aws_lc_rs::pbkdf2

Function verify

Source
pub fn verify(
    algorithm: Algorithm,
    iterations: NonZeroU32,
    salt: &[u8],
    secret: &[u8],
    previously_derived: &[u8],
) -> Result<(), Unspecified>
Expand description

Verifies that a previously-derived (e.g., using derive) PBKDF2 value matches the PBKDF2 value derived from the other inputs.

The comparison is done in constant time to prevent timing attacks. The comparison will fail if previously_derived is empty (has a length of zero).

ParameterRFC 2898 Section 5.2 Term
digest_algPRF (HMAC with the given digest algorithm).
iterationsc (iteration count)
saltS (salt)
secretP (password)
previously_deriveddk (derived key)
previously_derived.len()dkLen (derived key length)

§Errors

error::Unspecified is the inputs were not verified.

§Panics

verify panics if previously_derived.len() is larger than (2**32 - 1) * the digest algorithm’s output length, per the PBKDF2 specification.