def PBKDF2(*, password: bytes, salt: bytes, dklen: int, c: int,
prf: str) -> bytes:
if 'sha' not in prf:
raise ValueError(f"String 'sha' is not in `prf`({prf})")
_hash = _sha256 if 'sha256' in prf else _sha512
res = _PBKDF2(password=password,
salt=salt,
dkLen=dklen,
count=c,
hmac_hash_module=_hash) # type: ignore
return res if isinstance(
res, bytes) else res[0] # PyCryptodome can return Tuple[bytes]
def PBKDF2(*, password: str, salt: bytes, dklen: int, c: int,
prf: str) -> bytes:
assert ('sha' in prf)
_hash = _sha256 if 'sha256' in prf else _sha512
password_bytes = password.encode("utf-8")
res = _PBKDF2(password=password_bytes,
salt=salt,
dkLen=dklen,
count=c,
hmac_hash_module=_hash) # type: ignore
return res if isinstance(
res, bytes) else res[0] # PyCryptodome can return Tuple[bytes]
def PBKDF2(*, password: bytes, salt: bytes, dklen: int, c: int,
prf: str) -> bytes:
if 'sha' not in prf:
raise ValueError(f"String 'sha' is not in `prf`({prf})")
if 'sha256' in prf and c < 2**18:
'''
Verify the number of rounds of SHA256-PBKDF2. SHA512 not checked as use in BIP39
does not require, and therefore doesn't use, safe parameters (c=2048).
Ref: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#from-mnemonic-to-seed
'''
raise ValueError("The PBKDF2 parameters chosen are not secure.")
_hash = _sha256 if 'sha256' in prf else _sha512
res = _PBKDF2(password=password,
salt=salt,
dkLen=dklen,
count=c,
hmac_hash_module=_hash) # type: ignore
return res if isinstance(
res, bytes) else res[0] # PyCryptodome can return Tuple[bytes]