Go to most recent revision | Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 4349 | Serge | 1 | /* |
| 2 | * Copyright (C) 2007 Michael Niedermayer |
||
| 3 | * Copyright (C) 2009 Konstantin Shishkov |
||
| 4 | * based on public domain SHA-1 code by Steve Reid |
||
| 5 | * and on BSD-licensed SHA-2 code by Aaron D. Gifford |
||
| 6 | * |
||
| 7 | * This file is part of FFmpeg. |
||
| 8 | * |
||
| 9 | * FFmpeg is free software; you can redistribute it and/or |
||
| 10 | * modify it under the terms of the GNU Lesser General Public |
||
| 11 | * License as published by the Free Software Foundation; either |
||
| 12 | * version 2.1 of the License, or (at your option) any later version. |
||
| 13 | * |
||
| 14 | * FFmpeg is distributed in the hope that it will be useful, |
||
| 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
| 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
||
| 17 | * Lesser General Public License for more details. |
||
| 18 | * |
||
| 19 | * You should have received a copy of the GNU Lesser General Public |
||
| 20 | * License along with FFmpeg; if not, write to the Free Software |
||
| 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
||
| 22 | */ |
||
| 23 | |||
| 24 | #include |
||
| 25 | |||
| 26 | #include "attributes.h" |
||
| 27 | #include "avutil.h" |
||
| 28 | #include "bswap.h" |
||
| 29 | #include "sha.h" |
||
| 30 | #include "intreadwrite.h" |
||
| 31 | #include "mem.h" |
||
| 32 | |||
| 33 | /** hash context */ |
||
| 34 | typedef struct AVSHA { |
||
| 35 | uint8_t digest_len; ///< digest length in 32-bit words |
||
| 36 | uint64_t count; ///< number of bytes in buffer |
||
| 37 | uint8_t buffer[64]; ///< 512-bit buffer of input values used in hash updating |
||
| 38 | uint32_t state[8]; ///< current hash value |
||
| 39 | /** function used to update hash for 512-bit input block */ |
||
| 40 | void (*transform)(uint32_t *state, const uint8_t buffer[64]); |
||
| 41 | } AVSHA; |
||
| 42 | |||
| 43 | const int av_sha_size = sizeof(AVSHA); |
||
| 44 | |||
| 45 | struct AVSHA *av_sha_alloc(void) |
||
| 46 | { |
||
| 47 | return av_mallocz(sizeof(struct AVSHA)); |
||
| 48 | } |
||
| 49 | |||
| 50 | #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) |
||
| 51 | |||
| 52 | /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ |
||
| 53 | #define blk0(i) (block[i] = AV_RB32(buffer + 4 * (i))) |
||
| 54 | #define blk(i) (block[i] = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1)) |
||
| 55 | |||
| 56 | #define R0(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30); |
||
| 57 | #define R1(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30); |
||
| 58 | #define R2(v,w,x,y,z,i) z += ( w^x ^y) + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30); |
||
| 59 | #define R3(v,w,x,y,z,i) z += (((w|x)&y)|(w&x)) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30); |
||
| 60 | #define R4(v,w,x,y,z,i) z += ( w^x ^y) + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30); |
||
| 61 | |||
| 62 | /* Hash a single 512-bit block. This is the core of the algorithm. */ |
||
| 63 | |||
