FFmpeg: libavutil/sha.c Source File

00001 /*
00002  * Copyright (C) 2007 Michael Niedermayer <michaelni@gmx.at>
00003  * Copyright (C) 2009 Konstantin Shishkov
00004  * based on public domain SHA-1 code by Steve Reid <steve@edmweb.com>
00005  * and on BSD-licensed SHA-2 code by Aaron D. Gifford
00006  *
00007  * This file is part of FFmpeg.
00008  *
00009  * FFmpeg is free software; you can redistribute it and/or
00010  * modify it under the terms of the GNU Lesser General Public
00011  * License as published by the Free Software Foundation; either
00012  * version 2.1 of the License, or (at your option) any later version.
00013  *
00014  * FFmpeg is distributed in the hope that it will be useful,
00015  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00016  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00017  * Lesser General Public License for more details.
00018  *
00019  * You should have received a copy of the GNU Lesser General Public
00020  * License along with FFmpeg; if not, write to the Free Software
00021  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
00022  */
00023 
00024 #include <string.h>
00025 #include "avutil.h"
00026 #include "bswap.h"
00027 #include "sha.h"
00028 #include "sha1.h"
00029 #include "intreadwrite.h"
00030 
00032 typedef struct AVSHA {
00033     uint8_t  digest_len;  
00034     uint64_t count;       
00035     uint8_t  buffer[64];  
00036     uint32_t state[8];    
00037 
00038     void     (*transform)(uint32_t *state, const uint8_t buffer[64]);
00039 } AVSHA;
00040 
00041 const int av_sha_size = sizeof(AVSHA);
00042 
00043 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
00044 
00045 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
00046 #define blk0(i) (block[i] = be2me_32(((const uint32_t*)buffer)[i]))
00047 #define blk(i)  (block[i] = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1))
00048 
00049 #define R0(v,w,x,y,z,i) z += ((w&(x^y))^y)     + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
00050 #define R1(v,w,x,y,z,i) z += ((w&(x^y))^y)     + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
00051 #define R2(v,w,x,y,z,i) z += ( w^x     ^y)     + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30);
00052 #define R3(v,w,x,y,z,i) z += (((w|x)&y)|(w&x)) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30);
00053 #define R4(v,w,x,y,z,i) z += ( w^x     ^y)     + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30);
00054 
00055 /* Hash a single 512-bit block. This is the core of the algorithm. */
00056 
00057 static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])
00058 {
00059     uint32_t block[80];
00060     unsigned int i, a, b, c, d, e;
00061 
00062     a = state[0];
00063     b = state[1];
00064     c = state[2];
00065     d = state[3];
00066     e = state[4];
00067 #if CONFIG_SMALL
00068     for (i = 0; i < 80; i++) {
00069         int t;
00070         if (i < 16)
00071             t = be2me_32(((uint32_t*)buffer)[i]);
00072         else
00073             t = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1);
00074         block[i] = t;
00075         t += e + rol(a, 5);
00076         if (i < 40) {
00077             if (i < 20)
00078                 t += ((b&(c^d))^d)     + 0x5A827999;
00079             else
00080                 t += ( b^c     ^d)     + 0x6ED9EBA1;
00081         } else {
00082             if (i < 60)
00083                 t += (((b|c)&d)|(b&c)) + 0x8F1BBCDC;
00084             else
00085                 t += ( b^c     ^d)     + 0xCA62C1D6;
00086         }
00087         e = d;
00088         d = c;
00089         c = rol(b, 30);
00090         b = a;
00091         a = t;
00092     }
00093 #else
00094     for (i = 0; i < 15; i += 5) {
00095         R0(a, b, c, d, e, 0 + i);
00096         R0(e, a, b, c, d, 1 + i);
00097         R0(d, e, a, b, c, 2 + i);
00098         R0(c, d, e, a, b, 3 + i);
00099         R0(b, c, d, e, a, 4 + i);
00100     }
00101     R0(a, b, c, d, e, 15);
00102     R1(e, a, b, c, d, 16);
00103     R1(d, e, a, b, c, 17);
00104     R1(c, d, e, a, b, 18);
00105     R1(b, c, d, e, a, 19);
00106     for (i = 20; i < 40; i += 5) {
00107         R2(a, b, c, d, e, 0 + i);
00108         R2(e, a, b, c, d, 1 + i);
00109         R2(d, e, a, b, c, 2 + i);
00110         R2(c, d, e, a, b, 3 + i);
00111         R2(b, c, d, e, a, 4 + i);
00112     }
00113     for (; i < 60; i += 5) {
00114         R3(a, b, c, d, e, 0 + i);
00115         R3(e, a, b, c, d, 1 + i);
00116         R3(d, e, a, b, c, 2 + i);
00117         R3(c, d, e, a, b, 3 + i);
00118         R3(b, c, d, e, a, 4 + i);
00119     }
00120     for (; i < 80; i += 5) {
00121         R4(a, b, c, d, e, 0 + i);
00122         R4(e, a, b, c, d, 1 + i);
00123         R4(d, e, a, b, c, 2 + i);
00124         R4(c, d, e, a, b, 3 + i);
00125         R4(b, c, d, e, a, 4 + i);
00126     }
00127 #endif
00128     state[0] += a;
00129     state[1] += b;
00130     state[2] += c;
