[thirdparty/openssl.git] / doc / man3 / HMAC.pod

=pod

=head1 NAME

HMAC,
HMAC_CTX_new,
HMAC_CTX_reset,
HMAC_CTX_free,
HMAC_Init,
HMAC_Init_ex,
HMAC_Update,
HMAC_Final,
HMAC_CTX_copy,
HMAC_CTX_set_flags,
HMAC_CTX_get_md,
HMAC_size
- HMAC message authentication code

=head1 SYNOPSIS

 #include <openssl/hmac.h>

 unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
                     int key_len, const unsigned char *d, int n,
                     unsigned char *md, unsigned int *md_len);

 HMAC_CTX *HMAC_CTX_new(void);
 int HMAC_CTX_reset(HMAC_CTX *ctx);

 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
                  const EVP_MD *md, ENGINE *impl);
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);

 void HMAC_CTX_free(HMAC_CTX *ctx);

 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);

 size_t HMAC_size(const HMAC_CTX *e);

Deprecated:

 #if OPENSSL_API_COMPAT < 0x10100000L
 int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
               const EVP_MD *md);
 #endif

=head1 DESCRIPTION

HMAC is a MAC (message authentication code), i.e. a keyed hash
function used for message authentication, which is based on a hash
function.

HMAC() computes the message authentication code of the B<n> bytes at
B<d> using the hash function B<evp_md> and the key B<key> which is
B<key_len> bytes long.

It places the result in B<md> (which must have space for the output of
the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
If B<md> is NULL, the digest is placed in a static array.  The size of
the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL
value for B<md>  to use the static array is not thread safe.

B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.

HMAC_CTX_new() creates a new HMAC_CTX in heap memory.

HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
resources, making it suitable for new computations as if it was newly
created with HMAC_CTX_new().

HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
releases any associated resources and finally frees the B<HMAC_CTX>
itself.

The following functions may be used if the message is not completely
stored in memory:

HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
function B<evp_md> and key B<key>. If both are NULL, or if B<key> is NULL
and B<evp_md> is the same as the previous call, then the
existing key is
reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
of an B<HMAC_CTX> in this function.

If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
same as the previous digest used by B<ctx> then an error is returned
because reuse of an existing key with a different digest is not supported.

HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
function B<evp_md> and the key B<key> which is B<key_len> bytes
long. 

HMAC_Update() can be called repeatedly with chunks of the message to
be authenticated (B<len> bytes at B<data>).

HMAC_Final() places the message authentication code in B<md>, which
must have space for the hash function output.

HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.

HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.

HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
supplied HMAC_CTX.

HMAC_size() returns the length in bytes of the underlying hash function output.

=head1 RETURN VALUES

HMAC() returns a pointer to the message authentication code or NULL if
an error occurred.

HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
B<NULL> if an error occurred.

HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
HMAC_CTX_copy() return 1 for success or 0 if an error occurred.

HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
NULL if no EVP_MD has been set.

HMAC_size() returns the length in bytes of the underlying hash function output
or zero on error.

=head1 CONFORMING TO

RFC 2104

=head1 SEE ALSO

L<SHA1(3)>, L<evp(7)>

=head1 HISTORY

HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.

HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.

HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.

HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
OpenSSL before version 1.0.0.

