]>
Commit | Line | Data |
---|---|---|
567db2c1 RL |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
03888233 | 5 | EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a, |
ed576acd TM |
6 | EVP_MAC_get_number, EVP_MAC_get0_name, EVP_MAC_names_do_all, |
7 | EVP_MAC_get0_description, | |
8 | EVP_MAC_get0_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, | |
865adf97 | 9 | EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, |
ed576acd | 10 | EVP_MAC_CTX_get0_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, |
edc9ce8e | 11 | EVP_MAC_CTX_get_mac_size, EVP_MAC_CTX_get_block_size, EVP_Q_mac, |
0a8a6afd DDO |
12 | EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_finalXOF, |
13 | EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, | |
8dd233bb | 14 | EVP_MAC_CTX_gettable_params, EVP_MAC_CTX_settable_params, |
251e610c | 15 | EVP_MAC_do_all_provided - EVP MAC routines |
567db2c1 RL |
16 | |
17 | =head1 SYNOPSIS | |
18 | ||
19 | #include <openssl/evp.h> | |
20 | ||
21 | typedef struct evp_mac_st EVP_MAC; | |
22 | typedef struct evp_mac_ctx_st EVP_MAC_CTX; | |
23 | ||
b4250010 | 24 | EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, |
e74bd290 RL |
25 | const char *properties); |
26 | int EVP_MAC_up_ref(EVP_MAC *mac); | |
27 | void EVP_MAC_free(EVP_MAC *mac); | |
7cfa1717 | 28 | int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); |
ed576acd TM |
29 | int EVP_MAC_get_number(const EVP_MAC *mac); |
30 | const char *EVP_MAC_get0_name(const EVP_MAC *mac); | |
d84f5515 MC |
31 | int EVP_MAC_names_do_all(const EVP_MAC *mac, |
32 | void (*fn)(const char *name, void *data), | |
33 | void *data); | |
ed576acd TM |
34 | const char *EVP_MAC_get0_description(const EVP_MAC *mac); |
35 | const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac); | |
e74bd290 RL |
36 | int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); |
37 | ||
865adf97 MC |
38 | EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); |
39 | void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); | |
40 | EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); | |
ed576acd | 41 | EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx); |
865adf97 MC |
42 | int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); |
43 | int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); | |
e74bd290 | 44 | |
90a2576b | 45 | size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx); |
edc9ce8e | 46 | size_t EVP_MAC_CTX_get_block_size(EVP_MAC_CTX *ctx); |
0a8a6afd DDO |
47 | unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *propq, |
48 | const char *subalg, const OSSL_PARAM *params, | |
49 | const void *key, size_t keylen, | |
50 | const unsigned char *data, size_t datalen, | |
51 | unsigned char *out, size_t outsize, unsigned int *outlen); | |
afa44486 P |
52 | int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen, |
53 | const OSSL_PARAM params[]); | |
567db2c1 | 54 | int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); |
e74bd290 RL |
55 | int EVP_MAC_final(EVP_MAC_CTX *ctx, |
56 | unsigned char *out, size_t *outl, size_t outsize); | |
a59c6972 | 57 | int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize); |
e74bd290 RL |
58 | |
59 | const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); | |
41f7ecf3 P |
60 | const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); |
61 | const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); | |
8dd233bb P |
62 | const OSSL_PARAM *EVP_MAC_CTX_gettable_params(EVP_MAC_CTX *ctx); |
63 | const OSSL_PARAM *EVP_MAC_CTX_settable_params(EVP_MAC_CTX *ctx); | |
