xref: /third_party/ffmpeg/libavutil/sha.c (revision cabdff1a) 
1/*
2 * Copyright (C) 2007 Michael Niedermayer <michaelni@gmx.at>
3 * Copyright (C) 2009 Konstantin Shishkov
4 * based on public domain SHA-1 code by Steve Reid <steve@edmweb.com>
5 * and on BSD-licensed SHA-2 code by Aaron D. Gifford
6 *
7 * This file is part of FFmpeg.
8 *
9 * FFmpeg is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * FFmpeg is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with FFmpeg; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24#include <string.h>
25
26#include "config.h"
27#include "attributes.h"
28#include "bswap.h"
29#include "error.h"
30#include "sha.h"
31#include "intreadwrite.h"
32#include "mem.h"
33
34/** hash context */
35typedef struct AVSHA {
36    uint8_t  digest_len;  ///< digest length in 32-bit words
37    uint64_t count;       ///< number of bytes in buffer
38    uint8_t  buffer[64];  ///< 512-bit buffer of input values used in hash updating
39    uint32_t state[8];    ///< current hash value
40    /** function used to update hash for 512-bit input block */
41    void     (*transform)(uint32_t *state, const uint8_t buffer[64]);
42} AVSHA;
43
44const int av_sha_size = sizeof(AVSHA);
45
46struct AVSHA *av_sha_alloc(void)
47{
48    return av_mallocz(sizeof(struct AVSHA));
49}
50
51#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
52
53/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
54#define blk0(i) (block[i] = AV_RB32(buffer + 4 * (i)))
55#define blk(i)  (block[i] = rol(block[(i)-3] ^ block[(i)-8] ^ block[(i)-14] ^ block[(i)-16], 1))
56
57#define R0(v,w,x,y,z,i) z += (((w)&((x)^(y)))^(y))       + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
58#define R1(v,w,x,y,z,i) z += (((w)&((x)^(y)))^(y))       + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
59#define R2(v,w,x,y,z,i) z += ( (w)^(x)       ^(y))       + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30);
60#define R3(v,w,x,y,z,i) z += ((((w)|(x))&(y))|((w)&(x))) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30);
61#define R4(v,w,x,y,z,i) z += ( (w)^(x)       ^(y))       + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30);
62
63/* Hash a single 512-bit block. This is the core of the algorithm. */
64
65static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])
66{
67    uint32_t block[80];
68    unsigned int i, a, b, c, d, e;
69
70    a = state[0];
71    b = state[1];
72    c = state[2];
73    d = state[3];
74    e = state[4];
75#if CONFIG_SMALL
76    for (i = 0; i < 80; i++) {
77        int t;
78        if (i < 16)
79            t = AV_RB32(buffer + 4 * i);
80        else
81            t = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1);
82        block[i] = t;
83        t += e + rol(a, 5);
84        if (i < 40) {
85            if (i < 20)
86                t += ((b&(c^d))^d)     + 0x5A827999;
87            else
88                t += ( b^c     ^d)     + 0x6ED9EBA1;
89        } else {
90            if (i < 60)
91                t += (((b|c)&d)|(b&c)) + 0x8F1BBCDC;
92            else
93                t += ( b^c     ^d)     + 0xCA62C1D6;
94        }
95        e = d;
96        d = c;
97        c = rol(b, 30);
98        b = a;
99        a = t;
100    }
101#else
102
103#define R1_0 \
104    R0(a, b, c, d, e, 0 + i); \
105    R0(e, a, b, c, d, 1 + i); \
106    R0(d, e, a, b, c, 2 + i); \
107    R0(c, d, e, a, b, 3 + i); \
108    R0(b, c, d, e, a, 4 + i); \
109    i += 5
110
111    i = 0;
112    R1_0; R1_0; R1_0;
113    R0(a, b, c, d, e, 15);
114    R1(e, a, b, c, d, 16);
115    R1(d, e, a, b, c, 17);
116    R1(c, d, e, a, b, 18);
117    R1(b, c, d, e, a, 19);
118
119#define R1_20 \
120    R2(a, b, c, d, e, 0 + i); \
121    R2(e, a, b, c, d, 1 + i); \
