]>
Commit | Line | Data |
---|---|---|
567db2c1 RL |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | EVP_MAC, EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_new_id, EVP_MAC_CTX_free, | |
6 | EVP_MAC_CTX_copy, EVP_MAC_CTX_mac, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, | |
7 | EVP_MAC_final, EVP_MAC_ctrl, EVP_MAC_vctrl, EVP_MAC_ctrl_str, | |
8 | EVP_MAC_str2ctrl, EVP_MAC_hex2ctrl, EVP_MAC_nid, EVP_MAC_name, | |
9 | EVP_get_macbyname, EVP_get_macbynid, EVP_get_macbyobj - EVP MAC routines | |
10 | ||
11 | =head1 SYNOPSIS | |
12 | ||
13 | #include <openssl/evp.h> | |
14 | ||
15 | typedef struct evp_mac_st EVP_MAC; | |
16 | typedef struct evp_mac_ctx_st EVP_MAC_CTX; | |
17 | ||
18 | EVP_MAC_CTX *EVP_MAC_CTX_new(const EVP_MAC *mac); | |
19 | EVP_MAC_CTX *EVP_MAC_CTX_new_id(int nid); | |
20 | void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); | |
21 | int EVP_MAC_CTX_copy(EVP_MAC_CTX *dest, EVP_MAC_CTX *src); | |
22 | const EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); | |
23 | size_t EVP_MAC_size(EVP_MAC_CTX *ctx); | |
24 | int EVP_MAC_init(EVP_MAC_CTX *ctx); | |
25 | int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); | |
26 | int EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, size_t *poutlen); | |
27 | int EVP_MAC_ctrl(EVP_MAC_CTX *ctx, int cmd, ...); | |
28 | int EVP_MAC_vctrl(EVP_MAC_CTX *ctx, int cmd, va_list args); | |
29 | int EVP_MAC_ctrl_str(EVP_MAC_CTX *ctx, const char *type, const char *value); | |
30 | int EVP_MAC_str2ctrl(EVP_MAC_CTX *ctx, int cmd, const char *value); | |
31 | int EVP_MAC_hex2ctrl(EVP_MAC_CTX *ctx, int cmd, const char *value); | |
32 | int EVP_MAC_nid(const EVP_MAC *mac); | |
33 | const char *EVP_MAC_name(const EVP_MAC *mac); | |
34 | const EVP_MAC *EVP_get_macbyname(const char *name); | |
35 | const EVP_MAC *EVP_get_macbynid(int nid); | |
36 | const EVP_MAC *EVP_get_macbyobj(const ASN1_OBJECT *o); | |
37 | ||
38 | =head1 DESCRIPTION | |
39 | ||
40 | These types and functions help the application to calculate MACs of | |
41 | different types and with different underlying algorithms if there are | |
42 | any. | |
43 | ||
44 | MACs are a bit complex insofar that some of them use other algorithms | |
45 | for actual computation. HMAC uses a digest, and CMAC uses a cipher. | |
46 | Therefore, there are sometimes two contexts to keep track of, one for | |
47 | the MAC algorithm itself and one for the underlying computation | |
48 | algorithm if there is one. | |
49 | ||
50 | To make things less ambiguous, this manual talks about a "context" or | |
51 | "MAC context", which is to denote the MAC level context, and about a | |
52 | "underlying context", or "computation context", which is to denote the | |
53 | context for the underlying computation algorithm if there is one. | |
54 | ||
55 | =head2 Types | |
56 | ||
57 | B<EVP_MAC> is a type that holds the implementation of a MAC. | |
58 | ||
59 | B<EVP_MAC_CTX> is a context type that holds internal MAC information | |
60 | as well as a reference to a computation context, for those MACs that | |
61 | rely on an underlying computation algorithm. | |
62 | ||
63 | =head2 Context manipulation functions | |
64 | ||
65 | EVP_MAC_CTX_new() creates a new context for the MAC type C<mac>. | |
66 | EVP_MAC_CTX_new_id() creates a new context for the numerical MAC | |
67 | identity <nid>. | |
68 | The created context can then be used with most other functions | |
69 | described here. | |
70 | ||
71 | EVP_MAC_CTX_free() frees the contents of the context, including an | |
72 | underlying context if there is one, as well as the context itself. | |
73 | B<NULL> is a valid parameter, for which this function is a no-op. | |
74 | ||
