FFmpeg
sha.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2007 Michael Niedermayer <michaelni@gmx.at>
3  * Copyright (C) 2009 Konstantin Shishkov
4  * based on public domain SHA-1 code by Steve Reid <steve@edmweb.com>
5  * and on BSD-licensed SHA-2 code by Aaron D. Gifford
6  *
7  * This file is part of FFmpeg.
8  *
9  * FFmpeg is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU Lesser General Public
11  * License as published by the Free Software Foundation; either
12  * version 2.1 of the License, or (at your option) any later version.
13  *
14  * FFmpeg is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17  * Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public
20  * License along with FFmpeg; if not, write to the Free Software
21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22  */
23 
24 #include <string.h>
25 
26 #include "config.h"
27 #include "attributes.h"
28 #include "bswap.h"
29 #include "error.h"
30 #include "sha.h"
31 #include "intreadwrite.h"
32 #include "mem.h"
33 
34 /** hash context */
35 typedef struct AVSHA {
36  uint8_t digest_len; ///< digest length in 32-bit words
37  uint64_t count; ///< number of bytes in buffer
38  uint8_t buffer[64]; ///< 512-bit buffer of input values used in hash updating
39  uint32_t state[8]; ///< current hash value
40  /** function used to update hash for 512-bit input block */
41  void (*transform)(uint32_t *state, const uint8_t buffer[64]);
42 } AVSHA;
43 
44 const int av_sha_size = sizeof(AVSHA);
45 
46 struct AVSHA *av_sha_alloc(void)
47 {
48  return av_mallocz(sizeof(struct AVSHA));
49 }
50 
51 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
52 
53 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
54 #define blk0(i) (block[i] = AV_RB32(buffer + 4 * (i)))
55 #define blk(i) (block[i] = rol(block[(i)-3] ^ block[(i)-8] ^ block[(i)-14] ^ block[(i)-16], 1))
56 
57 #define R0(v,w,x,y,z,i) z += (((w)&((x)^(y)))^(y)) + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
58 #define R1(v,w,x,y,z,i) z += (((w)&((x)^(y)))^(y)) + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
59 #define R2(v,w,x,y,z,i) z += ( (w)^(x) ^(y)) + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30);
60 #define R3(v,w,x,y,z,i) z += ((((w)|(x))&(y))|((w)&(x))) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30);
61 #define R4(v,w,x,y,z,i) z += ( (w)^(x) ^(y)) + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30);
62 
63 /* Hash a single 512-bit block. This is the core of the algorithm. */
64 
65 static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])
66 {
67  uint32_t block[80];
68  unsigned int i, a, b, c, d, e;
69 
70  a = state[0];
71  b = state[1];
72  c = state[2];
73  d = state[3];
74  e = state[4];
75 #if CONFIG_SMALL
76  for (i = 0; i < 80; i++) {
77  int t;
78  if (i < 16)
79  t = AV_RB32(buffer + 4 * i);
80  else
81  t = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1);
82  block[i] = t;
83  t += e + rol(a, 5);
84  if (i < 40) {
85  if (i < 20)
86  t += ((b&(c^d))^d) + 0x5A827999;
87  else
88  t += ( b^c ^d) + 0x6ED9EBA1;
89  } else {
90  if (i < 60)
91  t += (((b|c)&d)|(b&c)) + 0x8F1BBCDC;
92  else
93  t += ( b^c ^d) + 0xCA62C1D6;
94  }
95  e = d;
96  d = c;
97  c = rol(b, 30);
98  b = a;
99  a = t;
100  }
101 #else
102 
103 #define R1_0 \
104  R0(a, b, c, d, e, 0 + i); \
105  R0(e, a, b, c, d, 1 + i); \
106  R0(d, e, a, b, c, 2 + i); \
107  R0(c, d, e, a, b, 3 + i); \
108  R0(b, c, d, e, a, 4 + i); \
109  i += 5
110 
111  i = 0;
112  R1_0; R1_0; R1_0;
113  R0(a, b, c, d, e, 15);
114  R1(e, a, b, c, d, 16);
115  R1(d, e, a, b, c, 17);
116  R1(c, d, e, a, b, 18);
117  R1(b, c, d, e, a, 19);
