[thirdparty/openssl.git] / doc / man3 / HMAC.pod

=pod

=head1 NAME

HMAC,
HMAC_CTX_new,
HMAC_CTX_reset,
HMAC_CTX_free,
HMAC_Init,
HMAC_Init_ex,
HMAC_Update,
HMAC_Final,
HMAC_CTX_copy,
HMAC_CTX_set_flags,
HMAC_CTX_get_md,
HMAC_size
- HMAC message authentication code

=head1 SYNOPSIS

 #include <openssl/hmac.h>

 unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
                     int key_len, const unsigned char *d, int n,
                     unsigned char *md, unsigned int *md_len);

 HMAC_CTX *HMAC_CTX_new(void);
 int HMAC_CTX_reset(HMAC_CTX *ctx);

 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
                  const EVP_MD *md, ENGINE *impl);
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);

 void HMAC_CTX_free(HMAC_CTX *ctx);

 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);

 size_t HMAC_size(const HMAC_CTX *e);

Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:

 int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
               const EVP_MD *md);

=head1 DESCRIPTION

HMAC is a MAC (message authentication code), i.e. a keyed hash
function used for message authentication, which is based on a hash
function.

HMAC() computes the message authentication code of the B<n> bytes at
B<d> using the hash function B<evp_md> and the key B<key> which is
B<key_len> bytes long.

It places the result in B<md> (which must have space for the output of
the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
If B<md> is NULL, the digest is placed in a static array.  The size of
the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL
value for B<md>  to use the static array is not thread safe.

B<evp_md> is a message digest such as EVP_sha1(), EVP_ripemd160() etc. HMAC does
not support variable output length digests such as EVP_shake128() and
EVP_shake256().

HMAC_CTX_new() creates a new HMAC_CTX in heap memory.

HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
resources, making it suitable for new computations as if it was newly
created with HMAC_CTX_new().

HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
releases any associated resources and finally frees the B<HMAC_CTX>
itself.

The following functions may be used if the message is not completely
stored in memory:

HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
function B<evp_md> and key B<key>. If both are NULL, or if B<key> is NULL
and B<evp_md> is the same as the previous call, then the
existing key is
reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
of an B<HMAC_CTX> in this function.

If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
same as the previous digest used by B<ctx> then an error is returned
because reuse of an existing key with a different digest is not supported.

HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
function B<evp_md> and the key B<key> which is B<key_len> bytes
long.

HMAC_Update() can be called repeatedly with chunks of the message to
be authenticated (B<len> bytes at B<data>).

HMAC_Final() places the message authentication code in B<md>, which
must have space for the hash function output.

HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.

HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.

HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
supplied HMAC_CTX.

HMAC_size() returns the length in bytes of the underlying hash function output.

=head1 RETURN VALUES

HMAC() returns a pointer to the message authentication code or NULL if
an error occurred.

HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
B<NULL> if an error occurred.

HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
HMAC_CTX_copy() return 1 for success or 0 if an error occurred.

HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
NULL if no EVP_MD has been set.

HMAC_size() returns the length in bytes of the underlying hash function output
or zero on error.

=head1 CONFORMING TO

RFC 2104

=head1 SEE ALSO

L<SHA1(3)>, L<evp(7)>

=head1 HISTORY

HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.

HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.

HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.

HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
OpenSSL before version 1.0.0.

