Francois Berder
This library implements some hash and cryptographic algorithms.
Dependents: mBuinoBlinky PB_Emma_Ethernet SLOTrashHTTP Garagem ... more
This library implements the following algorithms :
- RC4
- AES (AES-128, AES-192, AES-256)
- DES
- Triple DES (EDE)
- MD2
- MD4
- MD5
- SHA-1
- SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512)
The hash algorithms have been optimized for the mbed and you should get decent performance. However, I did not optimize the ciphers. Also, I did not test extensively these algorithms : it should work but you may find some bugs. Block ciphers support two modes : ECB and CBC.
Warning
If you are using SHA-384 or SHA-512, be aware that it produces large binary files and the compilation (using the online compiler) takes much longer to execute. It may happen that the compiler stops because it timed-out. In this case, just compile again and it should work.
Computing hash
You can compute the hash of some data in two different ways. The first one is the easiest, each hash algorithm has a static method that takes some data and compute the hash from it.
Computing hash using method 1
#include "Crypto.h"
#include "mbed.h"
static const char msg[] = "mbed is great !";
int main()
{
uint8_t hash[16];
MD2::computeHash(hash, (uint8_t*)msg, strlen(msg));
printf("hash: ");
for(int i = 0; i < 16; ++i)
printf("%02x", hash[i]);
printf("\n");
return 0;
}
The second one is slightly slower (around 2-3% slower) but it allows you to compute the hash of some data in several steps (by calling update method). This is the method you should use if you need to compute the hash from a large source and you don't have enough memory to store it in a single buffer.
Computing hash using method 2
#include "Crypto.h"
#include "mbed.h"
static const char msg[] = "mbed is great !";
int main()
{
uint8_t hash[16];
MD2 h;
h.update((uint8_t*)msg, strlen(msg));
h.finalize(hash);
printf("hash: ");
for(int i = 0; i < 16; ++i)
printf("%02x", hash[i]);
printf("\n");
return 0;
}
TODO
- optimize ciphers
- add doc
Revision 4:0da19393bd57, committed 2013-09-12
- Comitter:
- feb11
- Date:
- Thu Sep 12 10:18:57 2013 +0000
- Parent:
- 3:85c6ee25cf3e
- Child:
- 5:06cd9c8afa0b
- Commit message:
- improved performance of SHA-2 (32 & 64bits)
Changed in this revision
