1# 使用DH进行密钥协商(C/C++) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10对应的算法规格请查看[密钥协商算法规格:DH](crypto-key-agreement-overview.md#dh)。 11 12## 开发步骤 13 141. 调用[OH_CryptoAsymKeyGenerator_Create](../../reference/apis-crypto-architecture-kit/capi-crypto-asym-key-h.md#oh_cryptoasymkeygenerator_create)、[OH_CryptoAsymKeyGenerator_Generate](../../reference/apis-crypto-architecture-kit/capi-crypto-asym-key-h.md#oh_cryptoasymkeygenerator_generate)生成密钥算法为DH_modp1536的非对称密钥(keyPair)。 15 16 如何生成DH非对称密钥,开发者可参考下文示例,并结合[非对称密钥生成和转换规格:DH](crypto-asym-key-generation-conversion-spec.md#dh)和[随机生成非对称密钥对](crypto-generate-asym-key-pair-randomly-ndk.md)理解。参考文档与当前示例可能存在入参差异,请在阅读时注意区分。 17 182. 调用[OH_CryptoKeyAgreement_Create](../../reference/apis-crypto-architecture-kit/capi-crypto-key-agreement-h.md#oh_cryptokeyagreement_create),指定字符串参数'DH_modp1536',创建密钥算法为DH_modp1536的密钥协议生成器。 19 203. 调用[OH_CryptoKeyAgreement_GenerateSecret](../../reference/apis-crypto-architecture-kit/capi-crypto-key-agreement-h.md#oh_cryptokeyagreement_generatesecret),基于传入的私钥(keyPair.priKey)与公钥(keyPair.pubKey)进行密钥协商,返回共享秘钥。 21 22```C++ 23#include "CryptoArchitectureKit/crypto_architecture_kit.h" 24#include "CryptoArchitectureKit/crypto_key_agreement.h" 25#include <stdio.h> 26#include <cstring> 27 28static OH_Crypto_ErrCode doTestDHKeyAgreement() 29{ 30 // 创建DH密钥生成器。 31 OH_CryptoAsymKeyGenerator *dhGen = nullptr; 32 OH_Crypto_ErrCode ret = OH_CryptoAsymKeyGenerator_Create("DH_modp1536", &dhGen); 33 if (ret != CRYPTO_SUCCESS) { 34 return ret; 35 } 36 37 // 生成公私钥对A。 38 OH_CryptoKeyPair *keyPairA = nullptr; 39 ret = OH_CryptoAsymKeyGenerator_Generate(dhGen, &keyPairA); 40 if (ret != CRYPTO_SUCCESS) { 41 OH_CryptoAsymKeyGenerator_Destroy(dhGen); 42 return ret; 43 } 44 45 // 生成公私钥对B。 46 OH_CryptoKeyPair *keyPairB = nullptr; 47 ret = OH_CryptoAsymKeyGenerator_Generate(dhGen, &keyPairB); 48 if (ret != CRYPTO_SUCCESS) { 49 OH_CryptoKeyPair_Destroy(keyPairA); 50 OH_CryptoAsymKeyGenerator_Destroy(dhGen); 51 return ret; 52 } 53 54 // 创建密钥协议生成器。 55 OH_CryptoKeyAgreement *dhKeyAgreement = nullptr; 56 ret = OH_CryptoKeyAgreement_Create("DH_modp1536", &dhKeyAgreement); 57 if (ret != CRYPTO_SUCCESS) { 58 OH_CryptoKeyPair_Destroy(keyPairA); 59 OH_CryptoKeyPair_Destroy(keyPairB); 60 OH_CryptoAsymKeyGenerator_Destroy(dhGen); 61 return ret; 62 } 63 64 // 使用A的公钥和B的私钥进行密钥协商。 65 OH_CryptoPrivKey *privKeyB = OH_CryptoKeyPair_GetPrivKey(keyPairB); 66 OH_CryptoPubKey *pubKeyA = OH_CryptoKeyPair_GetPubKey(keyPairA); 67 Crypto_DataBlob secret1 = { 0 }; 68 ret = OH_CryptoKeyAgreement_GenerateSecret(dhKeyAgreement, privKeyB, pubKeyA, &secret1); 69 if (ret != CRYPTO_SUCCESS) { 70 OH_CryptoKeyAgreement_Destroy(dhKeyAgreement); 71 OH_CryptoKeyPair_Destroy(keyPairA); 72 OH_CryptoKeyPair_Destroy(keyPairB); 73 OH_CryptoAsymKeyGenerator_Destroy(dhGen); 74 return ret; 75 } 76 77 // 使用B的公钥和A的私钥进行密钥协商。 78 OH_CryptoPrivKey *privKeyA = OH_CryptoKeyPair_GetPrivKey(keyPairA); 79 OH_CryptoPubKey *pubKeyB = OH_CryptoKeyPair_GetPubKey(keyPairB); 80 Crypto_DataBlob secret2 = { 0 }; 81 ret = OH_CryptoKeyAgreement_GenerateSecret(dhKeyAgreement, privKeyA, pubKeyB, &secret2); 82 if (ret != CRYPTO_SUCCESS) { 83 OH_Crypto_FreeDataBlob(&secret1); 84 OH_CryptoKeyAgreement_Destroy(dhKeyAgreement); 85 OH_CryptoKeyPair_Destroy(keyPairA); 86 OH_CryptoKeyPair_Destroy(keyPairB); 87 OH_CryptoAsymKeyGenerator_Destroy(dhGen); 88 return ret; 89 } 90 91 // 比较两次协商的结果。 92 if ((secret1.len == secret2.len) && 93 (memcmp(secret1.data, secret2.data, secret1.len) == 0)) { 94 printf("dh success\n"); 95 } else { 96 printf("dh result is not equal\n"); 97 ret = CRYPTO_OPERTION_ERROR; 98 } 99 100 // 清理资源。 101 OH_Crypto_FreeDataBlob(&secret1); 102 OH_Crypto_FreeDataBlob(&secret2); 103 OH_CryptoKeyAgreement_Destroy(dhKeyAgreement); 104 OH_CryptoKeyPair_Destroy(keyPairA); 105 OH_CryptoKeyPair_Destroy(keyPairB); 106 OH_CryptoAsymKeyGenerator_Destroy(dhGen); 107 return ret; 108} 109``` 110