[thirdparty/openssl.git] / doc / man3 / HMAC.pod

=pod

=head1 NAME

HMAC,
HMAC_CTX_new,
HMAC_CTX_reset,
HMAC_CTX_free,
HMAC_Init,
HMAC_Init_ex,
HMAC_Update,
HMAC_Final,
HMAC_CTX_copy,
HMAC_CTX_set_flags,
HMAC_CTX_get_md,
HMAC_size
- HMAC message authentication code

=head1 SYNOPSIS

 #include <openssl/hmac.h>

 unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
               int key_len, const unsigned char *d, int n,
               unsigned char *md, unsigned int *md_len);

 HMAC_CTX *HMAC_CTX_new(void);
 int HMAC_CTX_reset(HMAC_CTX *ctx);

 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
                   const EVP_MD *md, ENGINE *impl);
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);

 void HMAC_CTX_free(HMAC_CTX *ctx);

 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);

 size_t HMAC_size(const HMAC_CTX *e);

Deprecated:

 #if OPENSSL_API_COMPAT < 0x10100000L
 int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
               const EVP_MD *md);
 #endif

=head1 DESCRIPTION

HMAC is a MAC (message authentication code), i.e. a keyed hash
function used for message authentication, which is based on a hash
function.

HMAC() computes the message authentication code of the B<n> bytes at
B<d> using the hash function B<evp_md> and the key B<key> which is
B<key_len> bytes long.

It places the result in B<md> (which must have space for the output of
the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
If B<md> is NULL, the digest is placed in a static array.  The size of
the output is placed in B<md_len>, unless it is B<NULL>.

B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.

HMAC_CTX_new() creates a new HMAC_CTX in heap memory.

HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
resources, making it suitable for new computations as if it was newly
created with HMAC_CTX_new().

HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
releases any associated resources and finally frees the B<HMAC_CTX>
itself.

The following functions may be used if the message is not completely
stored in memory:

HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
function B<evp_md> and the key B<key> which is B<key_len> bytes
long. It is deprecated and only included for backward compatibility
with OpenSSL 0.9.6b.

HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
function B<evp_md> and key B<key>. If both are NULL (or B<evp_md> is the same
as the previous digest used by B<ctx> and B<key> is NULL) the existing key is
reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
of an B<HMAC_CTX> in this function. B<N.B. HMAC_Init() had this undocumented
behaviour in previous versions of OpenSSL - failure to switch to HMAC_Init_ex()
in programs that expect it will cause them to stop working>.

B<NOTE:> If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
same as the previous digest used by B<ctx> then an error is returned
because reuse of an existing key with a different digest is not supported.

HMAC_Update() can be called repeatedly with chunks of the message to
be authenticated (B<len> bytes at B<data>).

HMAC_Final() places the message authentication code in B<md>, which
must have space for the hash function output.

HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.

HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.

HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
supplied HMAC_CTX.

HMAC_size() returns the length in bytes of the underlying hash function output.

=head1 RETURN VALUES

HMAC() returns a pointer to the message authentication code or NULL if
an error occurred.

HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
B<NULL> if an error occurred.

HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
HMAC_CTX_copy() return 1 for success or 0 if an error occurred.

HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
NULL if no EVP_MD has been set.

HMAC_size() returns the length in bytes of the underlying hash function output
or zero on error.

=head1 CONFORMING TO

RFC 2104

=head1 SEE ALSO

L<SHA1(3)>, L<evp(7)>

=head1 HISTORY

HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL versions 1.1.0.

HMAC_CTX_cleanup() existed in OpenSSL versions before 1.1.0.

HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL version
1.1.0.

HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
versions of OpenSSL before 1.0.0.