--- a/MD2.cpp Wed Sep 11 17:22:40 2013 +0000 +++ b/MD2.cpp Thu Sep 12 10:18:57 2013 +0000 @@ -1,3 +1,8 @@ +/** + Implementation of MD2 as described here: + http://tools.ietf.org/html/rfc1319 +*/ + #include "MD2.h" #include <string.h>
--- a/MD5.cpp Wed Sep 11 17:22:40 2013 +0000 +++ b/MD5.cpp Thu Sep 12 10:18:57 2013 +0000 @@ -1,3 +1,8 @@ +/** + Implementation of MD5 as described here: + http://tools.ietf.org/html/rfc1321 +*/ + #include "MD5.h" #include <string.h>
--- a/SHA1.cpp Wed Sep 11 17:22:40 2013 +0000 +++ b/SHA1.cpp Thu Sep 12 10:18:57 2013 +0000 @@ -1,3 +1,8 @@ +/** + Implementation of SHA-1 as described here: + http://tools.ietf.org/html/rfc1319 +*/ + #include "SHA1.h" #include <string.h> #include <stdio.h>
--- a/SHA2_32.cpp Wed Sep 11 17:22:40 2013 +0000
+++ b/SHA2_32.cpp Thu Sep 12 10:18:57 2013 +0000
@@ -3,25 +3,9 @@
#include <stdio.h>
#include <stdlib.h>
-static const uint32_t K[] =
-{
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
- 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
- 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
- 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
- 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
- 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
- 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
- 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
- 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
-};
+
+static const uint8_t MASK = 0x0F;
+#define W(t) (w[(t)] = SSIG1(w[((t)+14)&MASK]) + w[((t)+9)&MASK] + SSIG0(w[((t)+1)&MASK]) + w[t])
#define ROTL(W,N) (((W) << (N)) | ((W) >> (32-(N))))
#define ROTR(W,N) (((W) >> (N)) | ((W) << (32-(N))))
@@ -31,7 +15,11 @@
#define BSIG1(X) (ROTR(X,6) ^ ROTR(X,11) ^ ROTR(X,25))
#define SSIG0(X) (ROTR((X),7) ^ ROTR((X),18) ^ ((X) >> 3))
#define SSIG1(X) (ROTR((X),17) ^ ROTR((X),19) ^ ((X) >> 10))
-#define R(A,B,C,D,E,F,G,H,T) T1 = H + BSIG1(E) + CH(E,F,G) + K[T] + w[T]; \
+#define R(A,B,C,D,E,F,G,H,T,K) T1 = H + BSIG1(E) + CH(E,F,G) + K + (w[T] = __rev(buffer2[T])); \
+ T2 = BSIG0(A) + MAJ(A,B,C); \
+ D += T1; \
+ H = T1 + T2;
+#define R2(A,B,C,D,E,F,G,H,T,K) T1 = H + BSIG1(E) + CH(E,F,G) + K + W(T&MASK); \
T2 = BSIG0(A) + MAJ(A,B,C); \
D += T1; \
H = T1 + T2;
@@ -119,7 +107,7 @@
{
memset(&buffer[bufferLength], 0, 64-bufferLength);
computeBlock(&h0, &h1, &h2, &h3, &h4, &h5, &h6, &h7, buffer);
- memset(buffer, 0, bufferLength);
+ memset(buffer, 0, 48);
}
uint64_t lengthBit = totalBufferLength << 3;
@@ -191,102 +179,83 @@
uint32_t *h72,
