FFmpeg coverage

Directory: ../../../ffmpeg/
File: src/libavutil/sha.c
Date: 2024-04-24 18:52:15
Exec Total Coverage
Lines: 106 108 98.1%
Functions: 6 6 100.0%
Branches: 11 12 91.7%
Line Branch Exec Source
1 /*
2 * Copyright (C) 2007 Michael Niedermayer <michaelni@gmx.at>
3 * Copyright (C) 2009 Konstantin Shishkov
4 * based on public domain SHA-1 code by Steve Reid <steve@edmweb.com>
5 * and on BSD-licensed SHA-2 code by Aaron D. Gifford
6 *
7 * This file is part of FFmpeg.
8 *
9 * FFmpeg is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * FFmpeg is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with FFmpeg; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #include <string.h>
25
26 #include "config.h"
27 #include "attributes.h"
28 #include "bswap.h"
29 #include "error.h"
30 #include "sha.h"
31 #include "intreadwrite.h"
32 #include "mem.h"
33
34 /** hash context */
35 typedef struct AVSHA {
36 uint8_t digest_len; ///< digest length in 32-bit words
37 uint64_t count; ///< number of bytes in buffer
38 uint8_t buffer[64]; ///< 512-bit buffer of input values used in hash updating
39 uint32_t state[8]; ///< current hash value
40 /** function used to update hash for 512-bit input block */
41 void (*transform)(uint32_t *state, const uint8_t buffer[64]);
42 } AVSHA;
43
44 const int av_sha_size = sizeof(AVSHA);
45
46 24 struct AVSHA *av_sha_alloc(void)
47 {
48 24 return av_mallocz(sizeof(struct AVSHA));
49 }
50
51 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
52
53 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
54 #define blk0(i) (block[i] = AV_RB32(buffer + 4 * (i)))
55 #define blk(i) (block[i] = rol(block[(i)-3] ^ block[(i)-8] ^ block[(i)-14] ^ block[(i)-16], 1))
56
57 #define R0(v,w,x,y,z,i) z += (((w)&((x)^(y)))^(y)) + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
58 #define R1(v,w,x,y,z,i) z += (((w)&((x)^(y)))^(y)) + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
59 #define R2(v,w,x,y,z,i) z += ( (w)^(x) ^(y)) + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30);
60 #define R3(v,w,x,y,z,i) z += ((((w)|(x))&(y))|((w)&(x))) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30);
61 #define R4(v,w,x,y,z,i) z += ( (w)^(x) ^(y)) + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30);
62
63 /* Hash a single 512-bit block. This is the core of the algorithm. */
64
65 24180 static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])
66 {
67 uint32_t block[80];
68 unsigned int i, a, b, c, d, e;
69
70 24180 a = state[0];
71 24180 b = state[1];
72 24180 c = state[2];
73 24180 d = state[3];
74 24180 e = state[4];
75 #if CONFIG_SMALL
76 for (i = 0; i < 80; i++) {
77 int t;
78 if (i < 16)
79 t = AV_RB32(buffer + 4 * i);
80 else
81 t = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1);
82 block[i] = t;
83 t += e + rol(a, 5);
84 if (i < 40) {
85 if (i < 20)
86 t += ((b&(c^d))^d) + 0x5A827999;
87 else
88 t += ( b^c ^d) + 0x6ED9EBA1;
89 } else {
90 if (i < 60)
91 t += (((b|c)&d)|(b&c)) + 0x8F1BBCDC;
92 else
93 t += ( b^c ^d) + 0xCA62C1D6;
94 }
95 e = d;
96 d = c;
97 c = rol(b, 30);
98 b = a;
99 a = t;
100 }
101 #else
102
103 #define R1_0 \
104 R0(a, b, c, d, e, 0 + i); \
105 R0(e, a, b, c, d, 1 + i); \
106 R0(d, e, a, b, c, 2 + i); \
107 R0(c, d, e, a, b, 3 + i); \
108 R0(b, c, d, e, a, 4 + i); \
109 i += 5
110
111 24180 i = 0;
112 24180 R1_0; R1_0; R1_0;
113 24180 R0(a, b, c, d, e, 15);
114 24180 R1(e, a, b, c, d, 16);
115 24180 R1(d, e, a, b, c, 17);
116 24180 R1(c, d, e, a, b, 18);
117 24180 R1(b, c, d, e, a, 19);
118
119 #define R1_20 \
120 R2(a, b, c, d, e, 0 + i); \
121 R2(e, a, b, c, d, 1 + i); \
122 R2(d, e, a, b, c, 2 + i); \
123 R2(c, d, e, a, b, 3 + i); \
124 R2(b, c, d, e, a, 4 + i); \
125 i += 5
126
127 24180 i = 20;
128 24180 R1_20; R1_20; R1_20; R1_20;
129
130 #define R1_40 \
131 R3(a, b, c, d, e, 0 + i); \
132 R3(e, a, b, c, d, 1 + i); \
133 R3(d, e, a, b, c, 2 + i); \
134 R3(c, d, e, a, b, 3 + i); \
135 R3(b, c, d, e, a, 4 + i); \
136 i += 5
137
138 24180 R1_40; R1_40; R1_40; R1_40;
139
140 #define R1_60 \
141 R4(a, b, c, d, e, 0 + i); \
142 R4(e, a, b, c, d, 1 + i); \
143 R4(d, e, a, b, c, 2 + i); \
144 R4(c, d, e, a, b, 3 + i); \
145 R4(b, c, d, e, a, 4 + i); \