75 | EVP_MAC_CTX_copy() makes a deep copy of the C<src> context to the | |
76 | C<dest> context. | |
77 | The C<dest> context I<must> have been created before calling this | |
78 | function. | |
79 | ||
80 | EVP_MAC_CTX_mac() returns the B<EVP_MAC> associated with the context | |
81 | C<ctx>. | |
82 | ||
83 | =head2 Computing functions | |
84 | ||
85 | EVP_MAC_init() sets up the underlying context with information given | |
86 | through diverse controls. | |
87 | This should be called before calling EVP_MAC_update() and | |
88 | EVP_MAC_final(). | |
89 | ||
90 | EVP_MAC_reset() resets the computation for the given context. | |
91 | This may not be supported by the MAC implementation. | |
92 | ||
93 | EVP_MAC_update() adds C<datalen> bytes from C<data> to the MAC input. | |
94 | ||
95 | EVP_MAC_final() does the final computation and stores the result in | |
96 | the memory pointed at by C<out>, and sets its size in the B<size_t> | |
97 | the C<poutlen> points at. | |
98 | If C<out> is B<NULL>, then no computation is made. | |
99 | To figure out what the output length will be and allocate space for it | |
100 | dynamically, simply call with C<out> being B<NULL> and C<poutlen> | |
101 | pointing at a valid location, then allocate space and make a second | |
102 | call with C<out> pointing at the allocated space. | |
103 | ||
104 | EVP_MAC_ctrl() is used to manipulate or get information on aspects of | |
105 | the MAC which may vary depending on the MAC algorithm or its | |
106 | implementation. | |
107 | This includes the MAC key, and for MACs that use other algorithms to | |
108 | do their computation, this is also the way to tell it which one to | |
109 | use. | |
110 | This functions takes variable arguments, the exact expected arguments | |
111 | depend on C<cmd>. | |
112 | EVP_MAC_ctrl() can be called both before and after EVP_MAC_init(), but | |
113 | the effect will depend on what control is being use. | |
cf1698cb | 114 | See L</CONTROLS> below for a description of standard controls. |
567db2c1 RL |
115 | |
116 | EVP_MAC_vctrl() is the variant of EVP_MAC_ctrl() that takes a | |
117 | C<va_list> argument instead of variadic arguments. | |
118 | ||
119 | EVP_MAC_ctrl_str() is an alternative to EVP_MAC_ctrl() to control the | |
120 | MAC implementation as E<lt> C<type>, C<value> E<gt> pairs. | |
121 | The MAC implementation documentation should specify what control type | |
122 | strings are accepted. | |
123 | ||
124 | EVP_MAC_str2ctrl() and EVP_MAC_hex2ctrl() are helper functions to | |
125 | control the MAC implementation with raw strings or with strings | |
126 | containing hexadecimal numbers. | |
127 | The latter are decoded into bitstrings that are sent on to | |
128 | EVP_MAC_ctrl(). | |
129 | ||
130 | =head2 Information functions | |
131 | ||
132 | EVP_MAC_size() returns the MAC output size for the given context. | |
133 | ||
134 | EVP_MAC_nid() returns the numeric identity of the given MAC implementation. | |
135 | ||
136 | EVP_MAC_name() returns the name of the given MAC implementation. | |
137 | ||
138 | =head2 Object database functions | |
139 | ||
140 | EVP_get_macbyname() fetches a MAC implementation from the object | |
141 | database by name. | |
142 | ||
143 | EVP_get_macbynid() fetches a MAC implementation from the object | |
144 | database by numeric identity. | |
145 | ||
146 | EVP_get_macbyobj() fetches a MAC implementation from the object | |
147 | database by ASN.1 OBJECT (i.e. an encoded OID). | |
148 | ||
149 | =head1 CONTROLS | |
150 | ||
151 | The standard controls are: | |
152 | ||
153 | =over 4 | |
154 | ||
155 | =item B<EVP_MAC_CTRL_SET_KEY> | |
156 | ||
157 | This control expects two arguments: C<unsigned char *key>, C<size_t keylen> | |
158 | ||