uint8_t *buffer)
{
- uint32_t w[64];
+ uint32_t w[16];
uint32_t *buffer2 = (uint32_t*)buffer;
- w[0] = __rev(buffer2[0]);
- w[1] = __rev(buffer2[1]);
- w[2] = __rev(buffer2[2]);
- w[3] = __rev(buffer2[3]);
- w[4] = __rev(buffer2[4]);
- w[5] = __rev(buffer2[5]);
- w[6] = __rev(buffer2[6]);
- w[7] = __rev(buffer2[7]);
- w[8] = __rev(buffer2[8]);
- w[9] = __rev(buffer2[9]);
- w[10] = __rev(buffer2[10]);
- w[11] = __rev(buffer2[11]);
- w[12] = __rev(buffer2[12]);
- w[13] = __rev(buffer2[13]);
- w[14] = __rev(buffer2[14]);
- w[15] = __rev(buffer2[15]);
-
- for(int t = 16; t < 64; ++t)
- w[t] = SSIG1(w[t-2]) + w[t-7] + SSIG0(w[t-15]) + w[t-16];
-
uint32_t a = *h02, b = *h12, c = *h22, d = *h32, e = *h42, f = *h52, g = *h62, h = *h72;
uint32_t T1, T2;
-
- R(a,b,c,d,e,f,g,h,0)
- R(h,a,b,c,d,e,f,g,1)
- R(g,h,a,b,c,d,e,f,2)
- R(f,g,h,a,b,c,d,e,3)
- R(e,f,g,h,a,b,c,d,4)
- R(d,e,f,g,h,a,b,c,5)
- R(c,d,e,f,g,h,a,b,6)
- R(b,c,d,e,f,g,h,a,7)
+
+
+ R(a,b,c,d,e,f,g,h,0,0x428a2f98)
+ R(h,a,b,c,d,e,f,g,1,0x71374491)
+ R(g,h,a,b,c,d,e,f,2,0xb5c0fbcf)
+ R(f,g,h,a,b,c,d,e,3,0xe9b5dba5)
+ R(e,f,g,h,a,b,c,d,4,0x3956c25b)
+ R(d,e,f,g,h,a,b,c,5,0x59f111f1)
+ R(c,d,e,f,g,h,a,b,6,0x923f82a4)
+ R(b,c,d,e,f,g,h,a,7,0xab1c5ed5)
- R(a,b,c,d,e,f,g,h,8)
- R(h,a,b,c,d,e,f,g,9)
- R(g,h,a,b,c,d,e,f,10)
- R(f,g,h,a,b,c,d,e,11)
- R(e,f,g,h,a,b,c,d,12)
- R(d,e,f,g,h,a,b,c,13)
- R(c,d,e,f,g,h,a,b,14)
- R(b,c,d,e,f,g,h,a,15)
-
- R(a,b,c,d,e,f,g,h,16)
- R(h,a,b,c,d,e,f,g,17)
- R(g,h,a,b,c,d,e,f,18)
- R(f,g,h,a,b,c,d,e,19)
- R(e,f,g,h,a,b,c,d,20)
- R(d,e,f,g,h,a,b,c,21)
- R(c,d,e,f,g,h,a,b,22)
- R(b,c,d,e,f,g,h,a,23)
+ R(a,b,c,d,e,f,g,h,8,0xd807aa98)
+ R(h,a,b,c,d,e,f,g,9,0x12835b01)
+ R(g,h,a,b,c,d,e,f,10,0x243185be)
+ R(f,g,h,a,b,c,d,e,11,0x550c7dc3)
+ R(e,f,g,h,a,b,c,d,12,0x72be5d74)
+ R(d,e,f,g,h,a,b,c,13,0x80deb1fe)
+ R(c,d,e,f,g,h,a,b,14,0x9bdc06a7)
+ R(b,c,d,e,f,g,h,a,15,0xc19bf174)
+
+ R2(a,b,c,d,e,f,g,h,16,0xe49b69c1)
+ R2(h,a,b,c,d,e,f,g,17,0xefbe4786)
+ R2(g,h,a,b,c,d,e,f,18,0x0fc19dc6)
+ R2(f,g,h,a,b,c,d,e,19,0x240ca1cc)
+ R2(e,f,g,h,a,b,c,d,20,0x2de92c6f)
+ R2(d,e,f,g,h,a,b,c,21,0x4a7484aa)
+ R2(c,d,e,f,g,h,a,b,22,0x5cb0a9dc)
+ R2(b,c,d,e,f,g,h,a,23,0x76f988da)
- R(a,b,c,d,e,f,g,h,24)
- R(h,a,b,c,d,e,f,g,25)
- R(g,h,a,b,c,d,e,f,26)
- R(f,g,h,a,b,c,d,e,27)
- R(e,f,g,h,a,b,c,d,28)
- R(d,e,f,g,h,a,b,c,29)
- R(c,d,e,f,g,h,a,b,30)
- R(b,c,d,e,f,g,h,a,31)
-
- R(a,b,c,d,e,f,g,h,32)
