FFmpeg: libavutil/sha.c Source File

FFmpeg

[フレーム]

libavutil

sha.c

Go to the documentation of this file.

1 /*

4 * based on public domain SHA-1 code by Steve Reid <steve@edmweb.com>

5 * and on BSD-licensed SHA-2 code by Aaron D. Gifford

6 *

7 * This file is part of FFmpeg.

8 *

9 * FFmpeg is free software; you can redistribute it and/or

10 * modify it under the terms of the GNU Lesser General Public

11 * License as published by the Free Software Foundation; either

12 * version 2.1 of the License, or (at your option) any later version.

13 *

14 * FFmpeg is distributed in the hope that it will be useful,

15 * but WITHOUT ANY WARRANTY; without even the implied warranty of

16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

17 * Lesser General Public License for more details.

18 *

19 * You should have received a copy of the GNU Lesser General Public

20 * License along with FFmpeg; if not, write to the Free Software

21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

22 */

24 #include <string.h>

26 #include "config.h"

27 #include "attributes.h"

28 #include "bswap.h"

29 #include "error.h"

30 #include "sha.h"

31 #include "intreadwrite.h"

32 #include "mem.h"

34 /** hash context */

35 typedef struct AVSHA {

36 uint8_t digest_len; ///< digest length in 32-bit words

37 uint64_t count; ///< number of bytes in buffer

38 uint8_t buffer[64]; ///< 512-bit buffer of input values used in hash updating

39 uint32_t state[8]; ///< current hash value

40 /** function used to update hash for 512-bit input block */

41 void (*transform)(uint32_t *state, const uint8_t buffer[64]);

42 } AVSHA;

44 const int av_sha_size = sizeof(AVSHA);

46 struct AVSHA *av_sha_alloc(void)

47 {

48 return av_mallocz(sizeof(struct AVSHA));

49 }

51 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))

53 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */

54 #define blk0(i) (block[i] = AV_RB32(buffer + 4 * (i)))

55 #define blk(i) (block[i] = rol(block[(i)-3] ^ block[(i)-8] ^ block[(i)-14] ^ block[(i)-16], 1))

57 #define R0(v,w,x,y,z,i) z += (((w)&((x)^(y)))^(y)) + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);

58 #define R1(v,w,x,y,z,i) z += (((w)&((x)^(y)))^(y)) + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);

59 #define R2(v,w,x,y,z,i) z += ( (w)^(x) ^(y)) + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30);

60 #define R3(v,w,x,y,z,i) z += ((((w)|(x))&(y))|((w)&(x))) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30);

61 #define R4(v,w,x,y,z,i) z += ( (w)^(x) ^(y)) + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30);

63 /* Hash a single 512-bit block. This is the core of the algorithm. */

65 static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])

66 {

67 uint32_t block[80];

68 unsigned int i, a, b, c, d, e;

70 a = state[0];

71 b = state[1];

72 c = state[2];

73 d = state[3];

74 e = state[4];

75 #if CONFIG_SMALL

76 for (i = 0; i < 80; i++) {

77 int t;

78 if (i < 16)

79 t = AV_RB32(buffer + 4 * i);

80 else

81 t = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1);

82 block[i] = t;

83 t += e + rol(a, 5);

84 if (i < 40) {

85 if (i < 20)

86 t += ((b&(c^d))^d) + 0x5A827999;

87 else

88 t += ( b^c ^d) + 0x6ED9EBA1;

89 } else {

90 if (i < 60)

91 t += (((b|c)&d)|(b&c)) + 0x8F1BBCDC;

92 else

93 t += ( b^c ^d) + 0xCA62C1D6;

94 }

95 e = d;

96 d = c;

97 c = rol(b, 30);

98 b = a;

99 a = t;

100 }

101 #else

102

103 #define R1_0 \

104 R0(a, b, c, d, e, 0 + i); \

105 R0(e, a, b, c, d, 1 + i); \

106 R0(d, e, a, b, c, 2 + i); \

107 R0(c, d, e, a, b, 3 + i); \

108 R0(b, c, d, e, a, 4 + i); \

109 i += 5

110

111 i = 0;

