233 */ 234 235 if (buf_index) { 236 bcopy(input, &ctx->buf_un.buf8[buf_index], buf_len); 237 if (usevis) { 238 SHA1TransformVIS(X0, 239 ctx->buf_un.buf32, 240 &ctx->state[0], VIS); 241 } else { 242 SHA1_TRANSFORM(ctx, ctx->buf_un.buf8); 243 } 244 i = buf_len; 245 } 246 247 /* 248 * VIS SHA-1: uses the VIS 1.0 instructions to accelerate 249 * SHA-1 processing. This is achieved by "offloading" the 250 * computation of the message schedule (MS) to the VIS units. 251 * This allows the VIS computation of the message schedule 252 * to be performed in parallel with the standard integer 253 * processing of the remainder of the SHA-1 computation. 254 * performance by up to around 1.37X, compared to an optimized 255 * integer-only implementation. 256 * 257 * The VIS implementation of SHA1Transform has a different API 258 * to the standard integer version: 259 * 260 * void SHA1TransformVIS( 261 * uint64_t *, // Pointer to MS for ith block 262 * uint32_t *, // Pointer to ith block of message data 263 * uint32_t *, // Pointer to SHA state i.e ctx->state 264 * uint64_t *, // Pointer to various VIS constants 265 * ) 266 * 267 * Note: the message data must by 4-byte aligned. 268 * 269 * Function requires VIS 1.0 support. 270 * 271 * Handling is provided to deal with arbitrary byte alingment 272 * of the input data but the performance gains are reduced 273 * for alignments other than 4-bytes. 274 */ 275 if (usevis) { 276 if (!IS_P2ALIGNED(&input[i], sizeof (uint32_t))) { 277 /* 278 * Main processing loop - input misaligned 279 */ 280 for (; i + 63 < input_len; i += 64) { 281 bcopy(&input[i], input64, 64); 282 SHA1TransformVIS(X0, 283 (uint32_t *)input64, 284 &ctx->state[0], VIS); 285 } 286 } else { 287 /* 288 * Main processing loop - input 8-byte aligned 289 */ 290 for (; i + 63 < input_len; i += 64) { 291 SHA1TransformVIS(X0, 292 /* LINTED E_BAD_PTR_CAST_ALIGN */ 293 (uint32_t *)&input[i], /* CSTYLED */ 294 &ctx->state[0], VIS); 295 } 296 297 } 298 #ifdef _KERNEL 299 sha1_restorefp(fpu); 300 #endif /* _KERNEL */ 301 } else { 302 for (; i + 63 < input_len; i += 64) { 303 SHA1_TRANSFORM(ctx, &input[i]); 304 } 305 } 306 307 /* 308 * general optimization: 309 * 310 * if i and input_len are the same, return now instead 311 * of calling bcopy(), since the bcopy() in this case 312 * will be an expensive nop. 313 */ 314 315 if (input_len == i) 316 return; 317 318 buf_index = 0; 319 } 320 321 /* buffer remaining input */ 322 bcopy(&input[i], &ctx->buf_un.buf8[buf_index], input_len - i); 323 } 324 325 #else /* VIS_SHA1 */ 326 327 void 328 SHA1Update(SHA1_CTX *ctx, const void *inptr, size_t input_len) 329 { 330 uint32_t i, buf_index, buf_len; 331 const uint8_t *input = inptr; 332 #if defined(__amd64) 333 uint32_t block_count; 334 #endif /* __amd64 */ 335 336 /* check for noop */ 337 if (input_len == 0) 338 return; 339 340 /* compute number of bytes mod 64 */ 341 buf_index = (ctx->count[1] >> 3) & 0x3F; 342 343 /* update number of bits */ 344 if ((ctx->count[1] += (input_len << 3)) < (input_len << 3)) 345 ctx->count[0]++; 346 347 ctx->count[0] += (input_len >> 29); 348 349 buf_len = 64 - buf_index; 350 351 /* transform as many times as possible */ 352 i = 0; 353 if (input_len >= buf_len) { 354 355 /* 356 * general optimization: 357 * 358 * only do initial bcopy() and SHA1Transform() if 359 * buf_index != 0. if buf_index == 0, we're just 360 * wasting our time doing the bcopy() since there 361 * wasn't any data left over from a previous call to 362 * SHA1Update(). 