PBKDF : Add enum Strength

src/kdf.ts

@@ -12,6 +12,11 @@ export enum DHusage {
   box,
   wrap
 }
+export enum Strength {
+  weak,
+  moderate,
+  strong
+}
 
 /** Minimum seed size : 32 bytes */
 export async function hkdf(key: Uint8Array, usage: Usage, context?: string): Promise<CryptoKey | null> {
@@ -84,7 +89,7 @@ export async function hkdf(key: Uint8Array, usage: Usage, context?: string): Pro
 }
 
 /** Minimum salt size : 16 bytes */
-export async function pbkdf(salt: Uint8Array, password: string): Promise<Uint8Array | null> {
+export async function pbkdf(salt: Uint8Array, password: string, strength: Strength = Strength.moderate): Promise<Uint8Array | null> {
   log.trace('PBKDF')
 
   if (salt.length < 16) {
@@ -97,13 +102,28 @@ export async function pbkdf(salt: Uint8Array, password: string): Promise<Uint8Ar
     'deriveBits'
   ])
 
-  // TODO : Strength selection with enum
+  let iterations: number
+  switch (strength) {
+    case Strength.weak:
+      iterations = 100_000
+      break;
+    case Strength.moderate:
+      iterations = 250_000
+      break;
+    case Strength.strong:
+      iterations = 500_000
+      break;
+    default:
+      log.warn('Invalid strength used !')
+      return null
+  }
+
   // I don't think this could crash
   const buffer = await crypto.subtle.deriveBits(
     {
       name: 'PBKDF2',
       salt,
-      iterations: 250_000,
+      iterations,
       hash: 'SHA-512'
     },
     material,