00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024 #include <string.h>
00025 #include "avutil.h"
00026 #include "bswap.h"
00027 #include "sha.h"
00028 #include "intreadwrite.h"
00029 #include "mem.h"
00030
00032 typedef struct AVSHA {
00033 uint8_t digest_len;
00034 uint64_t count;
00035 uint8_t buffer[64];
00036 uint32_t state[8];
00037
00038 void (*transform)(uint32_t *state, const uint8_t buffer[64]);
00039 } AVSHA;
00040
00041 const int av_sha_size = sizeof(AVSHA);
00042
00043 struct AVSHA *av_sha_alloc(void)
00044 {
00045 return av_mallocz(sizeof(struct AVSHA));
00046 }
00047
00048 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
00049
00050
00051 #define blk0(i) (block[i] = AV_RB32(buffer + 4 * (i)))
00052 #define blk(i) (block[i] = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1))
00053
00054 #define R0(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
00055 #define R1(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
00056 #define R2(v,w,x,y,z,i) z += ( w^x ^y) + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30);
00057 #define R3(v,w,x,y,z,i) z += (((w|x)&y)|(w&x)) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30);
00058 #define R4(v,w,x,y,z,i) z += ( w^x ^y) + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30);
00059
00060
00061
00062 static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])
00063 {
00064 uint32_t block[80];
00065 unsigned int i, a, b, c, d, e;
00066
00067 a = state[0];
00068 b = state[1];
00069 c = state[2];
00070 d = state[3];
00071 e = state[4];
00072 #if CONFIG_SMALL
00073 for (i = 0; i < 80; i++) {
00074 int t;
00075 if (i < 16)
00076 t = AV_RB32(buffer + 4 * i);
00077 else
00078 t = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1);
00079 block[i] = t;
00080 t += e + rol(a, 5);
00081 if (i < 40) {
00082 if (i < 20)
00083 t += ((b&(c^d))^d) + 0x5A827999;
00084 else
00085 t += ( b^c ^d) + 0x6ED9EBA1;
00086 } else {
00087 if (i < 60)
00088 t += (((b|c)&d)|(b&c)) + 0x8F1BBCDC;
00089 else
00090 t += ( b^c ^d) + 0xCA62C1D6;
00091 }
00092 e = d;
00093 d = c;
00094 c = rol(b, 30);
00095 b = a;
00096 a = t;
00097 }
00098 #else
00099 for (i = 0; i < 15; i += 5) {
00100 R0(a, b, c, d, e, 0 + i);
00101 R0(e, a, b, c, d, 1 + i);
00102 R0(d, e, a, b, c, 2 + i);
00103 R0(c, d, e, a, b, 3 + i);
00104 R0(b, c, d, e, a, 4 + i);
00105 }
00106 R0(a, b, c, d, e, 15);
00107 R1(e, a, b, c, d, 16);
00108 R1(d, e, a, b, c, 17);
00109 R1(c, d, e, a, b, 18);
00110 R1(b, c, d, e, a, 19);
00111 for (i = 20; i < 40; i += 5) {
00112 R2(a, b, c, d, e, 0 + i);
00113 R2(e, a, b, c, d, 1 + i);
00114 R2(d, e, a, b, c, 2 + i);
00115 R2(c, d, e, a, b, 3 + i);
00116 R2(b, c, d, e, a, 4 + i);
00117 }
00118 for (; i < 60; i += 5) {
00119 R3(a, b, c, d, e, 0 + i);
00120 R3(e, a, b, c, d, 1 + i);
00121 R3(d, e, a, b, c, 2 + i);
00122 R3(c, d, e, a, b, 3 + i);
00123 R3(b, c, d, e, a, 4 + i);
00124 }
00125 for (; i < 80; i += 5) {
00126 R4(a, b, c, d, e, 0 + i);
00127 R4(e, a, b, c, d, 1 + i);
00128 R4(d, e, a, b, c, 2 + i);
00129 R4(c, d, e, a, b, 3 + i);
00130 R4(b, c, d, e, a, 4 + i);
00131 }
00132 #endif
00133 state[0] += a;
00134 state[1] += b;
00135 state[2] += c;
00136 state[3] += d;
00137 state[4] += e;
00138 }
00139
00140 static const uint32_t K256[64] = {
00141 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
00142 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
00143 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
00144 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
00145 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
00146 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
