Ekdohibs/zig
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Explicitly reference std.crypto.kdf in test case

Browse Source
This commit is contained in:
Rob Napier 2020-09-13 10:50:46 -04:00
parent 0f85b85acb
commit 257c5b5348
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/std/crypto.zig
View File

@ -35,7 +35,11 @@ pub const onetimeauth = struct {
pub const Poly1305 = @import("crypto/poly1305.zig").Poly1305;
};
/// Key derivation functions
/// A Key Derivation Function (KDF) is intended to turn a weak, human generated password into a
/// strong key, suitable for cryptographic uses. It does this by salting and stretching the
/// password. Salting injects non-secret random data, so that identical passwords will be converted
/// into unique keys. Stretching applies a deliberately slow hashing function to frustrate
/// brute-force guessing.
pub const kdf = struct {
pub const pbkdf2 = @import("crypto/pbkdf2.zig").pbkdf2;
};

14
lib/std/crypto/pbkdf2.zig
View File

@ -10,14 +10,6 @@ const debug = std.debug;
const assert = debug.assert;
const mem = std.mem;
//! PBKDF2 (Password-Based Key Derivation Function 2) is intended to turn a weak, human generated
//! password into a strong key, suitable for cryptographic uses. It does this by salting and
//! stretching the password. Salting injects non-secret random data, so that identical passwords
//! will be converted into unique keys. Stretching applies a deliberately slow hashing function to
//! frustrate brute-force guessing.
//!
//! PBKDF2 is defined in RFC 2898, and is a recommendation of NIST SP 800-132.
// RFC 2898 Section 5.2
//
// FromSpec:
@ -48,6 +40,8 @@ const mem = std.mem;
/// Apply PBKDF2 to generate a key from a password.
///
/// PBKDF2 is defined in RFC 2898, and is a recommendation of NIST SP 800-132.
///
/// derivedKey: Slice of appropriate size for generated key. Generally 16 or 32 bytes in length.
/// May be uninitialized. All bytes will be written.
/// Maximum size is (2^32 - 1) * Hash.digest_length
@ -62,6 +56,8 @@ const mem = std.mem;
/// the derivedKey. It is common to tune this parameter to achieve approximately 100ms.
///
/// Prf: Pseudo-random function to use. A common choice is std.crypto.auth.hmac.HmacSha256.
///
/// PBKDF2 is defined in RFC 2898, and is a recommendation of NIST SP 800-132.
pub fn pbkdf2(derivedKey: []u8, password: []const u8, salt: []const u8, rounds: u32, comptime Prf: type) void {
assert(rounds >= 1);
@ -161,7 +157,7 @@ test "RFC 6070 one iteration" {
var derivedKey: [dkLen]u8 = undefined;
pbkdf2(&derivedKey, p, s, c, crypto.auth.hmac.HmacSha1);
std.crypto.kdf.pbkdf2(&derivedKey, p, s, c, crypto.auth.hmac.HmacSha1);
const expected = "0c60c80f961f0e71f3a9b524af6012062fe037a6";