hevc: Add names for reserved NAL unit types
[libav.git] / libavutil / sha.c
CommitLineData
3d44f15c
DB
1/*
2 * Copyright (C) 2007 Michael Niedermayer <michaelni@gmx.at>
aa5a99ae 3 * Copyright (C) 2009 Konstantin Shishkov
3d44f15c 4 * based on public domain SHA-1 code by Steve Reid <steve@edmweb.com>
aa5a99ae 5 * and on BSD-licensed SHA-2 code by Aaron D. Gifford
3d44f15c 6 *
2912e87a 7 * This file is part of Libav.
3d44f15c 8 *
2912e87a 9 * Libav is free software; you can redistribute it and/or
3d44f15c
DB
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
2912e87a 14 * Libav is distributed in the hope that it will be useful,
3d44f15c
DB
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
2912e87a 20 * License along with Libav; if not, write to the Free Software
3d44f15c
DB
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
7c60e55b 23
2ed6f399 24#include <string.h>
1fda184a
DB
25
26#include "attributes.h"
32f40ace 27#include "avutil.h"
69ae9478 28#include "bswap.h"
451ae257 29#include "sha.h"
045b60bf 30#include "intreadwrite.h"
9a92aea2 31#include "mem.h"
7c60e55b 32
4364fc9a 33/** hash context */
451ae257 34typedef struct AVSHA {
01cc6288 35 uint8_t digest_len; ///< digest length in 32-bit words
4364fc9a 36 uint64_t count; ///< number of bytes in buffer
3a7c6507 37 uint8_t buffer[64]; ///< 512-bit buffer of input values used in hash updating
01cc6288 38 uint32_t state[8]; ///< current hash value
2c6361e0
KS
39 /** function used to update hash for 512-bit input block */
40 void (*transform)(uint32_t *state, const uint8_t buffer[64]);
451ae257 41} AVSHA;
7c60e55b 42
9a92aea2
MS
43struct AVSHA *av_sha_alloc(void)
44{
45 return av_mallocz(sizeof(struct AVSHA));
46}
537c8e7a 47
7c60e55b
MN
48#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
49
7c60e55b 50/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
3e2aa268 51#define blk0(i) (block[i] = AV_RB32(buffer + 4 * (i)))
0ef37cd5 52#define blk(i) (block[i] = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1))
d6cf7804 53
0ef37cd5
DB
54#define R0(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk0(i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
55#define R1(v,w,x,y,z,i) z += ((w&(x^y))^y) + blk (i) + 0x5A827999 + rol(v, 5); w = rol(w, 30);
56#define R2(v,w,x,y,z,i) z += ( w^x ^y) + blk (i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30);
57#define R3(v,w,x,y,z,i) z += (((w|x)&y)|(w&x)) + blk (i) + 0x8F1BBCDC + rol(v, 5); w = rol(w, 30);
58#define R4(v,w,x,y,z,i) z += ( w^x ^y) + blk (i) + 0xCA62C1D6 + rol(v, 5); w = rol(w, 30);
7c60e55b
MN
59
60/* Hash a single 512-bit block. This is the core of the algorithm. */
61
0d73abb8 62static void sha1_transform(uint32_t state[5], const uint8_t buffer[64])
0ef37cd5 63{
aa59433a 64 uint32_t block[80];
5fd7f87b 65 unsigned int i, a, b, c, d, e;
3479b72b 66
7c60e55b
MN
67 a = state[0];
68 b = state[1];
69 c = state[2];
70 d = state[3];
71 e = state[4];
b250f9c6 72#if CONFIG_SMALL
0ef37cd5 73 for (i = 0; i < 80; i++) {
476f9b74 74 int t;
0ef37cd5 75 if (i < 16)
3e2aa268 76 t = AV_RB32(buffer + 4 * i);
0ef37cd5
DB
77 else
78 t = rol(block[i-3] ^ block[i-8] ^ block[i-14] ^ block[i-16], 1);
79 block[i] = t;
80 t += e + rol(a, 5);
81 if (i < 40) {
82 if (i < 20)
83 t += ((b&(c^d))^d) + 0x5A827999;
84 else
85 t += ( b^c ^d) + 0x6ED9EBA1;
86 } else {
87 if (i < 60)
88 t += (((b|c)&d)|(b&c)) + 0x8F1BBCDC;
89 else
90 t += ( b^c ^d) + 0xCA62C1D6;
2fa3a22d 91 }
0ef37cd5
DB
92 e = d;
93 d = c;
94 c = rol(b, 30);
95 b = a;
96 a = t;
6573578d
MN
97 }
98#else
0ef37cd5
DB
99 for (i = 0; i < 15; i += 5) {
100 R0(a, b, c, d, e, 0 + i);