118 
119 #define R1_20 \
120  R2(a, b, c, d, e, 0 + i); \
121  R2(e, a, b, c, d, 1 + i); \
122  R2(d, e, a, b, c, 2 + i); \
123  R2(c, d, e, a, b, 3 + i); \
124  R2(b, c, d, e, a, 4 + i); \
125  i += 5
126 
127  i = 20;
128  R1_20; R1_20; R1_20; R1_20;
129 
130 #define R1_40 \
131  R3(a, b, c, d, e, 0 + i); \
132  R3(e, a, b, c, d, 1 + i); \
133  R3(d, e, a, b, c, 2 + i); \
134  R3(c, d, e, a, b, 3 + i); \
135  R3(b, c, d, e, a, 4 + i); \
136  i += 5
137 
138  R1_40; R1_40; R1_40; R1_40;
139 
140 #define R1_60 \
141  R4(a, b, c, d, e, 0 + i); \
142  R4(e, a, b, c, d, 1 + i); \
143  R4(d, e, a, b, c, 2 + i); \
144  R4(c, d, e, a, b, 3 + i); \
145  R4(b, c, d, e, a, 4 + i); \
146  i += 5
147 
148  R1_60; R1_60; R1_60; R1_60;
149 #endif
150  state[0] += a;
151  state[1] += b;
152  state[2] += c;
153  state[3] += d;
154  state[4] += e;
155 }
156 
157 static const uint32_t K256[64] = {
158  0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
159  0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
160  0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
161  0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
162  0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
163  0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
164  0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
165  0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
166  0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
167  0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
168  0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
169  0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
170  0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
171  0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
172  0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
173  0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
174 };
175 
176 
177 #define Ch(x,y,z) (((x) & ((y) ^ (z))) ^ (z))
178 #define Maj(z,y,x) ((((x) | (y)) & (z)) | ((x) & (y)))
179 
180 #define Sigma0_256(x) (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10))
181 #define Sigma1_256(x) (rol((x), 26) ^ rol((x), 21) ^ rol((x), 7))
182 #define sigma0_256(x) (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3))
183 #define sigma1_256(x) (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10))
184 
185 #undef blk
186 #define blk(i) (block[i] = block[i - 16] + sigma0_256(block[i - 15]) + \
187  sigma1_256(block[i - 2]) + block[i - 7])
188 
189 #define ROUND256(a,b,c,d,e,f,g,h) \
190  T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \
191  (d) += T1; \
192  (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
193  i++
194 
195 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
196  T1 = blk0(i); \
197  ROUND256(a,b,c,d,e,f,g,h)
198 
199 #define ROUND256_16_TO_63(a,b,c,d,e,f,g,h) \
200  T1 = blk(i); \
201  ROUND256(a,b,c,d,e,f,g,h)
202 
203 static void sha256_transform(uint32_t *state, const uint8_t buffer[64])
204 {
205  unsigned int i, a, b, c, d, e, f, g, h;
206  uint32_t block[64];
207  uint32_t T1;
208 
209  a = state[0];
210  b = state[1];
211  c = state[2];
212  d = state[3];
213  e = state[4];
214  f = state[5];
215  g = state[6];
216  h = state[7];
217 #if CONFIG_SMALL
218  for (i = 0; i < 64; i++) {
219  uint32_t T2;
220  if (i < 16)
221  T1 = blk0(i);
222  else
223  T1 = blk(i);
224  T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i];
225  T2 = Sigma0_256(a) + Maj(a, b, c);
226  h = g;
227  g = f;
228  f = e;
229  e = d + T1;
230  d = c;
231  c = b;
232  b = a;
233  a = T1 + T2;
234  }
235 #else
236 
237  i = 0;
238 #define R256_0 \
239  ROUND256_0_TO_15(a, b, c, d, e, f, g, h); \
