deriveKey static method

List<int> deriveKey({
  1. required HMAC mac(),
  2. required List<int> salt,
  3. required int iterations,
  4. required int length,
})

Derives a cryptographic key using the PBKDF2 algorithm with the provided parameters.

This method takes several essential parameters to derive a secure key:

Parameters:

  • mac: A function that returns an HMAC (Hash-based Message Authentication Code) instance. HMAC is used as the pseudorandom function in the PBKDF2 algorithm.
  • salt: A unique random value (the salt) that adds randomness and security to the key derivation process.
  • iterations: The number of iterations or rounds of HMAC to apply, which increases the computational expense and security.
  • length: The desired length of the derived cryptographic key in bytes.

Returns: A List<int> containing the derived cryptographic key based on the provided parameters.

This method applies the PBKDF2 algorithm to derive a secure key suitable for encryption and other security purposes.

Implementation

static List<int> deriveKey({
  required HMAC Function() mac,
  required List<int> salt,
  required int iterations,
  required int length,
}) {
  final prf = mac();
  final dlen = prf.getDigestLength;
  final ctr = List<int>.filled(4, 0);
  final t = List<int>.filled(dlen, 0);
  final u = List<int>.filled(dlen, 0);
  final dk = List<int>.filled(length, 0);

  prf.update(salt);
  final saltedState = prf.saveState();

  for (var i = 0; i * dlen < length; i++) {
    writeUint32BE(i + 1, ctr);
    prf.restoreState(saltedState)
      ..update(ctr)
      ..finish(u);
    for (var j = 0; j < dlen; j++) {
      t[j] = u[j];
    }
    for (var j = 2; j <= iterations; j++) {
      prf
        ..reset()
        ..update(u)
        ..finish(u);
      for (var k = 0; k < dlen; k++) {
        t[k] ^= u[k];
      }
    }

    for (var j = 0; j < dlen && i * dlen + j < length; j++) {
      dk[i * dlen + j] = t[j];
    }
  }
  zero(t);
  zero(u);
  zero(ctr);
  prf.cleanSavedState(saltedState);
  prf.clean();
  return dk;
}