LCOV - code coverage report
Current view: top level - libavutil - sha.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 103 105 98.1 %
Date: 2017-10-18 21:45:51 Functions: 6 6 100.0 %

          Line data    Source code
       1             : /*
       2             :  * Copyright (C) 2007 Michael Niedermayer <michaelni@gmx.at>
       3             :  * Copyright (C) 2009 Konstantin Shishkov
       4             :  * based on public domain SHA-1 code by Steve Reid <steve@edmweb.com>
       5             :  * and on BSD-licensed SHA-2 code by Aaron D. Gifford
       6             :  *
       7             :  * This file is part of FFmpeg.
       8             :  *
       9             :  * FFmpeg is free software; you can redistribute it and/or
      10             :  * modify it under the terms of the GNU Lesser General Public
      11             :  * License as published by the Free Software Foundation; either
      12             :  * version 2.1 of the License, or (at your option) any later version.
      13             :  *
      14             :  * FFmpeg is distributed in the hope that it will be useful,
      15             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      17             :  * Lesser General Public License for more details.
      18             :  *
      19             :  * You should have received a copy of the GNU Lesser General Public
      20             :  * License along with FFmpeg; if not, write to the Free Software
      21             :  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
      22             :  */
      23             : 
      24             : #include <string.h>
      25             : 
      26             : #include "attributes.h"
      27             : #include "avutil.h"
      28             : #include "bswap.h"
      29             : #include "sha.h"
      30             : #include "intreadwrite.h"
      31             : #include "mem.h"
      32             : 
      33             : /** hash context */
      34             : typedef struct AVSHA {
      35             :     uint8_t  digest_len;  ///< digest length in 32-bit words
      36             :     uint64_t count;       ///< number of bytes in buffer
      37             :     uint8_t  buffer[64];  ///< 512-bit buffer of input values used in hash updating
      38             :     uint32_t state[8];    ///< current hash value
      39             :     /** function used to update hash for 512-bit input block */
      40             :     void     (*transform)(uint32_t *state, const uint8_t buffer[64]);
      41             : } AVSHA;
      42             : 
      43             : const int av_sha_size = sizeof(AVSHA);
      44             : 
      45          23 : struct AVSHA *av_sha_alloc(void)
      46             : {
      47          23 :     return av_mallocz(sizeof(struct AVSHA));
      48             : }
      49             : 
      50             : #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
      51             : 
      52             : /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
      53             : #define blk0(i) (block[i] = AV_RB32(buffer + 4 * (i)))
      54             : #define blk(i)  (block[i] = rol(block[(i)-3] ^ block[(i)-8] ^ block[(i)-14] ^ block[(i)-16], 1))
      55             : 
      56             : #define R0(v,w,x,y,z,i) z += (((w)&((x)^(y)))^(y))       + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
      57             : #define R1(v,w,x,y,z,i) z += (((w)&((x)^(y)))^(y))       + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
      58             : #define R2(v,w,x,y,z,i) z += ( (w)^(x)       ^(y))       + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30);
      59             : #define R3(v,w,x,y,z,i) z += ((((w)|(x))&(y))|((w)&(x))) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30);
      60             : #define R4(v,w,x,y,z,i) z += ( (w)^(x)       ^(y))       + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30);
      61             : 
      62             : /* Hash a single 512-bit block. This is the core of the algorithm. */
      63             : 
      64       26557 : static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])
      65             : {
      66             :     uint32_t block[80];
      67             :     unsigned int i, a, b, c, d, e;
      68             : 
      69       26557 :     a = state[0];
      70       26557 :     b = state[1];
      71       26557 :     c = state[2];
      72       26557 :     d = state[3];
      73       26557 :     e = state[4];
      74             : #if CONFIG_SMALL
      75             :     for (i = 0; i < 80; i++) {
      76             :         int t;
      77             :         if (i < 16)
