Statistics
| Branch: | Revision:

ffmpeg / libavutil / sha.c @ 80a07f6e

History | View | Annotate | Download (12.2 KB)

1
/*
2
 * Copyright (C) 2007 Michael Niedermayer <michaelni@gmx.at>
3
 * Copyright (C) 2009 Konstantin Shishkov
4
 * based on public domain SHA-1 code by Steve Reid <steve@edmweb.com>
5
 * and on BSD-licensed SHA-2 code by Aaron D. Gifford
6
 *
7
 * This file is part of FFmpeg.
8
 *
9
 * FFmpeg is free software; you can redistribute it and/or
10
 * modify it under the terms of the GNU Lesser General Public
11
 * License as published by the Free Software Foundation; either
12
 * version 2.1 of the License, or (at your option) any later version.
13
 *
14
 * FFmpeg is distributed in the hope that it will be useful,
15
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17
 * Lesser General Public License for more details.
18
 *
19
 * You should have received a copy of the GNU Lesser General Public
20
 * License along with FFmpeg; if not, write to the Free Software
21
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22
 */
23

    
24
#include "common.h"
25
#include "avutil.h"
26
#include "bswap.h"
27
#include "sha.h"
28

    
29
/** hash context */
30
typedef struct AVSHA {
31
    uint8_t  digest_len;  ///< digest length in 32-bit words
32
    uint64_t count;       ///< number of bytes in buffer
33
    uint8_t  buffer[64];  ///< 512-bit buffer of input values used in hash updating
34
    uint32_t state[8];    ///< current hash value
35
    /** function used to update hash for 512-bit input block */
36
    void     (*transform)(uint32_t *state, const uint8_t buffer[64]);
37
} AVSHA;
38

    
39
const int av_sha_size = sizeof(AVSHA);
40

    
41
#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
42

    
43
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
44
#define blk0(i) (block[i] = be2me_32(((const uint32_t*)buffer)[i]))
45
#define blk(i)  (block[i] = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1))
46

    
47
#define R0(v,w,x,y,z,i) z += ((w&(x^y))^y)     + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
48
#define R1(v,w,x,y,z,i) z += ((w&(x^y))^y)     + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
49
#define R2(v,w,x,y,z,i) z += ( w^x     ^y)     + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30);
50
#define R3(v,w,x,y,z,i) z += (((w|x)&y)|(w&x)) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30);
51
#define R4(v,w,x,y,z,i) z += ( w^x     ^y)     + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30);
52

    
53
/* Hash a single 512-bit block. This is the core of the algorithm. */
54

    
55
static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])
56
{
57
    uint32_t block[80];
58
    unsigned int i, a, b, c, d, e;
59

    
60
    a = state[0];
61
    b = state[1];
62
    c = state[2];
63
    d = state[3];
64
    e = state[4];
65
#if CONFIG_SMALL
66
    for (i = 0; i < 80; i++) {
67
        int t;
68
        if (i < 16)
69
            t = be2me_32(((uint32_t*)buffer)[i]);
70
        else
71
            t = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1);
72
        block[i] = t;
73
        t += e + rol(a, 5);
74
        if (i < 40) {
75
            if (i < 20)
76
                t += ((b&(c^d))^d)     + 0x5A827999;
77
            else
78
                t += ( b^c     ^d)     + 0x6ED9EBA1;
79
        } else {
80
            if (i < 60)
81
                t += (((b|c)&d)|(b&c)) + 0x8F1BBCDC;
82
            else
83
                t += ( b^c     ^d)     + 0xCA62C1D6;
84
        }
85
        e = d;
86
        d = c;
87
        c = rol(b, 30);
88
        b = a;
89
        a = t;
90
    }
91
#else
92
    for (i = 0; i < 15; i += 5) {
93
        R0(a, b, c, d, e, 0 + i);
94
        R0(e, a, b, c, d, 1 + i);
95
        R0(d, e, a, b, c, 2 + i);
96
        R0(c, d, e, a, b, 3 + i);
97
        R0(b, c, d, e, a, 4 + i);
98
    }
99
    R0(a, b, c, d, e, 15);
100
    R1(e, a, b, c, d, 16);
101
    R1(d, e, a, b, c, 17);
102
    R1(c, d, e, a, b, 18);
103
    R1(b, c, d, e, a, 19);
104
    for (i = 20; i < 40; i += 5) {
105
        R2(a, b, c, d, e, 0 + i);
106
        R2(e, a, b, c, d, 1 + i);
107
        R2(d, e, a, b, c, 2 + i);
108
        R2(c, d, e, a, b, 3 + i);
109
        R2(b, c, d, e, a, 4 + i);
110
    }
111
    for (; i < 60; i += 5) {
112
        R3(a, b, c, d, e, 0 + i);
113
        R3(e, a, b, c, d, 1 + i);
114
        R3(d, e, a, b, c, 2 + i);
115
        R3(c, d, e, a, b, 3 + i);
116
        R3(b, c, d, e, a, 4 + i);
117
    }
118
    for (; i < 80; i += 5) {
119
        R4(a, b, c, d, e, 0 + i);
120
        R4(e, a, b, c, d, 1 + i);
121
        R4(d, e, a, b, c, 2 + i);
122
        R4(c, d, e, a, b, 3 + i);
123
        R4(b, c, d, e, a, 4 + i);
124
    }
125
#endif
126
    state[0] += a;
127
    state[1] += b;
128
    state[2] += c;
129
    state[3] += d;
130
    state[4] += e;
131
}
132

