/****************
* Shortcut functions which puts the hash value of the supplied buffer
* into outbuf which must have a size of 20 bytes.
*/
void
_gcry_rmd160_hash_buffer (void *outbuf, const void *buffer, size_t length )
{
RMD160_CONTEXT hd;
_gcry_rmd160_init ( &hd );
_gcry_md_block_write ( &hd, buffer, length );
rmd160_final ( &hd );
memcpy ( outbuf, hd.bctx.buf, 20 );
}
/****************
* Shortcut functions which puts the hash value of the supplied buffer
* into outbuf which must have a size of 20 bytes.
*/
void
_gcry_rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length )
{
RMD160_CONTEXT hd;
_gcry_rmd160_init( &hd );
rmd160_write( &hd, (byte*)buffer, length );
rmd160_final( &hd );
memcpy( outbuf, hd.buf, 20 );
}
/*
Mix the pool:
|........blocks*20byte........|20byte|..44byte..|
<..44byte..> <20byte>
| |
| +------+
+---------------------------|----------+
v v
|........blocks*20byte........|20byte|..44byte..|
<.....64bytes.....>
|
+----------------------------------+
Hash
v
|.............................|20byte|..44byte..|
<20byte><20byte><..44byte..>
| |
| +---------------------+
+-----------------------------+ |
v v
|.............................|20byte|..44byte..|
<.....64byte......>
|
+-------------------------+
Hash
v
|.............................|20byte|..44byte..|
<20byte><20byte><..44byte..>
and so on until we did this for all blocks.
To better protect against implementation errors in this code, we
xor a digest of the entire pool into the pool before mixing.
Note, that this function muts only be called with a locked pool.
*/
static void
mix_pool (unsigned char *pool)
{
static unsigned char failsafe_digest[DIGESTLEN];
static int failsafe_digest_valid;
unsigned char *hashbuf = pool + POOLSIZE;
unsigned char *p, *pend;
int i, n;
RMD160_CONTEXT md;
#if DIGESTLEN != 20
#error must have a digest length of 20 for ripe-md-160
#endif
assert (pool_is_locked);
_gcry_rmd160_init( &md );
/* loop over the pool */
pend = pool + POOLSIZE;
memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN );
memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
_gcry_rmd160_mixblock( &md, (char*)hashbuf);
memcpy(pool, hashbuf, 20 );
if (failsafe_digest_valid && pool == rndpool)
{
for (i=0; i < 20; i++)
pool[i] ^= failsafe_digest[i];
}
p = pool;
for (n=1; n < POOLBLOCKS; n++)
{
memcpy (hashbuf, p, DIGESTLEN);
p += DIGESTLEN;
if (p+DIGESTLEN+BLOCKLEN < pend)
memcpy (hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN);
else
{
unsigned char *pp = p + DIGESTLEN;
for (i=DIGESTLEN; i < BLOCKLEN; i++ )
{
if ( pp >= pend )
pp = pool;
hashbuf[i] = *pp++;
}
}
_gcry_rmd160_mixblock( &md, (char*)hashbuf);
memcpy(p, hashbuf, 20 );
}
/* Our hash implementation does only leave small parts (64 bytes)
of the pool on the stack, so it is okay not to require secure
memory here. Before we use this pool, it will be copied to the
help buffer anyway. */
if ( pool == rndpool)
{
_gcry_rmd160_hash_buffer ((char*)failsafe_digest,
(char*)pool, POOLSIZE);
failsafe_digest_valid = 1;
}
_gcry_burn_stack (384); /* for the rmd160_mixblock(), rmd160_hash_buffer */
}