567db2c1 | 64 | |
b4250010 | 65 | void EVP_MAC_do_all_provided(OSSL_LIB_CTX *libctx, |
251e610c RL |
66 | void (*fn)(EVP_MAC *mac, void *arg), |
67 | void *arg); | |
d1cafb08 | 68 | |
567db2c1 RL |
69 | =head1 DESCRIPTION |
70 | ||
71 | These types and functions help the application to calculate MACs of | |
72 | different types and with different underlying algorithms if there are | |
73 | any. | |
74 | ||
75 | MACs are a bit complex insofar that some of them use other algorithms | |
76 | for actual computation. HMAC uses a digest, and CMAC uses a cipher. | |
77 | Therefore, there are sometimes two contexts to keep track of, one for | |
78 | the MAC algorithm itself and one for the underlying computation | |
79 | algorithm if there is one. | |
80 | ||
81 | To make things less ambiguous, this manual talks about a "context" or | |
82 | "MAC context", which is to denote the MAC level context, and about a | |
83 | "underlying context", or "computation context", which is to denote the | |
84 | context for the underlying computation algorithm if there is one. | |
85 | ||
86 | =head2 Types | |
87 | ||
88 | B<EVP_MAC> is a type that holds the implementation of a MAC. | |
89 | ||
90 | B<EVP_MAC_CTX> is a context type that holds internal MAC information | |
91 | as well as a reference to a computation context, for those MACs that | |
92 | rely on an underlying computation algorithm. | |
93 | ||
e74bd290 RL |
94 | =head2 Algorithm implementation fetching |
95 | ||
96 | EVP_MAC_fetch() fetches an implementation of a MAC I<algorithm>, given | |
97 | a library context I<libctx> and a set of I<properties>. | |
906bced1 | 98 | See L<crypto(7)/ALGORITHM FETCHING> for further information. |
e74bd290 | 99 | |
b8086652 SL |
100 | See L<OSSL_PROVIDER-default(7)/Message Authentication Code (MAC)> for the list |
101 | of algorithms supported by the default provider. | |
102 | ||
e74bd290 RL |
103 | The returned value must eventually be freed with |
104 | L<EVP_MAC_free(3)>. | |
105 | ||
106 | EVP_MAC_up_ref() increments the reference count of an already fetched | |
107 | MAC. | |
108 | ||
109 | EVP_MAC_free() frees a fetched algorithm. | |
110 | NULL is a valid parameter, for which this function is a no-op. | |
111 | ||
567db2c1 RL |
112 | =head2 Context manipulation functions |
113 | ||
865adf97 | 114 | EVP_MAC_CTX_new() creates a new context for the MAC type I<mac>. |
567db2c1 RL |
115 | The created context can then be used with most other functions |
116 | described here. | |
117 | ||
865adf97 | 118 | EVP_MAC_CTX_free() frees the contents of the context, including an |
567db2c1 | 119 | underlying context if there is one, as well as the context itself. |
e74bd290 | 120 | NULL is a valid parameter, for which this function is a no-op. |
567db2c1 | 121 | |
865adf97 | 122 | EVP_MAC_CTX_dup() duplicates the I<src> context and returns a newly allocated |
be5fc053 | 123 | context. |
567db2c1 | 124 | |
ed576acd | 125 | EVP_MAC_CTX_get0_mac() returns the B<EVP_MAC> associated with the context |
e74bd290 | 126 | I<ctx>. |
567db2c1 RL |
127 | |
128 | =head2 Computing functions | |
129 | ||
0a8a6afd DDO |
130 | EVP_Q_mac() computes the message authentication code |
131 | of I<data> with length I<datalen> | |
132 | using the MAC algorithm I<name> and the key I<key> with length I<keylen>. | |
133 | The MAC algorithm is fetched using any given I<libctx> and property query | |
134 | string I<propq>. It takes parameters I<subalg> and further I<params>, | |
135 | both of which may be NULL if not needed. | |