      78             :             t = AV_RB32(buffer + 4 * i);
      79             :         else
      80             :             t = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1);
      81             :         block[i] = t;
      82             :         t += e + rol(a, 5);
      83             :         if (i < 40) {
      84             :             if (i < 20)
      85             :                 t += ((b&(c^d))^d)     + 0x5A827999;
      86             :             else
      87             :                 t += ( b^c     ^d)     + 0x6ED9EBA1;
      88             :         } else {
      89             :             if (i < 60)
      90             :                 t += (((b|c)&d)|(b&c)) + 0x8F1BBCDC;
      91             :             else
      92             :                 t += ( b^c     ^d)     + 0xCA62C1D6;
      93             :         }
      94             :         e = d;
      95             :         d = c;
      96             :         c = rol(b, 30);
      97             :         b = a;
      98             :         a = t;
      99             :     }
     100             : #else
     101             : 
     102             : #define R1_0 \
     103             :     R0(a, b, c, d, e, 0 + i); \
     104             :     R0(e, a, b, c, d, 1 + i); \
     105             :     R0(d, e, a, b, c, 2 + i); \
     106             :     R0(c, d, e, a, b, 3 + i); \
     107             :     R0(b, c, d, e, a, 4 + i); \
     108             :     i += 5
     109             : 
     110       26557 :     i = 0;
     111       26557 :     R1_0; R1_0; R1_0;
     112       26557 :     R0(a, b, c, d, e, 15);
     113       26557 :     R1(e, a, b, c, d, 16);
     114       26557 :     R1(d, e, a, b, c, 17);
     115       26557 :     R1(c, d, e, a, b, 18);
     116       26557 :     R1(b, c, d, e, a, 19);
     117             : 
     118             : #define R1_20 \
     119             :     R2(a, b, c, d, e, 0 + i); \
     120             :     R2(e, a, b, c, d, 1 + i); \
     121             :     R2(d, e, a, b, c, 2 + i); \
     122             :     R2(c, d, e, a, b, 3 + i); \
     123             :     R2(b, c, d, e, a, 4 + i); \
     124             :     i += 5
     125             : 
     126       26557 :     i = 20;
     127       26557 :     R1_20; R1_20; R1_20; R1_20;
     128             : 
     129             : #define R1_40 \
     130             :     R3(a, b, c, d, e, 0 + i); \
     131             :     R3(e, a, b, c, d, 1 + i); \
     132             :     R3(d, e, a, b, c, 2 + i); \
     133             :     R3(c, d, e, a, b, 3 + i); \
     134             :     R3(b, c, d, e, a, 4 + i); \
     135             :     i += 5
     136             : 
     137       26557 :     R1_40; R1_40; R1_40; R1_40;
     138             : 
     139             : #define R1_60 \
     140             :     R4(a, b, c, d, e, 0 + i); \
     141             :     R4(e, a, b, c, d, 1 + i); \
     142             :     R4(d, e, a, b, c, 2 + i); \
     143             :     R4(c, d, e, a, b, 3 + i); \
     144             :     R4(b, c, d, e, a, 4 + i); \
     145             :     i += 5
     146             : 
     147       26557 :     R1_60; R1_60; R1_60; R1_60;
     148             : #endif
     149       26557 :     state[0] += a;
     150       26557 :     state[1] += b;
     151       26557 :     state[2] += c;
     152       26557 :     state[3] += d;
     153       26557 :     state[4] += e;
     154       26557 : }
     155             : 
     156             : static const uint32_t K256[64] = {
     157             :     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     158             :     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     159             :     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
     160             :     0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
     161             :     0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
     162             :     0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
     163             :     0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
     164             :     0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
     165             :     0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
     166             :     0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
     167             :     0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
     168             :     0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
     169             :     0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
     170             :     0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