- R(h,a,b,c,d,e,f,g,33)
- R(g,h,a,b,c,d,e,f,34)
- R(f,g,h,a,b,c,d,e,35)
- R(e,f,g,h,a,b,c,d,36)
- R(d,e,f,g,h,a,b,c,37)
- R(c,d,e,f,g,h,a,b,38)
- R(b,c,d,e,f,g,h,a,39)
+ R2(a,b,c,d,e,f,g,h,24,0x983e5152)
+ R2(h,a,b,c,d,e,f,g,25,0xa831c66d)
+ R2(g,h,a,b,c,d,e,f,26,0xb00327c8)
+ R2(f,g,h,a,b,c,d,e,27,0xbf597fc7)
+ R2(e,f,g,h,a,b,c,d,28,0xc6e00bf3)
+ R2(d,e,f,g,h,a,b,c,29,0xd5a79147)
+ R2(c,d,e,f,g,h,a,b,30,0x06ca6351)
+ R2(b,c,d,e,f,g,h,a,31,0x14292967)
+
+ R2(a,b,c,d,e,f,g,h,32,0x27b70a85)
+ R2(h,a,b,c,d,e,f,g,33,0x2e1b2138)
+ R2(g,h,a,b,c,d,e,f,34,0x4d2c6dfc)
+ R2(f,g,h,a,b,c,d,e,35,0x53380d13)
+ R2(e,f,g,h,a,b,c,d,36,0x650a7354)
+ R2(d,e,f,g,h,a,b,c,37,0x766a0abb)
+ R2(c,d,e,f,g,h,a,b,38,0x81c2c92e)
+ R2(b,c,d,e,f,g,h,a,39,0x92722c85)
- R(a,b,c,d,e,f,g,h,40)
- R(h,a,b,c,d,e,f,g,41)
- R(g,h,a,b,c,d,e,f,42)
- R(f,g,h,a,b,c,d,e,43)
- R(e,f,g,h,a,b,c,d,44)
- R(d,e,f,g,h,a,b,c,45)
- R(c,d,e,f,g,h,a,b,46)
- R(b,c,d,e,f,g,h,a,47)
-
- R(a,b,c,d,e,f,g,h,48)
- R(h,a,b,c,d,e,f,g,49)
- R(g,h,a,b,c,d,e,f,50)
- R(f,g,h,a,b,c,d,e,51)
- R(e,f,g,h,a,b,c,d,52)
- R(d,e,f,g,h,a,b,c,53)
- R(c,d,e,f,g,h,a,b,54)
- R(b,c,d,e,f,g,h,a,55)
+ R2(a,b,c,d,e,f,g,h,40,0xa2bfe8a1)
+ R2(h,a,b,c,d,e,f,g,41,0xa81a664b)
+ R2(g,h,a,b,c,d,e,f,42,0xc24b8b70)
+ R2(f,g,h,a,b,c,d,e,43,0xc76c51a3)
+ R2(e,f,g,h,a,b,c,d,44,0xd192e819)
+ R2(d,e,f,g,h,a,b,c,45,0xd6990624)
+ R2(c,d,e,f,g,h,a,b,46,0xf40e3585)
+ R2(b,c,d,e,f,g,h,a,47,0x106aa070)
- R(a,b,c,d,e,f,g,h,56)
- R(h,a,b,c,d,e,f,g,57)
- R(g,h,a,b,c,d,e,f,58)
- R(f,g,h,a,b,c,d,e,59)
- R(e,f,g,h,a,b,c,d,60)
- R(d,e,f,g,h,a,b,c,61)
- R(c,d,e,f,g,h,a,b,62)
- R(b,c,d,e,f,g,h,a,63)
+ R2(a,b,c,d,e,f,g,h,48,0x19a4c116)
+ R2(h,a,b,c,d,e,f,g,49,0x1e376c08)
+ R2(g,h,a,b,c,d,e,f,50,0x2748774c)
+ R2(f,g,h,a,b,c,d,e,51,0x34b0bcb5)
+ R2(e,f,g,h,a,b,c,d,52,0x391c0cb3)
+ R2(d,e,f,g,h,a,b,c,53,0x4ed8aa4a)
+ R2(c,d,e,f,g,h,a,b,54,0x5b9cca4f)
+ R2(b,c,d,e,f,g,h,a,55,0x682e6ff3)
+
+ R2(a,b,c,d,e,f,g,h,56,0x748f82ee)
+ R2(h,a,b,c,d,e,f,g,57,0x78a5636f)
+ R2(g,h,a,b,c,d,e,f,58,0x84c87814)
+ R2(f,g,h,a,b,c,d,e,59,0x8cc70208)
+ R2(e,f,g,h,a,b,c,d,60,0x90befffa)
+ R2(d,e,f,g,h,a,b,c,61,0xa4506ceb)
+ R2(c,d,e,f,g,h,a,b,62,0xbef9a3f7)
+ R2(b,c,d,e,f,g,h,a,63,0xc67178f2)
*h02 += a;
@@ -326,7 +295,7 @@
{
memset(&buffer[length], 0, 64-length);
computeBlock(&h0, &h1, &h2, &h3, &h4, &h5, &h6, &h7, buffer);
- memset(buffer, 0, length);
+ memset(buffer, 0, 48);
}