240  ROUND256_0_TO_15(h, a, b, c, d, e, f, g); \
241  ROUND256_0_TO_15(g, h, a, b, c, d, e, f); \
242  ROUND256_0_TO_15(f, g, h, a, b, c, d, e); \
243  ROUND256_0_TO_15(e, f, g, h, a, b, c, d); \
244  ROUND256_0_TO_15(d, e, f, g, h, a, b, c); \
245  ROUND256_0_TO_15(c, d, e, f, g, h, a, b); \
246  ROUND256_0_TO_15(b, c, d, e, f, g, h, a)
247 
248  R256_0; R256_0;
249 
250 #define R256_16 \
251  ROUND256_16_TO_63(a, b, c, d, e, f, g, h); \
252  ROUND256_16_TO_63(h, a, b, c, d, e, f, g); \
253  ROUND256_16_TO_63(g, h, a, b, c, d, e, f); \
254  ROUND256_16_TO_63(f, g, h, a, b, c, d, e); \
255  ROUND256_16_TO_63(e, f, g, h, a, b, c, d); \
256  ROUND256_16_TO_63(d, e, f, g, h, a, b, c); \
257  ROUND256_16_TO_63(c, d, e, f, g, h, a, b); \
258  ROUND256_16_TO_63(b, c, d, e, f, g, h, a)
259 
262 #endif
263  state[0] += a;
264  state[1] += b;
265  state[2] += c;
266  state[3] += d;
267  state[4] += e;
268  state[5] += f;
269  state[6] += g;
270  state[7] += h;
271 }
272 
273 
275 {
276  ctx->digest_len = bits >> 5;
277  switch (bits) {
278  case 160: // SHA-1
279  ctx->state[0] = 0x67452301;
280  ctx->state[1] = 0xEFCDAB89;
281  ctx->state[2] = 0x98BADCFE;
282  ctx->state[3] = 0x10325476;
283  ctx->state[4] = 0xC3D2E1F0;
284  ctx->transform = sha1_transform;
285  break;
286  case 224: // SHA-224
287  ctx->state[0] = 0xC1059ED8;
288  ctx->state[1] = 0x367CD507;
289  ctx->state[2] = 0x3070DD17;
290  ctx->state[3] = 0xF70E5939;
291  ctx->state[4] = 0xFFC00B31;
292  ctx->state[5] = 0x68581511;
293  ctx->state[6] = 0x64F98FA7;
294  ctx->state[7] = 0xBEFA4FA4;
295  ctx->transform = sha256_transform;
296  break;
297  case 256: // SHA-256
298  ctx->state[0] = 0x6A09E667;
299  ctx->state[1] = 0xBB67AE85;
300  ctx->state[2] = 0x3C6EF372;
301  ctx->state[3] = 0xA54FF53A;
302  ctx->state[4] = 0x510E527F;
303  ctx->state[5] = 0x9B05688C;
304  ctx->state[6] = 0x1F83D9AB;
305  ctx->state[7] = 0x5BE0CD19;
306  ctx->transform = sha256_transform;
307  break;
308  default:
309  return AVERROR(EINVAL);
310  }
311  ctx->count = 0;
312  return 0;
313 }
314 
315 void av_sha_update(struct AVSHA *ctx, const uint8_t *data, size_t len)
316 {
317  unsigned int j;
318  size_t i;
319 
320  j = ctx->count & 63;
321  ctx->count += len;
322 #if CONFIG_SMALL
323  for (i = 0; i < len; i++) {
324  ctx->buffer[j++] = data[i];
325  if (64 == j) {
326  ctx->transform(ctx->state, ctx->buffer);
327  j = 0;
328  }
329  }
330 #else
331  if (len >= 64 - j) {
332  const uint8_t *end;
333  memcpy(&ctx->buffer[j], data, (i = 64 - j));
334  ctx->transform(ctx->state, ctx->buffer);
335  data += i;
336  len -= i;
337  end = data + (len & ~63);
338  len = len % 64;
339  for (; data < end; data += 64)
340  ctx->transform(ctx->state, data);
341  j = 0;
342  }
343  memcpy(&ctx->buffer[j], data, len);
344 #endif
345 }
346 
347 void av_sha_final(AVSHA* ctx, uint8_t *digest)
348 {
349  int i;
350  uint64_t finalcount = av_be2ne64(ctx->count << 3);
351 
352  av_sha_update(ctx, "\200", 1);
353  while ((ctx->count & 63) != 56)
354  av_sha_update(ctx, "", 1);
355  av_sha_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */
356  for (i = 0; i < ctx->digest_len; i++)
357  AV_WB32(digest + i*4, ctx->state[i]);
358 }
AVSHA::transform
void(* transform)(uint32_t *state, const uint8_t buffer[64])
function used to update hash for 512-bit input block
Definition: sha.c:41
AVERROR
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions
R0
#define R0(v, w, x, y, z, i)
Definition: sha.c:57
av_be2ne64
#define av_be2ne64(x)
Definition: bswap.h:90
av_sha_init
av_cold int av_sha_init(AVSHA *ctx, int bits)
Initialize SHA-1 or SHA-2 hashing.
