iOS PBKDF2WithHmacSHA256加密实现
项目中安卓和java后台用到了这个加密,在网上查资料,很少有关于这个加密算法的iOS实现,网上有用openssl实现过类似的加密,但openss比较复杂,晦涩难懂,还得导入很多lib文件。后面谷歌发现苹果有对应的接口已经做了封装,这里记录一下。
- 导入头文件
#import <CommonCrypto/CommonKeyDerivation.h>
- 规定或者生成盐 我这里是生成8个字节 也可以和服务端约定好
+ (NSData *)generateSalt
{
char data[8];
for (int x=0;x<8;data[x++] = (char)('A' + (arc4random_uniform(26))));
return [NSData dataWithBytes:data length:8];
}
- 先上实现代码:
+ (NSString *)getEncryptedPassword:(NSString *)password salt:(NSData *)salt
{
NSData * passwordData = [password dataUsingEncoding:NSUTF8StringEncoding];
NSMutableData *hashKeyData = [NSMutableData dataWithLength:CC_SHA256_DIGEST_LENGTH];
//success = 0 其他状态看kCCParamError
int result = CCKeyDerivationPBKDF(kCCPBKDF2, passwordData.bytes, passwordData.length, salt.bytes, salt.length, kCCPRFHmacAlgSHA256, PBKDF2_ITERATIONS, hashKeyData.mutableBytes, hashKeyData.length);
NSMutableData *temp = [[NSMutableData alloc] init];
[temp appendData:salt];
[temp appendData:hashKeyData];
NSString *hexDecimalString = [temp hexString];
return hexDecimalString;
}
CommonKeyDerivation.h 的两个方法:
/*
@function CCKeyDerivationPBKDF
@abstract Derive a key from a text password/passphrase
@param algorithm Currently only PBKDF2 is available via kCCPBKDF2
@param password The text password used as input to the derivation
function. The actual octets present in this string
will be used with no additional processing. It's
extremely important that the same encoding and
normalization be used each time this routine is
called if the same key is expected to be derived.
@param passwordLen The length of the text password in bytes.
@param salt The salt byte values used as input to the derivation
function. The pointer can be NULL, only when saltLen is zero.
@param saltLen The length of the salt in bytes. It can be zero.
@param prf The Pseudo Random Algorithm to use for the derivation
iterations.
@param rounds The number of rounds of the Pseudo Random Algorithm
to use. It cannot be zero.
@param derivedKey The resulting derived key produced by the function.
The space for this must be provided by the caller.
@param derivedKeyLen The expected length of the derived key in bytes. It cannot be zero.
@discussion The following values are used to designate the PRF:
* kCCPRFHmacAlgSHA1
* kCCPRFHmacAlgSHA224
* kCCPRFHmacAlgSHA256
* kCCPRFHmacAlgSHA384
* kCCPRFHmacAlgSHA512
@result kCCParamError can result from bad values for the password, salt,
and unwrapped key pointers as well as a bad value for the prf
function.
*/
int
CCKeyDerivationPBKDF( CCPBKDFAlgorithm algorithm, const char *password, size_t passwordLen,
const uint8_t *salt, size_t saltLen,
CCPseudoRandomAlgorithm prf, unsigned rounds,
uint8_t *derivedKey, size_t derivedKeyLen)
API_AVAILABLE(macos(10.7), ios(5.0));
/*
@function CCCalibratePBKDF
@abstract Determine the number of PRF rounds to use for a specific delay on
the current platform.
@param algorithm Currently only PBKDF2 is available via kCCPBKDF2
@param passwordLen The length of the text password in bytes.
@param saltLen The length of the salt in bytes. saltlen must be smaller than 133.
@param prf The Pseudo Random Algorithm to use for the derivation
iterations.
@param derivedKeyLen The expected length of the derived key in bytes.
@param msec The targetted duration we want to achieve for a key
derivation with these parameters.
@result the number of iterations to use for the desired processing time.
Returns a minimum of 10000 iterations (safety net, not a particularly recommended value)
The number of iterations is a trade-off of usability and security. If there is an error
the function returns (unsigned)(-1). The minimum return value is set to 10000.
*/
unsigned
CCCalibratePBKDF(CCPBKDFAlgorithm algorithm, size_t passwordLen, size_t saltLen,
CCPseudoRandomAlgorithm prf, size_t derivedKeyLen, uint32_t msec)
API_AVAILABLE(macos(10.7), ios(5.0));
网友评论