363 */ 364 365 if (buf_index) { 366 bcopy(input, &ctx->buf_un.buf8[buf_index], buf_len); 367 SHA1_TRANSFORM(ctx, ctx->buf_un.buf8); 368 i = buf_len; 369 } 370 371 #if !defined(__amd64) 372 for (; i + 63 < input_len; i += 64) 373 SHA1_TRANSFORM(ctx, &input[i]); 374 #else 375 block_count = (input_len - i) >> 6; 376 if (block_count > 0) { 377 SHA1_TRANSFORM_BLOCKS(ctx, &input[i], block_count); 378 i += block_count << 6; 379 } 380 #endif /* !__amd64 */ 381 382 /* 383 * general optimization: 384 * 385 * if i and input_len are the same, return now instead 386 * of calling bcopy(), since the bcopy() in this case 387 * will be an expensive nop. 388 */ 389 390 if (input_len == i) 391 return; 392 393 buf_index = 0; 394 } 395 396 /* buffer remaining input */ 397 bcopy(&input[i], &ctx->buf_un.buf8[buf_index], input_len - i); 398 } 399 400 #endif /* VIS_SHA1 */ 401 402 /* 403 * SHA1Final() 404 * 405 * purpose: ends an sha1 digest operation, finalizing the message digest and 406 * zeroing the context. 407 * input: uchar_t * : A buffer to store the digest. 408 * : The function actually uses void* because many 409 * : callers pass things other than uchar_t here. 410 * SHA1_CTX * : the context to finalize, save, and zero 411 * output: void 412 */ 413 414 void 415 SHA1Final(void *digest, SHA1_CTX *ctx) 416 { 417 uint8_t bitcount_be[sizeof (ctx->count)]; 418 uint32_t index = (ctx->count[1] >> 3) & 0x3f; 419 420 /* store bit count, big endian */ 421 Encode(bitcount_be, ctx->count, sizeof (bitcount_be)); 422 423 /* pad out to 56 mod 64 */ 424 SHA1Update(ctx, PADDING, ((index < 56) ? 56 : 120) - index); 425 426 /* append length (before padding) */ 427 SHA1Update(ctx, bitcount_be, sizeof (bitcount_be)); 428 429 /* store state in digest */ 430 Encode(digest, ctx->state, sizeof (ctx->state)); 431 432 /* zeroize sensitive information */ 433 bzero(ctx, sizeof (*ctx)); 434 } 435 436 437 #if !defined(__amd64) 438 439 typedef uint32_t sha1word; 440 441 /* 442 * sparc optimization: 443 * 444 * on the sparc, we can load big endian 32-bit data easily. note that 445 * special care must be taken to ensure the address is 32-bit aligned. 446 * in the interest of speed, we don't check to make sure, since 447 * careful programming can guarantee this for us. 448 */ 449 450 #if defined(_BIG_ENDIAN) 451 #define LOAD_BIG_32(addr) (*(uint32_t *)(addr)) 452 453 #elif defined(HAVE_HTONL) 454 #define LOAD_BIG_32(addr) htonl(*((uint32_t *)(addr))) 455 456 #else 457 /* little endian -- will work on big endian, but slowly */ 458 #define LOAD_BIG_32(addr) \ 459 (((addr)[0] << 24) | ((addr)[1] << 16) | ((addr)[2] << 8) | (addr)[3]) 460 #endif /* _BIG_ENDIAN */ 461 462 /* 463 * SHA1Transform() 464 */ 465 #if defined(W_ARRAY) 466 #define W(n) w[n] 467 #else /* !defined(W_ARRAY) */ 468 #define W(n) w_ ## n 469 #endif /* !defined(W_ARRAY) */ 470 471 472 #if defined(__sparc) 473 474 /* 475 * sparc register window optimization: 476 * 477 * `a', `b', `c', `d', and `e' are passed into SHA1Transform 478 * explicitly since it increases the number of registers available to 479 * the compiler. under this scheme, these variables can be held in 480 * %i0 - %i4, which leaves more local and out registers available. 