[thirdparty/openssl.git] / doc / man3 / OSSL_CRMF_pbmp_new.pod

=pod

=head1 NAME

OSSL_CRMF_pbm_new,
OSSL_CRMF_pbmp_new
- functions for producing Password-Based MAC (PBM)

=head1 SYNOPSIS

  #include <openssl/crmf.h>

  int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
                        const unsigned char *msg, size_t msglen,
                        const unsigned char *sec, size_t seclen,
                        unsigned char **mac, size_t *maclen);

  OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t saltlen, int owfnid,
                                             int itercnt, int macnid);

=head1 DESCRIPTION

OSSL_CRMF_pbm_new() generates a PBM (Password-Based MAC) based on given PBM
parameters B<pbmp>, message B<msg>, and secret B<sec>, along with the respective
lengths B<msglen> and B<seclen>. On success writes the address of the newly
allocated MAC via the B<mac> reference parameter and writes the length via the
B<maclen> reference parameter unless it its NULL.

The iteration count must be at least 100, as stipulated by RFC 4211, and is
limited to at most 100000 to avoid DoS through manipulated or otherwise
malformed input.

OSSL_CRMF_pbmp_new() initializes and returns a new PBMParameter
structure with a new random salt of given length B<saltlen>, OWF (one-way
function) NID B<owfnid>, iteration count B<itercnt>, and MAC NID B<macnid>.

=head1 NOTES

The algorithms for the OWF (one-way function) and for the MAC (message
authentication code) may be any with a NID defined in B<openssl/objects.h>.
As specified by RFC 4210, these should include NID_hmac_sha1.

RFC 4210 recommends that the salt SHOULD be at least 8 bytes (64 bits) long.

=head1 RETURN VALUES

OSSL_CRMF_pbm_new() returns 1 on success, 0 on error.

OSSL_CRMF_pbmp_new() returns a new and initialized OSSL_CRMF_PBMPARAMETER
structure, or NULL on error.

=head1 EXAMPLES

 OSSL_CRMF_PBMPARAMETER *pbm = NULL;
 unsigned char *msg = "Hello";
 unsigned char *sec = "SeCrEt";
 unsigned char *mac = NULL;
 size_t maclen;

 if ((pbm = OSSL_CRMF_pbmp_new(16, NID_sha256, 500, NID_hmac_sha1) == NULL))
     goto err;
 if (!OSSL_CRMF_pbm_new(pbm, msg, 5, sec, 6, &mac, &maclen))
     goto err;

=head1 SEE ALSO

RFC 4211 section 4.4

=head1 HISTORY

The OpenSSL CRMF support was added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
2a3b52ea DO	1	=pod
	2
	3	=head1 NAME
	4
	5	OSSL_CRMF_pbm_new,
	6	OSSL_CRMF_pbmp_new
	7	- functions for producing Password-Based MAC (PBM)
	8
	9	=head1 SYNOPSIS
	10
	11	#include <openssl/crmf.h>
	12
	13	int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
	14	const unsigned char *msg, size_t msglen,
	15	const unsigned char *sec, size_t seclen,
a61b7f2f	16	unsigned char *mac, size_t maclen);
2a3b52ea DO	17
	18	OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t saltlen, int owfnid,
	19	int itercnt, int macnid);
	20
	21	=head1 DESCRIPTION
	22
	23	OSSL_CRMF_pbm_new() generates a PBM (Password-Based MAC) based on given PBM
	24	parameters B<pbmp>, message B<msg>, and secret B<sec>, along with the respective
c2969ff6	25	lengths B<msglen> and B<seclen>. On success writes the address of the newly
a61b7f2f DO	26	allocated MAC via the B<mac> reference parameter and writes the length via the
a61b7f2f DO	27	B<maclen> reference parameter unless it its NULL.
2a3b52ea DO	28
	29	The iteration count must be at least 100, as stipulated by RFC 4211, and is
	30	limited to at most 100000 to avoid DoS through manipulated or otherwise
	31	malformed input.
	32
	33	OSSL_CRMF_pbmp_new() initializes and returns a new PBMParameter
a61b7f2f	34	structure with a new random salt of given length B<saltlen>, OWF (one-way
2a3b52ea DO	35	function) NID B<owfnid>, iteration count B<itercnt>, and MAC NID B<macnid>.
	36
	37	=head1 NOTES
	38
a61b7f2f DO	39	The algorithms for the OWF (one-way function) and for the MAC (message
	40	authentication code) may be any with a NID defined in B<openssl/objects.h>.
	41	As specified by RFC 4210, these should include NID_hmac_sha1.
2a3b52ea DO	42
	43	RFC 4210 recommends that the salt SHOULD be at least 8 bytes (64 bits) long.
	44
	45	=head1 RETURN VALUES
	46
	47	OSSL_CRMF_pbm_new() returns 1 on success, 0 on error.
	48
	49	OSSL_CRMF_pbmp_new() returns a new and initialized OSSL_CRMF_PBMPARAMETER
	50	structure, or NULL on error.
	51
cda77422	52	=head1 EXAMPLES
2a3b52ea DO	53
	54	OSSL_CRMF_PBMPARAMETER *pbm = NULL;
	55	unsigned char *msg = "Hello";
a61b7f2f DO	56	unsigned char *sec = "SeCrEt";
	57	unsigned char *mac = NULL;
	58	size_t maclen;
2a3b52ea DO	59
	60	if ((pbm = OSSL_CRMF_pbmp_new(16, NID_sha256, 500, NID_hmac_sha1) == NULL))
	61	goto err;
	62	if (!OSSL_CRMF_pbm_new(pbm, msg, 5, sec, 6, &mac, &maclen))
	63	goto err;
	64
	65	=head1 SEE ALSO
	66
	67	RFC 4211 section 4.4
	68
7960dbec DDO	69	=head1 HISTORY
	70
	71	The OpenSSL CRMF support was added in OpenSSL 3.0.
	72
2a3b52ea DO	73	=head1 COPYRIGHT
2a3b52ea DO	74
8869ad4a	75	Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
2a3b52ea	76
ce9b9964	77	Licensed under the Apache License 2.0 (the "License"). You may not use
2a3b52ea DO	78	this file except in compliance with the License. You can obtain a copy
	79	in the file LICENSE in the source distribution or at
	80	L<https://www.openssl.org/source/license.html>.
	81
	82	=cut