=head1 COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
9dbc41d7 UM	1	=pod
	2
	3	=head1 NAME
	4
827d17f0 MC	5	HMAC,
	6	HMAC_CTX_new,
	7	HMAC_CTX_reset,
	8	HMAC_CTX_free,
	9	HMAC_Init,
	10	HMAC_Init_ex,
	11	HMAC_Update,
	12	HMAC_Final,
	13	HMAC_CTX_copy,
	14	HMAC_CTX_set_flags,
8d2b1819 MC	15	HMAC_CTX_get_md,
8d2b1819 MC	16	HMAC_size
827d17f0	17	- HMAC message authentication code
9dbc41d7 UM	18
	19	=head1 SYNOPSIS
	20
	21	#include <openssl/hmac.h>
	22
	23	unsigned char HMAC(const EVP_MD evp_md, const void *key,
e9b77246 BB	24	int key_len, const unsigned char *d, int n,
e9b77246 BB	25	unsigned char md, unsigned int md_len);
9dbc41d7	26
716854d7 RL	27	HMAC_CTX *HMAC_CTX_new(void);
716854d7 RL	28	int HMAC_CTX_reset(HMAC_CTX *ctx);
ff3fa48f	29
87d52468	30	int HMAC_Init_ex(HMAC_CTX ctx, const void key, int key_len,
e9b77246	31	const EVP_MD md, ENGINE impl);
87d52468 DSH	32	int HMAC_Update(HMAC_CTX ctx, const unsigned char data, int len);
87d52468 DSH	33	int HMAC_Final(HMAC_CTX ctx, unsigned char md, unsigned int *len);
9dbc41d7	34
716854d7	35	void HMAC_CTX_free(HMAC_CTX *ctx);
9dbc41d7	36
827d17f0 MC	37	int HMAC_CTX_copy(HMAC_CTX dctx, HMAC_CTX sctx);
	38	void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
	39	const EVP_MD HMAC_CTX_get_md(const HMAC_CTX ctx);
	40
8d2b1819 MC	41	size_t HMAC_size(const HMAC_CTX *e);
8d2b1819 MC	42
be80b21d RL	43	Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
	44	B<OPENSSL_API_COMPAT> with a suitable version value, see
	45	L<openssl_user_macros(7)>:
98186eb4	46
98186eb4 VD	47	int HMAC_Init(HMAC_CTX ctx, const void key, int key_len,
98186eb4 VD	48	const EVP_MD *md);
98186eb4	49
9dbc41d7 UM	50	=head1 DESCRIPTION
	51
	52	HMAC is a MAC (message authentication code), i.e. a keyed hash
	53	function used for message authentication, which is based on a hash
	54	function.
	55
	56	HMAC() computes the message authentication code of the B<n> bytes at
	57	B<d> using the hash function B<evp_md> and the key B<key> which is
	58	B<key_len> bytes long.
	59
	60	It places the result in B<md> (which must have space for the output of
	61	the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
	62	If B<md> is NULL, the digest is placed in a static array. The size of
47695810 MC	63	the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL
47695810 MC	64	value for B<md> to use the static array is not thread safe.
9dbc41d7	65
48fdeca0 MC	66	B<evp_md> is a message digest such as EVP_sha1(), EVP_ripemd160() etc. HMAC does
	67	not support variable output length digests such as EVP_shake128() and
	68	EVP_shake256().
9dbc41d7	69
716854d7	70	HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
ff3fa48f	71
716854d7 RL	72	HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
	73	resources, making it suitable for new computations as if it was newly
	74	created with HMAC_CTX_new().
	75
	76	HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
	77	releases any associated resources and finally frees the B<HMAC_CTX>
	78	itself.
ff3fa48f	79
9dbc41d7 UM	80	The following functions may be used if the message is not completely
	81	stored in memory:
	82
bd19d1aa	83	HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
b3696a55 RS	84	function B<evp_md> and key B<key>. If both are NULL, or if B<key> is NULL
	85	and B<evp_md> is the same as the previous call, then the
	86	existing key is
bd19d1aa	87	reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
b3696a55	88	of an B<HMAC_CTX> in this function.
bd19d1aa	89
b3696a55	90	If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
bd19d1aa	91	same as the previous digest used by B<ctx> then an error is returned
1a627771	92	because reuse of an existing key with a different digest is not supported.
9dbc41d7	93
b3696a55 RS	94	HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
b3696a55 RS	95	function B<evp_md> and the key B<key> which is B<key_len> bytes
df443918	96	long.
b3696a55	97
9dbc41d7 UM	98	HMAC_Update() can be called repeatedly with chunks of the message to
	99	be authenticated (B<len> bytes at B<data>).
	100
	101	HMAC_Final() places the message authentication code in B<md>, which
	102	must have space for the hash function output.
	103
827d17f0 MC	104	HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.
	105
	106	HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
	107	These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.
	108
	109	HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
	110	supplied HMAC_CTX.
	111
8d2b1819 MC	112	HMAC_size() returns the length in bytes of the underlying hash function output.
8d2b1819 MC	113
9dbc41d7 UM	114	=head1 RETURN VALUES
9dbc41d7 UM	115
87d52468 DSH	116	HMAC() returns a pointer to the message authentication code or NULL if
87d52468 DSH	117	an error occurred.
9dbc41d7	118
716854d7 RL	119	HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
	120	B<NULL> if an error occurred.
	121
827d17f0 MC	122	HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
827d17f0 MC	123	HMAC_CTX_copy() return 1 for success or 0 if an error occurred.
87d52468	124
827d17f0 MC	125	HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
827d17f0 MC	126	NULL if no EVP_MD has been set.
9dbc41d7	127
8d2b1819 MC	128	HMAC_size() returns the length in bytes of the underlying hash function output
	129	or zero on error.
	130
9dbc41d7 UM	131	=head1 CONFORMING TO
	132
	133	RFC 2104
	134
	135	=head1 SEE ALSO
	136
b97fdb57	137	L<SHA1(3)>, L<evp(7)>
9dbc41d7 UM	138
	139	=head1 HISTORY
	140
e90fc053	141	HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.
716854d7	142
e90fc053	143	HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.
716854d7	144
e90fc053	145	HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.
9b6c0070	146
87d52468	147	HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
e90fc053	148	OpenSSL before version 1.0.0.
87d52468	149
e2f92610 RS	150	=head1 COPYRIGHT
	151
	152	Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
	153
4746f25a	154	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	155	this file except in compliance with the License. You can obtain a copy
	156	in the file LICENSE in the source distribution or at
	157	L<https://www.openssl.org/source/license.html>.
	158
	159	=cut