481 * 482 * purpose: sha1 transformation -- updates the digest based on `block' 483 * input: uint32_t : bytes 1 - 4 of the digest 484 * uint32_t : bytes 5 - 8 of the digest 485 * uint32_t : bytes 9 - 12 of the digest 486 * uint32_t : bytes 12 - 16 of the digest 487 * uint32_t : bytes 16 - 20 of the digest 488 * SHA1_CTX * : the context to update 489 * uint8_t [64]: the block to use to update the digest 490 * output: void 491 */ 492 493 void 494 SHA1Transform(uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e, 495 SHA1_CTX *ctx, const uint8_t blk[64]) 496 { 497 /* 498 * sparc optimization: 499 * 500 * while it is somewhat counter-intuitive, on sparc, it is 501 * more efficient to place all the constants used in this 502 * function in an array and load the values out of the array 503 * than to manually load the constants. this is because 504 * setting a register to a 32-bit value takes two ops in most 505 * cases: a `sethi' and an `or', but loading a 32-bit value 506 * from memory only takes one `ld' (or `lduw' on v9). while 507 * this increases memory usage, the compiler can find enough 508 * other things to do while waiting to keep the pipeline does 509 * not stall. additionally, it is likely that many of these 510 * constants are cached so that later accesses do not even go 511 * out to the bus. 512 * 513 * this array is declared `static' to keep the compiler from 514 * having to bcopy() this array onto the stack frame of 515 * SHA1Transform() each time it is called -- which is 516 * unacceptably expensive. 517 * 518 * the `const' is to ensure that callers are good citizens and 519 * do not try to munge the array. since these routines are 520 * going to be called from inside multithreaded kernelland, 521 * this is a good safety check. -- `sha1_consts' will end up in 522 * .rodata. 523 * 524 * unfortunately, loading from an array in this manner hurts 525 * performance under Intel. So, there is a macro, 526 * SHA1_CONST(), used in SHA1Transform(), that either expands to 527 * a reference to this array, or to the actual constant, 528 * depending on what platform this code is compiled for. 529 */ 530 531 static const uint32_t sha1_consts[] = { 532 SHA1_CONST_0, SHA1_CONST_1, SHA1_CONST_2, SHA1_CONST_3 533 }; 534 535 /* 536 * general optimization: 537 * 538 * use individual integers instead of using an array. this is a 539 * win, although the amount it wins by seems to vary quite a bit. 540 */ 541 542 uint32_t w_0, w_1, w_2, w_3, w_4, w_5, w_6, w_7; 543 uint32_t w_8, w_9, w_10, w_11, w_12, w_13, w_14, w_15; 544 545 /* 546 * sparc optimization: 547 * 548 * if `block' is already aligned on a 4-byte boundary, use 549 * LOAD_BIG_32() directly. otherwise, bcopy() into a 550 * buffer that *is* aligned on a 4-byte boundary and then do 551 * the LOAD_BIG_32() on that buffer. benchmarks have shown 552 * that using the bcopy() is better than loading the bytes 553 * individually and doing the endian-swap by hand. 554 * 555 * even though it's quite tempting to assign to do: 556 * 557 * blk = bcopy(ctx->buf_un.buf32, blk, sizeof (ctx->buf_un.buf32)); 558 * 559 * and only have one set of LOAD_BIG_32()'s, the compiler 560 * *does not* like that, so please resist the urge. 561 */ 562 563 if ((uintptr_t)blk & 0x3) { /* not 4-byte aligned? */ 564 bcopy(blk, ctx->buf_un.buf32, sizeof (ctx->buf_un.buf32)); 565 w_15 = LOAD_BIG_32(ctx->buf_un.buf32 + 15); 566 w_14 = LOAD_BIG_32(ctx->buf_un.buf32 + 14); 567 w_13 = LOAD_BIG_32(ctx->buf_un.buf32 + 13); 568 w_12 = LOAD_BIG_32(ctx->buf_un.buf32 + 12); 569 w_11 = LOAD_BIG_32(ctx->buf_un.buf32 + 11); 570 w_10 = LOAD_BIG_32(ctx->buf_un.buf32 + 10); 571 w_9 = LOAD_BIG_32(ctx->buf_un.buf32 + 9); 572 w_8 = LOAD_BIG_32(ctx->buf_un.buf32 + 8); 573 w_7 = LOAD_BIG_32(ctx->buf_un.buf32 + 7); 574 w_6 = LOAD_BIG_32(ctx->buf_un.buf32 + 