136 | If I<out> is not NULL, it places the result in the memory pointed at by I<out>, | |
137 | but only if I<outsize> is sufficient (otherwise no computation is made). | |
138 | If I<out> is NULL, it allocates and uses a buffer of suitable length, | |
139 | which will be returned on success and must be freed by the caller. | |
140 | In either case, also on error, | |
141 | it assigns the number of bytes written to I<*outlen> unless I<outlen> is NULL. | |
142 | ||
c0e724fc | 143 | EVP_MAC_init() sets up the underlying context I<ctx> with information given |
afa44486 P |
144 | via the I<key> and I<params> arguments. The MAC I<key> has a length of |
145 | I<keylen> and the parameters in I<params> are processed before setting | |
c0e724fc | 146 | the key. If I<key> is NULL, the key must be set via I<params> either |
afa44486 | 147 | as part of this call or separately using EVP_MAC_CTX_set_params(). |
c0e724fc DDO |
148 | Providing non-NULL I<params> to this function is equivalent to calling |
149 | EVP_MAC_CTX_set_params() with those I<params> for the same I<ctx> beforehand. | |
150 | ||
151 | EVP_MAC_init() should be called before EVP_MAC_update() and EVP_MAC_final(). | |
567db2c1 | 152 | |
e74bd290 | 153 | EVP_MAC_update() adds I<datalen> bytes from I<data> to the MAC input. |
567db2c1 RL |
154 | |
155 | EVP_MAC_final() does the final computation and stores the result in | |
e74bd290 RL |
156 | the memory pointed at by I<out> of size I<outsize>, and sets the number |
157 | of bytes written in I<*outl> at. | |
ee2161e8 | 158 | If I<out> is NULL or I<outsize> is too small, then no computation |
e74bd290 | 159 | is made. |
567db2c1 | 160 | To figure out what the output length will be and allocate space for it |
ee2161e8 | 161 | dynamically, simply call with I<out> being NULL and I<outl> |
567db2c1 | 162 | pointing at a valid location, then allocate space and make a second |
e74bd290 RL |
163 | call with I<out> pointing at the allocated space. |
164 | ||
a59c6972 P |
165 | EVP_MAC_finalXOF() does the final computation for an XOF based MAC and stores |
166 | the result in the memory pointed at by I<out> of size I<outsize>. | |
167 | ||
e74bd290 RL |
168 | EVP_MAC_get_params() retrieves details about the implementation |
169 | I<mac>. | |
170 | The set of parameters given with I<params> determine exactly what | |
171 | parameters should be retrieved. | |
172 | Note that a parameter that is unknown in the underlying context is | |
173 | simply ignored. | |
174 | ||
865adf97 | 175 | EVP_MAC_CTX_get_params() retrieves chosen parameters, given the |
e74bd290 RL |
176 | context I<ctx> and its underlying context. |
177 | The set of parameters given with I<params> determine exactly what | |
178 | parameters should be retrieved. | |
179 | Note that a parameter that is unknown in the underlying context is | |
180 | simply ignored. | |
181 | ||
865adf97 | 182 | EVP_MAC_CTX_set_params() passes chosen parameters to the underlying |
e74bd290 RL |
183 | context, given a context I<ctx>. |
184 | The set of parameters given with I<params> determine exactly what | |
185 | parameters are passed down. | |
0a8a6afd | 186 | If I<params> are NULL, the unterlying context should do nothing and return 1. |
e74bd290 RL |
187 | Note that a parameter that is unknown in the underlying context is |
188 | simply ignored. | |
189 | Also, what happens when a needed parameter isn't passed down is | |
190 | defined by the implementation. | |
191 | ||
8dd233bb P |
192 | EVP_MAC_gettable_params() returns an B<OSSL_PARAM> array that describes |
