Function ring::pbkdf2::verify [−] [src]

pub fn verify(prf: &'static PRF,
              iterations: u32,
              salt: &[u8],
              secret: &[u8],
              previously_derived: &[u8])
              -> Result<(), Unspecified>

Verifies that a previously-derived (e.g., using derive) PBKDF2 value matches the PBKDF2 value derived from the other inputs.

The comparison is done in constant time to prevent timing attacks. The comparison will fail if previously_derived is empty (has a length of zero).

Parameter	RFC 2898 Section 5.2 Term
`prf`	PRF
`iterations`	c (iteration count)
`salt`	S (salt)
`secret`	P (password)
`previously_derived`	dk (derived key)
`previously_derived.len()`	dkLen (derived key length)

C analog: PKCS5_PBKDF2_HMAC + CRYPTO_memcmp

Panics

verify panics if iterations < 1.

derive panics if out.len() is larger than (2**32 - 1) * the PRF digest length, per the PBKDF2 specification.