Remove derive_subkey() as it is not needed when deriving a key from passphrase
This commit is contained in:
parent
d4ed30a592
commit
08c8d33b20
20
puer.c
20
puer.c
|
@ -64,26 +64,6 @@ void word2bytes(unsigned char *bytes, uint32_t word) {
|
|||
bytes[3] = word>>24;
|
||||
}
|
||||
|
||||
void derive_subkey(uint32_t key[4], uint32_t nonce[6], uint32_t subkey[4]) {
|
||||
// We are using an extended nonce construction with 192 bit nonces.
|
||||
// The first 128 bits of nonce are encrypted using xxtea128 with
|
||||
// the provided key, in order to derive a subkey that is then used
|
||||
// alongside the remaining nonce to do the actual encryption.
|
||||
//
|
||||
// This is, as far as I can tell, not a standard construction. I
|
||||
// have based it on xchacha20, with the understanding that it
|
||||
// should not matter if the function used to derive the subkey is
|
||||
// reversible or not, since an attacker doesn't know the original
|
||||
// key and the original key is used only in this derivation.
|
||||
|
||||
subkey[0] = nonce[0];
|
||||
subkey[1] = nonce[1];
|
||||
subkey[2] = nonce[2];
|
||||
subkey[3] = nonce[3];
|
||||
|
||||
xxtea128(key, subkey);
|
||||
}
|
||||
|
||||
struct hashstate {
|
||||
// A_n and B_n of the MDC-2 algorithm
|
||||
uint32_t a[4];
|
||||
|
|
Loading…
Reference in New Issue