uint32_t lengthBitLow = lengthBit;
--- a/SHA2_64.cpp Wed Sep 11 17:22:40 2013 +0000
+++ b/SHA2_64.cpp Thu Sep 12 10:18:57 2013 +0000
@@ -2,30 +2,6 @@
#include <string.h>
-static const uint64_t K[] =
-{
- 0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,
- 0x3956c25bf348b538, 0x59f111f1b605d019, 0x923f82a4af194f9b, 0xab1c5ed5da6d8118,
- 0xd807aa98a3030242, 0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
- 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235, 0xc19bf174cf692694,
- 0xe49b69c19ef14ad2, 0xefbe4786384f25e3, 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
- 0x2de92c6f592b0275, 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
- 0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f, 0xbf597fc7beef0ee4,
- 0xc6e00bf33da88fc2, 0xd5a79147930aa725, 0x06ca6351e003826f, 0x142929670a0e6e70,
- 0x27b70a8546d22ffc, 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
- 0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, 0x92722c851482353b,
- 0xa2bfe8a14cf10364, 0xa81a664bbc423001, 0xc24b8b70d0f89791, 0xc76c51a30654be30,
- 0xd192e819d6ef5218, 0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8,
- 0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,
- 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,
- 0x748f82ee5defb2fc, 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
- 0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, 0xc67178f2e372532b,
- 0xca273eceea26619c, 0xd186b8c721c0c207, 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,
- 0x06f067aa72176fba, 0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b,
- 0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,
- 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, 0x5fcb6fab3ad6faec, 0x6c44198c4a475817
-};
-
static const uint64_t H[] =
{
// SHA-384
@@ -39,14 +15,8 @@
static uint64_t revWord(uint64_t w)
{
- return (w >> 56)
- | ((w & 0x00FF000000000000) >> 40)
- | ((w & 0x0000FF0000000000) >> 24)
- | ((w & 0x000000FF00000000) >> 8)
- | ((w & 0x00000000FF000000) << 8)
- | ((w & 0x0000000000FF0000) << 24)
- | ((w & 0x000000000000FF00) << 40)
- | ((w & 0x00000000000000FF) << 56);
+ return __rev((w & 0xFFFFFFFF00000000) >> 32)
+ | ((uint64_t)(__rev(w & 0x00000000FFFFFFFF)) << 32);
}
#define ROTL(W,N) (((W) << (N)) | ((W) >> (64-(N))))
@@ -58,7 +28,11 @@
#define SSIG0(X) (ROTR((X),1) ^ ROTR((X),8) ^ ((X) >> 7))
#define SSIG1(X) (ROTR((X),19) ^ ROTR((X),61) ^ ((X) >> 6))