112 R1_0; R1_0; R1_0;

113 R0(a, b, c, d, e, 15);

114 R1(e, a, b, c, d, 16);

115 R1(d, e, a, b, c, 17);

116 R1(c, d, e, a, b, 18);

117 R1(b, c, d, e, a, 19);

118

119 #define R1_20 \

120 R2(a, b, c, d, e, 0 + i); \

121 R2(e, a, b, c, d, 1 + i); \

122 R2(d, e, a, b, c, 2 + i); \

123 R2(c, d, e, a, b, 3 + i); \

124 R2(b, c, d, e, a, 4 + i); \

125 i += 5

126

127 i = 20;

128 R1_20; R1_20; R1_20; R1_20;

129

130 #define R1_40 \

131 R3(a, b, c, d, e, 0 + i); \

132 R3(e, a, b, c, d, 1 + i); \

133 R3(d, e, a, b, c, 2 + i); \

134 R3(c, d, e, a, b, 3 + i); \

135 R3(b, c, d, e, a, 4 + i); \

136 i += 5

137

138 R1_40; R1_40; R1_40; R1_40;

139

140 #define R1_60 \

141 R4(a, b, c, d, e, 0 + i); \

142 R4(e, a, b, c, d, 1 + i); \

143 R4(d, e, a, b, c, 2 + i); \

144 R4(c, d, e, a, b, 3 + i); \

145 R4(b, c, d, e, a, 4 + i); \

146 i += 5

147

148 R1_60; R1_60; R1_60; R1_60;

149 #endif

150 state[0] += a;

151 state[1] += b;

152 state[2] += c;

153 state[3] += d;

154 state[4] += e;

155 }

156

157 static const uint32_t K256[64] = {

158 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,

159 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,

160 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,

161 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,

162 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,

163 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,

164 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,

165 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,

166 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,

167 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,

168 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,

169 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,

170 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,

171 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,

172 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,

173 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

174 };

175

176

177 #define Ch(x,y,z) (((x) & ((y) ^ (z))) ^ (z))

178 #define Maj(z,y,x) ((((x) | (y)) & (z)) | ((x) & (y)))

179

180 #define Sigma0_256(x) (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10))

181 #define Sigma1_256(x) (rol((x), 26) ^ rol((x), 21) ^ rol((x), 7))

182 #define sigma0_256(x) (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3))

183 #define sigma1_256(x) (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10))

184

185 #undef blk

186 #define blk(i) (block[i] = block[i - 16] + sigma0_256(block[i - 15]) + \

187 sigma1_256(block[i - 2]) + block[i - 7])

188

189 #define ROUND256(a,b,c,d,e,f,g,h) \

190 T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \

191 (d) += T1; \

192 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \

193 i++

194

195 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \

196 T1 = blk0(i); \

197 ROUND256(a,b,c,d,e,f,g,h)

198

199 #define ROUND256_16_TO_63(a,b,c,d,e,f,g,h) \

200 T1 = blk(i); \

201 ROUND256(a,b,c,d,e,f,g,h)

202

203 static void sha256_transform(uint32_t *state, const uint8_t buffer[64])

204 {

205 unsigned int i, a, b, c, d, e, f, g, h;

206 uint32_t block[64];

207 uint32_t T1;

208

209 a = state[0];

210 b = state[1];

211 c = state[2];

212 d = state[3];

213 e = state[4];

214 f = state[5];

215 g = state[6];

216 h = state[7];

217 #if CONFIG_SMALL

218 for (i = 0; i < 64; i++) {

219 uint32_t T2;

220 if (i < 16)

221 T1 = blk0(i);

222 else

223 T1 = blk(i);

224 T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i];

225 T2 = Sigma0_256(a) + Maj(a, b, c);

226 h = g;

227 g = f;

228 f = e;

229 e = d + T1;

230 d = c;

231 c = b;

232 b = a;

233 a = T1 + T2;

234 }

235 #else

236

237 i = 0;