159 | These will set the MAC key from the given string of the given length. | |
160 | The string may be any bitstring, and can contain NUL bytes. | |
161 | ||
162 | For MACs that use an underlying computation algorithm, the algorithm | |
163 | I<must> be set first, see B<EVP_MAC_CTRL_SET_ENGINE>, | |
164 | B<EVP_MAC_CTRL_SET_MD> and B<EVP_MAC_CTRL_SET_CIPHER> below. | |
165 | ||
afc580b9 P |
166 | =item B<EVP_MAC_CTRL_SET_IV> |
167 | ||
168 | This control expects two arguments: C<unsigned char *key>, C<size_t keylen> | |
169 | ||
170 | Some MAC implementations require an IV, this control sets the IV. | |
171 | ||
6e624a64 SL |
172 | =item B<EVP_MAC_CTRL_SET_CUSTOM> |
173 | ||
174 | This control expects two arguments: C<unsigned char *key>, C<size_t keylen> | |
175 | ||
176 | Some MAC implementations (KMAC) require an Customization String, | |
177 | this control sets the Customization String. The default value is "". | |
178 | ||
179 | =item B<EVP_MAC_CTRL_SET_XOF> | |
180 | ||
181 | This control expects one argument: C<int xof> | |
182 | ||
183 | This option is used by KMAC. | |
184 | ||
185 | ||
567db2c1 RL |
186 | =item B<EVP_MAC_CTRL_SET_FLAGS> |
187 | ||
6e624a64 | 188 | This control expects one argument: C<unsigned long flags> |
567db2c1 RL |
189 | |
190 | These will set the MAC flags to the given numbers. | |
191 | Some MACs do not support this option. | |
192 | ||
193 | =item B<EVP_MAC_CTRL_SET_ENGINE> | |
194 | ||
195 | =item B<EVP_MAC_CTRL_SET_MD> | |
196 | ||
197 | =item B<EVP_MAC_CTRL_SET_CIPHER> | |
198 | ||
199 | For MAC implementations that use an underlying computation algorithm, | |
200 | these controls set what the algorithm should be, and the engine that | |
201 | implements the algorithm if needed. | |
202 | ||
203 | B<EVP_MAC_CTRL_SET_ENGINE> takes one argument: C<ENGINE *> | |
204 | ||
205 | B<EVP_MAC_CTRL_SET_MD> takes one argument: C<EVP_MD *> | |
206 | ||
207 | B<EVP_MAC_CTRL_SET_CIPHER> takes one argument: C<EVP_CIPHER *> | |
208 | ||
209 | =item B<EVP_MAC_CTRL_SET_SIZE> | |
210 | ||
211 | For MAC implementations that support it, set the output size that | |
212 | EVP_MAC_final() should produce. | |
213 | The allowed sizes vary between MAC implementations. | |
214 | ||
215 | =back | |
216 | ||
217 | All these control should be used before the calls to any of | |
218 | EVP_MAC_init(), EVP_MAC_update() and EVP_MAC_final() for a full | |
219 | computation. | |
220 | Anything else may give undefined results. | |
221 | ||
222 | =head1 NOTES | |
223 | ||
224 | EVP_get_macbynid(), EVP_get_macbyobj() and EVP_MAC_name() are | |
225 | implemented as a macro. | |
226 | ||
227 | =head1 RETURN VALUES | |
228 | ||
229 | EVP_MAC_CTX_new() and EVP_MAC_CTX_new_id() return a pointer to a newly | |
230 | created EVP_MAC_CTX, or NULL if allocation failed. | |
231 | ||
232 | EVP_MAC_CTX_free() returns nothing at all. | |
233 | ||
234 | EVP_MAC_CTX_copy(), EVP_MAC_reset(), EVP_MAC_init(), EVP_MAC_update(), | |
235 | and EVP_MAC_final() return 1 on success, 0 on error. | |
236 | ||
237 | EVP_MAC_ctrl(), EVP_MAC_ctrl_str(), EVP_MAC_str2ctrl() and | |
238 | EVP_MAC_hex2ctrl() return 1 on success and 0 or a negative value on | |
239 | error. | |
240 | In particular, the value -2 indicates that the given control type | |
241 | isn't supported by the MAC implementation. | |
242 | ||
243 | EVP_MAC_size() returns the expected output size, or 0 if it isn't | |
244 | set. | |
245 | If it isn't set, a call to EVP_MAC_init() should get it set. | |
246 | ||
247 | EVP_MAC_nid() returns the numeric identity for the given C<mac>. | |
248 | ||
249 | EVP_MAC_name() returns the name for the given C<mac>, if it has been | |
250 | added to the object database. | |
251 | ||
