1# 使用PBKDF2进行密钥派生(C/C++) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10对应的算法规格请查看[密钥派生算法规格:PBKDF2](crypto-key-derivation-overview.md#pbkdf2算法)。 11 12## 开发步骤 13 141. 调用[OH_CryptoKdfParams_Create](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdfparams_create),指定字符串参数'PBKDF2',创建密钥派生参数对象。 15 162. 调用[OH_CryptoKdfParams_SetParam](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdfparams_setparam),设置PBKDF2所需的参数。示例如下: 17 - CRYPTO_KDF_KEY_DATABLOB:用于生成派生密钥的原始密码。 18 - CRYPTO_KDF_SALT_DATABLOB:盐值。 19 - CRYPTO_KDF_ITER_COUNT_INT:重复运算的次数,需要为正整数。 20 213. 调用[OH_CryptoKdf_Create](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdf_create),指定字符串参数'PBKDF2|SHA256',创建密钥派生函数对象。 22 234. 调用[OH_CryptoKdf_Derive](../../reference/apis-crypto-architecture-kit/capi-crypto-kdf-h.md#oh_cryptokdf_derive),指定目标密钥的字节长度,进行密钥派生。 24 25```C++ 26#include "CryptoArchitectureKit/crypto_architecture_kit.h" 27#include <stdio.h> 28#include <string.h> 29 30static OH_Crypto_ErrCode doTestPbkdf2() 31{ 32 // 创建PBKDF2参数对象。 33 OH_CryptoKdfParams *params = nullptr; 34 OH_Crypto_ErrCode ret = OH_CryptoKdfParams_Create("PBKDF2", ¶ms); 35 if (ret != CRYPTO_SUCCESS) { 36 return ret; 37 } 38 39 // 设置密码。 40 const char *password = "123456"; 41 Crypto_DataBlob passwordBlob = { 42 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(password)), 43 .len = strlen(password) 44 }; 45 ret = OH_CryptoKdfParams_SetParam(params, CRYPTO_KDF_KEY_DATABLOB, &passwordBlob); 46 if (ret != CRYPTO_SUCCESS) { 47 OH_CryptoKdfParams_Destroy(params); 48 return ret; 49 } 50 51 // 设置盐值。 52 const char *salt = "saltstring"; 53 Crypto_DataBlob saltBlob = { 54 .data = reinterpret_cast<uint8_t *>(const_cast<char *>(salt)), 55 .len = strlen(salt) 56 }; 57 ret = OH_CryptoKdfParams_SetParam(params, CRYPTO_KDF_SALT_DATABLOB, &saltBlob); 58 if (ret != CRYPTO_SUCCESS) { 59 OH_CryptoKdfParams_Destroy(params); 60 return ret; 61 } 62 63 // 设置迭代次数。 64 int iterations = 10000; 65 Crypto_DataBlob iterationsBlob = { 66 .data = reinterpret_cast<uint8_t *>(&iterations), 67 .len = sizeof(int) 68 }; 69 ret = OH_CryptoKdfParams_SetParam(params, CRYPTO_KDF_ITER_COUNT_INT, &iterationsBlob); 70 if (ret != CRYPTO_SUCCESS) { 71 OH_CryptoKdfParams_Destroy(params); 72 return ret; 73 } 74 75 // 创建密钥派生函数对象。 76 OH_CryptoKdf *kdfCtx = nullptr; 77 ret = OH_CryptoKdf_Create("PBKDF2|SHA256", &kdfCtx); 78 if (ret != CRYPTO_SUCCESS) { 79 OH_CryptoKdfParams_Destroy(params); 80 return ret; 81 } 82 83 // 派生密钥。 84 Crypto_DataBlob out = {0}; 85 uint32_t keyLength = 32; // 生成32字节的密钥。 86 ret = OH_CryptoKdf_Derive(kdfCtx, params, keyLength, &out); 87 if (ret != CRYPTO_SUCCESS) { 88 OH_CryptoKdf_Destroy(kdfCtx); 89 OH_CryptoKdfParams_Destroy(params); 90 return ret; 91 } 92 93 printf("Derived key length: %u\n", out.len); 94 95 // 清理资源。 96 OH_Crypto_FreeDataBlob(&out); 97 OH_CryptoKdf_Destroy(kdfCtx); 98 OH_CryptoKdfParams_Destroy(params); 99 return CRYPTO_SUCCESS; 100} 101```