     171             :     0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
     172             :     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
     173             : };
     174             : 
     175             : 
     176             : #define Ch(x,y,z)   (((x) & ((y) ^ (z))) ^ (z))
     177             : #define Maj(z,y,x)  ((((x) | (y)) & (z)) | ((x) & (y)))
     178             : 
     179             : #define Sigma0_256(x)   (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10))
     180             : #define Sigma1_256(x)   (rol((x), 26) ^ rol((x), 21) ^ rol((x),  7))
     181             : #define sigma0_256(x)   (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3))
     182             : #define sigma1_256(x)   (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10))
     183             : 
     184             : #undef blk
     185             : #define blk(i)  (block[i] = block[i - 16] + sigma0_256(block[i - 15]) + \
     186             :                             sigma1_256(block[i - 2]) + block[i - 7])
     187             : 
     188             : #define ROUND256(a,b,c,d,e,f,g,h)   \
     189             :     T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \
     190             :     (d) += T1; \
     191             :     (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
     192             :     i++
     193             : 
     194             : #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)   \
     195             :     T1 = blk0(i); \
     196             :     ROUND256(a,b,c,d,e,f,g,h)
     197             : 
     198             : #define ROUND256_16_TO_63(a,b,c,d,e,f,g,h)   \
     199             :     T1 = blk(i); \
     200             :     ROUND256(a,b,c,d,e,f,g,h)
     201             : 
     202       31326 : static void sha256_transform(uint32_t *state, const uint8_t buffer[64])
     203             : {
     204             :     unsigned int i, a, b, c, d, e, f, g, h;
     205             :     uint32_t block[64];
     206             :     uint32_t T1;
     207             : 
     208       31326 :     a = state[0];
     209       31326 :     b = state[1];
     210       31326 :     c = state[2];
     211       31326 :     d = state[3];
     212       31326 :     e = state[4];
     213       31326 :     f = state[5];
     214       31326 :     g = state[6];
     215       31326 :     h = state[7];
     216             : #if CONFIG_SMALL
     217             :     for (i = 0; i < 64; i++) {
     218             :         uint32_t T2;
     219             :         if (i < 16)
     220             :             T1 = blk0(i);
     221             :         else
     222             :             T1 = blk(i);
     223             :         T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i];
     224             :         T2 = Sigma0_256(a) + Maj(a, b, c);
     225             :         h = g;
     226             :         g = f;
     227             :         f = e;
     228             :         e = d + T1;
     229             :         d = c;
     230             :         c = b;
     231             :         b = a;
     232             :         a = T1 + T2;
     233             :     }
     234             : #else
     235             : 
     236       31326 :     i = 0;
     237             : #define R256_0 \
     238             :     ROUND256_0_TO_15(a, b, c, d, e, f, g, h); \
     239             :     ROUND256_0_TO_15(h, a, b, c, d, e, f, g); \
     240             :     ROUND256_0_TO_15(g, h, a, b, c, d, e, f); \
     241             :     ROUND256_0_TO_15(f, g, h, a, b, c, d, e); \
     242             :     ROUND256_0_TO_15(e, f, g, h, a, b, c, d); \
     243             :     ROUND256_0_TO_15(d, e, f, g, h, a, b, c); \
     244             :     ROUND256_0_TO_15(c, d, e, f, g, h, a, b); \
     245             :     ROUND256_0_TO_15(b, c, d, e, f, g, h, a)
     246             : 
     247       31326 :     R256_0; R256_0;
     248             : 
     249             : #define R256_16 \
     250             :     ROUND256_16_TO_63(a, b, c, d, e, f, g, h); \
     251             :     ROUND256_16_TO_63(h, a, b, c, d, e, f, g); \
     252             :     ROUND256_16_TO_63(g, h, a, b, c, d, e, f); \
     253             :     ROUND256_16_TO_63(f, g, h, a, b, c, d, e); \
     254             :     ROUND256_16_TO_63(e, f, g, h, a, b, c, d); \
     255             :     ROUND256_16_TO_63(d, e, f, g, h, a, b, c); \
     256             :     ROUND256_16_TO_63(c, d, e, f, g, h, a, b); \
     257             :     ROUND256_16_TO_63(b, c, d, e, f, g, h, a)
     258             : 
     259       31326 :     R256_16; R256_16; R256_16;
     260       31326 :     R256_16; R256_16; R256_16;