=head1 COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
9dbc41d7 UM	1	=pod
	2
	3	=head1 NAME
	4
827d17f0 MC	5	HMAC,
	6	HMAC_CTX_new,
	7	HMAC_CTX_reset,
	8	HMAC_CTX_free,
	9	HMAC_Init,
	10	HMAC_Init_ex,
	11	HMAC_Update,
	12	HMAC_Final,
	13	HMAC_CTX_copy,
	14	HMAC_CTX_set_flags,
8d2b1819 MC	15	HMAC_CTX_get_md,
8d2b1819 MC	16	HMAC_size
827d17f0	17	- HMAC message authentication code
9dbc41d7 UM	18
	19	=head1 SYNOPSIS
	20
	21	#include <openssl/hmac.h>
	22
	23	unsigned char HMAC(const EVP_MD evp_md, const void *key,
	24	int key_len, const unsigned char *d, int n,
	25	unsigned char md, unsigned int md_len);
	26
716854d7 RL	27	HMAC_CTX *HMAC_CTX_new(void);
716854d7 RL	28	int HMAC_CTX_reset(HMAC_CTX *ctx);
ff3fa48f	29
87d52468	30	int HMAC_Init_ex(HMAC_CTX ctx, const void key, int key_len,
1bc74519	31	const EVP_MD md, ENGINE impl);
87d52468 DSH	32	int HMAC_Update(HMAC_CTX ctx, const unsigned char data, int len);
87d52468 DSH	33	int HMAC_Final(HMAC_CTX ctx, unsigned char md, unsigned int *len);
9dbc41d7	34
716854d7	35	void HMAC_CTX_free(HMAC_CTX *ctx);
9dbc41d7	36
827d17f0 MC	37	int HMAC_CTX_copy(HMAC_CTX dctx, HMAC_CTX sctx);
	38	void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
	39	const EVP_MD HMAC_CTX_get_md(const HMAC_CTX ctx);
	40
8d2b1819 MC	41	size_t HMAC_size(const HMAC_CTX *e);
8d2b1819 MC	42
98186eb4 VD	43	Deprecated:
	44
	45	#if OPENSSL_API_COMPAT < 0x10100000L
	46	int HMAC_Init(HMAC_CTX ctx, const void key, int key_len,
	47	const EVP_MD *md);
	48	#endif
	49
9dbc41d7 UM	50	=head1 DESCRIPTION
	51
	52	HMAC is a MAC (message authentication code), i.e. a keyed hash
	53	function used for message authentication, which is based on a hash
	54	function.
	55
	56	HMAC() computes the message authentication code of the B<n> bytes at
	57	B<d> using the hash function B<evp_md> and the key B<key> which is
	58	B<key_len> bytes long.
	59
	60	It places the result in B<md> (which must have space for the output of
	61	the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
	62	If B<md> is NULL, the digest is placed in a static array. The size of
	63	the output is placed in B<md_len>, unless it is B<NULL>.
	64
	65	B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
9dbc41d7	66
716854d7	67	HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
ff3fa48f	68
716854d7 RL	69	HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
	70	resources, making it suitable for new computations as if it was newly
	71	created with HMAC_CTX_new().
	72
	73	HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
	74	releases any associated resources and finally frees the B<HMAC_CTX>
	75	itself.
ff3fa48f	76
9dbc41d7 UM	77	The following functions may be used if the message is not completely
	78	stored in memory:
	79
	80	HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
ff3fa48f BL	81	function B<evp_md> and the key B<key> which is B<key_len> bytes
	82	long. It is deprecated and only included for backward compatibility
	83	with OpenSSL 0.9.6b.
	84
bd19d1aa DSH	85	HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
	86	function B<evp_md> and key B<key>. If both are NULL (or B<evp_md> is the same
	87	as the previous digest used by B<ctx> and B<key> is NULL) the existing key is
	88	reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
	89	of an B<HMAC_CTX> in this function. B<N.B. HMAC_Init() had this undocumented
	90	behaviour in previous versions of OpenSSL - failure to switch to HMAC_Init_ex()
	91	in programs that expect it will cause them to stop working>.
	92
1a627771	93	B<NOTE:> If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
bd19d1aa	94	same as the previous digest used by B<ctx> then an error is returned
1a627771	95	because reuse of an existing key with a different digest is not supported.
9dbc41d7 UM	96
	97	HMAC_Update() can be called repeatedly with chunks of the message to
	98	be authenticated (B<len> bytes at B<data>).
	99
	100	HMAC_Final() places the message authentication code in B<md>, which
	101	must have space for the hash function output.
	102
827d17f0 MC	103	HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.
	104
	105	HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
	106	These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.
	107
	108	HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
	109	supplied HMAC_CTX.
	110
8d2b1819 MC	111	HMAC_size() returns the length in bytes of the underlying hash function output.
8d2b1819 MC	112
9dbc41d7 UM	113	=head1 RETURN VALUES
9dbc41d7 UM	114
87d52468 DSH	115	HMAC() returns a pointer to the message authentication code or NULL if
87d52468 DSH	116	an error occurred.
9dbc41d7	117
716854d7 RL	118	HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
	119	B<NULL> if an error occurred.
	120
827d17f0 MC	121	HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
827d17f0 MC	122	HMAC_CTX_copy() return 1 for success or 0 if an error occurred.
87d52468	123
827d17f0 MC	124	HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
827d17f0 MC	125	NULL if no EVP_MD has been set.
9dbc41d7	126
8d2b1819 MC	127	HMAC_size() returns the length in bytes of the underlying hash function output
	128	or zero on error.
	129
9dbc41d7 UM	130	=head1 CONFORMING TO
	131
	132	RFC 2104
	133
	134	=head1 SEE ALSO
	135
b97fdb57	136	L<SHA1(3)>, L<evp(7)>
9dbc41d7 UM	137
	138	=head1 HISTORY
	139
827d17f0	140	HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL versions 1.1.0.
716854d7	141
827d17f0	142	HMAC_CTX_cleanup() existed in OpenSSL versions before 1.1.0.
716854d7	143
827d17f0 MC	144	HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL version
827d17f0 MC	145	1.1.0.
9b6c0070	146
87d52468	147	HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
fb552ac6	148	versions of OpenSSL before 1.0.0.
87d52468	149
e2f92610 RS	150	=head1 COPYRIGHT
	151
	152	Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
	153
	154	Licensed under the OpenSSL license (the "License"). You may not use
	155	this file except in compliance with the License. You can obtain a copy
	156	in the file LICENSE in the source distribution or at
	157	L<https://www.openssl.org/source/license.html>.
	158
	159	=cut