6); 575 w_5 = LOAD_BIG_32(ctx->buf_un.buf32 + 5); 576 w_4 = LOAD_BIG_32(ctx->buf_un.buf32 + 4); 577 w_3 = LOAD_BIG_32(ctx->buf_un.buf32 + 3); 578 w_2 = LOAD_BIG_32(ctx->buf_un.buf32 + 2); 579 w_1 = LOAD_BIG_32(ctx->buf_un.buf32 + 1); 580 w_0 = LOAD_BIG_32(ctx->buf_un.buf32 + 0); 581 } else { 582 /* LINTED E_BAD_PTR_CAST_ALIGN */ 583 w_15 = LOAD_BIG_32(blk + 60); 584 /* LINTED E_BAD_PTR_CAST_ALIGN */ 585 w_14 = LOAD_BIG_32(blk + 56); 586 /* LINTED E_BAD_PTR_CAST_ALIGN */ 587 w_13 = LOAD_BIG_32(blk + 52); 588 /* LINTED E_BAD_PTR_CAST_ALIGN */ 589 w_12 = LOAD_BIG_32(blk + 48); 590 /* LINTED E_BAD_PTR_CAST_ALIGN */ 591 w_11 = LOAD_BIG_32(blk + 44); 592 /* LINTED E_BAD_PTR_CAST_ALIGN */ 593 w_10 = LOAD_BIG_32(blk + 40); 594 /* LINTED E_BAD_PTR_CAST_ALIGN */ 595 w_9 = LOAD_BIG_32(blk + 36); 596 /* LINTED E_BAD_PTR_CAST_ALIGN */ 597 w_8 = LOAD_BIG_32(blk + 32); 598 /* LINTED E_BAD_PTR_CAST_ALIGN */ 599 w_7 = LOAD_BIG_32(blk + 28); 600 /* LINTED E_BAD_PTR_CAST_ALIGN */ 601 w_6 = LOAD_BIG_32(blk + 24); 602 /* LINTED E_BAD_PTR_CAST_ALIGN */ 603 w_5 = LOAD_BIG_32(blk + 20); 604 /* LINTED E_BAD_PTR_CAST_ALIGN */ 605 w_4 = LOAD_BIG_32(blk + 16); 606 /* LINTED E_BAD_PTR_CAST_ALIGN */ 607 w_3 = LOAD_BIG_32(blk + 12); 608 /* LINTED E_BAD_PTR_CAST_ALIGN */ 609 w_2 = LOAD_BIG_32(blk + 8); 610 /* LINTED E_BAD_PTR_CAST_ALIGN */ 611 w_1 = LOAD_BIG_32(blk + 4); 612 /* LINTED E_BAD_PTR_CAST_ALIGN */ 613 w_0 = LOAD_BIG_32(blk + 0); 614 } 615 #else /* !defined(__sparc) */ 616 617 void /* CSTYLED */ 618 SHA1Transform(SHA1_CTX *ctx, const uint8_t blk[64]) 619 { 620 /* CSTYLED */ 621 sha1word a = ctx->state[0]; 622 sha1word b = ctx->state[1]; 623 sha1word c = ctx->state[2]; 624 sha1word d = ctx->state[3]; 625 sha1word e = ctx->state[4]; 626 627 #if defined(W_ARRAY) 628 sha1word w[16]; 629 #else /* !defined(W_ARRAY) */ 630 sha1word w_0, w_1, w_2, w_3, w_4, w_5, w_6, w_7; 631 sha1word w_8, w_9, w_10, w_11, w_12, w_13, w_14, w_15; 632 #endif /* !defined(W_ARRAY) */ 633 634 W(0) = LOAD_BIG_32((void *)(blk + 0)); 635 W(1) = LOAD_BIG_32((void *)(blk + 4)); 636 W(2) = LOAD_BIG_32((void *)(blk + 8)); 637 W(3) = LOAD_BIG_32((void *)(blk + 12)); 638 W(4) = LOAD_BIG_32((void *)(blk + 16)); 639 W(5) = LOAD_BIG_32((void *)(blk + 20)); 640 W(6) = LOAD_BIG_32((void *)(blk + 24)); 641 W(7) = LOAD_BIG_32((void *)(blk + 28)); 642 W(8) = LOAD_BIG_32((void *)(blk + 32)); 643 W(9) = LOAD_BIG_32((void *)(blk + 36)); 644 W(10) = LOAD_BIG_32((void *)(blk + 40)); 645 W(11) = LOAD_BIG_32((void *)(blk + 44)); 646 W(12) = LOAD_BIG_32((void *)(blk + 48)); 647 W(13) = LOAD_BIG_32((void *)(blk + 52)); 648 W(14) = LOAD_BIG_32((void *)(blk + 56)); 649 W(15) = LOAD_BIG_32((void *)(blk + 60)); 650 651 #endif /* !defined(__sparc) */ 652 653 /* 654 * general optimization: 655 * 656 * even though this approach is described in the standard as 657 * being slower algorithmically, it is 30-40% faster than the 658 * "faster" version under SPARC, because this version has more 659 * of the constraints specified at compile-time and uses fewer 660 * variables (and therefore has better register utilization) 661 * than its "speedier" brother. (i've tried both, trust me) 662 * 663 * for either method given in the spec, there is an "assignment" 664 * phase where the following takes place: 665 * 666 * tmp = (main_computation); 667 * e = d; d = c; c = rotate_left(b, 30); b = a; a = tmp; 668 * 669 * we can make the algorithm go faster by not doing this work, 670 * but just pretending that `d' is now `e', etc. this works 671 * really well and obviates the need for a temporary variable. 