| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/git/checkouts/incubator-teaclave-crates-c8106113f74feefc/ede1f68/ring/src/pbkdf2.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>pbkdf2.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../ring/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../ring/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span> |
| <span id="2">2</span> |
| <span id="3">3</span> |
| <span id="4">4</span> |
| <span id="5">5</span> |
| <span id="6">6</span> |
| <span id="7">7</span> |
| <span id="8">8</span> |
| <span id="9">9</span> |
| <span id="10">10</span> |
| <span id="11">11</span> |
| <span id="12">12</span> |
| <span id="13">13</span> |
| <span id="14">14</span> |
| <span id="15">15</span> |
| <span id="16">16</span> |
| <span id="17">17</span> |
| <span id="18">18</span> |
| <span id="19">19</span> |
| <span id="20">20</span> |
| <span id="21">21</span> |
| <span id="22">22</span> |
| <span id="23">23</span> |
| <span id="24">24</span> |
| <span id="25">25</span> |
| <span id="26">26</span> |
| <span id="27">27</span> |
| <span id="28">28</span> |
| <span id="29">29</span> |
| <span id="30">30</span> |
| <span id="31">31</span> |
| <span id="32">32</span> |
| <span id="33">33</span> |
| <span id="34">34</span> |
| <span id="35">35</span> |
| <span id="36">36</span> |
| <span id="37">37</span> |
| <span id="38">38</span> |
| <span id="39">39</span> |
| <span id="40">40</span> |
| <span id="41">41</span> |
| <span id="42">42</span> |
| <span id="43">43</span> |
| <span id="44">44</span> |
| <span id="45">45</span> |
| <span id="46">46</span> |
| <span id="47">47</span> |
| <span id="48">48</span> |
| <span id="49">49</span> |
| <span id="50">50</span> |
| <span id="51">51</span> |
| <span id="52">52</span> |
| <span id="53">53</span> |
| <span id="54">54</span> |
| <span id="55">55</span> |
| <span id="56">56</span> |
| <span id="57">57</span> |
| <span id="58">58</span> |
| <span id="59">59</span> |
| <span id="60">60</span> |
| <span id="61">61</span> |
| <span id="62">62</span> |
| <span id="63">63</span> |
| <span id="64">64</span> |
| <span id="65">65</span> |
| <span id="66">66</span> |
| <span id="67">67</span> |
| <span id="68">68</span> |
| <span id="69">69</span> |
| <span id="70">70</span> |
| <span id="71">71</span> |
| <span id="72">72</span> |
| <span id="73">73</span> |
| <span id="74">74</span> |
| <span id="75">75</span> |
| <span id="76">76</span> |
| <span id="77">77</span> |
| <span id="78">78</span> |
| <span id="79">79</span> |
| <span id="80">80</span> |
| <span id="81">81</span> |
| <span id="82">82</span> |
| <span id="83">83</span> |
| <span id="84">84</span> |
| <span id="85">85</span> |
| <span id="86">86</span> |
| <span id="87">87</span> |
| <span id="88">88</span> |
| <span id="89">89</span> |
| <span id="90">90</span> |
| <span id="91">91</span> |
| <span id="92">92</span> |
| <span id="93">93</span> |
| <span id="94">94</span> |
| <span id="95">95</span> |
| <span id="96">96</span> |
| <span id="97">97</span> |
| <span id="98">98</span> |
| <span id="99">99</span> |
| <span id="100">100</span> |
| <span id="101">101</span> |
| <span id="102">102</span> |
| <span id="103">103</span> |
| <span id="104">104</span> |
| <span id="105">105</span> |
| <span id="106">106</span> |
| <span id="107">107</span> |
| <span id="108">108</span> |
| <span id="109">109</span> |
| <span id="110">110</span> |
| <span id="111">111</span> |
| <span id="112">112</span> |
| <span id="113">113</span> |
| <span id="114">114</span> |
| <span id="115">115</span> |
| <span id="116">116</span> |
| <span id="117">117</span> |
| <span id="118">118</span> |
| <span id="119">119</span> |
| <span id="120">120</span> |
| <span id="121">121</span> |
| <span id="122">122</span> |
| <span id="123">123</span> |
| <span id="124">124</span> |
| <span id="125">125</span> |
| <span id="126">126</span> |
| <span id="127">127</span> |
| <span id="128">128</span> |
| <span id="129">129</span> |
| <span id="130">130</span> |
| <span id="131">131</span> |
| <span id="132">132</span> |
| <span id="133">133</span> |