238 #define R256_0 \

239 ROUND256_0_TO_15(a, b, c, d, e, f, g, h); \

240 ROUND256_0_TO_15(h, a, b, c, d, e, f, g); \

241 ROUND256_0_TO_15(g, h, a, b, c, d, e, f); \

242 ROUND256_0_TO_15(f, g, h, a, b, c, d, e); \

243 ROUND256_0_TO_15(e, f, g, h, a, b, c, d); \

244 ROUND256_0_TO_15(d, e, f, g, h, a, b, c); \

245 ROUND256_0_TO_15(c, d, e, f, g, h, a, b); \

246 ROUND256_0_TO_15(b, c, d, e, f, g, h, a)

247

248 R256_0; R256_0;

249

250 #define R256_16 \

251 ROUND256_16_TO_63(a, b, c, d, e, f, g, h); \

252 ROUND256_16_TO_63(h, a, b, c, d, e, f, g); \

253 ROUND256_16_TO_63(g, h, a, b, c, d, e, f); \

254 ROUND256_16_TO_63(f, g, h, a, b, c, d, e); \

255 ROUND256_16_TO_63(e, f, g, h, a, b, c, d); \

256 ROUND256_16_TO_63(d, e, f, g, h, a, b, c); \

257 ROUND256_16_TO_63(c, d, e, f, g, h, a, b); \

258 ROUND256_16_TO_63(b, c, d, e, f, g, h, a)

259

260 R256_16; R256_16; R256_16;

261 R256_16; R256_16; R256_16;

262 #endif

263 state[0] += a;

264 state[1] += b;

265 state[2] += c;

266 state[3] += d;

267 state[4] += e;

268 state[5] += f;

269 state[6] += g;

270 state[7] += h;

271 }

272

273

274 av_cold int av_sha_init(AVSHA *ctx, int bits)

275 {

276 ctx->digest_len = bits >> 5;

277 switch (bits) {

278 case 160: // SHA-1

279 ctx->state[0] = 0x67452301;

280 ctx->state[1] = 0xEFCDAB89;

281 ctx->state[2] = 0x98BADCFE;

282 ctx->state[3] = 0x10325476;

283 ctx->state[4] = 0xC3D2E1F0;

284 ctx->transform = sha1_transform;

285 break;

286 case 224: // SHA-224

287 ctx->state[0] = 0xC1059ED8;

288 ctx->state[1] = 0x367CD507;

289 ctx->state[2] = 0x3070DD17;

290 ctx->state[3] = 0xF70E5939;

291 ctx->state[4] = 0xFFC00B31;

292 ctx->state[5] = 0x68581511;

293 ctx->state[6] = 0x64F98FA7;

294 ctx->state[7] = 0xBEFA4FA4;

295 ctx->transform = sha256_transform;

296 break;

297 case 256: // SHA-256

298 ctx->state[0] = 0x6A09E667;

299 ctx->state[1] = 0xBB67AE85;

300 ctx->state[2] = 0x3C6EF372;

301 ctx->state[3] = 0xA54FF53A;

302 ctx->state[4] = 0x510E527F;

303 ctx->state[5] = 0x9B05688C;

304 ctx->state[6] = 0x1F83D9AB;

305 ctx->state[7] = 0x5BE0CD19;

306 ctx->transform = sha256_transform;

307 break;

308 default:

309 return AVERROR(EINVAL);

310 }

311 ctx->count = 0;

312 return 0;

313 }

314

315 void av_sha_update(struct AVSHA *ctx, const uint8_t *data, size_t len)

316 {

317 unsigned int j;

318 size_t i;

319

320 j = ctx->count & 63;

321 ctx->count += len;

322 #if CONFIG_SMALL

323 for (i = 0; i < len; i++) {

324 ctx->buffer[j++] = data[i];

325 if (64 == j) {

326 ctx->transform(ctx->state, ctx->buffer);

327 j = 0;

328 }

329 }

330 #else

331 if (len >= 64 - j) {

332 const uint8_t *end;

333 memcpy(&ctx->buffer[j], data, (i = 64 - j));

334 ctx->transform(ctx->state, ctx->buffer);

335 data += i;

336 len -= i;

337 end = data + (len & ~63);

338 len = len % 64;

339 for (; data < end; data += 64)

340 ctx->transform(ctx->state, data);

341 j = 0;

342 }

343 memcpy(&ctx->buffer[j], data, len);

344 #endif

345 }

346

347 void av_sha_final(AVSHA* ctx, uint8_t *digest)

348 {

349 int i;

350 uint64_t finalcount = av_be2ne64(ctx->count << 3);

351

352 av_sha_update(ctx, "200円", 1);

