FFmpeg
sha512.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2007 Michael Niedermayer <michaelni@gmx.at>
3  * Copyright (C) 2009 Konstantin Shishkov
4  * Copyright (C) 2013 James Almer
5  * based on BSD-licensed SHA-2 code by Aaron D. Gifford
6  *
7  * This file is part of FFmpeg.
8  *
9  * FFmpeg is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU Lesser General Public
11  * License as published by the Free Software Foundation; either
12  * version 2.1 of the License, or (at your option) any later version.
13  *
14  * FFmpeg is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17  * Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public
20  * License along with FFmpeg; if not, write to the Free Software
21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22  */
23 
24 #include <string.h>
25 
26 #include "config.h"
27 #include "attributes.h"
28 #include "bswap.h"
29 #include "error.h"
30 #include "sha512.h"
31 #include "intreadwrite.h"
32 #include "mem.h"
33 
34 /** hash context */
35 typedef struct AVSHA512 {
36  uint8_t digest_len; ///< digest length in 64-bit words
37  uint64_t count; ///< number of bytes in buffer
38  uint8_t buffer[128]; ///< 1024-bit buffer of input values used in hash updating
39  uint64_t state[8]; ///< current hash value
40 } AVSHA512;
41 
42 const int av_sha512_size = sizeof(AVSHA512);
43 
45 {
46  return av_mallocz(sizeof(struct AVSHA512));
47 }
48 
49 static const uint64_t K512[80] = {
50  UINT64_C(0x428a2f98d728ae22), UINT64_C(0x7137449123ef65cd),
51  UINT64_C(0xb5c0fbcfec4d3b2f), UINT64_C(0xe9b5dba58189dbbc),
52  UINT64_C(0x3956c25bf348b538), UINT64_C(0x59f111f1b605d019),
53  UINT64_C(0x923f82a4af194f9b), UINT64_C(0xab1c5ed5da6d8118),
54  UINT64_C(0xd807aa98a3030242), UINT64_C(0x12835b0145706fbe),
55  UINT64_C(0x243185be4ee4b28c), UINT64_C(0x550c7dc3d5ffb4e2),
56  UINT64_C(0x72be5d74f27b896f), UINT64_C(0x80deb1fe3b1696b1),
57  UINT64_C(0x9bdc06a725c71235), UINT64_C(0xc19bf174cf692694),
58  UINT64_C(0xe49b69c19ef14ad2), UINT64_C(0xefbe4786384f25e3),
59  UINT64_C(0x0fc19dc68b8cd5b5), UINT64_C(0x240ca1cc77ac9c65),
60  UINT64_C(0x2de92c6f592b0275), UINT64_C(0x4a7484aa6ea6e483),
61  UINT64_C(0x5cb0a9dcbd41fbd4), UINT64_C(0x76f988da831153b5),
62  UINT64_C(0x983e5152ee66dfab), UINT64_C(0xa831c66d2db43210),
63  UINT64_C(0xb00327c898fb213f), UINT64_C(0xbf597fc7beef0ee4),
64  UINT64_C(0xc6e00bf33da88fc2), UINT64_C(0xd5a79147930aa725),
65  UINT64_C(0x06ca6351e003826f), UINT64_C(0x142929670a0e6e70),
66  UINT64_C(0x27b70a8546d22ffc), UINT64_C(0x2e1b21385c26c926),
67  UINT64_C(0x4d2c6dfc5ac42aed), UINT64_C(0x53380d139d95b3df),
68  UINT64_C(0x650a73548baf63de), UINT64_C(0x766a0abb3c77b2a8),
69  UINT64_C(0x81c2c92e47edaee6), UINT64_C(0x92722c851482353b),
70  UINT64_C(0xa2bfe8a14cf10364), UINT64_C(0xa81a664bbc423001),
71  UINT64_C(0xc24b8b70d0f89791), UINT64_C(0xc76c51a30654be30),
72  UINT64_C(0xd192e819d6ef5218), UINT64_C(0xd69906245565a910),
73  UINT64_C(0xf40e35855771202a), UINT64_C(0x106aa07032bbd1b8),
74  UINT64_C(0x19a4c116b8d2d0c8), UINT64_C(0x1e376c085141ab53),
75  UINT64_C(0x2748774cdf8eeb99), UINT64_C(0x34b0bcb5e19b48a8),
76  UINT64_C(0x391c0cb3c5c95a63), UINT64_C(0x4ed8aa4ae3418acb),
77  UINT64_C(0x5b9cca4f7763e373), UINT64_C(0x682e6ff3d6b2b8a3),
78  UINT64_C(0x748f82ee5defb2fc), UINT64_C(0x78a5636f43172f60),
79  UINT64_C(0x84c87814a1f0ab72), UINT64_C(0x8cc702081a6439ec),
80  UINT64_C(0x90befffa23631e28), UINT64_C(0xa4506cebde82bde9),