252 | EVP_add_mac() returns 1 if the given C<mac> was successfully added to | |
253 | the object database, otherwise 0. | |
254 | ||
255 | EVP_get_macbyname(), EVP_get_macbynid() and EVP_get_macbyobj() return | |
256 | the request MAC implementation, if it exists in the object database, | |
257 | otherwise B<NULL>. | |
258 | ||
259 | =head1 EXAMPLE | |
260 | ||
261 | #include <stdlib.h> | |
262 | #include <stdio.h> | |
263 | #include <string.h> | |
264 | #include <stdarg.h> | |
265 | #include <unistd.h> | |
266 | ||
267 | #include <openssl/evp.h> | |
268 | #include <openssl/err.h> | |
269 | ||
270 | int ctrl_ign_unsupported(EVP_MAC_CTX *ctx, int cmd, ...) | |
271 | { | |
272 | va_list args; | |
273 | int rv; | |
274 | ||
275 | va_start(args, cmd); | |
276 | rv = EVP_MAC_vctrl(ctx, cmd, args); | |
277 | va_end(args); | |
278 | ||
279 | if (rv == -2) | |
280 | rv = 1; /* Ignore unsupported, pretend it worked fine */ | |
281 | ||
282 | return rv; | |
283 | } | |
284 | ||
285 | int main() { | |
286 | const EVP_MAC *mac = | |
287 | EVP_get_macbyname(getenv("MY_MAC")); | |
288 | const EVP_CIPHER *cipher = | |
289 | EVP_get_cipherbyname(getenv("MY_MAC_CIPHER")); | |
290 | const EVP_MD *digest = | |
291 | EVP_get_digestbyname(getenv("MY_MAC_DIGEST")); | |
292 | const char *key = getenv("MY_KEY"); | |
293 | EVP_MAC_CTX *ctx = NULL; | |
294 | ||
295 | unsigned char buf[4096]; | |
296 | ssize_t read_l; | |
297 | size_t final_l; | |
298 | ||
299 | size_t i; | |
300 | ||
301 | if (mac == NULL | |
302 | || key == NULL | |
303 | || (ctx = EVP_MAC_CTX_new(mac)) == NULL | |
304 | || (cipher != NULL | |
305 | && !ctrl_ign_unsupported(ctx, EVP_MAC_CTRL_SET_CIPHER, cipher)) | |
306 | || (digest != NULL | |
307 | && !ctrl_ign_unsupported(ctx, EVP_MAC_CTRL_SET_MD, digest)) | |
308 | || EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_KEY, key, strlen(key)) <= 0) | |
309 | goto err; | |
310 | ||
311 | if (!EVP_MAC_init(ctx)) | |
312 | goto err; | |
313 | ||
314 | while ( (read_l = read(STDIN_FILENO, buf, sizeof(buf))) < 0) { | |
315 | if (!EVP_MAC_update(ctx, buf, read_l)) | |
316 | goto err; | |
317 | } | |
318 | ||
319 | if (!EVP_MAC_final(ctx, buf, &final_l)) | |
320 | goto err; | |
321 | ||
322 | printf("Result: "); | |
323 | for (i = 0; i < final_l; i++) | |
324 | printf("%02X", buf[i]); | |
325 | printf("\n"); | |
326 | ||
327 | EVP_MAC_CTX_free(ctx); | |
328 | exit(0); | |
329 | ||
330 | err: | |
331 | EVP_MAC_CTX_free(ctx); | |
332 | fprintf(stderr, "Something went wrong\n"); | |
333 | ERR_print_errors_fp(stderr); | |
334 | exit (1); | |
335 | } | |
336 | ||
337 | A run of this program, called with correct environment variables, can | |
338 | look like this: | |
339 | ||
340 | $ MY_MAC=cmac MY_KEY=secret0123456789 MY_MAC_CIPHER=aes-128-cbc \ | |
341 | LD_LIBRARY_PATH=. ./foo < foo.c | |
342 | Result: ECCAAFF041B22A2299EB90A1B53B6D45 | |
343 | ||
344 | (in this example, that program was stored in F<foo.c> and compiled to | |
345 | F<./foo>) | |
346 | ||
347 | =head1 SEE ALSO | |
348 | ||
6723f867 | 349 | L<EVP_MAC_CMAC(7)>, |
afc580b9 | 350 | L<EVP_MAC_GMAC(7)>, |
c89d9cda | 351 | L<EVP_MAC_HMAC(7)>, |
6e624a64 | 352 | L<EVP_MAC_KMAC(7)>, |
c1da4b2a PY |
353 | L<EVP_MAC_SIPHASH(7)>, |
354 | L<EVP_MAC_POLY1305(7)> | |
567db2c1 | 355 | |
567db2c1 RL |
356 | =head1 COPYRIGHT |
357 | ||
358 | Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. | |
359 | ||
4746f25a | 360 | Licensed under the Apache License 2.0 (the "License"). You may not use |
567db2c1 RL |
361 | this file except in compliance with the License. You can obtain a copy |
362 | in the file LICENSE in the source distribution or at | |
363 | L<https://www.openssl.org/source/license.html>. | |
364 | ||
365 | =cut |