Struct orion::pbkdf2::Pbkdf2 [−][src]
pub struct Pbkdf2 { pub password: Vec<u8>, pub salt: Vec<u8>, pub iterations: usize, pub dklen: usize, pub hmac: ShaVariantOption, }
PBKDF2 (Password-Based Key Derivation Function 2) as specified in the RFC 8018.
Fields password
and salt
are zeroed out on drop.
Fields
password: Vec<u8>
salt: Vec<u8>
iterations: usize
dklen: usize
hmac: ShaVariantOption
Methods
impl Pbkdf2
[src]
impl Pbkdf2
PBKDF2 (Password-Based Key Derivation Function 2) as specified in the RFC 8018.
Exceptions:
An exception will be thrown if:
- The specified dklen is less than 1
- The specified dklen is greater than (2^32 - 1) * hLen
- The specified iteration count is less than 1
Note:
Salts should always be generated using a CSPRNG. The gen_rand_key
function
in util
can be used for this.
Usage examples:
Generating derived key:
use orion::pbkdf2::Pbkdf2; use orion::core::util::gen_rand_key; use orion::core::options::ShaVariantOption; let password = gen_rand_key(16).unwrap(); let salt = gen_rand_key(16).unwrap(); let dk = Pbkdf2 { password: password, salt: salt, iterations: 10000, dklen: 64, hmac: ShaVariantOption::SHA512 }; dk.derive_key().unwrap();
Verifying derived key:
use orion::pbkdf2::Pbkdf2; use orion::core::util::gen_rand_key; use orion::core::options::ShaVariantOption; let password = gen_rand_key(16).unwrap(); let salt = gen_rand_key(16).unwrap(); let dk = Pbkdf2 { password: password, salt: salt, iterations: 10000, dklen: 64, hmac: ShaVariantOption::SHA512 }; let derived_key = dk.derive_key().unwrap(); assert_eq!(dk.verify(&derived_key).unwrap(), true);
pub fn derive_key(&self) -> Result<Vec<u8>, UnknownCryptoError>
[src]
pub fn derive_key(&self) -> Result<Vec<u8>, UnknownCryptoError>
Main PBKDF2 function. Return a derived key.
pub fn verify(&self, expected_dk: &[u8]) -> Result<bool, UnknownCryptoError>
[src]
pub fn verify(&self, expected_dk: &[u8]) -> Result<bool, UnknownCryptoError>
Verify a derived key by comparing one from the current struct fields and the derived key passed to the function. Comparison is done in constant time. Both derived keys must be of equal length.