diff options
Diffstat (limited to 'cipher')
| -rw-r--r-- | cipher/ChangeLog | 15 | ||||
| -rw-r--r-- | cipher/Makefile.am | 1 | ||||
| -rw-r--r-- | cipher/Makefile.in | 1 | ||||
| -rw-r--r-- | cipher/blowfish.c | 3 | ||||
| -rw-r--r-- | cipher/dsa.c | 205 | ||||
| -rw-r--r-- | cipher/dsa.h | 4 | ||||
| -rw-r--r-- | cipher/md.c | 1 | ||||
| -rw-r--r-- | cipher/misc.c | 1 | ||||
| -rw-r--r-- | cipher/random.c | 253 | ||||
| -rw-r--r-- | cipher/random.h | 39 | ||||
| -rw-r--r-- | cipher/rmd.h | 1 | ||||
| -rw-r--r-- | cipher/rmd160.c | 21 |
12 files changed, 371 insertions, 174 deletions
diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 152d23412..0a316d1bb 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,18 @@ +Mon Mar 9 12:59:08 1998 Werner Koch ([email protected]) + + * dsa.c, dsa.h: Removed some unused code. + +Wed Mar 4 10:39:22 1998 Werner Koch ([email protected]) + + * md.c (md_open): Add call to fast_random_poll. + blowfish.c (blowfish_setkey): Ditto. + +Tue Mar 3 13:32:54 1998 Werner Koch ([email protected]) + + * rmd160.c (rmd160_mixblock): New. + * random.c: Restructured to start with a new RNG implementation. + * random.h: New. + Mon Mar 2 19:21:46 1998 Werner Koch ([email protected]) * gost.c, gost.h: Removed because they did only conatin trash. diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 48478a21d..c0b3c8a5b 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -13,6 +13,7 @@ libcipher_a_SOURCES = blowfish.c \ md5.c \ md5.h \ primegen.c \ + random.h \ random.c \ rmd.h \ rmd160.c \ diff --git a/cipher/Makefile.in b/cipher/Makefile.in index 958b7d167..579d4a355 100644 --- a/cipher/Makefile.in +++ b/cipher/Makefile.in @@ -104,6 +104,7 @@ libcipher_a_SOURCES = blowfish.c \ md5.c \ md5.h \ primegen.c \ + random.h \ random.c \ rmd.h \ rmd160.c \ diff --git a/cipher/blowfish.c b/cipher/blowfish.c index c0979b8ce..55b99025c 100644 --- a/cipher/blowfish.c +++ b/cipher/blowfish.c @@ -37,6 +37,7 @@ #include "util.h" #include "types.h" #include "blowfish.h" +#include "random.h" /* precomputed S boxes */ static const u32 ks0[256] = { @@ -421,6 +422,8 @@ blowfish_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ) selftest(); } + fast_random_poll(); + for(i=0; i < BLOWFISH_ROUNDS+2; i++ ) c->p[i] = ps[i]; for(i=0; i < 256; i++ ) { diff --git a/cipher/dsa.c b/cipher/dsa.c index 07f9e7075..8024ac0a2 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -32,6 +32,7 @@ void dsa_free_public_key( DSA_public_key *pk ) { mpi_free( pk->p ); pk->p = NULL; + mpi_free( pk->q ); pk->q = NULL; mpi_free( pk->g ); pk->g = NULL; mpi_free( pk->y ); pk->y = NULL; } @@ -40,121 +41,13 @@ void dsa_free_secret_key( DSA_secret_key *sk ) { mpi_free( sk->p ); sk->p = NULL; + mpi_free( sk->q ); sk->q = NULL; mpi_free( sk->g ); sk->g = NULL; mpi_free( sk->y ); sk->y = NULL; mpi_free( sk->x ); sk->x = NULL; } -static void -test_keys( DSA_public_key *pk, DSA_secret_key *sk, unsigned nbits ) -{ - MPI test = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - MPI out1_a = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - MPI out1_b = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - MPI out2 = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - - mpi_set_bytes( test, nbits, get_random_byte, 0 ); - - dsa_sign( out1_a, out1_b, test, sk ); - if( !dsa_verify( out1_a, out1_b, test, pk ) ) - log_fatal("DSA operation: sign, verify failed\n"); - - mpi_free( test ); - mpi_free( out1_a ); - mpi_free( out1_b ); - mpi_free( out2 ); -} - - -/**************** - * generate a random secret exponent k from prime p, so - * that k is relatively prime to p-1 - */ -static MPI -gen_k( MPI p ) -{ - MPI k = mpi_alloc_secure( mpi_get_nlimbs(p) ); - MPI temp = mpi_alloc( mpi_get_nlimbs(p) ); - MPI p_1 = mpi_copy(p); - unsigned nbits = mpi_get_nbits(p); - - if( DBG_CIPHER ) - log_debug("choosing a random k "); - mpi_sub_ui( p_1, p, 1); - for(;;) { - if( DBG_CIPHER ) - fputc('.', stderr); - mpi_set_bytes( k, nbits, get_random_byte, 1 ); - mpi_set_highbit( k, nbits-1 ); /* make sure it's high (really needed?) */ - if( mpi_cmp( k, p_1 ) >= 0 ) - continue; /* is not smaller than (p-1) */ - if( mpi_gcd( temp, k, p_1 ) ) - break; /* okay, k is relatively prime to (p-1) */ - } - if( DBG_CIPHER ) - fputc('\n', stderr); - mpi_free(p_1); - mpi_free(temp); - - return k; -} - -/**************** - * Generate a key pair with a key of size NBITS - * Returns: 2 structures filles with all needed values - */ -void -dsa_generate( DSA_public_key *pk, DSA_secret_key *sk, unsigned nbits ) -{ - MPI p; /* the prime */ - MPI g; - MPI x; /* the secret exponent */ - MPI y; - - p = generate_public_prime( nbits ); - /* FIXME: check wether we shall assert that (p-1)/2 is also prime - * Schneier votes against it - */ - g = mpi_alloc_set_ui(3); - - /* select a random number */ - x = mpi_alloc_secure( nbits/BITS_PER_MPI_LIMB ); - if( DBG_CIPHER ) - log_debug("choosing a random x "); - do { - if( DBG_CIPHER ) - fputc('.', stderr); - mpi_set_bytes( x, nbits, get_random_byte, 1 ); /* fixme: should be 2 */ - mpi_set_highbit( x, nbits-1 ); /* make sure it's high (needed?) */ - } while( mpi_cmp( x, p ) >= 0 ); /* x must be smaller than p */ - - y = mpi_alloc(nbits/BITS_PER_MPI_LIMB); - mpi_powm( y, g, x, p ); - - if( DBG_CIPHER ) { - fputc('\n', stderr); - log_mpidump("dsa p= ", p ); - log_mpidump("dsa g= ", g ); - log_mpidump("dsa y= ", y ); - log_mpidump("dsa x= ", x ); - } - - - /* copy the stuff to the key structures */ - pk->p = mpi_copy(p); - pk->g = mpi_copy(g); - pk->y = mpi_copy(y); - sk->p = p; - sk->g = g; - sk->y = y; - sk->x = x; - - /* now we can test our keys (this should never fail!) */ - test_keys( pk, sk, nbits - 64 ); -} - - /**************** * Test wether the secret key is valid. * Returns: if this is a valid key. @@ -174,72 +67,58 @@ dsa_check_secret_key( DSA_secret_key *sk ) /**************** - * Make an Elgamal signature out of INPUT + * Make a DSA signature out of INPUT */ void -dsa_sign(MPI a, MPI b, MPI input, DSA_secret_key *skey ) +dsa_sign(MPI r, MPI s, MPI input, DSA_secret_key *skey ) { - MPI k; - MPI t = mpi_alloc( mpi_get_nlimbs(a) ); - MPI inv = mpi_alloc( mpi_get_nlimbs(a) ); - MPI p_1 = mpi_copy(skey->p); - - /* - * b = (t * inv) mod (p-1) - * b = (t * inv(k,(p-1),(p-1)) mod (p-1) - * b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1) - * - */ - mpi_sub_ui(p_1, p_1, 1); - k = gen_k( skey->p ); - mpi_powm( a, skey->g, k, skey->p ); - mpi_mul(t, skey->x, a ); - mpi_subm(t, input, t, p_1 ); - while( mpi_is_neg(t) ) - mpi_add(t, t, p_1); - mpi_invm(inv, k, p_1 ); - mpi_mulm(b, t, inv, p_1 ); - - #if 0 - if( DBG_CIPHER ) { - log_mpidump("dsa sign p= ", skey->p); - log_mpidump("dsa sign g= ", skey->g); - log_mpidump("dsa sign y= ", skey->y); - log_mpidump("dsa sign x= ", skey->x); - log_mpidump("dsa sign k= ", k); - log_mpidump("dsa sign M= ", input); - log_mpidump("dsa sign a= ", a); - log_mpidump("dsa sign b= ", b); - } - #endif - mpi_free(k); - mpi_free(t); - mpi_free(inv); - mpi_free(p_1); } /**************** - * Returns true if the signature composed from A and B is valid. + * Returns true if the signature composed from R and S is valid. */ int -dsa_verify(MPI a, MPI b, MPI input, DSA_public_key *pkey ) +dsa_verify(MPI r, MPI s, MPI input, DSA_public_key *pkey ) { int rc; - MPI t1 = mpi_alloc( mpi_get_nlimbs(a) ); - MPI t2 = mpi_alloc( mpi_get_nlimbs(a) ); - - mpi_powm( t1, pkey->y, a, pkey->p ); - mpi_powm( t2, a, b, pkey->p ); - mpi_mulm( t1, t1, t2, pkey->p ); - - mpi_powm( t2, pkey->g, input, pkey->p ); - - rc = !mpi_cmp( t1, t2 ); - - mpi_free(t1); - mpi_free(t2); + MPI w, u1, u2, v; + MPI base[3]; + MPI exp[3]; + + if( !(mpi_cmp_ui( r, 0 ) > 0 && mpi_cmp( r, pkey->q ) < 0) ) + return 0; /* assertion 0 < r < q failed */ + if( !(mpi_cmp_ui( s, 0 ) > 0 && mpi_cmp( s, pkey->q ) < 0) ) + return 0; /* assertion 0 < s < q failed */ + + w = mpi_alloc( mpi_get_nlimbs(pkey->q) ); + u1 = mpi_alloc( mpi_get_nlimbs(pkey->q) ); + u2 = mpi_alloc( mpi_get_nlimbs(pkey->q) ); + v = mpi_alloc( mpi_get_nlimbs(pkey->p) ); + + /* w = s^(-1) mod q */ + mpi_invm( w, s, pkey->q ); + + /* u1 = (input * w) mod q */ + mpi_mulm( u1, input, w, pkey->q ); + + /* u2 = r * w mod q */ + mpi_mulm( u2, r, w, pkey->q ); + + /* v = g^u1 * y^u2 mod p mod q */ + base[0] = pkey->g; exp[0] = u1; + base[1] = pkey->y; exp[1] = u2; + base[2] = NULL; exp[2] = NULL; + mpi_mulpowm( v, base, exp, pkey->p ); + mpi_fdiv_r( v, v, pkey->q ); + + rc = !mpi_cmp( v, r ); + + mpi_free(w); + mpi_free(u1); + mpi_free(u2); + mpi_free(v); return rc; } diff --git a/cipher/dsa.h b/cipher/dsa.h index 1574560f6..07a41ae6c 100644 --- a/cipher/dsa.h +++ b/cipher/dsa.h @@ -43,7 +43,7 @@ void dsa_free_public_key( DSA_public_key *pk ); void dsa_free_secret_key( DSA_secret_key *sk ); void dsa_generate( DSA_public_key *pk, DSA_secret_key *sk, unsigned nbits ); int dsa_check_secret_key( DSA_secret_key *sk ); -void dsa_sign(MPI a, MPI b, MPI input, DSA_secret_key *skey); -int dsa_verify(MPI a, MPI b, MPI input, DSA_public_key *pkey); +void dsa_sign(MPI r, MPI s, MPI input, DSA_secret_key *skey); +int dsa_verify(MPI r, MPI s, MPI input, DSA_public_key *pkey); #endif /*G10_DSA_H*/ diff --git a/cipher/md.c b/cipher/md.c index a9a566698..b19399653 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -42,6 +42,7 @@ md_open( int algo, int secure ) hd->secure = secure; if( algo ) md_enable( hd, algo ); + fast_random_poll(); return hd; } diff --git a/cipher/misc.c b/cipher/misc.c index 937aa61f5..ad937fcfe 100644 --- a/cipher/misc.c +++ b/cipher/misc.c @@ -174,6 +174,7 @@ check_pubkey_algo( int algo ) { switch( algo ) { case PUBKEY_ALGO_ELGAMAL: + case PUBKEY_ALGO_DSA: #ifdef HAVE_RSA_CIPHER case PUBKEY_ALGO_RSA: #endif diff --git a/cipher/random.c b/cipher/random.c index 2f11df7cd..5a6371995 