-
+#define R(A,B,C,D,E,F,G,H,K,T) T1 = H + BSIG1(E) + CH(E,F,G) + K + w[T]; \
+ T2 = BSIG0(A) + MAJ(A,B,C); \
+ D += T1; \
+ H = T1 + T2;
+
SHA2_64::SHA2_64(SHA2_64_TYPE t):
type(t),
@@ -198,28 +172,124 @@
uint8_t *buffer)
{
uint64_t w[80];
- for(int t = 0; t < 16; ++t)
- {
- memcpy(&w[t], &buffer[t*8], 8);
- w[t] = revWord(w[t]);
- }
+ uint64_t *buffer2 = (uint64_t*)buffer;
+
+ w[0] = revWord(buffer2[0]);
+ w[1] = revWord(buffer2[1]);
+ w[2] = revWord(buffer2[2]);
+ w[3] = revWord(buffer2[3]);
+ w[4] = revWord(buffer2[4]);
+ w[5] = revWord(buffer2[5]);
+ w[6] = revWord(buffer2[6]);
+ w[7] = revWord(buffer2[7]);
+ w[8] = revWord(buffer2[8]);
+ w[9] = revWord(buffer2[9]);
+ w[10] = revWord(buffer2[10]);
+ w[11] = revWord(buffer2[11]);
+ w[12] = revWord(buffer2[12]);
+ w[13] = revWord(buffer2[13]);
+ w[14] = revWord(buffer2[14]);
+ w[15] = revWord(buffer2[15]);
+
for(int t = 16; t < 80; ++t)
w[t] = SSIG1(w[t-2]) + w[t-7] + SSIG0(w[t-15]) + w[t-16];
uint64_t a = *h02, b = *h12, c = *h22, d = *h32, e = *h42, f = *h52, g = *h62, h = *h72;
- for(int t = 0; t < 80; ++t)
- {
- uint64_t T1 = h + BSIG1(e) + CH(e,f,g) + K[t] + w[t];
- uint64_t T2 = BSIG0(a) + MAJ(a,b,c);
- h = g;
- g = f;
- f = e;
- e = d + T1;
- d = c;
- c = b;
- b = a;
- a = T1 + T2;
- }
+ uint64_t T1, T2;
+
+
+ R(a,b,c,d,e,f,g,h,0x428a2f98d728ae22,0)
+ R(h,a,b,c,d,e,f,g,0x7137449123ef65cd,1)
+ R(g,h,a,b,c,d,e,f,0xb5c0fbcfec4d3b2f,2)
+ R(f,g,h,a,b,c,d,e,0xe9b5dba58189dbbc,3)
+ R(e,f,g,h,a,b,c,d,0x3956c25bf348b538,4)
+ R(d,e,f,g,h,a,b,c,0x59f111f1b605d019,5)
+ R(c,d,e,f,g,h,a,b,0x923f82a4af194f9b,6)
+ R(b,c,d,e,f,g,h,a,0xab1c5ed5da6d8118,7)
+
+ R(a,b,c,d,e,f,g,h,0xd807aa98a3030242,8)
+ R(h,a,b,c,d,e,f,g,0x12835b0145706fbe,9)
+ R(g,h,a,b,c,d,e,f,0x243185be4ee4b28c,10)
+ R(f,g,h,a,b,c,d,e,0x550c7dc3d5ffb4e2,11)
+ R(e,f,g,h,a,b,c,d,0x72be5d74f27b896f,12)
+ R(d,e,f,g,h,a,b,c,0x80deb1fe3b1696b1,13)
+ R(c,d,e,f,g,h,a,b,0x9bdc06a725c71235,14)
+ R(b,c,d,e,f,g,h,a,0xc19bf174cf692694,15)
+
+
+ R(a,b,c,d,e,f,g,h,0xe49b69c19ef14ad2,16)
+ R(h,a,b,c,d,e,f,g,0xefbe4786384f25e3,17)
+ R(g,h,a,b,c,d,e,f,0x0fc19dc68b8cd5b5,18)
+ R(f,g,h,a,b,c,d,e,0x240ca1cc77ac9c65,19)
+ R(e,f,g,h,a,b,c,d,0x2de92c6f592b0275,20)
+ R(d,e,f,g,h,a,b,c,0x4a7484aa6ea6e483,21)
+ R(c,d,e,f,g,h,a,b,0x5cb0a9dcbd41fbd4,22)
+ R(b,c,d,e,f,g,h,a,0x76f988da831153b5,23)
+
+ R(a,b,c,d,e,f,g,h,0x983e5152ee66dfab,24)