81  UINT64_C(0xbef9a3f7b2c67915), UINT64_C(0xc67178f2e372532b),
82  UINT64_C(0xca273eceea26619c), UINT64_C(0xd186b8c721c0c207),
83  UINT64_C(0xeada7dd6cde0eb1e), UINT64_C(0xf57d4f7fee6ed178),
84  UINT64_C(0x06f067aa72176fba), UINT64_C(0x0a637dc5a2c898a6),
85  UINT64_C(0x113f9804bef90dae), UINT64_C(0x1b710b35131c471b),
86  UINT64_C(0x28db77f523047d84), UINT64_C(0x32caab7b40c72493),
87  UINT64_C(0x3c9ebe0a15c9bebc), UINT64_C(0x431d67c49c100d4c),
88  UINT64_C(0x4cc5d4becb3e42b6), UINT64_C(0x597f299cfc657e2a),
89  UINT64_C(0x5fcb6fab3ad6faec), UINT64_C(0x6c44198c4a475817),
90 };
91 
92 #define ror(value, bits) (((value) >> (bits)) | ((value) << (64 - (bits))))
93 
94 #define Ch(x,y,z) (((x) & ((y) ^ (z))) ^ (z))
95 #define Maj(z,y,x) ((((x) | (y)) & (z)) | ((x) & (y)))
96 
97 #define Sigma0_512(x) (ror((x), 28) ^ ror((x), 34) ^ ror((x), 39))
98 #define Sigma1_512(x) (ror((x), 14) ^ ror((x), 18) ^ ror((x), 41))
99 #define sigma0_512(x) (ror((x), 1) ^ ror((x), 8) ^ ((x) >> 7))
100 #define sigma1_512(x) (ror((x), 19) ^ ror((x), 61) ^ ((x) >> 6))
101 
102 #define blk0(i) (block[i] = AV_RB64(buffer + 8 * (i)))
103 #define blk(i) (block[i] = block[i - 16] + sigma0_512(block[i - 15]) + \
104  sigma1_512(block[i - 2]) + block[i - 7])
105 
106 #define ROUND512(a,b,c,d,e,f,g,h) \
107  T1 += (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[i]; \
108  (d) += T1; \
109  (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
110  i++
111 
112 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
113  T1 = blk0(i); \
114  ROUND512(a,b,c,d,e,f,g,h)
115 
116 #define ROUND512_16_TO_80(a,b,c,d,e,f,g,h) \
117  T1 = blk(i); \
118  ROUND512(a,b,c,d,e,f,g,h)
119 
120 static void sha512_transform(uint64_t *state, const uint8_t buffer[128])
121 {
122  uint64_t a, b, c, d, e, f, g, h;
123  uint64_t block[80];
124  uint64_t T1;
125  int i;
126 
127  a = state[0];
128  b = state[1];
129  c = state[2];
130  d = state[3];
131  e = state[4];
132  f = state[5];
133  g = state[6];
134  h = state[7];
135 #if CONFIG_SMALL
136  for (i = 0; i < 80; i++) {
137  uint64_t T2;
138  if (i < 16)
139  T1 = blk0(i);
140  else
141  T1 = blk(i);
142  T1 += h + Sigma1_512(e) + Ch(e, f, g) + K512[i];
143  T2 = Sigma0_512(a) + Maj(a, b, c);
144  h = g;
145  g = f;
146  f = e;
147  e = d + T1;
148  d = c;
149  c = b;
150  b = a;
151  a = T1 + T2;
152  }
153 #else
154 
155 #define R512_0 \
156  ROUND512_0_TO_15(a, b, c, d, e, f, g, h); \
157  ROUND512_0_TO_15(h, a, b, c, d, e, f, g); \
158  ROUND512_0_TO_15(g, h, a, b, c, d, e, f); \
159  ROUND512_0_TO_15(f, g, h, a, b, c, d, e); \
160  ROUND512_0_TO_15(e, f, g, h, a, b, c, d); \
161  ROUND512_0_TO_15(d, e, f, g, h, a, b, c); \
162  ROUND512_0_TO_15(c, d, e, f, g, h, a, b); \
163  ROUND512_0_TO_15(b, c, d, e, f, g, h, a)
164 
165  i = 0;
166  R512_0; R512_0;
167 
168 #define R512_16 \
169  ROUND512_16_TO_80(a, b, c, d, e, f, g, h); \
170  ROUND512_16_TO_80(h, a, b, c, d, e, f, g); \
171  ROUND512_16_TO_80(g, h, a, b, c, d, e, f); \
172  ROUND512_16_TO_80(f, g, h, a, b, c, d, e); \
173  ROUND512_16_TO_80(e, f, g, h, a, b, c, d); \
174  ROUND512_16_TO_80(d, e, f, g, h, a, b, c); \
175  ROUND512_16_TO_80(c, d, e, f, g, h, a, b); \
176  ROUND512_16_TO_80(b, c, d, e, f, g, h, a)
177 
180 #endif
181  state[0] += a;
182  state[1] += b;
183  state[2] += c;
184  state[3] += d;
185  state[4] += e;
186  state[5] += f;
187  state[6] += g;
188  state[7] += h;
189 }
190 
191 
193 {
194  ctx->digest_len = bits >> 6;
