ffmpeg / libavutil / sha.c @ 80a07f6e
History  View  Annotate  Download (12.2 KB)
1 
/*


2 
* Copyright (C) 2007 Michael Niedermayer <michaelni@gmx.at>

3 
* Copyright (C) 2009 Konstantin Shishkov

4 
* based on public domain SHA1 code by Steve Reid <steve@edmweb.com>

5 
* and on BSDlicensed SHA2 code by Aaron D. Gifford

6 
*

7 
* This file is part of FFmpeg.

8 
*

9 
* FFmpeg is free software; you can redistribute it and/or

10 
* modify it under the terms of the GNU Lesser General Public

11 
* License as published by the Free Software Foundation; either

12 
* version 2.1 of the License, or (at your option) any later version.

13 
*

14 
* FFmpeg is distributed in the hope that it will be useful,

15 
* but WITHOUT ANY WARRANTY; without even the implied warranty of

16 
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

17 
* Lesser General Public License for more details.

18 
*

19 
* You should have received a copy of the GNU Lesser General Public

20 
* License along with FFmpeg; if not, write to the Free Software

21 
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 021101301 USA

22 
*/

23  
24 
#include "common.h" 
25 
#include "avutil.h" 
26 
#include "bswap.h" 
27 
#include "sha.h" 
28  
29 
/** hash context */

30 
typedef struct AVSHA { 
31 
uint8_t digest_len; ///< digest length in 32bit words

32 
uint64_t count; ///< number of bytes in buffer

33 
uint8_t buffer[64]; ///< 512bit buffer of input values used in hash updating 
34 
uint32_t state[8]; ///< current hash value 
35 
/** function used to update hash for 512bit input block */

36 
void (*transform)(uint32_t *state, const uint8_t buffer[64]); 
37 
} AVSHA; 
38  
39 
const int av_sha_size = sizeof(AVSHA); 
40  
41 
#define rol(value, bits) (((value) << (bits))  ((value) >> (32  (bits)))) 
42  
43 
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */

44 
#define blk0(i) (block[i] = be2me_32(((const uint32_t*)buffer)[i])) 
45 
#define blk(i) (block[i] = rol(block[i3] ^ block[i8] ^ block[i14] ^ block[i16], 1)) 
46  
47 
#define R0(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30); 
48 
#define R1(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30); 
49 
#define R2(v,w,x,y,z,i) z += ( w^x ^y) + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30); 
50 
#define R3(v,w,x,y,z,i) z += (((wx)&y)(w&x)) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30); 
51 
#define R4(v,w,x,y,z,i) z += ( w^x ^y) + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30); 
52  
53 
/* Hash a single 512bit block. This is the core of the algorithm. */

54  
55 
static void sha1_transform(uint32_t state[5], const uint8_t buffer[64]) 
56 
{ 
57 
uint32_t block[80];

58 
unsigned int i, a, b, c, d, e; 
59  
60 
a = state[0];

61 
b = state[1];

62 
c = state[2];

63 
d = state[3];

64 
e = state[4];

65 
#if CONFIG_SMALL

66 
for (i = 0; i < 80; i++) { 
67 
int t;

68 
if (i < 16) 
69 
t = be2me_32(((uint32_t*)buffer)[i]); 
70 
else

71 
t = rol(block[i3] ^ block[i8] ^ block[i14] ^ block[i16], 1); 
72 
block[i] = t; 
73 
t += e + rol(a, 5);

74 
if (i < 40) { 
75 
if (i < 20) 
76 
t += ((b&(c^d))^d) + 0x5A827999;

77 
else

78 
t += ( b^c ^d) + 0x6ED9EBA1;

79 
} else {

80 
if (i < 60) 
81 
t += (((bc)&d)(b&c)) + 0x8F1BBCDC;

82 
else

83 
t += ( b^c ^d) + 0xCA62C1D6;

84 
} 
85 
e = d; 
86 
d = c; 
87 
c = rol(b, 30);

