1# Key Derivation Using HKDF (C/C++) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10For details about the corresponding algorithm specifications, see [HKDF](crypto-key-derivation-overview.md#hkdf). 11 12## How to Develop 13 141. Call [OH_CryptoKdfParams_Create](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdfparams_create) and specify the string parameter **HKDF** to create a key derivation parameter object. 15 162. Call [OH_CryptoKdfParams_SetParam](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdfparams_setparam) to set the parameters required by HKDF. Example: 17 - **CRYPTO_KDF_KEY_DATABLOB**: original key material used to generate a derived key. 18 - **CRYPTO_KDF_SALT_DATABLOB**: salt value. 19 - **CRYPTO_KDF_INFO_DATABLOB**: (optional) application-specific information. 20 213. Call [OH_CryptoKdf_Create](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdf_create) and specify the string parameter **HKDF|SHA256|EXTRACT_AND_EXPAND** to create a key derivation function object. 22 234. Call [OH_CryptoKdf_Derive](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdf_derive) and specify the byte length of the target key. 24 25```C++ 26#include "CryptoArchitectureKit/crypto_architecture_kit.h" 27#include <stdio.h> 28#include <string.h> 29 30static OH_Crypto_ErrCode doTestHkdf() 31{ 32 // Create an HKDF parameter object. 33 OH_CryptoKdfParams *params = nullptr; 34 OH_Crypto_ErrCode ret = OH_CryptoKdfParams_Create("HKDF", ¶ms); 35 if (ret != CRYPTO_SUCCESS) { 36 return ret; 37 } 38 39 // Set the original key material. 40 const char *keyData = "012345678901234567890123456789"; 41 Crypto_DataBlob key = { 42 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(keyData)), 43 .len = strlen(keyData) 44 }; 45 ret = OH_CryptoKdfParams_SetParam(params, CRYPTO_KDF_KEY_DATABLOB, &key); 46 if (ret != CRYPTO_SUCCESS) { 47 OH_CryptoKdfParams_Destroy(params); 48 return ret; 49 } 50 51 // Set the salt value. 52 const char *saltData = "saltstring"; 53 Crypto_DataBlob salt = { 54 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(saltData)), 55 .len = strlen(saltData) 56 }; 57 ret = OH_CryptoKdfParams_SetParam(params, CRYPTO_KDF_SALT_DATABLOB, &salt); 58 if (ret != CRYPTO_SUCCESS) { 59 OH_CryptoKdfParams_Destroy(params); 60 return ret; 61 } 62 63 // (Optional) Set application-specific information. 64 const char *infoData = "infostring"; 65 Crypto_DataBlob info = { 66 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(infoData)), 67 .len = strlen(infoData) 68 }; 69 ret = OH_CryptoKdfParams_SetParam(params, CRYPTO_KDF_INFO_DATABLOB, &info); 70 if (ret != CRYPTO_SUCCESS) { 71 OH_CryptoKdfParams_Destroy(params); 72 return ret; 73 } 74 75 // Create a key derivation function object. 76 OH_CryptoKdf *kdfCtx = nullptr; 77 ret = OH_CryptoKdf_Create("HKDF|SHA256|EXTRACT_AND_EXPAND", &kdfCtx); 78 if (ret != CRYPTO_SUCCESS) { 79 OH_CryptoKdfParams_Destroy(params); 80 return ret; 81 } 82 83 // Derive a key. 84 Crypto_DataBlob out = {0}; 85 uint32_t keyLength = 32; // Generate a 32-byte key. 86 ret = OH_CryptoKdf_Derive(kdfCtx, params, keyLength, &out); 87 if (ret != CRYPTO_SUCCESS) { 88 OH_CryptoKdf_Destroy(kdfCtx); 89 OH_CryptoKdfParams_Destroy(params); 90 return ret; 91 } 92 93 printf("Derived key length: %u\n", out.len); 94 95 // Free resources. 96 OH_Crypto_FreeDataBlob(&out); 97 OH_CryptoKdf_Destroy(kdfCtx); 98 OH_CryptoKdfParams_Destroy(params); 99 return CRYPTO_SUCCESS; 100} 101``` 102