| 64 | static void sha1_transform(uint32_t state[5], const uint8_t buffer[64]) |
||
| 65 | { |
||
| 66 | uint32_t block[80]; |
||
| 67 | unsigned int i, a, b, c, d, e; |
||
| 68 | |||
| 69 | a = state[0]; |
||
| 70 | b = state[1]; |
||
| 71 | c = state[2]; |
||
| 72 | d = state[3]; |
||
| 73 | e = state[4]; |
||
| 74 | #if CONFIG_SMALL |
||
| 75 | for (i = 0; i < 80; i++) { |
||
| 76 | int t; |
||
| 77 | if (i < 16) |
||
| 78 | t = AV_RB32(buffer + 4 * i); |
||
| 79 | else |
||
| 80 | t = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1); |
||
| 81 | block[i] = t; |
||
| 82 | t += e + rol(a, 5); |
||
| 83 | if (i < 40) { |
||
| 84 | if (i < 20) |
||
| 85 | t += ((b&(c^d))^d) + 0x5A827999; |
||
| 86 | else |
||
| 87 | t += ( b^c ^d) + 0x6ED9EBA1; |
||
| 88 | } else { |
||
| 89 | if (i < 60) |
||
| 90 | t += (((b|c)&d)|(b&c)) + 0x8F1BBCDC; |
||
| 91 | else |
||
| 92 | t += ( b^c ^d) + 0xCA62C1D6; |
||
| 93 | } |
||
| 94 | e = d; |
||
| 95 | d = c; |
||
| 96 | c = rol(b, 30); |
||
| 97 | b = a; |
||
| 98 | a = t; |
||
| 99 | } |
||
| 100 | #else |
||
| 101 | |||
| 102 | #define R1_0 \ |
||
| 103 | R0(a, b, c, d, e, 0 + i); \ |
||
| 104 | R0(e, a, b, c, d, 1 + i); \ |
||
| 105 | R0(d, e, a, b, c, 2 + i); \ |
||
| 106 | R0(c, d, e, a, b, 3 + i); \ |
||
| 107 | R0(b, c, d, e, a, 4 + i); \ |
||
| 108 | i += 5 |
||
| 109 | |||
| 110 | i = 0; |
||
| 111 | R1_0; R1_0; R1_0; |
||
| 112 | R0(a, b, c, d, e, 15); |
||
| 113 | R1(e, a, b, c, d, 16); |
||
| 114 | R1(d, e, a, b, c, 17); |
||
| 115 | R1(c, d, e, a, b, 18); |
||
| 116 | R1(b, c, d, e, a, 19); |
||
| 117 | |||
| 118 | #define R1_20 \ |
||
| 119 | R2(a, b, c, d, e, 0 + i); \ |
||
| 120 | R2(e, a, b, c, d, 1 + i); \ |
||
| 121 | R2(d, e, a, b, c, 2 + i); \ |
||
| 122 | R2(c, d, e, a, b, 3 + i); \ |
||
| 123 | R2(b, c, d, e, a, 4 + i); \ |
||
| 124 | i += 5 |
||
| 125 | |||
| 126 | i = 20; |
||
| 127 | R1_20; R1_20; R1_20; R1_20; |
||
| 128 | |||
| 129 | #define R1_40 \ |
||
| 130 | R3(a, b, c, d, e, 0 + i); \ |
||
| 131 | R3(e, a, b, c, d, 1 + i); \ |
||
| 132 | R3(d, e, a, b, c, 2 + i); \ |
||
| 133 | R3(c, d, e, a, b, 3 + i); \ |
||
| 134 | R3(b, c, d, e, a, 4 + i); \ |
||
| 135 | i += 5 |
||
| 136 | |||
| 137 | R1_40; R1_40; R1_40; R1_40; |
||
| 138 | |||
| 139 | #define R1_60 \ |
||
| 140 | R4(a, b, c, d, e, 0 + i); \ |
||
| 141 | R4(e, a, b, c, d, 1 + i); \ |
||
| 142 | R4(d, e, a, b, c, 2 + i); \ |
||
| 143 | R4(c, d, e, a, b, 3 + i); \ |
||
| 144 | R4(b, c, d, e, a, 4 + i); \ |
||
| 145 | i += 5 |
||
| 146 | |||
| 147 | R1_60; R1_60; R1_60; R1_60; |
||
| 148 | #endif |
||
| 149 | state[0] += a; |
||
| 150 | state[1] += b; |
||
| 151 | state[2] += c; |
||
| 152 | state[3] += d; |
||
| 153 | state[4] += e; |
||
| 154 | } |
||
| 155 | |||
| 156 | static const uint32_t K256[64] = { |
||
| 157 | 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, |
||
| 158 | 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, |
||
| 159 | 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, |
||
| 160 | 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, |
||
