/** @fileOverview Password-based key-derivation function, version 2.0.
*
* @author Emily Stark
* @author Mike Hamburg
* @author Dan Boneh
*/
/** Password-Based Key-Derivation Function, version 2.0.
*
* Generate keys from passwords using PBKDF2-HMAC-SHA256.
*
* This is the method specified by RSA's PKCS #5 standard.
*
* @param {bitArray|String} password The password.
* @param {bitArray|String} salt The salt. Should have lots of entropy.
* @param {Number} [count=1000] The number of iterations. Higher numbers make the function slower but more secure.
* @param {Number} [length] The length of the derived key. Defaults to the
output size of the hash function.
* @param {Object} [Prff=sjcl.misc.hmac] The pseudorandom function family.
* @return {bitArray} the derived key.
*/
sjcl.misc.pbkdf2 = function (password, salt, count, length, Prff) {
count = count || 10000;
if (length < 0 || count < 0) {
throw new sjcl.exception.invalid("invalid params to pbkdf2");
}
if (typeof password === "string") {
password = sjcl.codec.utf8String.toBits(password);
}
if (typeof salt === "string") {
salt = sjcl.codec.utf8String.toBits(salt);
}
Prff = Prff || sjcl.misc.hmac;
var prf = new Prff(password),
u, ui, i, j, k, out = [], b = sjcl.bitArray;
for (k = 1; 32 * out.length < (length || 1); k++) {
u = ui = prf.encrypt(b.concat(salt,[k]));
for (i=1; i<count; i++) {
ui = prf.encrypt(ui);
for (j=0; j<ui.length; j++) {
u[j] ^= ui[j];
}
}
out = out.concat(u);
}
if (length) { out = b.clamp(out, length); }
return out;
};