88 
b = a; 
89 
a = t; 
90 
} 
91 
#else

92 
for (i = 0; i < 15; i += 5) { 
93 
R0(a, b, c, d, e, 0 + i);

94 
R0(e, a, b, c, d, 1 + i);

95 
R0(d, e, a, b, c, 2 + i);

96 
R0(c, d, e, a, b, 3 + i);

97 
R0(b, c, d, e, a, 4 + i);

98 
} 
99 
R0(a, b, c, d, e, 15);

100 
R1(e, a, b, c, d, 16);

101 
R1(d, e, a, b, c, 17);

102 
R1(c, d, e, a, b, 18);

103 
R1(b, c, d, e, a, 19);

104 
for (i = 20; i < 40; i += 5) { 
105 
R2(a, b, c, d, e, 0 + i);

106 
R2(e, a, b, c, d, 1 + i);

107 
R2(d, e, a, b, c, 2 + i);

108 
R2(c, d, e, a, b, 3 + i);

109 
R2(b, c, d, e, a, 4 + i);

110 
} 
111 
for (; i < 60; i += 5) { 
112 
R3(a, b, c, d, e, 0 + i);

113 
R3(e, a, b, c, d, 1 + i);

114 
R3(d, e, a, b, c, 2 + i);

115 
R3(c, d, e, a, b, 3 + i);

116 
R3(b, c, d, e, a, 4 + i);

117 
} 
118 
for (; i < 80; i += 5) { 
119 
R4(a, b, c, d, e, 0 + i);

120 
R4(e, a, b, c, d, 1 + i);

121 
R4(d, e, a, b, c, 2 + i);

122 
R4(c, d, e, a, b, 3 + i);

123 
R4(b, c, d, e, a, 4 + i);

124 
} 
125 
#endif

126 
state[0] += a;

127 
state[1] += b;

128 
state[2] += c;

129 
state[3] += d;

130 
state[4] += e;

131 
} 
132  
133 
static const uint32_t K256[64] = { 
134 
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 
135 
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 
136 
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 
137 
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 
138 
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 
139 
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 
140 
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 
141 
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 
142 
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 
143 
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 
144 
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 
145 
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 
146 
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 
147 
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 
148 
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 
149 
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 
150 
}; 
151  
152  
153 
#define Ch(x,y,z) (((x) & ((y) ^ (z))) ^ (z))

154 
#define Maj(x,y,z) ((((x)  (y)) & (z))  ((x) & (y)))

155  
156 
#define Sigma0_256(x) (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10)) 
157 
#define Sigma1_256(x) (rol((x), 26) ^ rol((x), 21) ^ rol((x), 7)) 
158 
#define sigma0_256(x) (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3)) 
159 
#define sigma1_256(x) (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10)) 
160  
161 
#undef blk

162 
#define blk(i) (block[i] = block[i  16] + sigma0_256(block[i  15]) + \ 
163 
sigma1_256(block[i  2]) + block[i  7]) 
164  
165 
#define ROUND256(a,b,c,d,e,f,g,h) \

166 
T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \ 
167 
(d) += T1; \ 
168 
(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 
169 
i++ 
170  
171 
#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \

172 
T1 = blk0(i); \ 
173 
ROUND256(a,b,c,d,e,f,g,h) 
174  
175 
#define ROUND256_16_TO_63(a,b,c,d,e,f,g,h) \

176 
T1 = blk(i); \ 
177 
ROUND256(a,b,c,d,e,f,g,h) 
178  
179 
static void sha256_transform(uint32_t *state, const uint8_t buffer[64]) 
180 
{ 
181 
unsigned int i, a, b, c, d, e, f, g, h; 
182 
uint32_t block[64];

183 
uint32_t T1, av_unused(T2); 
184  
185 
a = state[0];

186 
b = state[1];

187 
c = state[2];

188 
d = state[3];

189 
e = state[4];

190 
f = state[5];

191 
g = state[6];

192 
h = state[7];