00147 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
00148 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
00149 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
00150 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
00151 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
00152 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
00153 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
00154 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
00155 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
00156 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
00157 };
00158
00159
00160 #define Ch(x,y,z) (((x) & ((y) ^ (z))) ^ (z))
00161 #define Maj(x,y,z) ((((x) | (y)) & (z)) | ((x) & (y)))
00162
00163 #define Sigma0_256(x) (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10))
00164 #define Sigma1_256(x) (rol((x), 26) ^ rol((x), 21) ^ rol((x), 7))
00165 #define sigma0_256(x) (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3))
00166 #define sigma1_256(x) (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10))
00167
00168 #undef blk
00169 #define blk(i) (block[i] = block[i - 16] + sigma0_256(block[i - 15]) + \
00170 sigma1_256(block[i - 2]) + block[i - 7])
00171
00172 #define ROUND256(a,b,c,d,e,f,g,h) \
00173 T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \
00174 (d) += T1; \
00175 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
00176 i++
00177
00178 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
00179 T1 = blk0(i); \
00180 ROUND256(a,b,c,d,e,f,g,h)
00181
00182 #define ROUND256_16_TO_63(a,b,c,d,e,f,g,h) \
00183 T1 = blk(i); \
00184 ROUND256(a,b,c,d,e,f,g,h)
00185
00186 static void sha256_transform(uint32_t *state, const uint8_t buffer[64])
00187 {
00188 unsigned int i, a, b, c, d, e, f, g, h;
00189 uint32_t block[64];
00190 uint32_t T1;
00191
00192 a = state[0];
00193 b = state[1];
00194 c = state[2];
00195 d = state[3];
00196 e = state[4];
00197 f = state[5];
00198 g = state[6];
00199 h = state[7];
00200 #if CONFIG_SMALL
00201 for (i = 0; i < 64; i++) {
00202 uint32_t T2;
00203 if (i < 16)
00204 T1 = blk0(i);
00205 else
00206 T1 = blk(i);
00207 T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i];
00208 T2 = Sigma0_256(a) + Maj(a, b, c);
00209 h = g;
00210 g = f;
00211 f = e;
00212 e = d + T1;
00213 d = c;
00214 c = b;
00215 b = a;
00216 a = T1 + T2;
00217 }
00218 #else
00219 for (i = 0; i < 16 - 7;) {
00220 ROUND256_0_TO_15(a, b, c, d, e, f, g, h);
00221 ROUND256_0_TO_15(h, a, b, c, d, e, f, g);
00222 ROUND256_0_TO_15(g, h, a, b, c, d, e, f);
00223 ROUND256_0_TO_15(f, g, h, a, b, c, d, e);
00224 ROUND256_0_TO_15(e, f, g, h, a, b, c, d);
00225 ROUND256_0_TO_15(d, e, f, g, h, a, b, c);
00226 ROUND256_0_TO_15(c, d, e, f, g, h, a, b);
00227 ROUND256_0_TO_15(b, c, d, e, f, g, h, a);
00228 }
00229
00230 for (; i < 64 - 7;) {
00231 ROUND256_16_TO_63(a, b, c, d, e, f, g, h);
00232 ROUND256_16_TO_63(h, a, b, c, d, e, f, g);
00233 ROUND256_16_TO_63(g, h, a, b, c, d, e, f);
00234 ROUND256_16_TO_63(f, g, h, a, b, c, d, e);
00235 ROUND256_16_TO_63(e, f, g, h, a, b, c, d);
00236 ROUND256_16_TO_63(d, e, f, g, h, a, b, c);
00237 ROUND256_16_TO_63(c, d, e, f, g, h, a, b);
00238 ROUND256_16_TO_63(b, c, d, e, f, g, h, a);
00239 }
00240 #endif
00241 state[0] += a;
00242 state[1] += b;
00243 state[2] += c;
00244 state[3] += d;
00245 state[4] += e;
00246 state[5] += f;
00247 state[6] += g;
00248 state[7] += h;
00249 }
00250
00251
00252 int av_sha_init(AVSHA* ctx, int bits)
00253 {
00254 ctx->digest_len = bits >> 5;
00255 switch (bits) {
00256 case 160:
00257 ctx->state[0] = 0x67452301;