195  switch (bits) {
196  case 224: // SHA-512/224
197  ctx->state[0] = UINT64_C(0x8C3D37C819544DA2);
198  ctx->state[1] = UINT64_C(0x73E1996689DCD4D6);
199  ctx->state[2] = UINT64_C(0x1DFAB7AE32FF9C82);
200  ctx->state[3] = UINT64_C(0x679DD514582F9FCF);
201  ctx->state[4] = UINT64_C(0x0F6D2B697BD44DA8);
202  ctx->state[5] = UINT64_C(0x77E36F7304C48942);
203  ctx->state[6] = UINT64_C(0x3F9D85A86A1D36C8);
204  ctx->state[7] = UINT64_C(0x1112E6AD91D692A1);
205  break;
206  case 256: // SHA-512/256
207  ctx->state[0] = UINT64_C(0x22312194FC2BF72C);
208  ctx->state[1] = UINT64_C(0x9F555FA3C84C64C2);
209  ctx->state[2] = UINT64_C(0x2393B86B6F53B151);
210  ctx->state[3] = UINT64_C(0x963877195940EABD);
211  ctx->state[4] = UINT64_C(0x96283EE2A88EFFE3);
212  ctx->state[5] = UINT64_C(0xBE5E1E2553863992);
213  ctx->state[6] = UINT64_C(0x2B0199FC2C85B8AA);
214  ctx->state[7] = UINT64_C(0x0EB72DDC81C52CA2);
215  break;
216  case 384: // SHA-384
217  ctx->state[0] = UINT64_C(0xCBBB9D5DC1059ED8);
218  ctx->state[1] = UINT64_C(0x629A292A367CD507);
219  ctx->state[2] = UINT64_C(0x9159015A3070DD17);
220  ctx->state[3] = UINT64_C(0x152FECD8F70E5939);
221  ctx->state[4] = UINT64_C(0x67332667FFC00B31);
222  ctx->state[5] = UINT64_C(0x8EB44A8768581511);
223  ctx->state[6] = UINT64_C(0xDB0C2E0D64F98FA7);
224  ctx->state[7] = UINT64_C(0x47B5481DBEFA4FA4);
225  break;
226  case 512: // SHA-512
227  ctx->state[0] = UINT64_C(0x6A09E667F3BCC908);
228  ctx->state[1] = UINT64_C(0xBB67AE8584CAA73B);
229  ctx->state[2] = UINT64_C(0x3C6EF372FE94F82B);
230  ctx->state[3] = UINT64_C(0xA54FF53A5F1D36F1);
231  ctx->state[4] = UINT64_C(0x510E527FADE682D1);
232  ctx->state[5] = UINT64_C(0x9B05688C2B3E6C1F);
233  ctx->state[6] = UINT64_C(0x1F83D9ABFB41BD6B);
234  ctx->state[7] = UINT64_C(0x5BE0CD19137E2179);
235  break;
236  default:
237  return AVERROR(EINVAL);
238  }
239  ctx->count = 0;
240  return 0;
241 }
242 
243 void av_sha512_update(AVSHA512* ctx, const uint8_t* data, size_t len)
244 {
245  unsigned int j;
246  size_t i;
247 
248  j = ctx->count & 127;
249  ctx->count += len;
250 #if CONFIG_SMALL
251  for (i = 0; i < len; i++) {
252  ctx->buffer[j++] = data[i];
253  if (128 == j) {
254  sha512_transform(ctx->state, ctx->buffer);
255  j = 0;
256  }
257  }
258 #else
259  if (len >= 128 - j) {
260  const uint8_t *end;
261  memcpy(&ctx->buffer[j], data, (i = 128 - j));
262  sha512_transform(ctx->state, ctx->buffer);
263  data += i;
264  len -= i;
265  end = data + (len & ~127);
266  len = len % 128;
267  for (; data < end; data += 128)
268  sha512_transform(ctx->state, data);
269  j = 0;
270  }
271  memcpy(&ctx->buffer[j], data, len);
272 #endif
273 }
274 
275 void av_sha512_final(AVSHA512* ctx, uint8_t *digest)
276 {
277  uint64_t i = 0;
278  uint64_t finalcount = av_be2ne64(ctx->count << 3);
279 
280  av_sha512_update(ctx, "\200", 1);
281  while ((ctx->count & 127) != 112)
282  av_sha512_update(ctx, "", 1);
283  av_sha512_update(ctx, (uint8_t *)&i, 8);
284  av_sha512_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */
285  for (i = 0; i < ctx->digest_len; i++)
286  AV_WB64(digest + i*8, ctx->state[i]);
287  if (ctx->digest_len & 1) /* SHA512/224 is 28 bytes, and is not divisible by 8. */
288  AV_WB32(digest + i*8, ctx->state[i] >> 32);
289 }
AVERROR
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions
av_sha512_final
void av_sha512_final(AVSHA512 *ctx, uint8_t *digest)
Finish hashing and output digest value.