146 i += 5
147
148 24180 R1_60; R1_60; R1_60; R1_60;
149 #endif
150 24180 state[0] += a;
151 24180 state[1] += b;
152 24180 state[2] += c;
153 24180 state[3] += d;
154 24180 state[4] += e;
155 24180 }
156
157 static const uint32_t K256[64] = {
158 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
159 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
160 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
161 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
162 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
163 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
164 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
165 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
166 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
167 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
168 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
169 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
170 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
171 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
172 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
173 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
174 };
175
176
177 #define Ch(x,y,z) (((x) & ((y) ^ (z))) ^ (z))
178 #define Maj(z,y,x) ((((x) | (y)) & (z)) | ((x) & (y)))
179
180 #define Sigma0_256(x) (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10))
181 #define Sigma1_256(x) (rol((x), 26) ^ rol((x), 21) ^ rol((x), 7))
182 #define sigma0_256(x) (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3))
183 #define sigma1_256(x) (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10))
184
185 #undef blk
186 #define blk(i) (block[i] = block[i - 16] + sigma0_256(block[i - 15]) + \
187 sigma1_256(block[i - 2]) + block[i - 7])
188
189 #define ROUND256(a,b,c,d,e,f,g,h) \
190 T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \
191 (d) += T1; \
192 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
193 i++
194
195 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
196 T1 = blk0(i); \
197 ROUND256(a,b,c,d,e,f,g,h)
198
199 #define ROUND256_16_TO_63(a,b,c,d,e,f,g,h) \
200 T1 = blk(i); \
201 ROUND256(a,b,c,d,e,f,g,h)
202
203 47864 static void sha256_transform(uint32_t *state, const uint8_t buffer[64])
204 {
205 unsigned int i, a, b, c, d, e, f, g, h;
206 uint32_t block[64];
207 uint32_t T1;
208
209 47864 a = state[0];
210 47864 b = state[1];
211 47864 c = state[2];
212 47864 d = state[3];
213 47864 e = state[4];
214 47864 f = state[5];
215 47864 g = state[6];
216 47864 h = state[7];
217 #if CONFIG_SMALL
218 for (i = 0; i < 64; i++) {
219 uint32_t T2;
220 if (i < 16)
221 T1 = blk0(i);
222 else
223 T1 = blk(i);
224 T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i];
225 T2 = Sigma0_256(a) + Maj(a, b, c);
226 h = g;
227 g = f;
228 f = e;
229 e = d + T1;
230 d = c;
231 c = b;
232 b = a;
233 a = T1 + T2;
234 }
235 #else
236
237 47864 i = 0;
238 #define R256_0 \
239 ROUND256_0_TO_15(a, b, c, d, e, f, g, h); \
240 ROUND256_0_TO_15(h, a, b, c, d, e, f, g); \
241 ROUND256_0_TO_15(g, h, a, b, c, d, e, f); \
242 ROUND256_0_TO_15(f, g, h, a, b, c, d, e); \
243 ROUND256_0_TO_15(e, f, g, h, a, b, c, d); \
244 ROUND256_0_TO_15(d, e, f, g, h, a, b, c); \
245 ROUND256_0_TO_15(c, d, e, f, g, h, a, b); \
246 ROUND256_0_TO_15(b, c, d, e, f, g, h, a)
247
248 47864 R256_0; R256_0;
249
250 #define R256_16 \
251 ROUND256_16_TO_63(a, b, c, d, e, f, g, h); \
252 ROUND256_16_TO_63(h, a, b, c, d, e, f, g); \
253 ROUND256_16_TO_63(g, h, a, b, c, d, e, f); \
254 ROUND256_16_TO_63(f, g, h, a, b, c, d, e); \
255 ROUND256_16_TO_63(e, f, g, h, a, b, c, d); \
256 ROUND256_16_TO_63(d, e, f, g, h, a, b, c); \
257 ROUND256_16_TO_63(c, d, e, f, g, h, a, b); \
258 ROUND256_16_TO_63(b, c, d, e, f, g, h, a)
259
260 47864 R256_16; R256_16; R256_16;
261 47864 R256_16; R256_16; R256_16;
262 #endif
263 47864 state[0] += a;
264 47864 state[1] += b;
265 47864 state[2] += c;
266 47864 state[3] += d;
267 47864 state[4] += e;
268 47864 state[5] += f;
269 47864 state[6] += g;
270 47864 state[7] += h;
271 47864 }
272
273
274 348 av_cold int av_sha_init(AVSHA *ctx, int bits)
275 {
276 348 ctx->digest_len = bits >> 5;
277
3/4
✓ Branch 0 taken 310 times.