353 while ((ctx->count & 63) != 56)

354 av_sha_update(ctx, "", 1);

355 av_sha_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */

356 for (i = 0; i < ctx->digest_len; i++)

357 AV_WB32(digest + i*4, ctx->state[i]);

358 }

AVSHA::transform

void(* transform)(uint32_t *state, const uint8_t buffer[64])

function used to update hash for 512-bit input block

Definition: sha.c:41

AVERROR

Filter the word "frame" indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions

#define R0(v, w, x, y, z, i)

Definition: sha.c:57

av_be2ne64

#define av_be2ne64(x)

Definition: bswap.h:94

av_sha_init

av_cold int av_sha_init(AVSHA *ctx, int bits)

Initialize SHA-1 or SHA-2 hashing.

Definition: sha.c:274

K256

static const uint32_t K256[64]

Definition: sha.c:157

#define b

Definition: input.c:34

data

const char data[16]

Definition: mxf.c:143

AVSHA::state

uint32_t state[8]

current hash value

Definition: sha.c:39

av_cold

#define av_cold

Definition: attributes.h:90

R1_20

#define R1_20

AVSHA::buffer

uint8_t buffer[64]

512-bit buffer of input values used in hash updating

Definition: sha.c:38

intreadwrite.h

const char * g

Definition: vf_curves.c:117

R256_0

#define R256_0

sha256_transform

static void sha256_transform(uint32_t *state, const uint8_t buffer[64])

Definition: sha.c:203

bits

uint8_t bits

Definition: vp3data.h:141

ctx

AVFormatContext * ctx

Definition: movenc.c:48

blk

#define blk(i)

Definition: sha.c:186

av_sha_final

void av_sha_final(AVSHA *ctx, uint8_t *digest)

Finish hashing and output digest value.

Definition: sha.c:347

Maj

#define Maj(z, y, x)

Definition: sha.c:178

av_sha_size

const int av_sha_size

Definition: sha.c:44

sha.h

R1_60

#define R1_60

AVSHA::digest_len

uint8_t digest_len

digest length in 32-bit words

Definition: sha.c:36

Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c

Definition: undefined.txt:32

error.h

AV_WB32

#define AV_WB32(p, v)

Definition: intreadwrite.h:419

#define R1(v, w, x, y, z, i)

Definition: sha.c:58

Definition: af_crystalizer.c:122

av_sha_update

void av_sha_update(struct AVSHA *ctx, const uint8_t *data, size_t len)

Update hash value.

Definition: sha.c:315

state

static struct @327 state

rol

#define rol(value, bits)

Definition: sha.c:51

AV_RB32

uint64_t_TMPL AV_WL64 unsigned int_TMPL AV_WL32 unsigned int_TMPL AV_WL24 unsigned int_TMPL AV_WL16 uint64_t_TMPL AV_WB64 unsigned int_TMPL AV_RB32

Definition: bytestream.h:96

The reader does not expect b to be semantically here and if the code is changed by maybe adding a a division or other the signedness will almost certainly be mistaken To avoid this confusion a new type was SUINT is the C unsigned type but it holds a signed int to use the same example SUINT a

Definition: undefined.txt:41

attributes.h

#define Ch(x, y, z)

Definition: sha.c:177

AVSHA::count

uint64_t count

number of bytes in buffer

Definition: sha.c:37

av_sha_alloc

struct AVSHA * av_sha_alloc(void)

Allocate an AVSHA context.

Definition: sha.c:46

R1_40

#define R1_40

#define i(width, name, range_min, range_max)

Definition: cbs_h2645.c:269

av_mallocz

void * av_mallocz(size_t size)

Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...

Definition: mem.c:264

len

int len

Definition: vorbis_enc_data.h:426

AVSHA

hash context

Definition: sha.c:35

bswap.h

buffer

the frame and frame reference mechanism is intended to as much as expensive copies of that data while still allowing the filters to produce correct results The data is stored in buffers represented by AVFrame structures Several references can point to the same frame buffer

Definition: filter_design.txt:49

sha1_transform

static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])

Definition: sha.c:65

R256_16

#define R256_16

mem.h

Definition: ffmpeg_filter.c:153

blk0

#define blk0(i)

Definition: sha.c:54

block