| <span id="134">134</span> |
| <span id="135">135</span> |
| <span id="136">136</span> |
| <span id="137">137</span> |
| <span id="138">138</span> |
| <span id="139">139</span> |
| <span id="140">140</span> |
| <span id="141">141</span> |
| <span id="142">142</span> |
| <span id="143">143</span> |
| <span id="144">144</span> |
| <span id="145">145</span> |
| <span id="146">146</span> |
| <span id="147">147</span> |
| <span id="148">148</span> |
| <span id="149">149</span> |
| <span id="150">150</span> |
| <span id="151">151</span> |
| <span id="152">152</span> |
| <span id="153">153</span> |
| <span id="154">154</span> |
| <span id="155">155</span> |
| <span id="156">156</span> |
| <span id="157">157</span> |
| <span id="158">158</span> |
| <span id="159">159</span> |
| <span id="160">160</span> |
| <span id="161">161</span> |
| <span id="162">162</span> |
| <span id="163">163</span> |
| <span id="164">164</span> |
| <span id="165">165</span> |
| <span id="166">166</span> |
| <span id="167">167</span> |
| <span id="168">168</span> |
| <span id="169">169</span> |
| <span id="170">170</span> |
| <span id="171">171</span> |
| <span id="172">172</span> |
| <span id="173">173</span> |
| <span id="174">174</span> |
| <span id="175">175</span> |
| <span id="176">176</span> |
| <span id="177">177</span> |
| <span id="178">178</span> |
| <span id="179">179</span> |
| <span id="180">180</span> |
| <span id="181">181</span> |
| <span id="182">182</span> |
| <span id="183">183</span> |
| <span id="184">184</span> |
| <span id="185">185</span> |
| <span id="186">186</span> |
| <span id="187">187</span> |
| <span id="188">188</span> |
| <span id="189">189</span> |
| <span id="190">190</span> |
| <span id="191">191</span> |
| <span id="192">192</span> |
| <span id="193">193</span> |
| <span id="194">194</span> |
| <span id="195">195</span> |
| <span id="196">196</span> |
| <span id="197">197</span> |
| <span id="198">198</span> |
| <span id="199">199</span> |
| <span id="200">200</span> |
| <span id="201">201</span> |
| <span id="202">202</span> |
| <span id="203">203</span> |
| <span id="204">204</span> |
| <span id="205">205</span> |
| <span id="206">206</span> |
| <span id="207">207</span> |
| <span id="208">208</span> |
| <span id="209">209</span> |
| <span id="210">210</span> |
| <span id="211">211</span> |
| <span id="212">212</span> |
| <span id="213">213</span> |
| <span id="214">214</span> |
| <span id="215">215</span> |
| <span id="216">216</span> |
| <span id="217">217</span> |
| <span id="218">218</span> |
| <span id="219">219</span> |
| <span id="220">220</span> |
| <span id="221">221</span> |
| <span id="222">222</span> |
| <span id="223">223</span> |
| <span id="224">224</span> |
| <span id="225">225</span> |
| <span id="226">226</span> |
| <span id="227">227</span> |
| <span id="228">228</span> |
| <span id="229">229</span> |
| <span id="230">230</span> |
| <span id="231">231</span> |
| <span id="232">232</span> |
| <span id="233">233</span> |
| <span id="234">234</span> |
| <span id="235">235</span> |
| <span id="236">236</span> |
| <span id="237">237</span> |
| <span id="238">238</span> |
| <span id="239">239</span> |
| <span id="240">240</span> |
| <span id="241">241</span> |
| <span id="242">242</span> |
| <span id="243">243</span> |
| <span id="244">244</span> |
| <span id="245">245</span> |
| <span id="246">246</span> |
| <span id="247">247</span> |
| <span id="248">248</span> |
| <span id="249">249</span> |
| <span id="250">250</span> |
| <span id="251">251</span> |
| <span id="252">252</span> |
| <span id="253">253</span> |
| <span id="254">254</span> |
| <span id="255">255</span> |
| <span id="256">256</span> |
| <span id="257">257</span> |
| <span id="258">258</span> |
| <span id="259">259</span> |
| <span id="260">260</span> |
| <span id="261">261</span> |
| <span id="262">262</span> |
| <span id="263">263</span> |
| <span id="264">264</span> |
| <span id="265">265</span> |
| <span id="266">266</span> |
| <span id="267">267</span> |
| <span id="268">268</span> |
| <span id="269">269</span> |
| <span id="270">270</span> |
| <span id="271">271</span> |