101 R0(e, a, b, c, d, 1 + i);
102 R0(d, e, a, b, c, 2 + i);
103 R0(c, d, e, a, b, 3 + i);
104 R0(b, c, d, e, a, 4 + i);
7c60e55b 105 }
0ef37cd5
DB
106 R0(a, b, c, d, e, 15);
107 R1(e, a, b, c, d, 16);
108 R1(d, e, a, b, c, 17);
109 R1(c, d, e, a, b, 18);
110 R1(b, c, d, e, a, 19);
111 for (i = 20; i < 40; i += 5) {
112 R2(a, b, c, d, e, 0 + i);
113 R2(e, a, b, c, d, 1 + i);
114 R2(d, e, a, b, c, 2 + i);
115 R2(c, d, e, a, b, 3 + i);
116 R2(b, c, d, e, a, 4 + i);
7c60e55b 117 }
0ef37cd5
DB
118 for (; i < 60; i += 5) {
119 R3(a, b, c, d, e, 0 + i);
120 R3(e, a, b, c, d, 1 + i);
121 R3(d, e, a, b, c, 2 + i);
122 R3(c, d, e, a, b, 3 + i);
123 R3(b, c, d, e, a, 4 + i);
7c60e55b 124 }
0ef37cd5
DB
125 for (; i < 80; i += 5) {
126 R4(a, b, c, d, e, 0 + i);
127 R4(e, a, b, c, d, 1 + i);
128 R4(d, e, a, b, c, 2 + i);
129 R4(c, d, e, a, b, 3 + i);
130 R4(b, c, d, e, a, 4 + i);
7c60e55b 131 }
6573578d 132#endif
7c60e55b
MN
133 state[0] += a;
134 state[1] += b;
135 state[2] += c;
136 state[3] += d;
137 state[4] += e;
138}
139
aa5a99ae
KS
140static const uint32_t K256[64] = {
141 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
142 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
143 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
144 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
145 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
146 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
147 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
148 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
149 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
150 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
151 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
152 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
153 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
154 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
155 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
156 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
157};
158
159
160#define Ch(x,y,z) (((x) & ((y) ^ (z))) ^ (z))
161#define Maj(x,y,z) ((((x) | (y)) & (z)) | ((x) & (y)))
162
163#define Sigma0_256(x) (rol((x), 30) ^ rol((x), 19) ^ rol((x), 10))
164#define Sigma1_256(x) (rol((x), 26) ^ rol((x), 21) ^ rol((x), 7))
165#define sigma0_256(x) (rol((x), 25) ^ rol((x), 14) ^ ((x) >> 3))
166#define sigma1_256(x) (rol((x), 15) ^ rol((x), 13) ^ ((x) >> 10))
167
168#undef blk
169#define blk(i) (block[i] = block[i - 16] + sigma0_256(block[i - 15]) + \
170 sigma1_256(block[i - 2]) + block[i - 7])
171
172#define ROUND256(a,b,c,d,e,f,g,h) \
173 T1 += (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[i]; \
174 (d) += T1; \
175 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
176 i++
177
178#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
179 T1 = blk0(i); \
180 ROUND256(a,b,c,d,e,f,g,h)
181
182#define ROUND256_16_TO_63(a,b,c,d,e,f,g,h) \
183 T1 = blk(i); \
184 ROUND256(a,b,c,d,e,f,g,h)
185
186static void sha256_transform(uint32_t *state, const uint8_t buffer[64])
187{
188 unsigned int i, a, b, c, d, e, f, g, h;
189 uint32_t block[64];
6df5c528 190 uint32_t T1;
aa5a99ae
KS
191
192 a = state[0];
193 b = state[1];
194 c = state[2];
195 d = state[3];
196 e = state[4];
197 f = state[5];
198 g = state[6];
199 h = state[7];
200#if CONFIG_SMALL
201 for (i = 0; i < 64; i++) {
6df5c528 202 uint32_t T2;
aa5a99ae
KS
203 if (i < 16)
204 T1 = blk0(i);
205 else
206 T1 = blk(i);
207 T1 += h + Sigma1_256(e) + Ch(e, f, g) + K256[i];
208 T2 = Sigma0_256(a) + Maj(a, b, c);
209 h = g;
210 g = f;
211 f = e;
212 e = d + T1;
213 d = c;
214 c = b;