Definition: sha.c:274
K256
static const uint32_t K256[64]
Definition: sha.c:157
b
#define b
Definition: input.c:41
data
const char data[16]
Definition: mxf.c:149
AVSHA::state
uint32_t state[8]
current hash value
Definition: sha.c:39
state
static struct @472 state
av_cold
#define av_cold
Definition: attributes.h:90
R1_20
#define R1_20
AVSHA::buffer
uint8_t buffer[64]
512-bit buffer of input values used in hash updating
Definition: sha.c:38
intreadwrite.h
g
const char * g
Definition: vf_curves.c:128
R256_0
#define R256_0
sha256_transform
static void sha256_transform(uint32_t *state, const uint8_t buffer[64])
Definition: sha.c:203
bits
uint8_t bits
Definition: vp3data.h:128
ctx
AVFormatContext * ctx
Definition: movenc.c:49
blk
#define blk(i)
Definition: sha.c:186
av_sha_final
void av_sha_final(AVSHA *ctx, uint8_t *digest)
Finish hashing and output digest value.
Definition: sha.c:347
Maj
#define Maj(z, y, x)
Definition: sha.c:178
av_sha_size
const int av_sha_size
Definition: sha.c:44
sha.h
R1_60
#define R1_60
AVSHA::digest_len
uint8_t digest_len
digest length in 32-bit words
Definition: sha.c:36
c
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
Definition: undefined.txt:32
error.h
AV_WB32
#define AV_WB32(p, v)
Definition: intreadwrite.h:415
R1
#define R1(v, w, x, y, z, i)
Definition: sha.c:58
f
f
Definition: af_crystalizer.c:122
av_sha_update
void av_sha_update(struct AVSHA *ctx, const uint8_t *data, size_t len)
Update hash value.
Definition: sha.c:315
rol
#define rol(value, bits)
Definition: sha.c:51
AV_RB32
uint64_t_TMPL AV_WL64 unsigned int_TMPL AV_WL32 unsigned int_TMPL AV_WL24 unsigned int_TMPL AV_WL16 uint64_t_TMPL AV_WB64 unsigned int_TMPL AV_RB32
Definition: bytestream.h:96
a
The reader does not expect b to be semantically here and if the code is changed by maybe adding a a division or other the signedness will almost certainly be mistaken To avoid this confusion a new type was SUINT is the C unsigned type but it holds a signed int to use the same example SUINT a
Definition: undefined.txt:41
attributes.h
Ch
#define Ch(x, y, z)
Definition: sha.c:177
AVSHA::count
uint64_t count
number of bytes in buffer
Definition: sha.c:37
av_sha_alloc
struct AVSHA * av_sha_alloc(void)
Allocate an AVSHA context.
Definition: sha.c:46
R1_40
#define R1_40
i
#define i(width, name, range_min, range_max)
Definition: cbs_h2645.c:256
av_mallocz
void * av_mallocz(size_t size)
Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...
Definition: mem.c:256
len
int len
Definition: vorbis_enc_data.h:426
AVSHA
hash context
Definition: sha.c:35
bswap.h
buffer
the frame and frame reference mechanism is intended to as much as expensive copies of that data while still allowing the filters to produce correct results The data is stored in buffers represented by AVFrame structures Several references can point to the same frame buffer
Definition: filter_design.txt:49
sha1_transform
static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])
Definition: sha.c:65
R256_16
#define R256_16
mem.h
blk0
#define blk0(i)
Definition: sha.c:54
block
The exact code depends on how similar the blocks are and how related they are to the block
Definition: filter_design.txt:207
h
h
Definition: vp9dsp_template.c:2070
Sigma0_256
#define Sigma0_256(x)
Definition: sha.c:180
Sigma1_256
#define Sigma1_256(x)
Definition: sha.c:181
R1_0
#define R1_0