193 | the retrievable and settable parameters. EVP_MAC_gettable_params() | |
194 | returns parameters that can be used with EVP_MAC_get_params(). | |
195 | See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter descriptor. | |
196 | ||
197 | EVP_MAC_gettable_ctx_params() and EVP_MAC_CTX_gettable_params() | |
198 | return constant B<OSSL_PARAM> arrays that describe the retrievable | |
199 | parameters that can be used with EVP_MAC_CTX_get_params(). | |
200 | EVP_MAC_gettable_ctx_params() returns the parameters that can be retrieved | |
201 | from the algorithm, whereas EVP_MAC_CTX_gettable_params() returns | |
202 | the parameters that can be retrieved in the context's current state. | |
203 | See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter descriptor. | |
204 | ||
205 | EVP_MAC_settable_ctx_params() and EVP_MAC_CTX_settable_params() return | |
206 | constant B<OSSL_PARAM> arrays that describe the settable parameters that | |
207 | can be used with EVP_MAC_CTX_set_params(). EVP_MAC_settable_ctx_params() | |
208 | returns the parameters that can be retrieved from the algorithm, | |
209 | whereas EVP_MAC_CTX_settable_params() returns the parameters that can | |
210 | be retrieved in the context's current state. See L<OSSL_PARAM(3)> | |
211 | for the use of B<OSSL_PARAM> as a parameter descriptor. | |
567db2c1 RL |
212 | |
213 | =head2 Information functions | |
214 | ||
90a2576b | 215 | EVP_MAC_CTX_get_mac_size() returns the MAC output size for the given context. |
567db2c1 | 216 | |
edc9ce8e P |
217 | EVP_MAC_CTX_get_block_size() returns the MAC block size for the given context. |
218 | Not all MAC algorithms support this. | |
219 | ||
7cfa1717 RL |
220 | EVP_MAC_is_a() checks if the given I<mac> is an implementation of an |
221 | algorithm that's identifiable with I<name>. | |
222 | ||
ed576acd | 223 | EVP_MAC_get0_provider() returns the provider that holds the implementation |
7dd0f299 RL |
224 | of the given I<mac>. |
225 | ||
251e610c | 226 | EVP_MAC_do_all_provided() traverses all MAC implemented by all activated |
d1cafb08 RL |
227 | providers in the given library context I<libctx>, and for each of the |
228 | implementations, calls the given function I<fn> with the implementation method | |
229 | and the given I<arg> as argument. | |
230 | ||
ed576acd | 231 | EVP_MAC_get_number() returns the internal dynamic number assigned to |
506cb0f6 RL |
232 | I<mac>. |
233 | ||
ed576acd | 234 | EVP_MAC_get0_name() return the name of the given MAC. For fetched MACs |
c9452d74 P |
235 | with multiple names, only one of them is returned; it's |
236 | recommended to use EVP_MAC_names_do_all() instead. | |
237 | ||
f651c727 RL |
238 | EVP_MAC_names_do_all() traverses all names for I<mac>, and calls |
239 | I<fn> with each name and I<data>. | |
240 | ||
ed576acd TM |
241 | EVP_MAC_get0_description() returns a description of the I<mac>, meant |
242 | for display and human consumption. The description is at the discretion | |
243 | of the mac implementation. | |
03888233 | 244 | |
b1cabee8 | 245 | =head1 PARAMETERS |
567db2c1 | 246 | |
e592dbde RL |
247 | Parameters are identified by name as strings, and have an expected |
248 | data type and maximum size. | |
249 | OpenSSL has a set of macros for parameter names it expects to see in | |
250 | its own MAC implementations. | |
251 | Here, we show all three, the OpenSSL macro for the parameter name, the | |
252 | name in string form, and a type description. | |
253 | ||
e74bd290 | 254 | The standard parameter names are: |
