55 lines
1.5 KiB
JavaScript
55 lines
1.5 KiB
JavaScript
/** @fileOverview Password-based key-derivation function, version 2.0.
|
|
*
|
|
* @author Emily Stark
|
|
* @author Mike Hamburg
|
|
* @author Dan Boneh
|
|
*/
|
|
|
|
/** Password-Based Key-Derivation Function, version 2.0.
|
|
*
|
|
* Generate keys from passwords using PBKDF2-HMAC-SHA256.
|
|
*
|
|
* This is the method specified by RSA's PKCS #5 standard.
|
|
*
|
|
* @param {bitArray|String} password The password.
|
|
* @param {bitArray} salt The salt. Should have lots of entropy.
|
|
* @param {Number} [count=1000] The number of iterations. Higher numbers make the function slower but more secure.
|
|
* @param {Number} [length] The length of the derived key. Defaults to the
|
|
output size of the hash function.
|
|
* @param {Object} [Prff=sjcl.misc.hmac] The pseudorandom function family.
|
|
* @return {bitArray} the derived key.
|
|
*/
|
|
sjcl.misc.pbkdf2 = function (password, salt, count, length, Prff) {
|
|
count = count || 1000;
|
|
|
|
if (length < 0 || count < 0) {
|
|
throw sjcl.exception.invalid("invalid params to pbkdf2");
|
|
}
|
|
|
|
if (typeof password === "string") {
|
|
password = sjcl.codec.utf8String.toBits(password);
|
|
}
|
|
|
|
Prff = Prff || sjcl.misc.hmac;
|
|
|
|
var prf = new Prff(password),
|
|
u, ui, i, j, k, out = [], b = sjcl.bitArray;
|
|
|
|
for (k = 1; 32 * out.length < (length || 1); k++) {
|
|
u = ui = prf.encrypt(b.concat(salt,[k]));
|
|
|
|
for (i=1; i<count; i++) {
|
|
ui = prf.encrypt(ui);
|
|
for (j=0; j<ui.length; j++) {
|
|
u[j] ^= ui[j];
|
|
}
|
|
}
|
|
|
|
out = out.concat(u);
|
|
}
|
|
|
|
if (length) { out = b.clamp(out, length); }
|
|
|
|
return out;
|
|
};
|