UNPKG

@noble/hashes

Version:

Audited & minimal 0-dependency JS implementation of SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt

paulmillr.com/noble/

paulmillr/noble-hashes

97 lines 3.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/** * PBKDF (RFC 2898). Can be used to create a key from password and salt. * @module */ import { ahash, anumber } from './_assert.js'; import { hmac } from './hmac.js'; import { asyncLoop, checkOpts, createView, Hash, toBytes, } from './utils.js'; // Common prologue and epilogue for sync/async functions function pbkdf2Init(hash, _password, _salt, _opts) { ahash(hash); const opts = checkOpts({ dkLen: 32, asyncTick: 10 }, _opts); const { c, dkLen, asyncTick } = opts; anumber(c); anumber(dkLen); anumber(asyncTick); if (c < 1) throw new Error('PBKDF2: iterations (c) should be >= 1'); const password = toBytes(_password); const salt = toBytes(_salt); // DK = PBKDF2(PRF, Password, Salt, c, dkLen); const DK = new Uint8Array(dkLen); // U1 = PRF(Password, Salt + INT_32_BE(i)) const PRF = hmac.create(hash, password); const PRFSalt = PRF._cloneInto().update(salt); return { c, dkLen, asyncTick, DK, PRF, PRFSalt }; } function pbkdf2Output(PRF, PRFSalt, DK, prfW, u) { PRF.destroy(); PRFSalt.destroy(); if (prfW) prfW.destroy(); u.fill(0); return DK; } /** * PBKDF2-HMAC: RFC 2898 key derivation function * @param hash - hash function that would be used e.g. sha256 * @param password - password from which a derived key is generated * @param salt - cryptographic salt * @param opts - {c, dkLen} where c is work factor and dkLen is output message size * @example * const key = pbkdf2(sha256, 'password', 'salt', { dkLen: 32, c: 2 ** 18 }); */ export function pbkdf2(hash, password, salt, opts) { const { c, dkLen, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts); let prfW; // Working copy const arr = new Uint8Array(4); const view = createView(arr); const u = new Uint8Array(PRF.outputLen); // DK = T1 + T2 + ⋯ + Tdklen/hlen for (let ti = 1, pos = 0; pos < dkLen; ti++, pos += PRF.outputLen) { // Ti = F(Password, Salt, c, i) const Ti = DK.subarray(pos, pos + PRF.outputLen); view.setInt32(0, ti, false); // F(Password, Salt, c, i) = U1 ^ U2 ^ ⋯ ^ Uc // U1 = PRF(Password, Salt + INT_32_BE(i)) (prfW = PRFSalt._cloneInto(prfW)).update(arr).digestInto(u); Ti.set(u.subarray(0, Ti.length)); for (let ui = 1; ui < c; ui++) { // Uc = PRF(Password, Uc−1) PRF._cloneInto(prfW).update(u).digestInto(u); for (let i = 0; i < Ti.length; i++) Ti[i] ^= u[i]; } } return pbkdf2Output(PRF, PRFSalt, DK, prfW, u); } /** * PBKDF2-HMAC: RFC 2898 key derivation function. Async version. * @example * await pbkdf2Async(sha256, 'password', 'salt', { dkLen: 32, c: 500_000 }); */ export async function pbkdf2Async(hash, password, salt, opts) { const { c, dkLen, asyncTick, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts); let prfW; // Working copy const arr = new Uint8Array(4); const view = createView(arr); const u = new Uint8Array(PRF.outputLen); // DK = T1 + T2 + ⋯ + Tdklen/hlen for (let ti = 1, pos = 0; pos < dkLen; ti++, pos += PRF.outputLen) { // Ti = F(Password, Salt, c, i) const Ti = DK.subarray(pos, pos + PRF.outputLen); view.setInt32(0, ti, false); // F(Password, Salt, c, i) = U1 ^ U2 ^ ⋯ ^ Uc // U1 = PRF(Password, Salt + INT_32_BE(i)) (prfW = PRFSalt._cloneInto(prfW)).update(arr).digestInto(u); Ti.set(u.subarray(0, Ti.length)); await asyncLoop(c - 1, asyncTick, () => { // Uc = PRF(Password, Uc−1) PRF._cloneInto(prfW).update(u).digestInto(u); for (let i = 0; i < Ti.length; i++) Ti[i] ^= u[i]; }); } return pbkdf2Output(PRF, PRFSalt, DK, prfW, u); } //# sourceMappingURL=pbkdf2.js.map