00131     state[3] += d;
00132     state[4] += e;
00133 }
00134 
00135 static const uint32_t K256[64] = {
00136     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
00137     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
00138     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
00139     0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
00140     0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
00141     0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
00142     0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
00143     0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
00144     0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
00145     0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
00146     0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
00147     0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
00148     0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
00149     0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
00150     0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
00151     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
00152 };
00153 
00154 
00155 #define Ch(x,y,z)   (((x) & ((y) ^ (z))) ^ (z))
00156 #define Maj(x,y,z)  ((((x) | (y)) & (z)) | ((x) & (y)))
00157 
00158 #define Sigma0_256(x)   (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10))
00159 #define Sigma1_256(x)   (rol((x), 26) ^ rol((x), 21) ^ rol((x),  7))
00160 #define sigma0_256(x)   (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3))
00161 #define sigma1_256(x)   (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10))
00162 
00163 #undef blk
00164 #define blk(i)  (block[i] = block[i - 16] + sigma0_256(block[i - 15]) + \
00165                             sigma1_256(block[i - 2]) + block[i - 7])
00166 
00167 #define ROUND256(a,b,c,d,e,f,g,h)   \
00168     T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \
00169     (d) += T1; \
00170     (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
00171     i++
00172 
00173 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)   \
00174     T1 = blk0(i); \
00175     ROUND256(a,b,c,d,e,f,g,h)
00176 
00177 #define ROUND256_16_TO_63(a,b,c,d,e,f,g,h)   \
00178     T1 = blk(i); \
00179     ROUND256(a,b,c,d,e,f,g,h)
00180 
00181 static void sha256_transform(uint32_t *state, const uint8_t buffer[64])
00182 {
00183     unsigned int i, a, b, c, d, e, f, g, h;
00184     uint32_t block[64];
00185     uint32_t T1, av_unused(T2);
00186 
00187     a = state[0];
00188     b = state[1];
00189     c = state[2];
00190     d = state[3];
00191     e = state[4];
00192     f = state[5];
00193     g = state[6];
00194     h = state[7];
00195 #if CONFIG_SMALL
00196     for (i = 0; i < 64; i++) {
00197         if (i < 16)
00198             T1 = blk0(i);
00199         else
00200             T1 = blk(i);
00201         T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i];
00202         T2 = Sigma0_256(a) + Maj(a, b, c);
00203         h = g;
00204         g = f;
00205         f = e;
00206         e = d + T1;
00207         d = c;
00208         c = b;
00209         b = a;
00210         a = T1 + T2;
00211     }
00212 #else
00213     for (i = 0; i < 16;) {
00214         ROUND256_0_TO_15(a, b, c, d, e, f, g, h);
00215         ROUND256_0_TO_15(h, a, b, c, d, e, f, g);
00216         ROUND256_0_TO_15(g, h, a, b, c, d, e, f);
00217         ROUND256_0_TO_15(f, g, h, a, b, c, d, e);
00218         ROUND256_0_TO_15(e, f, g, h, a, b, c, d);
00219         ROUND256_0_TO_15(d, e, f, g, h, a, b, c);
00220         ROUND256_0_TO_15(c, d, e, f, g, h, a, b);
00221         ROUND256_0_TO_15(b, c, d, e, f, g, h, a);
00222     }
00223 
00224     for (; i < 64;) {
00225         ROUND256_16_TO_63(a, b, c, d, e, f, g, h);
00226         ROUND256_16_TO_63(h, a, b, c, d, e, f, g);
00227         ROUND256_16_TO_63(g, h, a, b, c, d, e, f);
00228         ROUND256_16_TO_63(f, g, h, a, b, c, d, e);
00229         ROUND256_16_TO_63(e, f, g, h, a, b, c, d);
00230         ROUND256_16_TO_63(d, e, f, g, h, a, b, c);
00231         ROUND256_16_TO_63(c, d, e, f, g, h, a, b);
00232         ROUND256_16_TO_63(b, c, d, e, f, g, h, a);
00233     }
00234 #endif
00235     state[0] += a;
00236     state[1] += b;
00237     state[2] += c;
00238     state[3] += d;
00239     state[4] += e;
00240     state[5] += f;
00241     state[6] += g;
00242     state[7] += h;
00243 }
00244 
00245 
00246 int av_sha_init(AVSHA* ctx, int bits)
00247 {
00248     ctx->digest_len = bits >> 5;
00249     switch (bits) {
00250     case 160: // SHA-1
00251         ctx->state[0] = 0x67452301;
00252         ctx->state[1] = 0xEFCDAB89;
00253         ctx->state[2] = 0x98BADCFE;
00254         ctx->state[3] = 0x10325476;
00255         ctx->state[4] = 0xC3D2E1F0;
00256         ctx->transform = sha1_transform;
00257         break;
00258     case 224: // SHA-224
00259         ctx->state[0] = 0xC1059ED8;