215 b = a;
216 a = T1 + T2;
217 }
218#else
219 for (i = 0; i < 16;) {
220 ROUND256_0_TO_15(a, b, c, d, e, f, g, h);
221 ROUND256_0_TO_15(h, a, b, c, d, e, f, g);
222 ROUND256_0_TO_15(g, h, a, b, c, d, e, f);
223 ROUND256_0_TO_15(f, g, h, a, b, c, d, e);
224 ROUND256_0_TO_15(e, f, g, h, a, b, c, d);
225 ROUND256_0_TO_15(d, e, f, g, h, a, b, c);
226 ROUND256_0_TO_15(c, d, e, f, g, h, a, b);
227 ROUND256_0_TO_15(b, c, d, e, f, g, h, a);
228 }
229
230 for (; i < 64;) {
231 ROUND256_16_TO_63(a, b, c, d, e, f, g, h);
232 ROUND256_16_TO_63(h, a, b, c, d, e, f, g);
233 ROUND256_16_TO_63(g, h, a, b, c, d, e, f);
234 ROUND256_16_TO_63(f, g, h, a, b, c, d, e);
235 ROUND256_16_TO_63(e, f, g, h, a, b, c, d);
236 ROUND256_16_TO_63(d, e, f, g, h, a, b, c);
237 ROUND256_16_TO_63(c, d, e, f, g, h, a, b);
238 ROUND256_16_TO_63(b, c, d, e, f, g, h, a);
239 }
240#endif
241 state[0] += a;
242 state[1] += b;
243 state[2] += c;
244 state[3] += d;
245 state[4] += e;
246 state[5] += f;
247 state[6] += g;
248 state[7] += h;
249}
250
251
1fda184a 252av_cold int av_sha_init(AVSHA *ctx, int bits)
0ef37cd5 253{
aa5a99ae
KS
254 ctx->digest_len = bits >> 5;
255 switch (bits) {
256 case 160: // SHA-1
87d718ae
KS
257 ctx->state[0] = 0x67452301;
258 ctx->state[1] = 0xEFCDAB89;
259 ctx->state[2] = 0x98BADCFE;
260 ctx->state[3] = 0x10325476;
261 ctx->state[4] = 0xC3D2E1F0;
262 ctx->transform = sha1_transform;
aa5a99ae
KS
263 break;
264 case 224: // SHA-224
265 ctx->state[0] = 0xC1059ED8;
266 ctx->state[1] = 0x367CD507;
267 ctx->state[2] = 0x3070DD17;
268 ctx->state[3] = 0xF70E5939;
269 ctx->state[4] = 0xFFC00B31;
270 ctx->state[5] = 0x68581511;
271 ctx->state[6] = 0x64F98FA7;
272 ctx->state[7] = 0xBEFA4FA4;
273 ctx->transform = sha256_transform;
274 break;
275 case 256: // SHA-256
276 ctx->state[0] = 0x6A09E667;
277 ctx->state[1] = 0xBB67AE85;
278 ctx->state[2] = 0x3C6EF372;
279 ctx->state[3] = 0xA54FF53A;
280 ctx->state[4] = 0x510E527F;
281 ctx->state[5] = 0x9B05688C;
282 ctx->state[6] = 0x1F83D9AB;
283 ctx->state[7] = 0x5BE0CD19;
284 ctx->transform = sha256_transform;
285 break;
286 default:
287 return -1;
288 }
289 ctx->count = 0;
451ae257 290 return 0;
7c60e55b
MN
291}
292
e435beb1
DB
293#if FF_API_CRYPTO_SIZE_T
294void av_sha_update(struct AVSHA *ctx, const uint8_t *data, unsigned int len)
295#else
296void av_sha_update(struct AVSHA *ctx, const uint8_t *data, size_t len)
297#endif
0ef37cd5 298{
7c60e55b
MN
299 unsigned int i, j;
300
248b25f8
MN
301 j = ctx->count & 63;
302 ctx->count += len;
b250f9c6 303#if CONFIG_SMALL
0ef37cd5
DB
304 for (i = 0; i < len; i++) {
305 ctx->buffer[j++] = data[i];
306 if (64 == j) {
2c6361e0 307 ctx->transform(ctx->state, ctx->buffer);
36c7fa7e
MN
308 j = 0;
309 }
310 }
311#else
7c60e55b 312 if ((j + len) > 63) {
0ef37cd5 313 memcpy(&ctx->buffer[j], data, (i = 64 - j));
2c6361e0 314 ctx->transform(ctx->state, ctx->buffer);
0ef37cd5 315 for (; i + 63 < len; i += 64)
2c6361e0 316 ctx->transform(ctx->state, &data[i]);
0ef37cd5
DB
317 j = 0;
318 } else
319 i = 0;
248b25f8 320 memcpy(&ctx->buffer[j], &data[i], len - i);
36c7fa7e 321#endif
7c60e55b
MN
322}
323
451ae257 324void av_sha_final(AVSHA* ctx, uint8_t *digest)
0ef37cd5 325{
7c60e55b 326 int i;
8fc0162a 327 uint64_t finalcount = av_be2ne64(ctx->count << 3);
7c60e55b 328
451ae257 329 av_sha_update(ctx, "\200", 1);
0ef37cd5 330 while ((ctx->count & 63) != 56)
451ae257
KS
331 av_sha_update(ctx, "", 1);
332 av_sha_update(ctx, (uint8_t *)&finalcount, 8); /* Should cause a transform() */
aa5a99ae 333 for (i = 0; i < ctx->digest_len; i++)
a768816c 334 AV_WB32(digest + i*4, ctx->state[i]);
7c60e55b 335}