| <span id="272">272</span> |
| </pre><pre class="rust"><code><span class="comment">// Copyright 2015 Brian Smith. |
| // |
| // Permission to use, copy, modify, and/or distribute this software for any |
| // purpose with or without fee is hereby granted, provided that the above |
| // copyright notice and this permission notice appear in all copies. |
| // |
| // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES |
| // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY |
| // SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
| // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
| // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| |
| </span><span class="doccomment">//! PBKDF2 derivation and verification. |
| //! |
| //! Use `derive` to derive PBKDF2 outputs. Use `verify` to verify secret |
| //! against previously-derived outputs. |
| //! |
| //! PBKDF2 is specified in [RFC 2898 Section 5.2] with test vectors given in |
| //! [RFC 6070]. See also [NIST Special Publication 800-132]. |
| //! |
| //! [RFC 2898 Section 5.2]: https://tools.ietf.org/html/rfc2898#section-5.2 |
| //! [RFC 6070]: https://tools.ietf.org/html/rfc6070 |
| //! [NIST Special Publication 800-132]: |
| //! http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf |
| //! |
| //! # Examples |
| //! |
| //! ## Password Database Example |
| //! |
| //! ``` |
| //! use ring::{digest, pbkdf2}; |
| //! use std::{collections::HashMap, num::NonZeroU32}; |
| //! |
| //! static PBKDF2_ALG: pbkdf2::Algorithm = pbkdf2::PBKDF2_HMAC_SHA256; |
| //! const CREDENTIAL_LEN: usize = digest::SHA256_OUTPUT_LEN; |
| //! pub type Credential = [u8; CREDENTIAL_LEN]; |
| //! |
| //! enum Error { |
| //! WrongUsernameOrPassword |
| //! } |
| //! |
| //! struct PasswordDatabase { |
| //! pbkdf2_iterations: NonZeroU32, |
| //! db_salt_component: [u8; 16], |
| //! |
| //! // Normally this would be a persistent database. |
| //! storage: HashMap<String, Credential>, |
| //! } |
| //! |
| //! impl PasswordDatabase { |
| //! pub fn store_password(&mut self, username: &str, password: &str) { |
| //! let salt = self.salt(username); |
| //! let mut to_store: Credential = [0u8; CREDENTIAL_LEN]; |
| //! pbkdf2::derive(PBKDF2_ALG, self.pbkdf2_iterations, &salt, |
| //! password.as_bytes(), &mut to_store); |
| //! self.storage.insert(String::from(username), to_store); |
| //! } |
| //! |
| //! pub fn verify_password(&self, username: &str, attempted_password: &str) |
| //! -> Result<(), Error> { |
| //! match self.storage.get(username) { |
| //! Some(actual_password) => { |
| //! let salt = self.salt(username); |
| //! pbkdf2::verify(PBKDF2_ALG, self.pbkdf2_iterations, &salt, |
| //! attempted_password.as_bytes(), |
| //! actual_password) |
| //! .map_err(|_| Error::WrongUsernameOrPassword) |
| //! }, |
| //! |
| //! None => Err(Error::WrongUsernameOrPassword) |
| //! } |
| //! } |
| //! |
| //! // The salt should have a user-specific component so that an attacker |
| //! // cannot crack one password for multiple users in the database. It |
| //! // should have a database-unique component so that an attacker cannot |
| //! // crack the same user's password across databases in the unfortunate |
| //! // but common case that the user has used the same password for |
| //! // multiple systems. |
| //! fn salt(&self, username: &str) -> Vec<u8> { |
| //! let mut salt = Vec::with_capacity(self.db_salt_component.len() + |
| //! username.as_bytes().len()); |
| //! salt.extend(self.db_salt_component.as_ref()); |
| //! salt.extend(username.as_bytes()); |
| //! salt |
| //! } |
| //! } |
| //! |
| //! fn main() { |
| //! // Normally these parameters would be loaded from a configuration file. |
| //! let mut db = PasswordDatabase { |
| //! pbkdf2_iterations: NonZeroU32::new(100_000).unwrap(), |
| //! db_salt_component: [ |
| //! // This value was generated from a secure PRNG. |
| //! 0xd6, 0x26, 0x98, 0xda, 0xf4, 0xdc, 0x50, 0x52, |
| //! 0x24, 0xf2, 0x27, 0xd1, 0xfe, 0x39, 0x01, 0x8a |
| //! ], |
| //! storage: HashMap::new(), |
| //! }; |
| //! |
| //! db.store_password("alice", "@74d7]404j|W}6u"); |
| //! |
