1# Key Derivation Overview and Algorithm Specifications 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10A key derivation function (KDF) is a cryptographic algorithm that derives one or more secrete keys from a secret value by using a pseudorandom function (PRF). It can be used to stretch keys into longer keys or to obtain keys in the required format. 11 12## PBKDF2 13 14Password-Based Key Derivation Function (PBKDF) is a key derivation function with a sliding computational cost. PBKDF2 is part of the PKCS series. 15 16PBKDF2 applies a PRF, such as an [HMAC](crypto-compute-hmac.md), to an input password together with a salt value, and repeats the process multiple times to generate a derived key. 17 18When creating a **KDF** instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the KDF algorithm and HMAC algorithm with a vertical bar (|) in between. 19| KDF Algorithm| HMAC Algorithm| String Parameter| API Version| 20| -------- | -------- | -------- | -------- | 21| PBKDF2 | SHA1 | PBKDF2\|SHA1 | 11+ | 22| PBKDF2 | SHA224 | PBKDF2\|SHA224 | 11+ | 23| PBKDF2 | SHA256 | PBKDF2\|SHA256 | 11+ | 24| PBKDF2 | SHA384 | PBKDF2\|SHA384 | 11+ | 25| PBKDF2 | SHA512 | PBKDF2\|SHA512 | 11+ | 26| PBKDF2 | SM3 | PBKDF2\|SM3 | 11+ | 27 28## HKDF 29 30HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is a simple KDF based on an [HMAC](crypto-compute-hmac.md). It is used to expand limited input key material into a cryptographically strong secret key. 31 32The HKDF has three modes: 33 34- **EXTRACT_ONLY**: generates a pseudorandom key (PRK) from the input key material (IKM) and an optional salt. 35- **EXPAND_ONLY**: expands the PRK to a key of the specified length. 36- **EXTRACT_AND_EXPAND**: generates a PRK from the IKM and salt, and expands it to a key of the specified length. 37 38When creating a **KDF** instance, you need to specify the algorithm specifications in a string parameter. The string parameter consists of the KDF algorithm, HMAC algorithm, and mode with a vertical bar (|) in between. 39 40As shown in the following table, you can select only one value (content in square brackets ([])) to concatenate the string. The mode is optional. If it is not specified, **EXTRACT_AND_EXPAND** is used by default. For example, if the KDF algorithm is **HKDF**, the HMAC algorithm is **SHA1**, and the mode is **EXTRACT_AND_EXPAND**, the string parameter is **HKDF|SHA1** or **HKDF|SHA1|EXTRACT_AND_EXPAND**. 41| KDF Algorithm| HMAC Algorithm| Mode| API Version| 42| -------- | -------- | -------- | -------- | 43| HKDF | SHA1 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | 12+ | 44| HKDF | SHA224 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | 12+ | 45| HKDF | SHA256 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | 12+ | 46| HKDF | SHA384 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | 12+ | 47| HKDF | SHA512 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | 12+ | 48| HKDF | SM3 | [EXPAND_ONLY\|EXTRACT_ONLY\|EXTRACT_AND_EXPAND] | 12+ | 49 50## Scrypt 51 52Scrypt is a KDF used to produce a key from a password and a salt value. This function includes three main parameters: **n**, **r**, and **p**. **n** is the number of iterations, **r** is the block size, and **p** is parallelization. By adjusting these parameters, you can optimize the system based on different security requirements and hardware performance. 53Using scrypt to derive keys consumes memory and computing resources. You must pass in appropriate values based on the device hardware conditions. 54You can use the following formula to calculate the memory:<br>Memory (in bytes) = p * 128 * r + 32 * r * (n + 2) * 4 55 56| KDF Algorithm| String Parameter| API Version| 57| -------- | -------- | -------- | 58| SCRYPT | SCRYPT | 16+ | 59