Function ring::pbkdf2::verify
[−]
[src]
pub fn verify(
prf: &'static PRF,
iterations: u32,
salt: &[u8],
secret: &[u8],
previously_derived: &[u8]
) -> Result<(), Unspecified>
Verifies that a previously-derived (e.g., using derive) PBKDF2 value
matches the PBKDF2 value derived from the other inputs.
The comparison is done in constant time to prevent timing attacks. The
comparison will fail if previously_derived is empty (has a length of
zero).
| Parameter | RFC 2898 Section 5.2 Term |
|---|---|
prf |
PRF |
iterations |
c (iteration count) |
salt |
S (salt) |
secret |
P (password) |
previously_derived |
dk (derived key) |
previously_derived.len() |
dkLen (derived key length) |
C analog: PKCS5_PBKDF2_HMAC + CRYPTO_memcmp
Panics
verify panics if iterations < 1.
derive panics if out.len() is larger than (2**32 - 1) * the PRF digest
length, per the PBKDF2 specification.