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -18,6 +18,17 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ + +/**************** + * How it works: + * + * See Peter Gutmann's Paper: "Software Generation of Practically + * Strong Random Numbers" + * + * fixme! + */ + + #include <config.h> #include <stdio.h> #include <stdlib.h> @@ -26,27 +37,88 @@ #include <sys/time.h> #include <sys/types.h> #include <sys/stat.h> +#ifndef HAVE_GETTIMEOFTIME + #include <sys/times.h> +#endif +#ifdef HAVE_GETRUSAGE + #include <sys/resource.h> +#endif #include <string.h> #include <unistd.h> #include <fcntl.h> #include "util.h" -#include "cipher.h" +#include "random.h" +#include "rmd.h" #include "ttyio.h" #include "i18n.h" + +#define BLOCKLEN 64 /* hash this amount of bytes */ +#define DIGESTLEN 20 /* into a digest of this length (rmd160) */ +/* poolblocks is the number of digests which make up the pool + * and poolsize must be a multiple of the digest length + * to make the AND operations faster, the size should also be + * a multiple of ulong + */ +#define POOLBLOCKS 30 +#define POOLSIZE (POOLBLOCKS*DIGESTLEN) +#if (POOLSIZE % SIZEOF_UNSIGNED_LONG) + #error Please make sure that poolsize is a multiple of ulong +#endif +#define POOLWORDS (POOLSIZE / SIZEOF_UNSIGNED_LONG) +#if SIZEOF_UNSIGNED_LONG == 8 + #define ADD_VALUE 0xa5a5a5a5a5a5a5a5 +#elif SIZEOF_UNSIGNED_LONG == 4 + #define ADD_VALUE 0xa5a5a5a5 +#else + #error weird size for an unsigned long +#endif + struct cache { int len; - byte buffer[100]; /* fixme: should be allocated with m_alloc_secure()*/ + int size; + byte *buffer; }; + +static int is_initialized; static struct cache cache[3]; #define MASK_LEVEL(a) do {if( a > 2 ) a = 2; else if( a < 0 ) a = 0; } while(0) +static char *rndpool; /* allocated size is POOLSIZE+BLOCKLEN */ +static char *keypool; /* allocated size is POOLSIZE+BLOCKLEN */ +static size_t pool_readpos; +static size_t pool_writepos; +static int pool_filled; +static int just_mixed; + +static int secure_alloc; +static int quick_test; -static void fill_buffer( byte *buffer, size_t length, int level ); -static int quick_test; + +static void read_pool( byte *buffer, size_t length, int level ); +static void read_dev_random( byte *buffer, size_t length, int level ); +static void +initialize() +{ + /* The data buffer is allocated somewhat larger, so that + * we can use this extra space (which is allocated in secure memory) + * as a temporary hash buffer */ + rndpool = secure_alloc ? m_alloc_secure_clear(POOLSIZE+BLOCKLEN) + : m_alloc_clear(POOLSIZE+BLOCKLEN); + keypool = secure_alloc ? m_alloc_secure_clear(POOLSIZE+BLOCKLEN) + : m_alloc_clear(POOLSIZE+BLOCKLEN); + is_initialized = 1; +} + +void +secure_random_alloc() +{ + secure_alloc = 1; +} + int quick_random_gen( int onoff ) { @@ -78,14 +150,174 @@ get_random_byte( int level ) { MASK_LEVEL(level); if( !cache[level].len ) { - fill_buffer(cache[level].buffer, DIM(cache[level].buffer), level ); - cache[level].len = DIM(cache[level].buffer); + if( !is_initialized ) + initialize(); + if( !cache[level].buffer ) { + cache[level].size = 100; + cache[level].buffer = level && secure_alloc? + m_alloc_secure( cache[level].size ) + : m_alloc( cache[level].size ); + } + read_pool(cache[level].buffer, cache[level].size, level ); + cache[level].len = cache[level].size; } return cache[level].buffer[--cache[level].len]; } +/**************** + * Mix the pool + */ +static void +mix_pool(byte *pool) +{ + char *hashbuf = pool + POOLSIZE; + char *p, *pend; + int i, n; + RMD160_CONTEXT md; + + rmd160_init( &md ); + #if DIGESTLEN != 20 + #error must have a digest length of 20 for ripe-md-160 + #endif + /* loop over the pool */ + pend = pool + POOLSIZE; + memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN ); + memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); + rmd160_mixblock( &md, hashbuf); + memcpy(pool, hashbuf, 20 ); + + p = pool; + for( n=1; n < POOLBLOCKS; n++ ) { + memcpy(hashbuf, p, DIGESTLEN ); + + p += DIGESTLEN; + if( p+DIGESTLEN+BLOCKLEN < pend ) + memcpy(hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN); + else { + char *pp = p+DIGESTLEN; + for(i=DIGESTLEN; i < BLOCKLEN; i++ ) { + if( pp >= pend ) + pp = pool; + hashbuf[i] = *pp++; + } + } + + rmd160_mixblock( &md, hashbuf); + memcpy(p, hashbuf, 20 ); + } +} + + +static void +read_pool( byte *buffer, size_t length, int level ) +{ + int i; + ulong *sp, *dp; + + if( length >= POOLSIZE ) + BUG(); /* not allowed */ + if( !level ) { /* read simple random bytes */ + read_dev_random( buffer, length, level ); + return; + } + + /* always do a random poll if we need strong numbers */ + if( pool_filled && level == 2 ) + random_poll(); + /* make sure the pool is filled */ + while( !pool_filled ) + random_poll(); + /* do always a fast random poll */ + fast_random_poll(); + + /* mix the pool (if add_randomness() didn't it) */ + if( !just_mixed ) + mix_pool(rndpool); + + /* create a new pool */ + for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool; + i < POOLWORDS; i++, dp++, sp++ ) + *dp = *sp + ADD_VALUE; + /* and mix both pools */ + mix_pool(rndpool); + mix_pool(keypool); + /* read the required data + * we use a readpoiter to read from a different postion each + * time */ + while( length-- ) { + *buffer++ = keypool[pool_readpos++]; + if( pool_readpos >= POOLSIZE ) + pool_readpos = 0; + } + /* and clear the keypool */ + memset( keypool, 0, POOLSIZE ); +} + + +/**************** + * Add LENGTH bytes of randomness from buffer to the pool. + * source may be used to specify the randomeness source. + */ +void +add_randomness( const void *buffer, size_t length, int source ) +{ + if( !is_initialized ) + initialize(); + while( length-- ) { + rndpool[pool_writepos++] = *((byte*)buffer)++; + if( pool_writepos >= POOLSIZE ) { + pool_filled = 1; + pool_writepos = 0; + mix_pool(rndpool); + just_mixed = !length; + } + } +} + + + +/******************** + * FIXME: move these functions to rand_unix.c + */ + +void +random_poll() +{ + char buf[POOLSIZE/5]; + read_dev_random( buf, POOLSIZE/5, 1 ); /* read /dev/urandom */ + add_randomness( buf, POOLSIZE/5, 2); + memset( buf, 0, POOLSIZE/5); +} + + +void +fast_random_poll() +{ + #ifdef HAVE_GETTIMEOFTIME + { struct timeval tv; + if( gettimeofday( &tv, NULL ) ) + BUG(); + add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 ); + add_randomness( &tv.tv_usec, sizeof(tv.tv_usec), 1 ); + } + #else /* use times */ + { struct tms buf; + times( &buf ); + add_randomness( &buf, sizeof buf, 1 ); + } + #endif + #ifdef HAVE_GETRUSAGE + { struct rusage buf; + if( getrusage( RUSAGE_SELF, &buf ) ) + BUG(); + add_randomness( &buf, sizeof buf, 1 ); + memset( &buf, 0, sizeof buf ); + } + #endif +} + #ifdef HAVE_DEV_RANDOM @@ -111,7 +343,7 @@ open_device( const char *name, int minor ) static void -fill_buffer( byte *buffer, size_t length, int level ) +read_dev_random( byte *buffer, size_t length, int level ) { static int fd_urandom = -1; static int fd_random = -1; @@ -125,6 +357,9 @@ fill_buffer( byte *buffer, size_t length, int level ) fd = fd_random; } else { + /* fixme: we should use a simpler one for level 0, + * because reading from /dev/urandom removes entropy + * and the next read on /dev/random may have to wait */ if( fd_urandom == -1 ) fd_urandom = open_device( "/dev/urandom", 9 ); fd = fd_urandom; @@ -154,7 +389,7 @@ fill_buffer( byte *buffer, size_t length, int level ) continue; } - assert( length < 200 ); + assert( length < 500 ); do { n = read(fd, buffer, length ); if( n >= 0 && n > length ) { @@ -178,7 +413,7 @@ fill_buffer( byte *buffer, size_t length, int level ) #endif static void -fill_buffer( byte *buffer, size_t length, int level ) +read_dev_random( byte *buffer, size_t length, int level ) { static int initialized=0; diff --git a/cipher/random.h b/cipher/random.h new file mode 100644 index 000000000..a8c506da7 --- /dev/null +++ b/cipher/random.h @@ -0,0 +1,39 @@ +/* random.h - random functions + * Copyright (C) 1998 Free Software Foundation, Inc. + * + * This file is part of GNUPG. + * + * GNUPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_RANDOM_H +#define G10_RANDOM_H + +#include "types.h" + +/*-- random.c --*/ +void secure_random_alloc(void); +int quick_random_gen( int onoff ); +void randomize_buffer( byte *buffer, size_t length, int level ); +byte get_random_byte( int level ); +void add_randomness( const void *buffer, size_t length, int source ); + + +/*-- the next two functions are implemented by all the system + specific source files rand_xxxx.s --*/ +void random_poll(void); +void fast_random_poll(void); + + +#endif /*G10_RANDOM_H*/ diff --git a/cipher/rmd.h b/cipher/rmd.h index d6bc007d1..f3a67243b 100644 --- a/cipher/rmd.h +++ b/cipher/rmd.h @@ -33,6 +33,7 @@ typedef struct { void rmd160_init( RMD160_CONTEXT *c ); void rmd160_write( RMD160_CONTEXT *hd, byte *inbuf, size_t inlen); void rmd160_final(RMD160_CONTEXT *hd); +void rmd160_mixblock( RMD160_CONTEXT *hd, char *buffer ); #define rmd160_read(h) ( (h)->buf ) #endif /*G10_RMD_H*/ diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 7b87d4218..8d17b287f 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -300,6 +300,27 @@ rmd160_write( RMD160_CONTEXT *hd, byte *inbuf, size_t inlen) } +/**************** + * Apply the rmd160 transform function on the buffer which must have + * a length 64 bytes. Do not use this function together with the + * other functions, use rmd160_init to initialize intzernal variables. + * Returns: 16 bytes in buffer with the mixed contentes of buffer. + */ +void +rmd160_mixblock( RMD160_CONTEXT *hd, char *buffer ) +{ + char *p = buffer; + transform( hd, buffer ); + #define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) + X(0); + X(1); + X(2); + X(3); + X(4); + #undef X +} + + /* The routine terminates the computation */ |