567db2c1 RL |
255 | |
256 | =over 4 | |
257 | ||
0c452a51 | 258 | =item "key" (B<OSSL_MAC_PARAM_KEY>) <octet string> |
567db2c1 | 259 | |
e74bd290 | 260 | Its value is the MAC key as an array of bytes. |
567db2c1 RL |
261 | |
262 | For MACs that use an underlying computation algorithm, the algorithm | |
e74bd290 | 263 | must be set first, see parameter names "algorithm" below. |
afc580b9 | 264 | |
0c452a51 | 265 | =item "iv" (B<OSSL_MAC_PARAM_IV>) <octet string> |
afc580b9 | 266 | |
bbf5ccfd | 267 | Some MAC implementations (GMAC) require an IV, this parameter sets the IV. |
6e624a64 | 268 | |
0c452a51 | 269 | =item "custom" (B<OSSL_MAC_PARAM_CUSTOM>) <octet string> |
6e624a64 | 270 | |
13b3cd7b | 271 | Some MAC implementations (KMAC, BLAKE2) accept a Customization String, |
e74bd290 RL |
272 | this parameter sets the Customization String. The default value is the |
273 | empty string. | |
6e624a64 | 274 | |
0c452a51 | 275 | =item "salt" (B<OSSL_MAC_PARAM_SALT>) <octet string> |
13b3cd7b AS |
276 | |
277 | This option is used by BLAKE2 MAC. | |
278 | ||
0c452a51 | 279 | =item "xof" (B<OSSL_MAC_PARAM_XOF>) <integer> |
6e624a64 | 280 | |
e74bd290 | 281 | It's a simple flag, the value 0 or 1 are expected. |
6e624a64 SL |
282 | |
283 | This option is used by KMAC. | |
284 | ||
36978c19 | 285 | =item "digest-noinit" (B<OSSL_MAC_PARAM_DIGEST_NOINIT>) <integer> |
567db2c1 | 286 | |
36978c19 SL |
287 | A simple flag to set the MAC digest to not initialise the |
288 | implementation specific data. The value 0 or 1 is expected. | |
289 | ||
290 | This option is used by HMAC. | |
291 | ||
292 | =item "digest-oneshot" (B<OSSL_MAC_PARAM_DIGEST_ONESHOT>) <integer> | |
293 | ||
294 | A simple flag to set the MAC digest to be a oneshot operation. | |
295 | The value 0 or 1 is expected. | |
296 | ||
297 | This option is used by HMAC. | |
567db2c1 | 298 | |
0c452a51 | 299 | =item "properties" (B<OSSL_MAC_PARAM_PROPERTIES>) <UTF8 string> |
567db2c1 | 300 | |
0c452a51 | 301 | =item "digest" (B<OSSL_MAC_PARAM_DIGEST>) <UTF8 string> |
567db2c1 | 302 | |
0c452a51 | 303 | =item "cipher" (B<OSSL_MAC_PARAM_CIPHER>) <UTF8 string> |
e74bd290 | 304 | |
f3b8d77f | 305 | For MAC implementations that use an underlying computation cipher or |
9bd9c440 | 306 | digest, these parameters set what the algorithm should be. |
567db2c1 | 307 | |
9bd9c440 | 308 | The value is always the name of the intended algorithm, |
f3b8d77f | 309 | or the properties. |
567db2c1 | 310 | |
e74bd290 RL |
311 | Note that not all algorithms may support all digests. |
312 | HMAC does not support variable output length digests such as SHAKE128 | |
313 | or SHAKE256. | |
567db2c1 | 314 | |
0c452a51 | 315 | =item "size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer> |
567db2c1 RL |
316 | |
317 | For MAC implementations that support it, set the output size that | |
318 | EVP_MAC_final() should produce. | |
1aa01009 P |
319 | The allowed sizes vary between MAC implementations, but must never exceed |
320 | what can be given with a B<size_t>. | |
567db2c1 | 321 | |
820d87bc MC |
322 | =item "tls-data-size" (B<OSSL_MAC_PARAM_TLS_DATA_SIZE>) <unsigned integer> |
323 | ||
324 | This parameter is only supported by HMAC. If set then special handling is | |
325 | activated for calculating the MAC of a received mac-then-encrypt TLS record | |
326 | where variable length record padding has been used (as in the case of CBC mode | |
327 | ciphersuites). The value represents the total length of the record that is | |
