lib/gcrypto_jce/pbkdf2.rb in gcrypto_jce-0.1 vs lib/gcrypto_jce/pbkdf2.rb in gcrypto_jce-0.2
- old
+ new
@@ -26,27 +26,40 @@
raise GcryptoJce::Error, "Unknown password type '#{pass.class}'"
end
end
iter = opts[:iteration]
+ iter_lb = opts[:iter_lb] || 10000
+ iter_hb = opts[:iter_hb] || 30000
if iter.nil? or iter.to_i == 0
- iter = rand(10000...20000)
+ iter = rand(iter_lb...iter_hb)
end
+ hashSpec = opts[:hash_eng]
+ if not (hashSpec.nil? or hashSpec.empty?)
+ case hashSpec.downcase.to_sym
+ when :sha1
+ engSpec = "PBKDF2WithHMACSHA1"
+ when :sha2, :sha256
+ engSpec = "PBKDF2WithHMACSHA256"
+ when :sha512
+ engSpec = "PBKDF2WithHMACSHA512"
+ else
+ engSpec = "PBKDF2WithHMACSHA256"
+ GcryptoJce::Gconf.instance.glog.warn "User asking for hash engine '#{hashSpec}' but not in supported list. Using default PBKDF2WithHMACSHA256 instead."
+ end
+ end
+
keyLen = opts[:outKeyLen]
case keyLen
when 128
outKeyLen = 128
- engSpec = "PBKDF2WithHMACSHA1"
when 256, 192
outKeyLen = 256
- engSpec = "PBKDF2WithHMACSHA256"
when 512
outKeyLen = 512
- engSpec = "PBKDF2WithHMACSHA512"
else
outKeyLen = 256
- engSpec = "PBKDF2WithHMACSHA256"
end
prov = GcryptoJce::Provider.handle_options(opts, nil)
salt = opts[:salt]