2
0

EVP_PKEY-HMAC.pod 2.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495
  1. =pod
  2. =head1 NAME
  3. EVP_PKEY-HMAC, EVP_KEYMGMT-HMAC, EVP_PKEY-Siphash, EVP_KEYMGMT-Siphash,
  4. EVP_PKEY-Poly1305, EVP_KEYMGMT-Poly1305, EVP_PKEY-CMAC, EVP_KEYMGMT-CMAC
  5. - EVP_PKEY legacy MAC keytypes and algorithm support
  6. =head1 DESCRIPTION
  7. The B<HMAC> and B<CMAC> key types are implemented in OpenSSL's default and FIPS
  8. providers. Additionally the B<Siphash> and B<Poly1305> key types are implemented
  9. in the default provider. Performing MAC operations via an EVP_PKEY
  10. is considered legacy and are only available for backwards compatibility purposes
  11. and for a restricted set of algorithms. The preferred way of performing MAC
  12. operations is via the EVP_MAC APIs. See L<EVP_MAC_init(3)>.
  13. For further details on using EVP_PKEY based MAC keys see
  14. L<EVP_SIGNATURE-HMAC(7)>, L<EVP_SIGNATURE-Siphash(7)>,
  15. L<EVP_SIGNATURE-Poly1305(7)> or L<EVP_SIGNATURE-CMAC(7)>.
  16. =head2 Common MAC parameters
  17. All the B<MAC> keytypes support the following parameters.
  18. =over 4
  19. =item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
  20. The MAC key value.
  21. =item "properties" (B<OSSL_PKEY_PARAM_PROPERTIES>) <UTF8 string>
  22. A property query string to be used when any algorithms are fetched.
  23. =back
  24. =head2 CMAC parameters
  25. As well as the parameters described above, the B<CMAC> keytype additionally
  26. supports the following parameters.
  27. =over 4
  28. =item "cipher" (B<OSSL_PKEY_PARAM_CIPHER>) <UTF8 string>
  29. The name of a cipher to be used when generating the MAC.
  30. =item "engine" (B<OSSL_PKEY_PARAM_ENGINE>) <UTF8 string>
  31. The name of an engine to be used for the specified cipher (if any).
  32. =back
  33. =head2 Common MAC key generation parameters
  34. MAC key generation is unusual in that no new key is actually generated. Instead
  35. a new provider side key object is created with the supplied raw key value. This
  36. is done for backwards compatibility with previous versions of OpenSSL.
  37. =over 4
  38. =item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
  39. The MAC key value.
  40. =back
  41. =head2 CMAC key generation parameters
  42. In addition to the common MAC key generation parameters, the CMAC key generation
  43. additionally recognises the following.
  44. =over 4
  45. =item "cipher" (B<OSSL_PKEY_PARAM_CIPHER>) <UTF8 string>
  46. The name of a cipher to be used when generating the MAC.
  47. =back
  48. =head1 SEE ALSO
  49. L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
  50. =head1 COPYRIGHT
  51. Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  52. Licensed under the Apache License 2.0 (the "License"). You may not use
  53. this file except in compliance with the License. You can obtain a copy
  54. in the file LICENSE in the source distribution or at
  55. L<https://www.openssl.org/source/license.html>.
  56. =cut