193 
#if CONFIG_SMALL

194 
for (i = 0; i < 64; i++) { 
195 
if (i < 16) 
196 
T1 = blk0(i); 
197 
else

198 
T1 = blk(i); 
199 
T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i]; 
200 
T2 = Sigma0_256(a) + Maj(a, b, c); 
201 
h = g; 
202 
g = f; 
203 
f = e; 
204 
e = d + T1; 
205 
d = c; 
206 
c = b; 
207 
b = a; 
208 
a = T1 + T2; 
209 
} 
210 
#else

211 
for (i = 0; i < 16;) { 
212 
ROUND256_0_TO_15(a, b, c, d, e, f, g, h); 
213 
ROUND256_0_TO_15(h, a, b, c, d, e, f, g); 
214 
ROUND256_0_TO_15(g, h, a, b, c, d, e, f); 
215 
ROUND256_0_TO_15(f, g, h, a, b, c, d, e); 
216 
ROUND256_0_TO_15(e, f, g, h, a, b, c, d); 
217 
ROUND256_0_TO_15(d, e, f, g, h, a, b, c); 
218 
ROUND256_0_TO_15(c, d, e, f, g, h, a, b); 
219 
ROUND256_0_TO_15(b, c, d, e, f, g, h, a); 
220 
} 
221  
222 
for (; i < 64;) { 
223 
ROUND256_16_TO_63(a, b, c, d, e, f, g, h); 
224 
ROUND256_16_TO_63(h, a, b, c, d, e, f, g); 
225 
ROUND256_16_TO_63(g, h, a, b, c, d, e, f); 
226 
ROUND256_16_TO_63(f, g, h, a, b, c, d, e); 
227 
ROUND256_16_TO_63(e, f, g, h, a, b, c, d); 
228 
ROUND256_16_TO_63(d, e, f, g, h, a, b, c); 
229 
ROUND256_16_TO_63(c, d, e, f, g, h, a, b); 
230 
ROUND256_16_TO_63(b, c, d, e, f, g, h, a); 
231 
} 
232 
#endif

233 
state[0] += a;

234 
state[1] += b;

235 
state[2] += c;

236 
state[3] += d;

237 
state[4] += e;

238 
state[5] += f;

239 
state[6] += g;

240 
state[7] += h;

241 
} 
242  
243  
244 
int av_sha_init(AVSHA* ctx, int bits) 
245 
{ 
246 
ctx>digest_len = bits >> 5;

247 
switch (bits) {

248 
case 160: // SHA1 
249 
ctx>state[0] = 0x67452301; 
250 
ctx>state[1] = 0xEFCDAB89; 
251 
ctx>state[2] = 0x98BADCFE; 
252 
ctx>state[3] = 0x10325476; 
253 
ctx>state[4] = 0xC3D2E1F0; 
254 
ctx>transform = sha1_transform; 
255 
break;

256 
case 224: // SHA224 
257 
ctx>state[0] = 0xC1059ED8; 
258 
ctx>state[1] = 0x367CD507; 
259 
ctx>state[2] = 0x3070DD17; 
260 
ctx>state[3] = 0xF70E5939; 
261 
ctx>state[4] = 0xFFC00B31; 
262 
ctx>state[5] = 0x68581511; 
263 
ctx>state[6] = 0x64F98FA7; 
264 
ctx>state[7] = 0xBEFA4FA4; 
265 
ctx>transform = sha256_transform; 
266 
break;

267 
case 256: // SHA256 
268 
ctx>state[0] = 0x6A09E667; 
269 
ctx>state[1] = 0xBB67AE85; 
270 
ctx>state[2] = 0x3C6EF372; 
271 
ctx>state[3] = 0xA54FF53A; 
272 
ctx>state[4] = 0x510E527F; 
273 
ctx>state[5] = 0x9B05688C; 
274 
ctx>state[6] = 0x1F83D9AB; 
275 
ctx>state[7] = 0x5BE0CD19; 
276 
ctx>transform = sha256_transform; 
277 
break;

278 
default:

279 
return 1; 
280 
} 
281 
ctx>count = 0;

282 
return 0; 
283 
} 
284  
285 
void av_sha_update(AVSHA* ctx, const uint8_t* data, unsigned int len) 
286 
{ 
287 
unsigned int i, j; 
288  
289 
j = ctx>count & 63;