Definition: sha512.c:275
AVSHA512
hash context
Definition: sha512.c:35
av_be2ne64
#define av_be2ne64(x)
Definition: bswap.h:96
b
#define b
Definition: input.c:41
data
const char data[16]
Definition: mxf.c:146
av_sha512_alloc
struct AVSHA512 * av_sha512_alloc(void)
Allocate an AVSHA512 context.
Definition: sha512.c:44
AVSHA512::count
uint64_t count
number of bytes in buffer
Definition: sha512.c:37
sha512.h
R512_16
#define R512_16
AV_WB64
#define AV_WB64(p, v)
Definition: intreadwrite.h:433
state
static struct @343 state
av_cold
#define av_cold
Definition: attributes.h:90
intreadwrite.h
Maj
#define Maj(z, y, x)
Definition: sha512.c:95
K512
static const uint64_t K512[80]
Definition: sha512.c:49
g
const char * g
Definition: vf_curves.c:127
bits
uint8_t bits
Definition: vp3data.h:128
ctx
AVFormatContext * ctx
Definition: movenc.c:48
R512_0
#define R512_0
AVSHA512::state
uint64_t state[8]
current hash value
Definition: sha512.c:39
c
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
Definition: undefined.txt:32
error.h
AV_WB32
#define AV_WB32(p, v)
Definition: intreadwrite.h:419
Sigma1_512
#define Sigma1_512(x)
Definition: sha512.c:98
f
f
Definition: af_crystalizer.c:122
av_sha512_size
const int av_sha512_size
Definition: sha512.c:42
a
The reader does not expect b to be semantically here and if the code is changed by maybe adding a a division or other the signedness will almost certainly be mistaken To avoid this confusion a new type was SUINT is the C unsigned type but it holds a signed int to use the same example SUINT a
Definition: undefined.txt:41
attributes.h
Ch
#define Ch(x, y, z)
Definition: sha512.c:94
Sigma0_512
#define Sigma0_512(x)
Definition: sha512.c:97
i
#define i(width, name, range_min, range_max)
Definition: cbs_h2645.c:269
av_sha512_init
av_cold int av_sha512_init(AVSHA512 *ctx, int bits)
Initialize SHA-2 512 hashing.
Definition: sha512.c:192
av_mallocz
void * av_mallocz(size_t size)
Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...
Definition: mem.c:264
len
int len
Definition: vorbis_enc_data.h:426
bswap.h
AVSHA512::digest_len
uint8_t digest_len
digest length in 64-bit words
Definition: sha512.c:36
sha512_transform
static void sha512_transform(uint64_t *state, const uint8_t buffer[128])
Definition: sha512.c:120
buffer
the frame and frame reference mechanism is intended to as much as expensive copies of that data while still allowing the filters to produce correct results The data is stored in buffers represented by AVFrame structures Several references can point to the same frame buffer
Definition: filter_design.txt:49
AVSHA512::buffer
uint8_t buffer[128]
1024-bit buffer of input values used in hash updating
Definition: sha512.c:38
blk
#define blk(i)
Definition: sha512.c:103
mem.h
blk0
#define blk0(i)
Definition: sha512.c:102
d
d
Definition: ffmpeg_filter.c:156
block
The exact code depends on how similar the blocks are and how related they are to the block
Definition: filter_design.txt:207
h
h
Definition: vp9dsp_template.c:2038
av_sha512_update
void av_sha512_update(AVSHA512 *ctx, const uint8_t *data, size_t len)
Update hash value.
Definition: sha512.c:243