     261             : #endif
     262       31326 :     state[0] += a;
     263       31326 :     state[1] += b;
     264       31326 :     state[2] += c;
     265       31326 :     state[3] += d;
     266       31326 :     state[4] += e;
     267       31326 :     state[5] += f;
     268       31326 :     state[6] += g;
     269       31326 :     state[7] += h;
     270       31326 : }
     271             : 
     272             : 
     273         347 : av_cold int av_sha_init(AVSHA *ctx, int bits)
     274             : {
     275         347 :     ctx->digest_len = bits >> 5;
     276         347 :     switch (bits) {
     277         311 :     case 160: // SHA-1
     278         311 :         ctx->state[0] = 0x67452301;
     279         311 :         ctx->state[1] = 0xEFCDAB89;
     280         311 :         ctx->state[2] = 0x98BADCFE;
     281         311 :         ctx->state[3] = 0x10325476;
     282         311 :         ctx->state[4] = 0xC3D2E1F0;
     283         311 :         ctx->transform = sha1_transform;
     284         311 :         break;
     285          18 :     case 224: // SHA-224
     286          18 :         ctx->state[0] = 0xC1059ED8;
     287          18 :         ctx->state[1] = 0x367CD507;
     288          18 :         ctx->state[2] = 0x3070DD17;
     289          18 :         ctx->state[3] = 0xF70E5939;
     290          18 :         ctx->state[4] = 0xFFC00B31;
     291          18 :         ctx->state[5] = 0x68581511;
     292          18 :         ctx->state[6] = 0x64F98FA7;
     293          18 :         ctx->state[7] = 0xBEFA4FA4;
     294          18 :         ctx->transform = sha256_transform;
     295          18 :         break;
     296          18 :     case 256: // SHA-256
     297          18 :         ctx->state[0] = 0x6A09E667;
     298          18 :         ctx->state[1] = 0xBB67AE85;
     299          18 :         ctx->state[2] = 0x3C6EF372;
     300          18 :         ctx->state[3] = 0xA54FF53A;
     301          18 :         ctx->state[4] = 0x510E527F;
     302          18 :         ctx->state[5] = 0x9B05688C;
     303          18 :         ctx->state[6] = 0x1F83D9AB;
     304          18 :         ctx->state[7] = 0x5BE0CD19;
     305          18 :         ctx->transform = sha256_transform;
     306          18 :         break;
     307           0 :     default:
     308           0 :         return AVERROR(EINVAL);
     309             :     }
     310         347 :     ctx->count = 0;
     311         347 :     return 0;
     312             : }
     313             : 
     314             : #if FF_API_CRYPTO_SIZE_T
     315     3018494 : void av_sha_update(struct AVSHA *ctx, const uint8_t *data, unsigned int len)
     316             : #else
     317             : void av_sha_update(struct AVSHA *ctx, const uint8_t *data, size_t len)
     318             : #endif
     319             : {
     320             :     unsigned int i, j;
     321             : 
     322     3018494 :     j = ctx->count & 63;
     323     3018494 :     ctx->count += len;
     324             : #if CONFIG_SMALL
     325             :     for (i = 0; i < len; i++) {
     326             :         ctx->buffer[j++] = data[i];
     327             :         if (64 == j) {
     328             :             ctx->transform(ctx->state, ctx->buffer);
     329             :             j = 0;
     330             :         }
     331             :     }
     332             : #else
     333     3018494 :     if ((j + len) > 63) {
     334       47566 :         memcpy(&ctx->buffer[j], data, (i = 64 - j));
     335       47566 :         ctx->transform(ctx->state, ctx->buffer);
     336       57883 :         for (; i + 63 < len; i += 64)
     337       10317 :             ctx->transform(ctx->state, &data[i]);
     338       47566 :         j = 0;
     339             :     } else
     340     2970928 :         i = 0;
     341     3018494 :     memcpy(&ctx->buffer[j], &data[i], len - i);
     342             : #endif
     343     3018494 : }
     344             : 
     345         347 : void av_sha_final(AVSHA* ctx, uint8_t *digest)
     346             : {
     347             :     int i;
     348         347 :     uint64_t finalcount = av_be2ne64(ctx->count << 3);
     349             : 
     350         347 :     av_sha_update(ctx, "\200", 1);
     351       18075 :     while ((ctx->count & 63) != 56)
     352       17381 :         av_sha_update(ctx, "", 1);
     353         347 :     av_sha_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */
     354        2172 :     for (i = 0; i < ctx->digest_len; i++)
     355        1825 :         AV_WB32(digest + i*4, ctx->state[i]);
     356         347 : }

Generated by: LCOV version 1.13