1# Key Derivation Using PBKDF2 (C/C++) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10For details about the corresponding algorithm specifications, see [PBKDF2](crypto-key-derivation-overview.md#pbkdf2). 11 12## How to Develop 13 141. Call [OH_CryptoKdfParams_Create](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdfparams_create) and specify the string parameter **PBKDF2** to create a key derivation parameter object. 15 162. Call [OH_CryptoKdfParams_SetParam](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdfparams_setparam) to set the parameters required by PBKDF2. Example: 17 - **CRYPTO_KDF_KEY_DATABLOB**: original password used to generate the derived key. 18 - **CRYPTO_KDF_SALT_DATABLOB**: salt value. 19 - **CRYPTO_KDF_ITER_COUNT_INT**: number of iterations. The value must be a positive integer. 20 213. Call [OH_CryptoKdf_Create](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdf_create) and specify the string parameter **PBKDF2|SHA256** to create a key derivation function object. 22 234. Call [OH_CryptoKdf_Derive](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdf_derive) and specify the byte length of the target key. 24 25```C++ 26#include "CryptoArchitectureKit/crypto_architecture_kit.h" 27#include <stdio.h> 28#include <string.h> 29 30static OH_Crypto_ErrCode doTestPbkdf2() 31{ 32 // Create a PBKDF2 parameter object. 33 OH_CryptoKdfParams *params = nullptr; 34 OH_Crypto_ErrCode ret = OH_CryptoKdfParams_Create("PBKDF2", ¶ms); 35 if (ret != CRYPTO_SUCCESS) { 36 return ret; 37 } 38 39 // Set the password. 40 const char *password = "123456"; 41 Crypto_DataBlob passwordBlob = { 42 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(password)), 43 .len = strlen(password) 44 }; 45 ret = OH_CryptoKdfParams_SetParam(params, CRYPTO_KDF_KEY_DATABLOB, &passwordBlob); 46 if (ret != CRYPTO_SUCCESS) { 47 OH_CryptoKdfParams_Destroy(params); 48 return ret; 49 } 50 51 // Set the salt value. 52 const char *salt = "saltstring"; 53 Crypto_DataBlob saltBlob = { 54 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(salt)), 55 .len = strlen(salt) 56 }; 57 ret = OH_CryptoKdfParams_SetParam(params, CRYPTO_KDF_SALT_DATABLOB, &saltBlob); 58 if (ret != CRYPTO_SUCCESS) { 59 OH_CryptoKdfParams_Destroy(params); 60 return ret; 61 } 62 63 // Set the number of iterations. 64 int iterations = 10000; 65 Crypto_DataBlob iterationsBlob = { 66 .data = reinterpret_cast<uint8_t *>(&iterations), 67 .len = sizeof(int) 68 }; 69 ret = OH_CryptoKdfParams_SetParam(params, CRYPTO_KDF_ITER_COUNT_INT, &iterationsBlob); 70 if (ret != CRYPTO_SUCCESS) { 71 OH_CryptoKdfParams_Destroy(params); 72 return ret; 73 } 74 75 // Create a key derivation function object. 76 OH_CryptoKdf *kdfCtx = nullptr; 77 ret = OH_CryptoKdf_Create("PBKDF2|SHA256", &kdfCtx); 78 if (ret != CRYPTO_SUCCESS) { 79 OH_CryptoKdfParams_Destroy(params); 80 return ret; 81 } 82 83 // Derive a key. 84 Crypto_DataBlob out = {0}; 85 uint32_t keyLength = 32; // Generate a 32-byte key. 86 ret = OH_CryptoKdf_Derive(kdfCtx, params, keyLength, &out); 87 if (ret != CRYPTO_SUCCESS) { 88 OH_CryptoKdf_Destroy(kdfCtx); 89 OH_CryptoKdfParams_Destroy(params); 90 return ret; 91 } 92 93 printf("Derived key length: %u\n", out.len); 94 95 // Free resources. 96 OH_Crypto_FreeDataBlob(&out); 97 OH_CryptoKdf_Destroy(kdfCtx); 98 OH_CryptoKdfParams_Destroy(params); 99 return CRYPTO_SUCCESS; 100} 101``` 102