+ R(h,a,b,c,d,e,f,g,0xa831c66d2db43210,25)
+ R(g,h,a,b,c,d,e,f,0xb00327c898fb213f,26)
+ R(f,g,h,a,b,c,d,e,0xbf597fc7beef0ee4,27)
+ R(e,f,g,h,a,b,c,d,0xc6e00bf33da88fc2,28)
+ R(d,e,f,g,h,a,b,c,0xd5a79147930aa725,29)
+ R(c,d,e,f,g,h,a,b,0x06ca6351e003826f,30)
+ R(b,c,d,e,f,g,h,a,0x142929670a0e6e70,31)
+
+
+ R(a,b,c,d,e,f,g,h,0x27b70a8546d22ffc,32)
+ R(h,a,b,c,d,e,f,g,0x2e1b21385c26c926,33)
+ R(g,h,a,b,c,d,e,f,0x4d2c6dfc5ac42aed,34)
+ R(f,g,h,a,b,c,d,e,0x53380d139d95b3df,35)
+ R(e,f,g,h,a,b,c,d,0x650a73548baf63de,36)
+ R(d,e,f,g,h,a,b,c,0x766a0abb3c77b2a8,37)
+ R(c,d,e,f,g,h,a,b,0x81c2c92e47edaee6,38)
+ R(b,c,d,e,f,g,h,a,0x92722c851482353b,39)
+
+ R(a,b,c,d,e,f,g,h,0xa2bfe8a14cf10364,40)
+ R(h,a,b,c,d,e,f,g,0xa81a664bbc423001,41)
+ R(g,h,a,b,c,d,e,f,0xc24b8b70d0f89791,42)
+ R(f,g,h,a,b,c,d,e,0xc76c51a30654be30,43)
+ R(e,f,g,h,a,b,c,d,0xd192e819d6ef5218,44)
+ R(d,e,f,g,h,a,b,c,0xd69906245565a910,45)
+ R(c,d,e,f,g,h,a,b,0xf40e35855771202a,46)
+ R(b,c,d,e,f,g,h,a,0x106aa07032bbd1b8,47)
+
+ R(a,b,c,d,e,f,g,h,0x19a4c116b8d2d0c8,48)
+ R(h,a,b,c,d,e,f,g,0x1e376c085141ab53,49)
+ R(g,h,a,b,c,d,e,f,0x2748774cdf8eeb99,50)
+ R(f,g,h,a,b,c,d,e,0x34b0bcb5e19b48a8,51)
+ R(e,f,g,h,a,b,c,d,0x391c0cb3c5c95a63,52)
+ R(d,e,f,g,h,a,b,c,0x4ed8aa4ae3418acb,53)
+ R(c,d,e,f,g,h,a,b,0x5b9cca4f7763e373,54)
+ R(b,c,d,e,f,g,h,a,0x682e6ff3d6b2b8a3,55)
+
+ R(a,b,c,d,e,f,g,h,0x748f82ee5defb2fc,56)
+ R(h,a,b,c,d,e,f,g,0x78a5636f43172f60,57)
+ R(g,h,a,b,c,d,e,f,0x84c87814a1f0ab72,58)
+ R(f,g,h,a,b,c,d,e,0x8cc702081a6439ec,59)
+ R(e,f,g,h,a,b,c,d,0x90befffa23631e28,60)
+ R(d,e,f,g,h,a,b,c,0xa4506cebde82bde9,61)
+ R(c,d,e,f,g,h,a,b,0xbef9a3f7b2c67915,62)
+ R(b,c,d,e,f,g,h,a,0xc67178f2e372532b,63)
+
+ R(a,b,c,d,e,f,g,h,0xca273eceea26619c,64)
+ R(h,a,b,c,d,e,f,g,0xd186b8c721c0c207,65)
+ R(g,h,a,b,c,d,e,f,0xeada7dd6cde0eb1e,66)
+ R(f,g,h,a,b,c,d,e,0xf57d4f7fee6ed178,67)
+ R(e,f,g,h,a,b,c,d,0x06f067aa72176fba,68)
+ R(d,e,f,g,h,a,b,c,0x0a637dc5a2c898a6,69)
+ R(c,d,e,f,g,h,a,b,0x113f9804bef90dae,70)
+ R(b,c,d,e,f,g,h,a,0x1b710b35131c471b,71)
+
+ R(a,b,c,d,e,f,g,h,0x28db77f523047d84,72)
+ R(h,a,b,c,d,e,f,g,0x32caab7b40c72493,73)
+ R(g,h,a,b,c,d,e,f,0x3c9ebe0a15c9bebc,74)
+ R(f,g,h,a,b,c,d,e,0x431d67c49c100d4c,75)
+ R(e,f,g,h,a,b,c,d,0x4cc5d4becb3e42b6,76)
+ R(d,e,f,g,h,a,b,c,0x597f299cfc657e2a,77)
+ R(c,d,e,f,g,h,a,b,0x5fcb6fab3ad6faec,78)
+ R(b,c,d,e,f,g,h,a,0x6c44198c4a475817,79)
+
*h02 += a;
*h12 += b;
*h22 += c;