PBKDF2 using CommonCrypto on iOS

AnthonyM picture AnthonyM · Dec 20, 2011 · Viewed 16.6k times · Source

I'm trying to use CommonCrypto to generate keys using PBKDF2 but I can't seem to import CommonCrypto/CommonKeyDerivation.h, I just errors that it is not found.

Any ideas?

edit: I should probably mention I have already added the security framework and I can import all of the other CommonCrypto headers.

Answer

Chris picture Chris · Feb 21, 2012

Here's how i generate AES256 keys. The only interesting this is that i get CommonCrypto to estimate for me how many rounds to use. It seems pretty straightforwards.

#import <CommonCrypto/CommonKeyDerivation.h>

...

// Makes a random 256-bit salt
- (NSData*)generateSalt256 {
    unsigned char salt[32];
    for (int i=0; i<32; i++) {
        salt[i] = (unsigned char)arc4random();
    }
    return [NSData dataWithBytes:salt length:32];
}

...

// Make keys!
NSString* myPass = @"MyPassword1234";
NSData* myPassData = [myPass dataUsingEncoding:NSUTF8StringEncoding];
NSData* salt = [self generateSalt256];

// How many rounds to use so that it takes 0.1s ?
int rounds = CCCalibratePBKDF(kCCPBKDF2, myPassData.length, salt.length, kCCPRFHmacAlgSHA256, 32, 100);

// Open CommonKeyDerivation.h for help
unsigned char key[32];
CCKeyDerivationPBKDF(kCCPBKDF2, myPassData.bytes, myPassData.length, salt.bytes, salt.length, kCCPRFHmacAlgSHA256, rounds, key, 32);