    
133
static const uint32_t K256[64] = {
134
    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
135
    0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
136
    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
137
    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
138
    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
139
    0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
140
    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
141
    0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
142
    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
143
    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
144
    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
145
    0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
146
    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
147
    0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
148
    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
149
    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
150
};
151

    
152

    
153
#define Ch(x,y,z)   (((x) & ((y) ^ (z))) ^ (z))
154
#define Maj(x,y,z)  ((((x) | (y)) & (z)) | ((x) & (y)))
155

    
156
#define Sigma0_256(x)   (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10))
157
#define Sigma1_256(x)   (rol((x), 26) ^ rol((x), 21) ^ rol((x),  7))
158
#define sigma0_256(x)   (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3))
159
#define sigma1_256(x)   (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10))
160

    
161
#undef blk
162
#define blk(i)  (block[i] = block[i - 16] + sigma0_256(block[i - 15]) + \
163
                            sigma1_256(block[i - 2]) + block[i - 7])
164

    
165
#define ROUND256(a,b,c,d,e,f,g,h)   \
166
    T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \
167
    (d) += T1; \
168
    (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
169
    i++
170

    
171
#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)   \
172
    T1 = blk0(i); \
173
    ROUND256(a,b,c,d,e,f,g,h)
174

    
175
#define ROUND256_16_TO_63(a,b,c,d,e,f,g,h)   \
176
    T1 = blk(i); \
177
    ROUND256(a,b,c,d,e,f,g,h)
178

    
179
static void sha256_transform(uint32_t *state, const uint8_t buffer[64])
180
{
181
    unsigned int i, a, b, c, d, e, f, g, h;
182
    uint32_t block[64];
183
    uint32_t T1, av_unused(T2);
184

    
185
    a = state[0];
186
    b = state[1];
187
    c = state[2];
188
    d = state[3];
189
    e = state[4];
190
    f = state[5];
191
    g = state[6];
192
    h = state[7];
193
#if CONFIG_SMALL
194
    for (i = 0; i < 64; i++) {
195
        if (i < 16)
196
            T1 = blk0(i);
197
        else
198
            T1 = blk(i);
199
        T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i];
200
        T2 = Sigma0_256(a) + Maj(a, b, c);
201
        h = g;
202
        g = f;
203
        f = e;
204
        e = d + T1;
205
        d = c;
206
        c = b;
207
        b = a;
208
        a = T1 + T2;
209
    }
210
#else
211
    for (i = 0; i < 16;) {
212
        ROUND256_0_TO_15(a, b, c, d, e, f, g, h);
213
        ROUND256_0_TO_15(h, a, b, c, d, e, f, g);
214
        ROUND256_0_TO_15(g, h, a, b, c, d, e, f);
215
        ROUND256_0_TO_15(f, g, h, a, b, c, d, e);
216
        ROUND256_0_TO_15(e, f, g, h, a, b, c, d);
217
        ROUND256_0_TO_15(d, e, f, g, h, a, b, c);
218
        ROUND256_0_TO_15(c, d, e, f, g, h, a, b);
219
        ROUND256_0_TO_15(b, c, d, e, f, g, h, a);
220
    }
221

    
222
    for (; i < 64;) {
223
        ROUND256_16_TO_63(a, b, c, d, e, f, g, h);
224
        ROUND256_16_TO_63(h, a, b, c, d, e, f, g);
225
        ROUND256_16_TO_63(g, h, a, b, c, d, e, f);
226
        ROUND256_16_TO_63(f, g, h, a, b, c, d, e);
227
        ROUND256_16_TO_63(e, f, g, h, a, b, c, d);
228
        ROUND256_16_TO_63(d, e, f, g, h, a, b, c);
229
        ROUND256_16_TO_63(c, d, e, f, g, h, a, b);
230
        ROUND256_16_TO_63(b, c, d, e, f, g, h, a);
231
    }
232
#endif
233
    state[0] += a;
234
    state[1] += b;
235
    state[2] += c;
236
    state[3] += d;
237
    state[4] += e;
238
    state[5] += f;
239
    state[6] += g;
240
    state[7] += h;
241
}
242