| 161 | 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, |
||
| 162 | 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, |
||
| 163 | 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, |
||
| 164 | 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, |
||
| 165 | 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, |
||
| 166 | 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, |
||
| 167 | 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, |
||
| 168 | 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, |
||
| 169 | 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, |
||
| 170 | 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, |
||
| 171 | 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, |
||
| 172 | 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 |
||
| 173 | }; |
||
| 174 | |||
| 175 | |||
| 176 | #define Ch(x,y,z) (((x) & ((y) ^ (z))) ^ (z)) |
||
| 177 | #define Maj(z,y,x) ((((x) | (y)) & (z)) | ((x) & (y))) |
||
| 178 | |||
| 179 | #define Sigma0_256(x) (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10)) |
||
| 180 | #define Sigma1_256(x) (rol((x), 26) ^ rol((x), 21) ^ rol((x), 7)) |
||
| 181 | #define sigma0_256(x) (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3)) |
||
| 182 | #define sigma1_256(x) (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10)) |
||
| 183 | |||
| 184 | #undef blk |
||
| 185 | #define blk(i) (block[i] = block[i - 16] + sigma0_256(block[i - 15]) + \ |
||
| 186 | sigma1_256(block[i - 2]) + block[i - 7]) |
||
| 187 | |||
| 188 | #define ROUND256(a,b,c,d,e,f,g,h) \ |
||
| 189 | T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \ |
||
| 190 | (d) += T1; \ |
||
| 191 | (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ |
||
| 192 | i++ |
||
| 193 | |||
| 194 | #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ |
||
| 195 | T1 = blk0(i); \ |
||
| 196 | ROUND256(a,b,c,d,e,f,g,h) |
||
| 197 | |||
| 198 | #define ROUND256_16_TO_63(a,b,c,d,e,f,g,h) \ |
||
| 199 | T1 = blk(i); \ |
||
| 200 | ROUND256(a,b,c,d,e,f,g,h) |
||
| 201 | |||
| 202 | static void sha256_transform(uint32_t *state, const uint8_t buffer[64]) |
||
| 203 | { |
||
| 204 | unsigned int i, a, b, c, d, e, f, g, h; |
||
| 205 | uint32_t block[64]; |
||
| 206 | uint32_t T1; |
||
| 207 | |||
| 208 | a = state[0]; |
||
| 209 | b = state[1]; |
||
| 210 | c = state[2]; |
||
| 211 | d = state[3]; |
||
| 212 | e = state[4]; |
||
| 213 | f = state[5]; |
||
| 214 | g = state[6]; |
||
| 215 | h = state[7]; |
||
| 216 | #if CONFIG_SMALL |
||
| 217 | for (i = 0; i < 64; i++) { |
||
| 218 | uint32_t T2; |
||
| 219 | if (i < 16) |
||
| 220 | T1 = blk0(i); |
||
| 221 | else |
||
| 222 | T1 = blk(i); |
||
| 223 | T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i]; |
||
| 224 | T2 = Sigma0_256(a) + Maj(a, b, c); |
||
| 225 | h = g; |
||
| 226 | g = f; |
||
| 227 | f = e; |
||
| 228 | e = d + T1; |
||
| 229 | d = c; |
||
| 230 | c = b; |
||
| 231 | b = a; |
||
| 232 | a = T1 + T2; |
||
| 233 | } |
||
| 234 | #else |
||
| 235 | |||
| 236 | i = 0; |
||
| 237 | #define R256_0 \ |
||
| 238 | ROUND256_0_TO_15(a, b, c, d, e, f, g, h); \ |