=head1 COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
9dbc41d7 UM	1	=pod
	2
	3	=head1 NAME
	4
827d17f0 MC	5	HMAC,
	6	HMAC_CTX_new,
	7	HMAC_CTX_reset,
	8	HMAC_CTX_free,
	9	HMAC_Init,
	10	HMAC_Init_ex,
	11	HMAC_Update,
	12	HMAC_Final,
	13	HMAC_CTX_copy,
	14	HMAC_CTX_set_flags,
8d2b1819 MC	15	HMAC_CTX_get_md,
8d2b1819 MC	16	HMAC_size
827d17f0	17	- HMAC message authentication code
9dbc41d7 UM	18
	19	=head1 SYNOPSIS
	20
	21	#include <openssl/hmac.h>
	22
	23	unsigned char HMAC(const EVP_MD evp_md, const void *key,
e9b77246 BB	24	int key_len, const unsigned char *d, int n,
e9b77246 BB	25	unsigned char md, unsigned int md_len);
9dbc41d7	26
716854d7 RL	27	HMAC_CTX *HMAC_CTX_new(void);
716854d7 RL	28	int HMAC_CTX_reset(HMAC_CTX *ctx);
ff3fa48f	29
87d52468	30	int HMAC_Init_ex(HMAC_CTX ctx, const void key, int key_len,
e9b77246	31	const EVP_MD md, ENGINE impl);
87d52468 DSH	32	int HMAC_Update(HMAC_CTX ctx, const unsigned char data, int len);
87d52468 DSH	33	int HMAC_Final(HMAC_CTX ctx, unsigned char md, unsigned int *len);
9dbc41d7	34
716854d7	35	void HMAC_CTX_free(HMAC_CTX *ctx);
9dbc41d7	36
827d17f0 MC	37	int HMAC_CTX_copy(HMAC_CTX dctx, HMAC_CTX sctx);
	38	void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
	39	const EVP_MD HMAC_CTX_get_md(const HMAC_CTX ctx);
	40
8d2b1819 MC	41	size_t HMAC_size(const HMAC_CTX *e);
8d2b1819 MC	42
98186eb4 VD	43	Deprecated:
	44
	45	#if OPENSSL_API_COMPAT < 0x10100000L
	46	int HMAC_Init(HMAC_CTX ctx, const void key, int key_len,
	47	const EVP_MD *md);
	48	#endif
	49
9dbc41d7 UM	50	=head1 DESCRIPTION
	51
	52	HMAC is a MAC (message authentication code), i.e. a keyed hash
	53	function used for message authentication, which is based on a hash
	54	function.
	55
	56	HMAC() computes the message authentication code of the B<n> bytes at
	57	B<d> using the hash function B<evp_md> and the key B<key> which is
	58	B<key_len> bytes long.
	59
	60	It places the result in B<md> (which must have space for the output of
	61	the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
	62	If B<md> is NULL, the digest is placed in a static array. The size of
47695810 MC	63	the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL
47695810 MC	64	value for B<md> to use the static array is not thread safe.
9dbc41d7 UM	65
9dbc41d7 UM	66	B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
9dbc41d7	67
716854d7	68	HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
ff3fa48f	69
716854d7 RL	70	HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
	71	resources, making it suitable for new computations as if it was newly
	72	created with HMAC_CTX_new().
	73
	74	HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
	75	releases any associated resources and finally frees the B<HMAC_CTX>
	76	itself.
ff3fa48f	77
9dbc41d7 UM	78	The following functions may be used if the message is not completely
	79	stored in memory:
	80
bd19d1aa	81	HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
b3696a55 RS	82	function B<evp_md> and key B<key>. If both are NULL, or if B<key> is NULL
	83	and B<evp_md> is the same as the previous call, then the
	84	existing key is
bd19d1aa	85	reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
b3696a55	86	of an B<HMAC_CTX> in this function.
bd19d1aa	87
b3696a55	88	If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
bd19d1aa	89	same as the previous digest used by B<ctx> then an error is returned
1a627771	90	because reuse of an existing key with a different digest is not supported.
9dbc41d7	91
b3696a55 RS	92	HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
	93	function B<evp_md> and the key B<key> which is B<key_len> bytes
	94	long.
	95
9dbc41d7 UM	96	HMAC_Update() can be called repeatedly with chunks of the message to
	97	be authenticated (B<len> bytes at B<data>).
	98
	99	HMAC_Final() places the message authentication code in B<md>, which
	100	must have space for the hash function output.
	101
827d17f0 MC	102	HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.
	103
	104	HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
	105	These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.
	106
	107	HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
	108	supplied HMAC_CTX.
	109
8d2b1819 MC	110	HMAC_size() returns the length in bytes of the underlying hash function output.
8d2b1819 MC	111
9dbc41d7 UM	112	=head1 RETURN VALUES
9dbc41d7 UM	113
87d52468 DSH	114	HMAC() returns a pointer to the message authentication code or NULL if
87d52468 DSH	115	an error occurred.
9dbc41d7	116
716854d7 RL	117	HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
	118	B<NULL> if an error occurred.
	119
827d17f0 MC	120	HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
827d17f0 MC	121	HMAC_CTX_copy() return 1 for success or 0 if an error occurred.
87d52468	122
827d17f0 MC	123	HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
827d17f0 MC	124	NULL if no EVP_MD has been set.
9dbc41d7	125
8d2b1819 MC	126	HMAC_size() returns the length in bytes of the underlying hash function output
	127	or zero on error.
	128
9dbc41d7 UM	129	=head1 CONFORMING TO
	130
	131	RFC 2104
	132
	133	=head1 SEE ALSO
	134
b97fdb57	135	L<SHA1(3)>, L<evp(7)>
9dbc41d7 UM	136
	137	=head1 HISTORY
	138
e90fc053	139	HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.
716854d7	140
e90fc053	141	HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.
716854d7	142
e90fc053	143	HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.
9b6c0070	144
87d52468	145	HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
e90fc053	146	OpenSSL before version 1.0.0.
87d52468	147
e2f92610 RS	148	=head1 COPYRIGHT
	149
	150	Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
	151
	152	Licensed under the OpenSSL license (the "License"). You may not use
	153	this file except in compliance with the License. You can obtain a copy
	154	in the file LICENSE in the source distribution or at
	155	L<https://www.openssl.org/source/license.html>.
	156
	157	=cut