122    R2(d, e, a, b, c, 2 + i); \
123    R2(c, d, e, a, b, 3 + i); \
124    R2(b, c, d, e, a, 4 + i); \
125    i += 5
126
127    i = 20;
128    R1_20; R1_20; R1_20; R1_20;
129
130#define R1_40 \
131    R3(a, b, c, d, e, 0 + i); \
132    R3(e, a, b, c, d, 1 + i); \
133    R3(d, e, a, b, c, 2 + i); \
134    R3(c, d, e, a, b, 3 + i); \
135    R3(b, c, d, e, a, 4 + i); \
136    i += 5
137
138    R1_40; R1_40; R1_40; R1_40;
139
140#define R1_60 \
141    R4(a, b, c, d, e, 0 + i); \
142    R4(e, a, b, c, d, 1 + i); \
143    R4(d, e, a, b, c, 2 + i); \
144    R4(c, d, e, a, b, 3 + i); \
145    R4(b, c, d, e, a, 4 + i); \
146    i += 5
147
148    R1_60; R1_60; R1_60; R1_60;
149#endif
150    state[0] += a;
151    state[1] += b;
152    state[2] += c;
153    state[3] += d;
154    state[4] += e;
155}
156
157static const uint32_t K256[64] = {
158    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
159    0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
160    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
161    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
162    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
163    0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
164    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
165    0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
166    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
167    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
168    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
169    0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
170    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
171    0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
172    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
173    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
174};
175
176
177#define Ch(x,y,z)   (((x) & ((y) ^ (z))) ^ (z))
178#define Maj(z,y,x)  ((((x) | (y)) & (z)) | ((x) & (y)))
179
180#define Sigma0_256(x)   (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10))
181#define Sigma1_256(x)   (rol((x), 26) ^ rol((x), 21) ^ rol((x),  7))
182#define sigma0_256(x)   (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3))
183#define sigma1_256(x)   (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10))
184
185#undef blk
186#define blk(i)  (block[i] = block[i - 16] + sigma0_256(block[i - 15]) + \
187                            sigma1_256(block[i - 2]) + block[i - 7])
188
189#define ROUND256(a,b,c,d,e,f,g,h)   \
190    T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \
191    (d) += T1; \
192    (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
193    i++
194
195#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)   \
196    T1 = blk0(i); \
197    ROUND256(a,b,c,d,e,f,g,h)
198
199#define ROUND256_16_TO_63(a,b,c,d,e,f,g,h)   \
200    T1 = blk(i); \
201    ROUND256(a,b,c,d,e,f,g,h)
202
203static void sha256_transform(uint32_t *state, const uint8_t buffer[64])
204{
205    unsigned int i, a, b, c, d, e, f, g, h;
206    uint32_t block[64];
207    uint32_t T1;
208
209    a = state[0];
210    b = state[1];
211    c = state[2];
212    d = state[3];
213    e = state[4];
214    f = state[5];
215    g = state[6];
216    h = state[7];
217#if CONFIG_SMALL
218    for (i = 0; i < 64; i++) {
219        uint32_t T2;
220        if (i < 16)
221            T1 = blk0(i);
222        else
223            T1 = blk(i);
224        T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i];
225        T2 = Sigma0_256(a) + Maj(a, b, c);
226        h = g;
227        g = f;
228        f = e;
229        e = d + T1;
230        d = c;
231        c = b;
232        b = a;
233        a = T1 + T2;
234    }
235#else
236
237    i = 0;
238#define R256_0 \
