Struct orion::pbkdf2::Pbkdf2[][src]

pub struct Pbkdf2 {
    pub password: Vec<u8>,
    pub salt: Vec<u8>,
    pub iterations: usize,
    pub dklen: usize,
    pub hmac: ShaVariantOption,
}

PBKDF2 (Password-Based Key Derivation Function 2) as specified in the RFC 8018.

Fields password and salt are zeroed out on drop.

Fields

Methods

impl Pbkdf2
[src]

PBKDF2 (Password-Based Key Derivation Function 2) as specified in the RFC 8018.

Exceptions:

An exception will be thrown if:

  • The specified dklen is less than 1
  • The specified dklen is greater than (2^32 - 1) * hLen
  • The specified iteration count is less than 1

Note:

Salts should always be generated using a CSPRNG. The gen_rand_key function in util can be used for this.

Usage examples:

Generating derived key:

use orion::pbkdf2::Pbkdf2;
use orion::core::util::gen_rand_key;
use orion::core::options::ShaVariantOption;

let password = gen_rand_key(16).unwrap();
let salt = gen_rand_key(16).unwrap();

let dk = Pbkdf2 {
    password: password,
    salt: salt,
    iterations: 10000,
    dklen: 64,
    hmac: ShaVariantOption::SHA512
};

dk.derive_key().unwrap();

Verifying derived key:

use orion::pbkdf2::Pbkdf2;
use orion::core::util::gen_rand_key;
use orion::core::options::ShaVariantOption;

let password = gen_rand_key(16).unwrap();
let salt = gen_rand_key(16).unwrap();

let dk = Pbkdf2 {
    password: password,
    salt: salt,
    iterations: 10000,
    dklen: 64,
    hmac: ShaVariantOption::SHA512
};

let derived_key = dk.derive_key().unwrap();
assert_eq!(dk.verify(&derived_key).unwrap(), true);

Main PBKDF2 function. Return a derived key.

Verify a derived key by comparing one from the current struct fields and the derived key passed to the function. Comparison is done in constant time. Both derived keys must be of equal length.

Trait Implementations

impl Drop for Pbkdf2
[src]

Executes the destructor for this type. Read more

Auto Trait Implementations

impl Send for Pbkdf2

impl Sync for Pbkdf2