    
243

    
244
int av_sha_init(AVSHA* ctx, int bits)
245
{
246
    ctx->digest_len = bits >> 5;
247
    switch (bits) {
248
    case 160: // SHA-1
249
        ctx->state[0] = 0x67452301;
250
        ctx->state[1] = 0xEFCDAB89;
251
        ctx->state[2] = 0x98BADCFE;
252
        ctx->state[3] = 0x10325476;
253
        ctx->state[4] = 0xC3D2E1F0;
254
        ctx->transform = sha1_transform;
255
        break;
256
    case 224: // SHA-224
257
        ctx->state[0] = 0xC1059ED8;
258
        ctx->state[1] = 0x367CD507;
259
        ctx->state[2] = 0x3070DD17;
260
        ctx->state[3] = 0xF70E5939;
261
        ctx->state[4] = 0xFFC00B31;
262
        ctx->state[5] = 0x68581511;
263
        ctx->state[6] = 0x64F98FA7;
264
        ctx->state[7] = 0xBEFA4FA4;
265
        ctx->transform = sha256_transform;
266
        break;
267
    case 256: // SHA-256
268
        ctx->state[0] = 0x6A09E667;
269
        ctx->state[1] = 0xBB67AE85;
270
        ctx->state[2] = 0x3C6EF372;
271
        ctx->state[3] = 0xA54FF53A;
272
        ctx->state[4] = 0x510E527F;
273
        ctx->state[5] = 0x9B05688C;
274
        ctx->state[6] = 0x1F83D9AB;
275
        ctx->state[7] = 0x5BE0CD19;
276
        ctx->transform = sha256_transform;
277
        break;
278
    default:
279
        return -1;
280
    }
281
    ctx->count = 0;
282
    return 0;
283
}
284

    
285
void av_sha_update(AVSHA* ctx, const uint8_t* data, unsigned int len)
286
{
287
    unsigned int i, j;
288

    
289
    j = ctx->count & 63;
290
    ctx->count += len;
291
#if CONFIG_SMALL
292
    for (i = 0; i < len; i++) {
293
        ctx->buffer[j++] = data[i];
294
        if (64 == j) {
295
            ctx->transform(ctx->state, ctx->buffer);
296
            j = 0;
297
        }
298
    }
299
#else
300
    if ((j + len) > 63) {
301
        memcpy(&ctx->buffer[j], data, (i = 64 - j));
302
        ctx->transform(ctx->state, ctx->buffer);
303
        for (; i + 63 < len; i += 64)
304
            ctx->transform(ctx->state, &data[i]);
305
        j = 0;
306
    } else
307
        i = 0;
308
    memcpy(&ctx->buffer[j], &data[i], len - i);
309
#endif
310
}
311

    
312
void av_sha_final(AVSHA* ctx, uint8_t *digest)
313
{
314
    int i;
315
    uint64_t finalcount = be2me_64(ctx->count << 3);
316

    
317
    av_sha_update(ctx, "\200", 1);
318
    while ((ctx->count & 63) != 56)
319
        av_sha_update(ctx, "", 1);
320
    av_sha_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */
321
    for (i = 0; i < ctx->digest_len; i++)
322
        ((uint32_t*)digest)[i] = be2me_32(ctx->state[i]);
323
}
324

    
325
#if LIBAVUTIL_VERSION_MAJOR < 51
326
struct AVSHA1 {
327
    AVSHA sha;
328
};
329

    
330
const int av_sha1_size = sizeof(struct AVSHA1);
331

    
332
void av_sha1_init(struct AVSHA1* context)
333
{
334
    av_sha_init(&context->sha, 160);
335
}
336

    
337
void av_sha1_update(struct AVSHA1* context, const uint8_t* data, unsigned int len)
338
{
339
    av_sha_update(&context->sha, data, len);
340
}
341

    
342
void av_sha1_final(struct AVSHA1* context, uint8_t digest[20])
343
{
344
    av_sha_final(&context->sha, digest);
345
}
346
#endif
347

    
348
#ifdef TEST
349
#include <stdio.h>
350
#undef printf
351

    
352
int main(void)
353
{
354
    int i, j, k;
355
    AVSHA ctx;
356
    unsigned char digest[32];
357
    const int lengths[3] = { 160, 224, 256 };
358

    
359
    for (j = 0; j < 3; j++) {
360
        printf("Testing SHA-%d\n", lengths[j]);
361
        for (k = 0; k < 3; k++) {
362
            av_sha_init(&ctx, lengths[j]);
363
            if (k == 0)
364
                av_sha_update(&ctx, "abc", 3);
365
            else if (k == 1)
366
                av_sha_update(&ctx, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56);
367
            else
368
                for (i = 0; i < 1000*1000; i++)
369
                    av_sha_update(&ctx, "a", 1);
370
            av_sha_final(&ctx, digest);
371
            for (i = 0; i < lengths[j] >> 3; i++)
372
                printf("%02X", digest[i]);
373
            putchar('\n');
374
        }
375
        switch (j) {
376
        case 0:
377
            //test vectors (from FIPS PUB 180-1)
378
            printf("A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D\n"
379
                   "84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1\n"
380
                   "34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F\n");
381
            break;
382
        case 1:
383
            //test vectors (from FIPS PUB 180-2 Appendix A)
384
            printf("23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7\n"
385
                   "75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525\n"
386
                   "20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67\n");
387
            break;
388
        case 2:
389
            //test vectors (from FIPS PUB 180-2)
390
            printf("ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad\n"
391
                   "248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1\n"
392
                   "cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0\n");
393
            break;
394
        }
395
    }
396

    
397
    return 0;
398
}
399
#endif