Due to the conditional here:
|
if in[15] >= 128 { |
|
tmp[0] = tmp[0] ^ 135 |
|
} |
I think it could be rewritten as something like:
tmp[0] ^= 135 & byte(-(in[15] >> 7))
(untested)
Now the broader question is, does this actually matter? In a disk-encryption scenario, an attacker who can time chosen writes (or observe ciphertexts along with timing info) could perhaps infer a few bits of L and use that as a device fingerprinting vector, even if there's no way to break the security of the scheme as a whole.
Edit: For some reason I completely glossed over the second conditional that does the carry propagation - same issue there.
Due to the conditional here:
eme/eme.go
Lines 34 to 36 in 60f8113
I think it could be rewritten as something like:
(untested)
Now the broader question is, does this actually matter? In a disk-encryption scenario, an attacker who can time chosen writes (or observe ciphertexts along with timing info) could perhaps infer a few bits of L and use that as a device fingerprinting vector, even if there's no way to break the security of the scheme as a whole.
Edit: For some reason I completely glossed over the second conditional that does the carry propagation - same issue there.