typescript/libcrypto
1
0
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity

PBKDF : Add enum Strength

Browse Source
This commit is contained in:
Pascal Perrenoud
2024-09-12 00:08:49 +02:00
parent 37cd6b1800
commit 46f941aea7
2 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/kdf.ts
+23 -3
View File
@@ -12,6 +12,11 @@ export enum DHusage {
box,
wrap
}
export enum Strength {
weak,
moderate,
strong
}
/** Minimum seed size : 32 bytes */
export async function hkdf(key: Uint8Array, usage: Usage, context?: string): Promise<CryptoKey | null> {
@@ -84,7 +89,7 @@ export async function hkdf(key: Uint8Array, usage: Usage, context?: string): Pro
}
/** Minimum salt size : 16 bytes */
export async function pbkdf(salt: Uint8Array, password: string): Promise<Uint8Array | null> {
export async function pbkdf(salt: Uint8Array, password: string, strength: Strength = Strength.moderate): Promise<Uint8Array | null> {
log.trace('PBKDF')
if (salt.length < 16) {
@@ -97,13 +102,28 @@ export async function pbkdf(salt: Uint8Array, password: string): Promise<Uint8Ar
'deriveBits'
])
// TODO : Strength selection with enum
let iterations: number
switch (strength) {
case Strength.weak:
iterations = 100_000
break;
case Strength.moderate:
iterations = 250_000
break;
case Strength.strong:
iterations = 500_000
break;
default:
log.warn('Invalid strength used !')
return null
}
// I don't think this could crash
const buffer = await crypto.subtle.deriveBits(
{
name: 'PBKDF2',
salt,
iterations: 250_000,
iterations,
hash: 'SHA-512'
},
material,
test/kdf.test.ts
+8 -1
View File
@@ -107,7 +107,14 @@ describe('PBKDF', () => {
const k2 = await kdf.pbkdf(salt1, pwd2)
expect(k1).not.toEqual(k2)
})
// TODO : Different strength => different keys
test('Different strengths', async () => {
const k1 = await kdf.pbkdf(salt1, pwd2, kdf.Strength.weak)
const k2 = await kdf.pbkdf(salt1, pwd1, kdf.Strength.moderate)
const k3 = await kdf.pbkdf(salt1, pwd2, kdf.Strength.strong)
expect(k1).not.toEqual(k2)
expect(k1).not.toEqual(k3)
expect(k2).not.toEqual(k3)
})
test('Minimum salt size', async () => {
const k = await kdf.pbkdf(new Uint8Array(15), pwd1)
expect(k).toBeNull()