in lib/scryptenc/scryptenc.c [149:179]
int scryptdec_buf_saltlen(const uint8_t * inbuf, size_t inbuflen,
uint8_t * outbuf, const uint8_t * passwd,
size_t passwdlen, const uint8_t * salt,
size_t saltlen, uint32_t rounds, uint32_t memcost)
{
uint8_t dk[64];
uint8_t * key_enc = dk;
int rc;
struct crypto_aes_key * key_enc_exp;
struct crypto_aesctr * AES;
uint32_t p = 1;
uint64_t N = (uint64_t)(1) << memcost;
if ((rc = crypto_scrypt(passwd, passwdlen, salt, saltlen, N, rounds, p, dk, 64)) != 0)
return rc;
/* Decrypt data. */
if ((key_enc_exp = crypto_aes_key_expand(key_enc, 32)) == NULL)
return (5);
if ((AES = crypto_aesctr_init(key_enc_exp, 0)) == NULL)
return (6);
crypto_aesctr_stream(AES, &inbuf[0], outbuf, inbuflen);
crypto_aesctr_free(AES);
crypto_aes_key_free(key_enc_exp);
/* Zero sensitive data. */
insecure_memzero(dk, 64);
/* Success! */
return (0);
}