||
| 239 | ROUND256_0_TO_15(h, a, b, c, d, e, f, g); \ |
||
| 240 | ROUND256_0_TO_15(g, h, a, b, c, d, e, f); \ |
||
| 241 | ROUND256_0_TO_15(f, g, h, a, b, c, d, e); \ |
||
| 242 | ROUND256_0_TO_15(e, f, g, h, a, b, c, d); \ |
||
| 243 | ROUND256_0_TO_15(d, e, f, g, h, a, b, c); \ |
||
| 244 | ROUND256_0_TO_15(c, d, e, f, g, h, a, b); \ |
||
| 245 | ROUND256_0_TO_15(b, c, d, e, f, g, h, a) |
||
| 246 | |||
| 247 | R256_0; R256_0; |
||
| 248 | |||
| 249 | #define R256_16 \ |
||
| 250 | ROUND256_16_TO_63(a, b, c, d, e, f, g, h); \ |
||
| 251 | ROUND256_16_TO_63(h, a, b, c, d, e, f, g); \ |
||
| 252 | ROUND256_16_TO_63(g, h, a, b, c, d, e, f); \ |
||
| 253 | ROUND256_16_TO_63(f, g, h, a, b, c, d, e); \ |
||
| 254 | ROUND256_16_TO_63(e, f, g, h, a, b, c, d); \ |
||
| 255 | ROUND256_16_TO_63(d, e, f, g, h, a, b, c); \ |
||
| 256 | ROUND256_16_TO_63(c, d, e, f, g, h, a, b); \ |
||
| 257 | ROUND256_16_TO_63(b, c, d, e, f, g, h, a) |
||
| 258 | |||
| 259 | R256_16; R256_16; R256_16; |
||
| 260 | R256_16; R256_16; R256_16; |
||
| 261 | #endif |
||
| 262 | state[0] += a; |
||
| 263 | state[1] += b; |
||
| 264 | state[2] += c; |
||
| 265 | state[3] += d; |
||
| 266 | state[4] += e; |
||
| 267 | state[5] += f; |
||
| 268 | state[6] += g; |
||
| 269 | state[7] += h; |
||
| 270 | } |
||
| 271 | |||
| 272 | |||
| 273 | av_cold int av_sha_init(AVSHA *ctx, int bits) |
||
| 274 | { |
||
| 275 | ctx->digest_len = bits >> 5; |
||
| 276 | switch (bits) { |
||
| 277 | case 160: // SHA-1 |
||
| 278 | ctx->state[0] = 0x67452301; |
||
| 279 | ctx->state[1] = 0xEFCDAB89; |
||
| 280 | ctx->state[2] = 0x98BADCFE; |
||
| 281 | ctx->state[3] = 0x10325476; |
||
| 282 | ctx->state[4] = 0xC3D2E1F0; |
||
| 283 | ctx->transform = sha1_transform; |
||
| 284 | break; |
||
| 285 | case 224: // SHA-224 |
||
| 286 | ctx->state[0] = 0xC1059ED8; |
||
| 287 | ctx->state[1] = 0x367CD507; |
||
| 288 | ctx->state[2] = 0x3070DD17; |
||
| 289 | ctx->state[3] = 0xF70E5939; |
||
| 290 | ctx->state[4] = 0xFFC00B31; |
||
| 291 | ctx->state[5] = 0x68581511; |
||
| 292 | ctx->state[6] = 0x64F98FA7; |
||
| 293 | ctx->state[7] = 0xBEFA4FA4; |
||
| 294 | ctx->transform = sha256_transform; |
||
| 295 | break; |
||
| 296 | case 256: // SHA-256 |
||
| 297 | ctx->state[0] = 0x6A09E667; |
||
| 298 | ctx->state[1] = 0xBB67AE85; |
||
| 299 | ctx->state[2] = 0x3C6EF372; |
||
| 300 | ctx->state[3] = 0xA54FF53A; |
||
| 301 | ctx->state[4] = 0x510E527F; |
||
| 302 | ctx->state[5] = 0x9B05688C; |
||
| 303 | ctx->state[6] = 0x1F83D9AB; |
||
| 304 | ctx->state[7] = 0x5BE0CD19; |
||
| 305 | ctx->transform = sha256_transform; |
||
| 306 | break; |
||
| 307 | default: |
||
| 308 | return -1; |
||
| 309 | } |
||
| 310 | ctx->count = 0; |
||
| 311 | return 0; |
||
| 312 | } |
||
| 313 | |||
| 314 | void av_sha_update(AVSHA* ctx, const uint8_t* data, unsigned int len) |
||
| 315 | { |
||
| 316 | unsigned int i, j; |
||
| 317 | |||
| 318 | j = ctx->count & 63; |
||
| 319 | ctx->count += len; |
||
| 320 | #if CONFIG_SMALL |
||
| 321 | for (i = 0; i < len; i++) { |
||
| 322 | ctx->buffer[j++] = data[i]; |