239    ROUND256_0_TO_15(a, b, c, d, e, f, g, h); \
240    ROUND256_0_TO_15(h, a, b, c, d, e, f, g); \
241    ROUND256_0_TO_15(g, h, a, b, c, d, e, f); \
242    ROUND256_0_TO_15(f, g, h, a, b, c, d, e); \
243    ROUND256_0_TO_15(e, f, g, h, a, b, c, d); \
244    ROUND256_0_TO_15(d, e, f, g, h, a, b, c); \
245    ROUND256_0_TO_15(c, d, e, f, g, h, a, b); \
246    ROUND256_0_TO_15(b, c, d, e, f, g, h, a)
247
248    R256_0; R256_0;
249
250#define R256_16 \
251    ROUND256_16_TO_63(a, b, c, d, e, f, g, h); \
252    ROUND256_16_TO_63(h, a, b, c, d, e, f, g); \
253    ROUND256_16_TO_63(g, h, a, b, c, d, e, f); \
254    ROUND256_16_TO_63(f, g, h, a, b, c, d, e); \
255    ROUND256_16_TO_63(e, f, g, h, a, b, c, d); \
256    ROUND256_16_TO_63(d, e, f, g, h, a, b, c); \
257    ROUND256_16_TO_63(c, d, e, f, g, h, a, b); \
258    ROUND256_16_TO_63(b, c, d, e, f, g, h, a)
259
260    R256_16; R256_16; R256_16;
261    R256_16; R256_16; R256_16;
262#endif
263    state[0] += a;
264    state[1] += b;
265    state[2] += c;
266    state[3] += d;
267    state[4] += e;
268    state[5] += f;
269    state[6] += g;
270    state[7] += h;
271}
272
273
274av_cold int av_sha_init(AVSHA *ctx, int bits)
275{
276    ctx->digest_len = bits >> 5;
277    switch (bits) {
278    case 160: // SHA-1
279        ctx->state[0] = 0x67452301;
280        ctx->state[1] = 0xEFCDAB89;
281        ctx->state[2] = 0x98BADCFE;
282        ctx->state[3] = 0x10325476;
283        ctx->state[4] = 0xC3D2E1F0;
284        ctx->transform = sha1_transform;
285        break;
286    case 224: // SHA-224
287        ctx->state[0] = 0xC1059ED8;
288        ctx->state[1] = 0x367CD507;
289        ctx->state[2] = 0x3070DD17;
290        ctx->state[3] = 0xF70E5939;
291        ctx->state[4] = 0xFFC00B31;
292        ctx->state[5] = 0x68581511;
293        ctx->state[6] = 0x64F98FA7;
294        ctx->state[7] = 0xBEFA4FA4;
295        ctx->transform = sha256_transform;
296        break;
297    case 256: // SHA-256
298        ctx->state[0] = 0x6A09E667;
299        ctx->state[1] = 0xBB67AE85;
300        ctx->state[2] = 0x3C6EF372;
301        ctx->state[3] = 0xA54FF53A;
302        ctx->state[4] = 0x510E527F;
303        ctx->state[5] = 0x9B05688C;
304        ctx->state[6] = 0x1F83D9AB;
305        ctx->state[7] = 0x5BE0CD19;
306        ctx->transform = sha256_transform;
307        break;
308    default:
309        return AVERROR(EINVAL);
310    }
311    ctx->count = 0;
312    return 0;
313}
314
315void av_sha_update(struct AVSHA *ctx, const uint8_t *data, size_t len)
316{
317    unsigned int j;
318    size_t i;
319
320    j = ctx->count & 63;
321    ctx->count += len;
322#if CONFIG_SMALL
323    for (i = 0; i < len; i++) {
324        ctx->buffer[j++] = data[i];
325        if (64 == j) {
326            ctx->transform(ctx->state, ctx->buffer);
327            j = 0;
328        }
329    }
330#else
331    if (len >= 64 - j) {
332        const uint8_t *end;
333        memcpy(&ctx->buffer[j], data, (i = 64 - j));
334        ctx->transform(ctx->state, ctx->buffer);
335        data += i;
336        len  -= i;
337        end   = data + (len & ~63);
338        len   = len % 64;
339        for (; data < end; data += 64)
340            ctx->transform(ctx->state, data);
341        j = 0;
342    }
343    memcpy(&ctx->buffer[j], data, len);
344#endif
345}
346
347void av_sha_final(AVSHA* ctx, uint8_t *digest)
348{
349    int i;
350    uint64_t finalcount = av_be2ne64(ctx->count << 3);
351
352    av_sha_update(ctx, "\200", 1);
353    while ((ctx->count & 63) != 56)
354        av_sha_update(ctx, "", 1);
355    av_sha_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */
356    for (i = 0; i < ctx->digest_len; i++)
357        AV_WB32(digest + i*4, ctx->state[i]);
358}
359