672 * however, we still explicitly perform the rotate action, 673 * since it is cheaper on SPARC to do it once than to have to 674 * do it over and over again. 675 */ 676 677 /* round 1 */ 678 e = ROTATE_LEFT(a, 5) + F(b, c, d) + e + W(0) + SHA1_CONST(0); /* 0 */ 679 b = ROTATE_LEFT(b, 30); 680 681 d = ROTATE_LEFT(e, 5) + F(a, b, c) + d + W(1) + SHA1_CONST(0); /* 1 */ 682 a = ROTATE_LEFT(a, 30); 683 684 c = ROTATE_LEFT(d, 5) + F(e, a, b) + c + W(2) + SHA1_CONST(0); /* 2 */ 685 e = ROTATE_LEFT(e, 30); 686 687 b = ROTATE_LEFT(c, 5) + F(d, e, a) + b + W(3) + SHA1_CONST(0); /* 3 */ 688 d = ROTATE_LEFT(d, 30); 689 690 a = ROTATE_LEFT(b, 5) + F(c, d, e) + a + W(4) + SHA1_CONST(0); /* 4 */ 691 c = ROTATE_LEFT(c, 30); 692 693 e = ROTATE_LEFT(a, 5) + F(b, c, d) + e + W(5) + SHA1_CONST(0); /* 5 */ 694 b = ROTATE_LEFT(b, 30); 695 696 d = ROTATE_LEFT(e, 5) + F(a, b, c) + d + W(6) + SHA1_CONST(0); /* 6 */ 697 a = ROTATE_LEFT(a, 30); 698 699 c = ROTATE_LEFT(d, 5) + F(e, a, b) + c + W(7) + SHA1_CONST(0); /* 7 */ 700 e = ROTATE_LEFT(e, 30); 701 702 b = ROTATE_LEFT(c, 5) + F(d, e, a) + b + W(8) + SHA1_CONST(0); /* 8 */ 703 d = ROTATE_LEFT(d, 30); 704 705 a = ROTATE_LEFT(b, 5) + F(c, d, e) + a + W(9) + SHA1_CONST(0); /* 9 */ 706 c = ROTATE_LEFT(c, 30); 707 708 e = ROTATE_LEFT(a, 5) + F(b, c, d) + e + W(10) + SHA1_CONST(0); /* 10 */ 709 b = ROTATE_LEFT(b, 30); 710 711 d = ROTATE_LEFT(e, 5) + F(a, b, c) + d + W(11) + SHA1_CONST(0); /* 11 */ 712 a = ROTATE_LEFT(a, 30); 713 714 c = ROTATE_LEFT(d, 5) + F(e, a, b) + c + W(12) + SHA1_CONST(0); /* 12 */ 715 e = ROTATE_LEFT(e, 30); 716 717 b = ROTATE_LEFT(c, 5) + F(d, e, a) + b + W(13) + SHA1_CONST(0); /* 13 */ 718 d = ROTATE_LEFT(d, 30); 719 720 a = ROTATE_LEFT(b, 5) + F(c, d, e) + a + W(14) + SHA1_CONST(0); /* 14 */ 721 c = ROTATE_LEFT(c, 30); 722 723 e = ROTATE_LEFT(a, 5) + F(b, c, d) + e + W(15) + SHA1_CONST(0); /* 15 */ 724 b = ROTATE_LEFT(b, 30); 725 726 W(0) = ROTATE_LEFT((W(13) ^ W(8) ^ W(2) ^ W(0)), 1); /* 16 */ 727 d = ROTATE_LEFT(e, 5) + F(a, b, c) + d + W(0) + SHA1_CONST(0); 728 a = ROTATE_LEFT(a, 30); 729 730 W(1) = ROTATE_LEFT((W(14) ^ W(9) ^ W(3) ^ W(1)), 1); /* 17 */ 731 c = ROTATE_LEFT(d, 5) + F(e, a, b) + c + W(1) + SHA1_CONST(0); 732 e = ROTATE_LEFT(e, 30); 733 734 W(2) = ROTATE_LEFT((W(15) ^ W(10) ^ W(4) ^ W(2)), 1); /* 18 */ 735 b = ROTATE_LEFT(c, 5) + F(d, e, a) + b + W(2) + SHA1_CONST(0); 736 d = ROTATE_LEFT(d, 30); 737 738 W(3) = ROTATE_LEFT((W(0) ^ W(11) ^ W(5) ^ W(3)), 1); /* 19 */ 739 a = ROTATE_LEFT(b, 5) + F(c, d, e) + a + W(3) + SHA1_CONST(0); 740 c = ROTATE_LEFT(c, 30); 741 742 /* round 2 */ 743 W(4) = ROTATE_LEFT((W(1) ^ W(12) ^ W(6) ^ W(4)), 1); /* 20 */ 744 e = ROTATE_LEFT(a, 5) + G(b, c, d) + e + W(4) + SHA1_CONST(1); 745 b = ROTATE_LEFT(b, 30); 746 747 W(5) = ROTATE_LEFT((W(2) ^ W(13) ^ W(7) ^ W(5)), 1); /* 21 */ 748 d = ROTATE_LEFT(e, 5) + G(a, b, c) + d + W(5) + SHA1_CONST(1); 749 a = ROTATE_LEFT(a, 30); 750 751 W(6) = ROTATE_LEFT((W(3) ^ W(14) ^ W(8) ^ W(6)), 1); /* 22 */ 752 c = ROTATE_LEFT(d, 5) + G(e, a, b) + c + W(6) + SHA1_CONST(1); 753 e = ROTATE_LEFT(e, 30); 754 755 W(7) = ROTATE_LEFT((W(4) ^ W(15) ^ W(9) ^ W(7)), 1); /* 23 */ 756 b = ROTATE_LEFT(c, 5) + G(d, e, a) + b + W(7) + SHA1_CONST(1); 757 d = ROTATE_LEFT(d, 30); 758 759 W(8) = ROTATE_LEFT((W(5) ^ W(0) ^ W(10) ^ W(8)), 1); /* 24 */ 760 a = ROTATE_LEFT(b, 5) + G(c, d, e) + a + W(8) + SHA1_CONST(1); 761 c = ROTATE_LEFT(c, 30); 762 763 W(9) = ROTATE_LEFT((W(6) ^ W(1) ^ W(11) ^ W(9)), 1); /* 25 */ 764 e = ROTATE_LEFT(a, 5) + G(b, c, d) + e + W(9) + SHA1_CONST(1); 765 b = ROTATE_LEFT(b, 30); 766 767 W(10) = ROTATE_LEFT((W(7) ^ W(2) ^ W(12) ^ W(10)), 1); /* 26 */ 768 d = ROTATE_LEFT(e, 5) + G(a, b, c) + d + W(10) + SHA1_CONST(1); 769 a = ROTATE_LEFT(a, 30); 770 771 W(11) = ROTATE_LEFT((W(8) ^ W(3) ^ W(13) ^ W(11)), 1); /* 27 */ 772 c = ROTATE_LEFT(d, 5) + G(e, a, b) + c + W(11) + SHA1_CONST(1); 773 e = ROTATE_LEFT(e, 30); 774 775 W(12) = ROTATE_LEFT((W(9) ^ W(4) ^ W(14) ^ W(12)), 1); /* 28 */ 776 b = ROTATE_LEFT(c, 5) + G(d, e, a) + b + W(12) + SHA1_CONST(1); 777 d = ROTATE_LEFT(d, 30); 778 779 W(13) = ROTATE_LEFT((W(10) ^ W(5) ^ W(15) ^ W(13)), 1); /* 29 */ 780 a = ROTATE_LEFT(b, 5) + G(c, d, e) + a + W(13) + SHA1_CONST(1); 781 c = ROTATE_LEFT(c, 30); 782 783 W(14) = ROTATE_LEFT((W(11) ^ W(6) ^ W(0) ^ W(14)), 1); /* 30 */ 784 e = ROTATE_LEFT(a, 5) + G(b, c, d) + e + W(14) + SHA1_CONST(1); 785 b = ROTATE_LEFT(b, 30); 786 787 W(15) = ROTATE_LEFT((W(12) ^ W(7) ^ W(1) ^ W(15)), 1); /* 31 */ 788 d = ROTATE_LEFT(e, 5) + G(a, b, c) + d + W(15) + SHA1_CONST(1); 789 a = ROTATE_LEFT(a, 30); 790 791 W(0) = ROTATE_LEFT((W(13) ^ W(8) ^ W(2) ^ W(0)), 1); /* 32 */ 792 c = ROTATE_LEFT(d, 5) + G(e, a, b) + c + W(0) + SHA1_CONST(1); 793 e = ROTATE_LEFT(e, 30); 794 795 W(1) = ROTATE_LEFT((W(14) ^ W(9) ^ W(3) ^ W(1)), 1); /* 33 */ 796 b = ROTATE_LEFT(c, 5) + G(d, e, a) + b + W(1) + SHA1_CONST(1); 797 d = ROTATE_LEFT(d, 30); 798 799 W(2) = ROTATE_LEFT((W(15) ^ W(10) ^ W(4) ^ W(2)), 1); /* 34 */ 800 a = ROTATE_LEFT(b, 5) + G(c, d, e) + a + W(2) + SHA1_CONST(1); 801 c = ROTATE_LEFT(c, 30); 802 803 W(3) = ROTATE_LEFT((W(0) ^ W(11) ^ W(5) ^ W(3)), 1); /* 35 */ 804 e = ROTATE_LEFT(a, 5) + G(b, c, d) + e + W(3) + SHA1_CONST(1); 805 b = ROTATE_LEFT(b, 30); 806 807 W(4) = ROTATE_LEFT((W(1) ^ W(12) ^ W(6) ^ W(4)), 1); /* 36 */ 808 d = ROTATE_LEFT(e, 5) + G(a, b, c) + d + W(4) + SHA1_CONST(1); 809 a = ROTATE_LEFT(a, 30); 810 811 W(5) = ROTATE_LEFT((W(2) ^ W(13) ^ W(7) ^ W(5)), 1); /* 37 */ 812 c = ROTATE_LEFT(d, 5) + G(e, a, b) + c + W(5) + SHA1_CONST(1); 813 e = ROTATE_LEFT(e, 30); 814 815 W(6) = ROTATE_LEFT((W(3) ^ W(14) ^ W(8) ^ W(6)), 1); /* 38 */ 816 b = ROTATE_LEFT(c, 5) + G(d, e, a) + b + W(6) + SHA1_CONST(1); 817 d = ROTATE_LEFT(d, 30); 818 819 W(7) = ROTATE_LEFT((W(4) ^ W(15) ^ W(9) ^ W(7)), 1); /* 39 */ 820 a = ROTATE_LEFT(b, 5) + G(c, d, e) + a + W(7) + SHA1_CONST(1); 821 c = ROTATE_LEFT(c, 30); 822 823 /* round 3 */ 824 W(8) = ROTATE_LEFT((W(5) ^ W(0) ^ W(10) ^ W(8)), 1); /* 40 */ 825 e = ROTATE_LEFT(a, 5) + H(b, c, d) + e + W(8) + SHA1_CONST(2); 826 b = ROTATE_LEFT(b, 30); 827 828 W(9) = ROTATE_LEFT((W(6) ^ W(1) ^ W(11) ^ W(9)), 1); /* 41 */ 829 d = ROTATE_LEFT(e, 5) + H(a, b, c) + d + W(9) + SHA1_CONST(2); 830 a = ROTATE_LEFT(a, 30); 831 832 W(10) = ROTATE_LEFT((W(7) ^ W(2) ^ W(12) ^ W(10)), 1); /* 42 */ 833 c = ROTATE_LEFT(d, 5) + H(e, a, b) + c + W(10) + SHA1_CONST(2); 834 e = ROTATE_LEFT(e, 30); 835 836 W(11) = ROTATE_LEFT((W(8) ^ W(3) ^ W(13) ^ W(11)), 1); /* 43 */ 837 b = ROTATE_LEFT(c, 5) + H(d, e, a) + b + W(11) + SHA1_CONST(2); 838 d = ROTATE_LEFT(d, 30); 839 840 W(12) = ROTATE_LEFT((W(9) ^ W(4) ^ W(14) ^ W(12)), 1); /* 44 */ 841 a = ROTATE_LEFT(b, 5) + H(c, d, e) + a + W(12) + SHA1_CONST(2); 842 c = ROTATE_LEFT(c, 30); 843 844 W(13) = ROTATE_LEFT((W(10) ^ W(5) ^ W(15) ^ W(13)), 1); /* 45 */ 845 e = ROTATE_LEFT(a, 5) + H(b, c, d) + e + W(13) + SHA1_CONST(2); 846 b = ROTATE_LEFT(b, 30); 847 848 W(14) = ROTATE_LEFT((W(11) ^ W(6) ^ W(0) ^ W(14)), 1); /* 46 */ 849 d = ROTATE_LEFT(e, 5) + H(a, b, c) + d + W(14) + SHA1_CONST(2); 850 a = ROTATE_LEFT(a, 30); 851 852 W(15) = ROTATE_LEFT((W(12) ^ W(7) ^ W(1) ^ W(15)), 1); /* 47 */ 853 c = ROTATE_LEFT(d, 5) + H(e, a, b) + c + W(15) + SHA1_CONST(2); 854 e = ROTATE_LEFT(e, 30); 855 856 W(0) = ROTATE_LEFT((W(13) ^ W(8) ^ W(2) ^ W(0)), 1); /* 48 */ 857 b = ROTATE_LEFT(c, 5) + H(d, e, a) + b + W(0) + SHA1_CONST(2); 858 d = ROTATE_LEFT(d, 30); 859 860 W(1) = ROTATE_LEFT((W(14) ^ W(9) ^ W(3) ^ W(1)), 1); /* 49 */ 861 a = ROTATE_LEFT(b, 5) + H(c, d, e) + a + W(1) + SHA1_CONST(2); 862 c = ROTATE_LEFT(c, 30); 863 864 W(2) = ROTATE_LEFT((W(15) ^ W(10) ^ W(4) ^ W(2)), 1); /* 50 */ 865 e = ROTATE_LEFT(a, 5) + H(b, c, d) + e + W(2) + SHA1_CONST(2); 866 b = ROTATE_LEFT(b, 30); 867 868 W(3) = ROTATE_LEFT((W(0) ^ W(11) ^ W(5) ^ W(3)), 1); /* 51 */ 869 d = ROTATE_LEFT(e, 5) + H(a, b, c) + d + W(3) + SHA1_CONST(2); 870 a = ROTATE_LEFT(a, 30); 871 872 W(4) = ROTATE_LEFT((W(1) ^ W(12) ^ W(6) ^ W(4)), 1); /* 52 */ 873 c = ROTATE_LEFT(d, 5) + H(e, a, b) + c + W(4) + SHA1_CONST(2); 874 e = ROTATE_LEFT(e, 30); 875 876 W(5) = ROTATE_LEFT((W(2) ^ W(13) ^ W(7) ^ W(5)), 1); /* 53 */ 877 b = ROTATE_LEFT(c, 5) + H(d, e, a) + b + W(5) + SHA1_CONST(2); 878 d = ROTATE_LEFT(d, 30); 879 880 W(6) = ROTATE_LEFT((W(3) ^ W(14) ^ W(8) ^ W(6)), 1); /* 54 */ 881 a = ROTATE_LEFT(b, 5) + H(c, d, e) + a + W(6) + SHA1_CONST(2); 882 c = ROTATE_LEFT(c, 30); 883 884 W(7) = ROTATE_LEFT((W(4) ^ W(15) ^ W(9) ^ W(7)), 1); /* 55 */ 885 e = ROTATE_LEFT(a, 5) + H(b, c, d) + e + W(7) + SHA1_CONST(2); 886 b = ROTATE_LEFT(b, 30); 887 888 W(8) = ROTATE_LEFT((W(5) ^ W(0) ^ W(10) ^ W(8)), 1); /* 56 */ 889 d = ROTATE_LEFT(e, 5) + H(a, b, c) + d + W(8) + SHA1_CONST(2); 890 a = ROTATE_LEFT(a, 30); 891 892 W(9) = ROTATE_LEFT((W(6) ^ W(1) ^ W(11) ^ W(9)), 1); /* 57 */ 893 c = ROTATE_LEFT(d, 5) + H(e, a, b) + c + W(9) + SHA1_CONST(2); 894 e = ROTATE_LEFT(e, 30); 895 896 W(10) = ROTATE_LEFT((W(7) ^ W(2) ^ W(12) ^ W(10)), 1); /* 58 */ 897 b = ROTATE_LEFT(c, 5) + H(d, e, a) + b + W(10) + SHA1_CONST(2); 898 d = ROTATE_LEFT(d, 30); 899 900 W(11) = ROTATE_LEFT((W(8) ^ W(3) ^ W(13) ^ W(11)), 1); /* 59 */ 901 a = ROTATE_LEFT(b, 5) + H(c, d, e) + a + W(11) + SHA1_CONST(2); 902 c = ROTATE_LEFT(c, 30); 903 904 /* round 4 */ 905 W(12) = ROTATE_LEFT((W(9) ^ W(4) ^ W(14) ^ W(12)), 1); /* 60 */ 906 e = ROTATE_LEFT(a, 5) + G(b, c, d) + e + W(12) + SHA1_CONST(3); 907 b = ROTATE_LEFT(b, 30); 908 909 W(13) = ROTATE_LEFT((W(10) ^ W(5) ^ W(15) ^ W(13)), 1); /* 61 */ 910 d = ROTATE_LEFT(e, 5) + G(a, b, c) + d + W(13) + SHA1_CONST(3); 911 a = ROTATE_LEFT(a, 30); 912 913 W(14) = ROTATE_LEFT((W(11) ^ W(6) ^ W(0) ^ W(14)), 1); /* 62 */ 914 c = ROTATE_LEFT(d, 5) + G(e, a, b) + c + W(14) + SHA1_CONST(3); 915 e = ROTATE_LEFT(e, 30); 916 917 W(15) = ROTATE_LEFT((W(12) ^ W(7) ^ W(1) ^ W(15)), 1); /* 63 */ 918 b = ROTATE_LEFT(c, 5) + G(d, e, a) + b + W(15) + SHA1_CONST(3); 919 d = ROTATE_LEFT(d, 30); 920 921 W(0) = ROTATE_LEFT((W(13) ^ W(8) ^ W(2) ^ W(0)), 1); /* 64 */ 922 a = ROTATE_LEFT(b, 5) + G(c, d, e) + a + W(0) + SHA1_CONST(3); 923 c = ROTATE_LEFT(c, 30); 924 925 W(1) = ROTATE_LEFT((W(14) ^ W(9) ^ W(3) ^ W(1)), 1); /* 65 */ 926 e = ROTATE_LEFT(a, 5) + G(b, c, d) + e + W(1) + SHA1_CONST(3); 927 b = ROTATE_LEFT(b, 30); 928 929 W(2) = ROTATE_LEFT((W(15) ^ W(10) ^ W(4) ^ W(2)), 1); /* 66 */ 930 d = ROTATE_LEFT(e, 5) + G(a, b, c) + d + W(2) + SHA1_CONST(3); 931 a = ROTATE_LEFT(a, 30); 932 933 W(3) = ROTATE_LEFT((W(0) ^ W(11) ^ W(5) ^ W(3)), 1); /* 67 */ 934 c = ROTATE_LEFT(d, 5) + G(e, a, b) + c + W(3) + SHA1_CONST(3); 935 e = ROTATE_LEFT(e, 30); 936 937 W(4) = ROTATE_LEFT((W(1) ^ W(12) ^ W(6) ^ W(4)), 1); /* 68 */ 938 b = ROTATE_LEFT(c, 5) + G(d, e, a) + b + W(4) + SHA1_CONST(3); 939 d = ROTATE_LEFT(d, 30); 940 941 W(5) = ROTATE_LEFT((W(2) ^ W(13) ^ W(7) ^ W(5)), 1); /* 69 */ 942 a = ROTATE_LEFT(b, 5) + G(c, d, e) + a + W(5) + SHA1_CONST(3); 943 c = ROTATE_LEFT(c, 30); 944 945 W(6) = ROTATE_LEFT((W(3) ^ W(14) ^ W(8) ^ W(6)), 1); /* 70 */ 946 e = ROTATE_LEFT(a, 5) + G(b, c, d) + e + W(6) + SHA1_CONST(3); 947 b = ROTATE_LEFT(b, 30); 948 949 W(7) = ROTATE_LEFT((W(4) ^ W(15) ^ W(9) ^ W(7)), 1); /* 71 */ 950 d = ROTATE_LEFT(e, 5) + G(a, b, c) + d + W(7) + SHA1_CONST(3); 951 a = ROTATE_LEFT(a, 30); 952 953 W(8) = ROTATE_LEFT((W(5) ^ W(0) ^ W(10) ^ W(8)), 1); /* 72 */ 954 c = ROTATE_LEFT(d, 5) + G(e, a, b) + c + W(8) + SHA1_CONST(3); 955 e = ROTATE_LEFT(e, 30); 956 957 W(9) = ROTATE_LEFT((W(6) ^ W(1) ^ W(11) ^ W(9)), 1); /* 73 */ 958 b = ROTATE_LEFT(c, 5) + G(d, e, a) + b + W(9) + SHA1_CONST(3); 959 d = ROTATE_LEFT(d, 30); 960 961 W(10) = ROTATE_LEFT((W(7) ^ W(2) ^ W(12) ^ W(10)), 1); /* 74 */ 962 a = ROTATE_LEFT(b, 5) + G(c, d, e) + a + W(10) + SHA1_CONST(3); 963 c = ROTATE_LEFT(c, 30); 964 965 W(11) = ROTATE_LEFT((W(8) ^ W(3) ^ W(13) ^ W(11)), 1); /* 75 */ 966 e = ROTATE_LEFT(a, 5) + G(b, c, d) + e + W(11) + SHA1_CONST(3); 967 b = ROTATE_LEFT(b, 30); 968 969 W(12) = ROTATE_LEFT((W(9) ^ W(4) ^ W(14) ^ W(12)), 1); /* 76 */ 970 d = ROTATE_LEFT(e, 5) + G(a, b, c) + d + W(12) + SHA1_CONST(3); 971 a = ROTATE_LEFT(a, 30); 972 973 W(13) = ROTATE_LEFT((W(10) ^ W(5) ^ W(15) ^ W(13)), 1); /* 77 */ 974 c = ROTATE_LEFT(d, 5) + G(e, a, b) + c + W(13) + SHA1_CONST(3); 975 e = ROTATE_LEFT(e, 30); 976 977 W(14) = ROTATE_LEFT((W(11) ^ W(6) ^ W(0) ^ W(14)), 1); /* 78 */ 978 b = ROTATE_LEFT(c, 5) + G(d, e, a) + b + W(14) + SHA1_CONST(3); 979 d = ROTATE_LEFT(d, 30); 980 981 W(15) = ROTATE_LEFT((W(12) ^ W(7) ^ W(1) ^ W(15)), 1); /* 79 */ 982 983 ctx->state[0] += ROTATE_LEFT(b, 5) + G(c, d, e) + a + W(15) + 984 SHA1_CONST(3); 985 ctx->state[1] += b; 986 ctx->state[2] += ROTATE_LEFT(c, 30); 987 ctx->state[3] += d; 988 ctx->state[4] += e; 989 990 /* zeroize sensitive information */ 991 W(0) = W(1) = W(2) = W(3) = W(4) = W(5) = W(6) = W(7) = W(8) = 0; 992 W(9) = W(10) = W(11) = W(12) = W(13) = W(14) = W(15) = 0; 993 } 994 #endif /* !__amd64 */ 995 996 997 /* 998 * Encode() 999 * 1000 * purpose: to convert a list of numbers from little endian to big endian 1001 * input: uint8_t * : place to store the converted big endian numbers 1002 * uint32_t * : place to get numbers to convert from 1003 * size_t : the length of the input in bytes 1004 * output: void 1005 */ 1006 1007 static void 1008 Encode(uint8_t *_RESTRICT_KYWD output, const uint32_t *_RESTRICT_KYWD input, 1009 size_t len) 1010 { 1011 size_t i, j; 1012 1013 #if defined(__sparc) 1014 if (IS_P2ALIGNED(output, sizeof (uint32_t))) { 1015 for (i = 0, j = 0; j < len; i++, j += 4) { 1016 /* LINTED E_BAD_PTR_CAST_ALIGN */ 1017 *((uint32_t *)(output + j)) = input[i]; 1018 } 1019 } else { 1020 #endif /* little endian -- will work on big endian, but slowly */ 1021 for (i = 0, j = 0; j < len; i++, j += 4) { 1022 output[j] = (input[i] >> 24) & 0xff; 1023 output[j + 1] = (input[i] >> 16) & 0xff; 1024 output[j + 2] = (input[i] >> 8) & 0xff; 1025 output[j + 3] = input[i] & 0xff; 1026 } 1027 #if defined(__sparc) 1028 } 1029 #endif 1030 }