328 | having the MAC calculated including the received MAC and the record padding. | |
329 | ||
330 | When used EVP_MAC_update must be called precisely twice. The first time with | |
331 | the 13 bytes of TLS "header" data, and the second time with the entire record | |
332 | including the MAC itself and any padding. The entire record length must equal | |
333 | the value passed in the "tls-data-size" parameter. The length passed in the | |
334 | B<datalen> parameter to EVP_MAC_update() should be equal to the length of the | |
335 | record after the MAC and any padding has been removed. | |
336 | ||
567db2c1 RL |
337 | =back |
338 | ||
e74bd290 | 339 | All these parameters should be used before the calls to any of |
567db2c1 RL |
340 | EVP_MAC_init(), EVP_MAC_update() and EVP_MAC_final() for a full |
341 | computation. | |
342 | Anything else may give undefined results. | |
343 | ||
10b63e97 P |
344 | =head1 NOTES |
345 | ||
346 | The MAC life-cycle is described in L<life_cycle-mac(7)>. In the future, | |
347 | the transitions described there will be enforced. When this is done, it will | |
348 | not be considered a breaking change to the API. | |
349 | ||
bbf5ccfd P |
350 | The usage of the parameter names "custom", "iv" and "salt" correspond to |
351 | the names used in the standard where the algorithm was defined. | |
10b63e97 | 352 | |
e74bd290 | 353 | =head1 RETURN VALUES |
567db2c1 | 354 | |
0a8a6afd | 355 | EVP_MAC_fetch() returns a pointer to a newly fetched B<EVP_MAC>, or |
e74bd290 | 356 | NULL if allocation failed. |
567db2c1 | 357 | |
e74bd290 RL |
358 | EVP_MAC_up_ref() returns 1 on success, 0 on error. |
359 | ||
d84f5515 MC |
360 | EVP_MAC_names_do_all() returns 1 if the callback was called for all names. A |
361 | return value of 0 means that the callback was not called for any names. | |
362 | ||
e74bd290 RL |
363 | EVP_MAC_free() returns nothing at all. |
364 | ||
7cfa1717 RL |
365 | EVP_MAC_is_a() returns 1 if the given method can be identified with |
366 | the given name, otherwise 0. | |
367 | ||
ed576acd | 368 | EVP_MAC_get0_name() returns a name of the MAC, or NULL on error. |
c9452d74 | 369 | |
ed576acd | 370 | EVP_MAC_get0_provider() returns a pointer to the provider for the MAC, or |
7dd0f299 RL |
371 | NULL on error. |
372 | ||
865adf97 | 373 | EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly |
e74bd290 | 374 | created EVP_MAC_CTX, or NULL if allocation failed. |
567db2c1 | 375 | |
865adf97 | 376 | EVP_MAC_CTX_free() returns nothing at all. |
567db2c1 | 377 | |
865adf97 | 378 | EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on |
e74bd290 | 379 | success, 0 on error. |
567db2c1 | 380 | |
0a8a6afd DDO |
381 | EVP_Q_mac() returns a pointer to the computed MAC value, or NULL on error. |
382 | ||
383 | EVP_MAC_init(), EVP_MAC_update(), EVP_MAC_final(), and EVP_MAC_finalXOF() | |
a59c6972 | 384 | return 1 on success, 0 on error. |
567db2c1 | 385 | |
edc9ce8e P |
386 | EVP_MAC_CTX_get_mac_size() returns the expected output size, or 0 if it isn't |
387 | set. If it isn't set, a call to EVP_MAC_init() will set it. | |
388 | ||
389 | EVP_MAC_CTX_get_block_size() returns the block size, or 0 if it isn't set. | |
390 | If it isn't set, a call to EVP_MAC_init() will set it. | |
567db2c1 | 391 | |
251e610c | 392 | EVP_MAC_do_all_provided() returns nothing at all. |
567db2c1 | 393 | |
cda77422 | 394 | =head1 EXAMPLES |
567db2c1 RL |
395 | |
396 | #include <stdlib.h> | |
397 | #include <stdio.h> | |
398 | #include <string.h> | |
399 | #include <stdarg.h> | |
400 | #include <unistd.h> | |
401 | ||
