Function ring::pbkdf2::verify
[−]
[src]
pub fn verify(prf: &'static PRF, iterations: usize, salt: &[u8], secret: &[u8], previously_derived: &[u8]) -> Result<(), Unspecified>
Verifies that a previously-derived (e.g., using derive
) PBKDF2 value
matches the PBKDF2 value derived from the other inputs.
The comparison is done in constant time to prevent timing attacks. The
comparison will fail if previously_derived
is empty (has a length of
zero).
Parameter | RFC 2898 Section 5.2 Term |
---|---|
prf | PRF |
iterations | c (iteration count) |
salt | S (salt) |
secret | P (password) |
previously_derived | dk (derived key) |
previously_derived.len() | dkLen (derived key length) |
C analog: PKCS5_PBKDF2_HMAC
+ CRYPTO_memcmp
Panics
verify
panics if iterations < 1
.
derive
panics if out.len()
is larger than (2**32 - 1) * the PRF digest
length, per the PBKDF2 specification.