| //! // An attempt to log in with the wrong password fails. |
| //! assert!(db.verify_password("alice", "wrong password").is_err()); |
| //! |
| //! // Normally there should be an expoentially-increasing delay between |
| //! // attempts to further protect against online attacks. |
| //! |
| //! // An attempt to log in with the right password succeeds. |
| //! assert!(db.verify_password("alice", "@74d7]404j|W}6u").is_ok()); |
| //! } |
| |
| </span><span class="kw">use crate</span>::{constant_time, digest, error, hmac, polyfill}; |
| <span class="kw">use </span>core::num::NonZeroU32; |
| |
| <span class="doccomment">/// A PBKDF2 algorithm. |
| </span><span class="attribute">#[derive(Clone, Copy, PartialEq, Eq)] |
| </span><span class="kw">pub struct </span>Algorithm(hmac::Algorithm); |
| |
| <span class="doccomment">/// PBKDF2 using HMAC-SHA1. |
| </span><span class="kw">pub static </span>PBKDF2_HMAC_SHA1: Algorithm = Algorithm(hmac::HMAC_SHA1_FOR_LEGACY_USE_ONLY); |
| |
| <span class="doccomment">/// PBKDF2 using HMAC-SHA256. |
| </span><span class="kw">pub static </span>PBKDF2_HMAC_SHA256: Algorithm = Algorithm(hmac::HMAC_SHA256); |
| |
| <span class="doccomment">/// PBKDF2 using HMAC-SHA384. |
| </span><span class="kw">pub static </span>PBKDF2_HMAC_SHA384: Algorithm = Algorithm(hmac::HMAC_SHA384); |
| |
| <span class="doccomment">/// PBKDF2 using HMAC-SHA512. |
| </span><span class="kw">pub static </span>PBKDF2_HMAC_SHA512: Algorithm = Algorithm(hmac::HMAC_SHA512); |
| |
| <span class="doccomment">/// Fills `out` with the key derived using PBKDF2 with the given inputs. |
| /// |
| /// Do not use `derive` as part of verifying a secret; use `verify` instead, to |
| /// minimize the effectiveness of timing attacks. |
| /// |
| /// `out.len()` must be no larger than the digest length * (2**32 - 1), per the |
| /// PBKDF2 specification. |
| /// |
| /// | Parameter | RFC 2898 Section 5.2 Term |
| /// |-------------|------------------------------------------- |
| /// | digest_alg | PRF (HMAC with the given digest algorithm) |
| /// | iterations | c (iteration count) |
| /// | salt | S (salt) |
| /// | secret | P (password) |
| /// | out | dk (derived key) |
| /// | out.len() | dkLen (derived key length) |
| /// |
| /// # Panics |
| /// |
| /// `derive` panics if `out.len()` is larger than (2**32 - 1) * the digest |
| /// algorithm's output length, per the PBKDF2 specification. |
| </span><span class="kw">pub fn </span>derive( |
| algorithm: Algorithm, |
| iterations: NonZeroU32, |
| salt: <span class="kw-2">&</span>[u8], |
| secret: <span class="kw-2">&</span>[u8], |
| out: <span class="kw-2">&mut </span>[u8], |
| ) { |
| <span class="kw">let </span>digest_alg = algorithm.<span class="number">0</span>.digest_algorithm(); |
| <span class="kw">let </span>output_len = digest_alg.output_len; |
| |
| <span class="comment">// This implementation's performance is asymptotically optimal as described |
| // in https://jbp.io/2015/08/11/pbkdf2-performance-matters/. However, it |
| // hasn't been optimized to the same extent as fastpbkdf2. In particular, |
| // this implementation is probably doing a lot of unnecessary copying. |
| |
| </span><span class="kw">let </span>secret = hmac::Key::new(algorithm.<span class="number">0</span>, secret); |
| |
| <span class="comment">// Clear |out|. |
| </span>polyfill::slice::fill(out, <span class="number">0</span>); |
| |
| <span class="kw">let </span><span class="kw-2">mut </span>idx: u32 = <span class="number">0</span>; |
| |
| <span class="kw">for </span>chunk <span class="kw">in </span>out.chunks_mut(output_len) { |
| idx = idx.checked_add(<span class="number">1</span>).expect(<span class="string">"derived key too long"</span>); |
| derive_block(<span class="kw-2">&</span>secret, iterations, salt, idx, chunk); |
| } |
| } |
| |
| <span class="kw">fn </span>derive_block(secret: <span class="kw-2">&</span>hmac::Key, iterations: NonZeroU32, salt: <span class="kw-2">&</span>[u8], idx: u32, out: <span class="kw-2">&mut </span>[u8]) { |
| <span class="kw">let </span><span class="kw-2">mut </span>ctx = hmac::Context::with_key(secret); |
