Module Webs_kit.Sha_256

The type for SHA-256 hashes.

length h is the length of h in bytes (i.e. 32).

hash s is the SHA-256 hash of s.

hmac ~key msg is the RFC 2104 HMAC-SHA-256 for key key and message msg. key should not be less than 32 bytes.

pbkdf2_hmac ~key_len ~iterations ~pass ~salt () derives a key for password pass with a salt salt and iterations iterations iterations (use at least 100_000) wto generate a key of length key_len using RFC 8018's PBKFD2-HMAC-SHA-256.

Warning. Use equal_key to compare derived keys, not String.equal or ( = ).

In 2021, here is a good baseline of parameters:

• A key_len of 32 bytes.
• A number of iterations of 400_000.
• A salt length of 8 bytes.

Warning. Use equal_key to compare derived keys, not String.equal or ( = ).

Raises Invalid_argument if key_len or iterations are smaller or equal to 0 or if key_len is greater than 2³² - 1 * 32 or max_int.

equal_key k0 k1 is a constant time string equality for k0 and k1 of the same length. Do not use to compare string of different lengths this raises Invalid_argument in that case.

equal h0 h1 is a constant time equality comparison function between h0 and h1.

to_bytes h is the sequence of bytes of h.

of_bytes s is the sequence of bytes of s as a hash value. An error is returned if the length of s in not 32.

to_ascii_hex h is the sequence of bytes of h as US-ASCII lowercase hexadecimal digits.

of_hex s parses a sequence of US-ASCII (lower or upper cased) hexadecimal digits to its hash value. Errors with an offending index or the length of the string in case s was not exactly made of 64 US-ASCII hex digits.

pp formats digests with to_hex.