402 | #include <openssl/evp.h> | |
403 | #include <openssl/err.h> | |
e74bd290 | 404 | #include <openssl/params.h> |
567db2c1 RL |
405 | |
406 | int main() { | |
e74bd290 RL |
407 | EVP_MAC *mac = EVP_MAC_fetch(NULL, getenv("MY_MAC"), NULL); |
408 | const char *cipher = getenv("MY_MAC_CIPHER"); | |
409 | const char *digest = getenv("MY_MAC_DIGEST"); | |
567db2c1 RL |
410 | const char *key = getenv("MY_KEY"); |
411 | EVP_MAC_CTX *ctx = NULL; | |
412 | ||
413 | unsigned char buf[4096]; | |
d5b170a2 | 414 | size_t read_l; |
567db2c1 RL |
415 | size_t final_l; |
416 | ||
417 | size_t i; | |
418 | ||
afa44486 | 419 | OSSL_PARAM params[3]; |
e74bd290 RL |
420 | size_t params_n = 0; |
421 | ||
422 | if (cipher != NULL) | |
423 | params[params_n++] = | |
d5b170a2 | 424 | OSSL_PARAM_construct_utf8_string("cipher", (char*)cipher, 0); |
e74bd290 RL |
425 | if (digest != NULL) |
426 | params[params_n++] = | |
d5b170a2 | 427 | OSSL_PARAM_construct_utf8_string("digest", (char*)digest, 0); |
e74bd290 RL |
428 | params[params_n] = OSSL_PARAM_construct_end(); |
429 | ||
567db2c1 RL |
430 | if (mac == NULL |
431 | || key == NULL | |
865adf97 | 432 | || (ctx = EVP_MAC_CTX_new(mac)) == NULL |
afa44486 P |
433 | || !EVP_MAC_init(ctx, (const unsigned char *)key, strlen(key), |
434 | params)) | |
567db2c1 RL |
435 | goto err; |
436 | ||
38e6c490 | 437 | while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { |
567db2c1 RL |
438 | if (!EVP_MAC_update(ctx, buf, read_l)) |
439 | goto err; | |
440 | } | |
441 | ||
d5b170a2 | 442 | if (!EVP_MAC_final(ctx, buf, &final_l, sizeof(buf))) |
567db2c1 RL |
443 | goto err; |
444 | ||
445 | printf("Result: "); | |
446 | for (i = 0; i < final_l; i++) | |
447 | printf("%02X", buf[i]); | |
448 | printf("\n"); | |
449 | ||
865adf97 | 450 | EVP_MAC_CTX_free(ctx); |
e74bd290 | 451 | EVP_MAC_free(mac); |
567db2c1 RL |
452 | exit(0); |
453 | ||
454 | err: | |
865adf97 | 455 | EVP_MAC_CTX_free(ctx); |
e74bd290 | 456 | EVP_MAC_free(mac); |
567db2c1 RL |
457 | fprintf(stderr, "Something went wrong\n"); |
458 | ERR_print_errors_fp(stderr); | |
459 | exit (1); | |
460 | } | |
461 | ||
462 | A run of this program, called with correct environment variables, can | |
463 | look like this: | |
464 | ||
465 | $ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes-128-cbc \ | |
466 | LD_LIBRARY_PATH=. ./foo < foo.c | |
38e6c490 | 467 | Result: C5C06683CD9DDEF904D754505C560A4E |
567db2c1 RL |
468 | |
469 | (in this example, that program was stored in F<foo.c> and compiled to | |
470 | F<./foo>) | |
471 | ||
472 | =head1 SEE ALSO | |
473 | ||
e74bd290 RL |
474 | L<property(7)> |
475 | L<OSSL_PARAM(3)>, | |
d7cea0b8 RS |
476 | L<EVP_MAC-BLAKE2(7)>, |
477 | L<EVP_MAC-CMAC(7)>, | |
478 | L<EVP_MAC-GMAC(7)>, | |
479 | L<EVP_MAC-HMAC(7)>, | |
480 | L<EVP_MAC-KMAC(7)>, | |
481 | L<EVP_MAC-Siphash(7)>, | |
10b63e97 P |
482 | L<EVP_MAC-Poly1305(7)>, |
483 | L<provider-mac(7)>, | |
484 | L<life_cycle-mac(7)> | |
567db2c1 | 485 | |
be5fc053 KR |
486 | =head1 HISTORY |
487 | ||
4674aaf4 | 488 | These functions were added in OpenSSL 3.0. |
be5fc053 | 489 | |
567db2c1 RL |
490 | =head1 COPYRIGHT |
491 | ||
a28d06f3 | 492 | Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. |
567db2c1 | 493 | |
4746f25a | 494 | Licensed under the Apache License 2.0 (the "License"). You may not use |
567db2c1 RL |
495 | this file except in compliance with the License. You can obtain a copy |
496 | in the file LICENSE in the source distribution or at | |
497 | L<https://www.openssl.org/source/license.html>. | |
498 | ||
499 | =cut |