| ctx.update(salt); |
| ctx.update(<span class="kw-2">&</span>u32::to_be_bytes(idx)); |
| |
| <span class="kw">let </span><span class="kw-2">mut </span>u = ctx.sign(); |
| |
| <span class="kw">let </span><span class="kw-2">mut </span>remaining: u32 = iterations.into(); |
| <span class="kw">loop </span>{ |
| <span class="kw">for </span>i <span class="kw">in </span><span class="number">0</span>..out.len() { |
| out[i] ^= u.as_ref()[i]; |
| } |
| |
| <span class="kw">if </span>remaining == <span class="number">1 </span>{ |
| <span class="kw">break</span>; |
| } |
| remaining -= <span class="number">1</span>; |
| |
| u = hmac::sign(secret, u.as_ref()); |
| } |
| } |
| |
| <span class="doccomment">/// Verifies that a previously-derived (e.g., using `derive`) PBKDF2 value |
| /// matches the PBKDF2 value derived from the other inputs. |
| /// |
| /// The comparison is done in constant time to prevent timing attacks. The |
| /// comparison will fail if `previously_derived` is empty (has a length of |
| /// zero). |
| /// |
| /// | Parameter | RFC 2898 Section 5.2 Term |
| /// |----------------------------|-------------------------------------------- |
| /// | digest_alg | PRF (HMAC with the given digest algorithm). |
| /// | `iterations` | c (iteration count) |
| /// | `salt` | S (salt) |
| /// | `secret` | P (password) |
| /// | `previously_derived` | dk (derived key) |
| /// | `previously_derived.len()` | dkLen (derived key length) |
| /// |
| /// # Panics |
| /// |
| /// `verify` panics if `out.len()` is larger than (2**32 - 1) * the digest |
| /// algorithm's output length, per the PBKDF2 specification. |
| </span><span class="kw">pub fn </span>verify( |
| algorithm: Algorithm, |
| iterations: NonZeroU32, |
| salt: <span class="kw-2">&</span>[u8], |
| secret: <span class="kw-2">&</span>[u8], |
| previously_derived: <span class="kw-2">&</span>[u8], |
| ) -> <span class="prelude-ty">Result</span><(), error::Unspecified> { |
| <span class="kw">let </span>digest_alg = algorithm.<span class="number">0</span>.digest_algorithm(); |
| |
| <span class="kw">if </span>previously_derived.is_empty() { |
| <span class="kw">return </span><span class="prelude-val">Err</span>(error::Unspecified); |
| } |
| |
| <span class="kw">let </span><span class="kw-2">mut </span>derived_buf = [<span class="number">0u8</span>; digest::MAX_OUTPUT_LEN]; |
| |
| <span class="kw">let </span>output_len = digest_alg.output_len; |
| <span class="kw">let </span>secret = hmac::Key::new(algorithm.<span class="number">0</span>, secret); |
| <span class="kw">let </span><span class="kw-2">mut </span>idx: u32 = <span class="number">0</span>; |
| |
| <span class="kw">let </span><span class="kw-2">mut </span>matches = <span class="number">1</span>; |
| |
| <span class="kw">for </span>previously_derived_chunk <span class="kw">in </span>previously_derived.chunks(output_len) { |
| idx = idx.checked_add(<span class="number">1</span>).expect(<span class="string">"derived key too long"</span>); |
| |
| <span class="kw">let </span>derived_chunk = <span class="kw-2">&mut </span>derived_buf[..previously_derived_chunk.len()]; |
| polyfill::slice::fill(derived_chunk, <span class="number">0</span>); |
| |
| derive_block(<span class="kw-2">&</span>secret, iterations, salt, idx, derived_chunk); |
| |
| <span class="comment">// XXX: This isn't fully constant-time-safe. TODO: Fix that. |
| </span><span class="kw">let </span>current_block_matches = |
| <span class="kw">if </span>constant_time::verify_slices_are_equal(derived_chunk, previously_derived_chunk) |
| .is_ok() |
| { |
| <span class="number">1 |
| </span>} <span class="kw">else </span>{ |
| <span class="number">0 |
| </span>}; |
| |
| matches &= current_block_matches; |
| } |
| |
| <span class="kw">if </span>matches == <span class="number">0 </span>{ |
| <span class="kw">return </span><span class="prelude-val">Err</span>(error::Unspecified); |
| } |
| |
| <span class="prelude-val">Ok</span>(()) |
| } |
| </code></pre></div> |
| </section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="ring" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html> |