Have a shared work buffer and derive the number of KDF round from size of buffer

puer.c

@@ -268,9 +268,9 @@ void hmac(unsigned char output[32], unsigned char key[], size_t keylen, unsigned
 	finalize_hash(&state, output);
 }
 
-// KDF_ROUNDS must be at least 2
+unsigned char workbuf[8 * 1024 * 1024];
-#define KDF_ROUNDS 100000
+#define KDF_ROUNDS (sizeof(workbuf) / 32)
-unsigned char kdf_buf[KDF_ROUNDS * 32];
+
 void kdf(unsigned char key[16], unsigned char salt[32], unsigned char passphrase[], size_t passphraselen) {
 	// This is based on the design of PBKDF2 but aims to be memory hard
 	// This is achieved by storing all the hashes in a buffer and the
@@ -288,20 +288,20 @@ void kdf(unsigned char key[16], unsigned char salt[32], unsigned char passphrase
 	// include the counter i from PBKDF2 since we will ever only
 	// produce one block of output
 	size_t index = KDF_ROUNDS*32 - 32;
-	hmac(&kdf_buf[index], passphrase, passphraselen, salt, 32);
+	hmac(&workbuf[index], passphrase, passphraselen, salt, 32);
 	index -= 32;
 
 	// Walk back along the buffer, at each step hashing the previous
 	// hashes
 	while (index > 0) {
-		hmac(&kdf_buf[index], passphrase, passphraselen, &kdf_buf[index+32], 32);
+		hmac(&workbuf[index], passphrase, passphraselen, &workbuf[index+32], 32);
 		index -= 32;
 	}
-	hmac(kdf_buf, passphrase, passphraselen, &kdf_buf[32], 32);
+	hmac(workbuf, passphrase, passphraselen, &workbuf[32], 32);
 
 	// Perform the final hash
 	unsigned char final_hash[32];
-	hmac(final_hash, passphrase, passphraselen, kdf_buf, KDF_ROUNDS * 32);
+	hmac(final_hash, passphrase, passphraselen, workbuf, KDF_ROUNDS * 32);
 
 	// Use first 128 bits of final hash as the key
 	memcpy(key, final_hash, 16);