||
| 323 | if (64 == j) { |
||
| 324 | ctx->transform(ctx->state, ctx->buffer); |
||
| 325 | j = 0; |
||
| 326 | } |
||
| 327 | } |
||
| 328 | #else |
||
| 329 | if ((j + len) > 63) { |
||
| 330 | memcpy(&ctx->buffer[j], data, (i = 64 - j)); |
||
| 331 | ctx->transform(ctx->state, ctx->buffer); |
||
| 332 | for (; i + 63 < len; i += 64) |
||
| 333 | ctx->transform(ctx->state, &data[i]); |
||
| 334 | j = 0; |
||
| 335 | } else |
||
| 336 | i = 0; |
||
| 337 | memcpy(&ctx->buffer[j], &data[i], len - i); |
||
| 338 | #endif |
||
| 339 | } |
||
| 340 | |||
| 341 | void av_sha_final(AVSHA* ctx, uint8_t *digest) |
||
| 342 | { |
||
| 343 | int i; |
||
| 344 | uint64_t finalcount = av_be2ne64(ctx->count << 3); |
||
| 345 | |||
| 346 | av_sha_update(ctx, "\200", 1); |
||
| 347 | while ((ctx->count & 63) != 56) |
||
| 348 | av_sha_update(ctx, "", 1); |
||
| 349 | av_sha_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */ |
||
| 350 | for (i = 0; i < ctx->digest_len; i++) |
||
| 351 | AV_WB32(digest + i*4, ctx->state[i]); |
||
| 352 | } |
||
| 353 | |||
| 354 | #ifdef TEST |
||
| 355 | #include |
||
| 356 | |||
| 357 | int main(void) |
||
| 358 | { |
||
| 359 | int i, j, k; |
||
| 360 | AVSHA ctx; |
||
| 361 | unsigned char digest[32]; |
||
| 362 | static const int lengths[3] = { 160, 224, 256 }; |
||
| 363 | |||
| 364 | for (j = 0; j < 3; j++) { |
||
| 365 | printf("Testing SHA-%d\n", lengths[j]); |
||
| 366 | for (k = 0; k < 3; k++) { |
||
| 367 | av_sha_init(&ctx, lengths[j]); |
||
| 368 | if (k == 0) |
||
| 369 | av_sha_update(&ctx, "abc", 3); |
||
| 370 | else if (k == 1) |
||
| 371 | av_sha_update(&ctx, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56); |
||
| 372 | else |
||
| 373 | for (i = 0; i < 1000*1000; i++) |
||
| 374 | av_sha_update(&ctx, "a", 1); |
||
| 375 | av_sha_final(&ctx, digest); |
||
| 376 | for (i = 0; i < lengths[j] >> 3; i++) |
||
| 377 | printf("%02X", digest[i]); |
||
| 378 | putchar('\n'); |
||
| 379 | } |
||
| 380 | switch (j) { |
||
| 381 | case 0: |
||
| 382 | //test vectors (from FIPS PUB 180-1) |
||
| 383 | printf("A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D\n" |
||
| 384 | "84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1\n" |
||
| 385 | "34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F\n"); |
||
| 386 | break; |
||
| 387 | case 1: |
||
| 388 | //test vectors (from FIPS PUB 180-2 Appendix A) |
||
| 389 | printf("23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7\n" |
||
| 390 | "75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525\n" |
||
| 391 | "20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67\n"); |
||
| 392 | break; |
||
| 393 | case 2: |
||
| 394 | //test vectors (from FIPS PUB 180-2) |
||
| 395 | printf("ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad\n" |
||
| 396 | "248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1\n" |
||
| 397 | "cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0\n"); |
||
| 398 | break; |
||
| 399 | } |
||
| 400 | } |
||
| 401 | |||
| 402 | return 0; |
||
| 403 | } |
||
| 404 | #endif |