00258 ctx->state[1] = 0xEFCDAB89;
00259 ctx->state[2] = 0x98BADCFE;
00260 ctx->state[3] = 0x10325476;
00261 ctx->state[4] = 0xC3D2E1F0;
00262 ctx->transform = sha1_transform;
00263 break;
00264 case 224:
00265 ctx->state[0] = 0xC1059ED8;
00266 ctx->state[1] = 0x367CD507;
00267 ctx->state[2] = 0x3070DD17;
00268 ctx->state[3] = 0xF70E5939;
00269 ctx->state[4] = 0xFFC00B31;
00270 ctx->state[5] = 0x68581511;
00271 ctx->state[6] = 0x64F98FA7;
00272 ctx->state[7] = 0xBEFA4FA4;
00273 ctx->transform = sha256_transform;
00274 break;
00275 case 256:
00276 ctx->state[0] = 0x6A09E667;
00277 ctx->state[1] = 0xBB67AE85;
00278 ctx->state[2] = 0x3C6EF372;
00279 ctx->state[3] = 0xA54FF53A;
00280 ctx->state[4] = 0x510E527F;
00281 ctx->state[5] = 0x9B05688C;
00282 ctx->state[6] = 0x1F83D9AB;
00283 ctx->state[7] = 0x5BE0CD19;
00284 ctx->transform = sha256_transform;
00285 break;
00286 default:
00287 return -1;
00288 }
00289 ctx->count = 0;
00290 return 0;
00291 }
00292
00293 void av_sha_update(AVSHA* ctx, const uint8_t* data, unsigned int len)
00294 {
00295 unsigned int i, j;
00296
00297 j = ctx->count & 63;
00298 ctx->count += len;
00299 #if CONFIG_SMALL
00300 for (i = 0; i < len; i++) {
00301 ctx->buffer[j++] = data[i];
00302 if (64 == j) {
00303 ctx->transform(ctx->state, ctx->buffer);
00304 j = 0;
00305 }
00306 }
00307 #else
00308 if ((j + len) > 63) {
00309 memcpy(&ctx->buffer[j], data, (i = 64 - j));
00310 ctx->transform(ctx->state, ctx->buffer);
00311 for (; i + 63 < len; i += 64)
00312 ctx->transform(ctx->state, &data[i]);
00313 j = 0;
00314 } else
00315 i = 0;
00316 memcpy(&ctx->buffer[j], &data[i], len - i);
00317 #endif
00318 }
00319
00320 void av_sha_final(AVSHA* ctx, uint8_t *digest)
00321 {
00322 int i;
00323 uint64_t finalcount = av_be2ne64(ctx->count << 3);
00324
00325 av_sha_update(ctx, "\200", 1);
00326 while ((ctx->count & 63) != 56)
00327 av_sha_update(ctx, "", 1);
00328 av_sha_update(ctx, (uint8_t *)&finalcount, 8);
00329 for (i = 0; i < ctx->digest_len; i++)
00330 AV_WB32(digest + i*4, ctx->state[i]);
00331 }
00332
00333 #ifdef TEST
00334 #include <stdio.h>
00335
00336 int main(void)
00337 {
00338 int i, j, k;
00339 AVSHA ctx;
00340 unsigned char digest[32];
00341 const int lengths[3] = { 160, 224, 256 };
00342
00343 for (j = 0; j < 3; j++) {
00344 printf("Testing SHA-%d\n", lengths[j]);
00345 for (k = 0; k < 3; k++) {
00346 av_sha_init(&ctx, lengths[j]);
00347 if (k == 0)
00348 av_sha_update(&ctx, "abc", 3);
00349 else if (k == 1)
00350 av_sha_update(&ctx, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56);
00351 else
00352 for (i = 0; i < 1000*1000; i++)
00353 av_sha_update(&ctx, "a", 1);
00354 av_sha_final(&ctx, digest);
00355 for (i = 0; i < lengths[j] >> 3; i++)
00356 printf("%02X", digest[i]);
00357 putchar('\n');
00358 }
00359 switch (j) {
00360 case 0:
00361
00362 printf("A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D\n"
00363 "84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1\n"
00364 "34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F\n");
00365 break;
00366 case 1:
00367
00368 printf("23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7\n"
00369 "75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525\n"
00370 "20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67\n");
00371 break;
00372 case 2:
00373
00374 printf("ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad\n"
00375 "248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1\n"
00376 "cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0\n");
00377 break;
00378 }
00379 }
00380
00381 return 0;
00382 }
00383 #endif