✓ Branch 1 taken 18 times.
✓ Branch 2 taken 20 times.
✗ Branch 3 not taken.
 348 switch (bits) {
278 310 case 160: // SHA-1
279 310 ctx->state[0] = 0x67452301;
280 310 ctx->state[1] = 0xEFCDAB89;
281 310 ctx->state[2] = 0x98BADCFE;
282 310 ctx->state[3] = 0x10325476;
283 310 ctx->state[4] = 0xC3D2E1F0;
284 310 ctx->transform = sha1_transform;
285 310 break;
286 18 case 224: // SHA-224
287 18 ctx->state[0] = 0xC1059ED8;
288 18 ctx->state[1] = 0x367CD507;
289 18 ctx->state[2] = 0x3070DD17;
290 18 ctx->state[3] = 0xF70E5939;
291 18 ctx->state[4] = 0xFFC00B31;
292 18 ctx->state[5] = 0x68581511;
293 18 ctx->state[6] = 0x64F98FA7;
294 18 ctx->state[7] = 0xBEFA4FA4;
295 18 ctx->transform = sha256_transform;
296 18 break;
297 20 case 256: // SHA-256
298 20 ctx->state[0] = 0x6A09E667;
299 20 ctx->state[1] = 0xBB67AE85;
300 20 ctx->state[2] = 0x3C6EF372;
301 20 ctx->state[3] = 0xA54FF53A;
302 20 ctx->state[4] = 0x510E527F;
303 20 ctx->state[5] = 0x9B05688C;
304 20 ctx->state[6] = 0x1F83D9AB;
305 20 ctx->state[7] = 0x5BE0CD19;
306 20 ctx->transform = sha256_transform;
307 20 break;
308 default:
309 return AVERROR(EINVAL);
310 }
311 348 ctx->count = 0;
312 348 return 0;
313 }
314
315 3018987 void av_sha_update(struct AVSHA *ctx, const uint8_t *data, size_t len)
316 {
317 unsigned int j;
318 size_t i;
319
320 3018987 j = ctx->count & 63;
321 3018987 ctx->count += len;
322 #if CONFIG_SMALL
323 for (i = 0; i < len; i++) {
324 ctx->buffer[j++] = data[i];
325 if (64 == j) {
326 ctx->transform(ctx->state, ctx->buffer);
327 j = 0;
328 }
329 }
330 #else
331
2/2
✓ Branch 0 taken 48084 times.
✓ Branch 1 taken 2970903 times.
 3018987 if (len >= 64 - j) {
332 const uint8_t *end;
333 48084 memcpy(&ctx->buffer[j], data, (i = 64 - j));
334 48084 ctx->transform(ctx->state, ctx->buffer);
335 48084 data += i;
336 48084 len -= i;
337 48084 end = data + (len & ~63);
338 48084 len = len % 64;
339
2/2
✓ Branch 0 taken 23960 times.
✓ Branch 1 taken 48084 times.
 72044 for (; data < end; data += 64)
340 23960 ctx->transform(ctx->state, data);
341 48084 j = 0;
342 }
343 3018987 memcpy(&ctx->buffer[j], data, len);
344 #endif
345 3018987 }
346
347 348 void av_sha_final(AVSHA* ctx, uint8_t *digest)
348 {
349 int i;
350 348 uint64_t finalcount = av_be2ne64(ctx->count << 3);
351
352 348 av_sha_update(ctx, "\200", 1);
353
2/2
✓ Branch 0 taken 17355 times.
✓ Branch 1 taken 348 times.
 17703 while ((ctx->count & 63) != 56)
354 17355 av_sha_update(ctx, "", 1);
355 348 av_sha_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */
356
2/2
✓ Branch 0 taken 1836 times.
✓ Branch 1 taken 348 times.
 2184 for (i = 0; i < ctx->digest_len; i++)
357 1836 AV_WB32(digest + i*4, ctx->state[i]);
358 348 }
359