290 
ctx>count += len; 
291 
#if CONFIG_SMALL

292 
for (i = 0; i < len; i++) { 
293 
ctx>buffer[j++] = data[i]; 
294 
if (64 == j) { 
295 
ctx>transform(ctx>state, ctx>buffer); 
296 
j = 0;

297 
} 
298 
} 
299 
#else

300 
if ((j + len) > 63) { 
301 
memcpy(&ctx>buffer[j], data, (i = 64  j));

302 
ctx>transform(ctx>state, ctx>buffer); 
303 
for (; i + 63 < len; i += 64) 
304 
ctx>transform(ctx>state, &data[i]); 
305 
j = 0;

306 
} else

307 
i = 0;

308 
memcpy(&ctx>buffer[j], &data[i], len  i); 
309 
#endif

310 
} 
311  
312 
void av_sha_final(AVSHA* ctx, uint8_t *digest)

313 
{ 
314 
int i;

315 
uint64_t finalcount = be2me_64(ctx>count << 3);

316  
317 
av_sha_update(ctx, "\200", 1); 
318 
while ((ctx>count & 63) != 56) 
319 
av_sha_update(ctx, "", 1); 
320 
av_sha_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */ 
321 
for (i = 0; i < ctx>digest_len; i++) 
322 
((uint32_t*)digest)[i] = be2me_32(ctx>state[i]); 
323 
} 
324  
325 
#if LIBAVUTIL_VERSION_MAJOR < 51 
326 
struct AVSHA1 {

327 
AVSHA sha; 
328 
}; 
329  
330 
const int av_sha1_size = sizeof(struct AVSHA1); 
331  
332 
void av_sha1_init(struct AVSHA1* context) 
333 
{ 
334 
av_sha_init(&context>sha, 160);

335 
} 
336  
337 
void av_sha1_update(struct AVSHA1* context, const uint8_t* data, unsigned int len) 
338 
{ 
339 
av_sha_update(&context>sha, data, len); 
340 
} 
341  
342 
void av_sha1_final(struct AVSHA1* context, uint8_t digest[20]) 
343 
{ 
344 
av_sha_final(&context>sha, digest); 
345 
} 
346 
#endif

347  
348 
#ifdef TEST

349 
#include <stdio.h> 
350 
#undef printf

351  
352 
int main(void) 
353 
{ 
354 
int i, j, k;

355 
AVSHA ctx; 
356 
unsigned char digest[32]; 
357 
const int lengths[3] = { 160, 224, 256 }; 
358  
359 
for (j = 0; j < 3; j++) { 
360 
printf("Testing SHA%d\n", lengths[j]);

361 
for (k = 0; k < 3; k++) { 
362 
av_sha_init(&ctx, lengths[j]); 
363 
if (k == 0) 
364 
av_sha_update(&ctx, "abc", 3); 
365 
else if (k == 1) 
366 
av_sha_update(&ctx, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56); 
367 
else

368 
for (i = 0; i < 1000*1000; i++) 
369 
av_sha_update(&ctx, "a", 1); 
370 
av_sha_final(&ctx, digest); 
371 
for (i = 0; i < lengths[j] >> 3; i++) 
372 
printf("%02X", digest[i]);

373 
putchar('\n');

374 
} 
375 
switch (j) {

376 
case 0: 
377 
//test vectors (from FIPS PUB 1801)

378 
printf("A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D\n"

379 
"84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1\n"

380 
"34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F\n");

381 
break;

382 
case 1: 
383 
//test vectors (from FIPS PUB 1802 Appendix A)

384 
printf("23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7\n"

385 
"75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525\n"

386 
"20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67\n");

387 
break;

388 
case 2: 
389 
//test vectors (from FIPS PUB 1802)

390 
printf("ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad\n"

391 
"248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1\n"

392 
"cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0\n");

393 
break;

394 
} 
395 
} 
396  
397 
return 0; 
398 
} 
399 
#endif