00260         ctx->state[1] = 0x367CD507;
00261         ctx->state[2] = 0x3070DD17;
00262         ctx->state[3] = 0xF70E5939;
00263         ctx->state[4] = 0xFFC00B31;
00264         ctx->state[5] = 0x68581511;
00265         ctx->state[6] = 0x64F98FA7;
00266         ctx->state[7] = 0xBEFA4FA4;
00267         ctx->transform = sha256_transform;
00268         break;
00269     case 256: // SHA-256
00270         ctx->state[0] = 0x6A09E667;
00271         ctx->state[1] = 0xBB67AE85;
00272         ctx->state[2] = 0x3C6EF372;
00273         ctx->state[3] = 0xA54FF53A;
00274         ctx->state[4] = 0x510E527F;
00275         ctx->state[5] = 0x9B05688C;
00276         ctx->state[6] = 0x1F83D9AB;
00277         ctx->state[7] = 0x5BE0CD19;
00278         ctx->transform = sha256_transform;
00279         break;
00280     default:
00281         return -1;
00282     }
00283     ctx->count = 0;
00284     return 0;
00285 }
00286 
00287 void av_sha_update(AVSHA* ctx, const uint8_t* data, unsigned int len)
00288 {
00289     unsigned int i, j;
00290 
00291     j = ctx->count & 63;
00292     ctx->count += len;
00293 #if CONFIG_SMALL
00294     for (i = 0; i < len; i++) {
00295         ctx->buffer[j++] = data[i];
00296         if (64 == j) {
00297             ctx->transform(ctx->state, ctx->buffer);
00298             j = 0;
00299         }
00300     }
00301 #else
00302     if ((j + len) > 63) {
00303         memcpy(&ctx->buffer[j], data, (i = 64 - j));
00304         ctx->transform(ctx->state, ctx->buffer);
00305         for (; i + 63 < len; i += 64)
00306             ctx->transform(ctx->state, &data[i]);
00307         j = 0;
00308     } else
00309         i = 0;
00310     memcpy(&ctx->buffer[j], &data[i], len - i);
00311 #endif
00312 }
00313 
00314 void av_sha_final(AVSHA* ctx, uint8_t *digest)
00315 {
00316     int i;
00317     uint64_t finalcount = be2me_64(ctx->count << 3);
00318 
00319     av_sha_update(ctx, "\200", 1);
00320     while ((ctx->count & 63) != 56)
00321         av_sha_update(ctx, "", 1);
00322     av_sha_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */
00323     for (i = 0; i < ctx->digest_len; i++)
00324         AV_WB32(digest + i*4, ctx->state[i]);
00325 }
00326 
00327 #if LIBAVUTIL_VERSION_MAJOR < 51
00328 struct AVSHA1 {
00329     AVSHA sha;
00330 };
00331 
00332 const int av_sha1_size = sizeof(struct AVSHA1);
00333 
00334 void av_sha1_init(struct AVSHA1* context)
00335 {
00336     av_sha_init(&context->sha, 160);
00337 }
00338 
00339 void av_sha1_update(struct AVSHA1* context, const uint8_t* data, unsigned int len)
00340 {
00341     av_sha_update(&context->sha, data, len);
00342 }
00343 
00344 void av_sha1_final(struct AVSHA1* context, uint8_t digest[20])
00345 {
00346     av_sha_final(&context->sha, digest);
00347 }
00348 #endif
00349 
00350 #ifdef TEST
00351 #include <stdio.h>
00352 #undef printf
00353 
00354 int main(void)
00355 {
00356     int i, j, k;
00357     AVSHA ctx;
00358     unsigned char digest[32];
00359     const int lengths[3] = { 160, 224, 256 };
00360 
00361     for (j = 0; j < 3; j++) {
00362         printf("Testing SHA-%d\n", lengths[j]);
00363         for (k = 0; k < 3; k++) {
00364             av_sha_init(&ctx, lengths[j]);
00365             if (k == 0)
00366                 av_sha_update(&ctx, "abc", 3);
00367             else if (k == 1)
00368                 av_sha_update(&ctx, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56);
00369             else
00370                 for (i = 0; i < 1000*1000; i++)
00371                     av_sha_update(&ctx, "a", 1);
00372             av_sha_final(&ctx, digest);
00373             for (i = 0; i < lengths[j] >> 3; i++)
00374                 printf("%02X", digest[i]);
00375             putchar('\n');
00376         }
00377         switch (j) {
00378         case 0:
00379             //test vectors (from FIPS PUB 180-1)
00380             printf("A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D\n"
00381                    "84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1\n"
00382                    "34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F\n");
00383             break;
00384         case 1:
00385             //test vectors (from FIPS PUB 180-2 Appendix A)
00386             printf("23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7\n"
00387                    "75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525\n"
00388                    "20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67\n");
00389             break;
00390         case 2:
00391             //test vectors (from FIPS PUB 180-2)
00392             printf("ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad\n"
00393                    "248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1\n"
00394                    "cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0\n");
00395             break;
00396         }
00397     }
00398 
00399     return 0;
00400 }
00401 #endif