From 8593ff00cc66e330228164ae5422f80ef93ed35d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 1 Mar 2021 18:46:20 +0100 Subject: [PATCH] DOCS: Fix provider-mac.pod and the docs of our implementations The idea being that doc/man7/provider-mac.pod is for provider authors, while provider users find the documentation for each implementation in doc/man7/EVP_MAC-*.pod, the documentation of parameters wasn't quite aligned. This change re-arranges the parameter documentation to be more aligned with this idea. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14380) --- doc/man7/EVP_MAC-BLAKE2.pod | 23 +++++++------ doc/man7/EVP_MAC-CMAC.pod | 12 +++++++ doc/man7/EVP_MAC-GMAC.pod | 16 +++++++++ doc/man7/EVP_MAC-HMAC.pod | 26 +++++++++++--- doc/man7/EVP_MAC-KMAC.pod | 9 +++++ doc/man7/EVP_MAC-Poly1305.pod | 5 +++ doc/man7/EVP_MAC-Siphash.pod | 5 +++ doc/man7/provider-mac.pod | 65 ++++++++++------------------------- 8 files changed, 100 insertions(+), 61 deletions(-) diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod index 51bac880b57..042e2bfaa04 100644 --- a/doc/man7/EVP_MAC-BLAKE2.pod +++ b/doc/man7/EVP_MAC-BLAKE2.pod @@ -36,25 +36,28 @@ The length of the "size" parameter should not exceed that of a B. =item "key" (B) -This may be at most 64 bytes for BLAKE2BMAC or 32 for BLAKE2SMAC and -at least 1 byte in both cases. +Sets the MAC key. +It may be at most 64 bytes for BLAKE2BMAC or 32 for BLAKE2SMAC and at +least 1 byte in both cases. +Setting this parameter is identical to passing a I to L. =item "custom" (B) -This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for -BLAKE2SMAC. -It is empty by default. +Sets the custom value. +It is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC, and is empty by default. =item "salt" (B) -This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for -BLAKE2SMAC. -It is empty by default. +Sets the salt. +It is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC, and is empty by default. =item "size" (B) -When set, this can be any number between between 1 and 32 for -EVP_MAC_BLAKE2S or 64 for EVP_MAC_BLAKE2B. +Sets the MAC size. +It can be any number between 1 and 32 for EVP_MAC_BLAKE2S or between 1 +and 64 for EVP_MAC_BLAKE2B. It is 32 and 64 respectively by default. =back diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod index 4d05919b8f2..3c6af827b9f 100644 --- a/doc/man7/EVP_MAC-CMAC.pod +++ b/doc/man7/EVP_MAC-CMAC.pod @@ -8,6 +8,9 @@ EVP_MAC-CMAC - The CMAC EVP_MAC implementation Support for computing CMAC MACs through the B API. +This implementation uses EVP_CIPHER functions to get access to the underlying +cipher. + =head2 Identity This implementation is identified with this name and properties, to be @@ -30,10 +33,19 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =item "cipher" (B) +Sets the name of the underlying cipher to be used. + =item "properties" (B) +Sets the properties to be queried when trying to fetch the underlying cipher. +This must be given together with the cipher naming parameter to be considered +valid. + =back The following parameters can be retrieved with diff --git a/doc/man7/EVP_MAC-GMAC.pod b/doc/man7/EVP_MAC-GMAC.pod index d662e7d5d2f..a392cf3dfec 100644 --- a/doc/man7/EVP_MAC-GMAC.pod +++ b/doc/man7/EVP_MAC-GMAC.pod @@ -8,6 +8,9 @@ EVP_MAC-GMAC - The GMAC EVP_MAC implementation Support for computing GMAC MACs through the B API. +This implementation uses EVP_CIPHER functions to get access to the underlying +cipher. + =head2 Identity This implementation is identified with this name and properties, to be @@ -30,12 +33,23 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =item "iv" (B) +Sets the IV of the underlying cipher, when applicable. + =item "cipher" (B) +Sets the name of the underlying cipher to be used. + =item "properties" (B) +Sets the properties to be queried when trying to fetch the underlying cipher. +This must be given together with the cipher naming parameter to be considered +valid. + =back The following parameters can be retrieved with @@ -45,6 +59,8 @@ EVP_MAC_CTX_get_params(): =item "size" (B) +Gets the MAC size. + =back The "size" parameter can also be retrieved with EVP_MAC_CTX_get_mac_size(). diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod index fe63b329f95..790f01f094c 100644 --- a/doc/man7/EVP_MAC-HMAC.pod +++ b/doc/man7/EVP_MAC-HMAC.pod @@ -8,6 +8,9 @@ EVP_MAC-HMAC - The HMAC EVP_MAC implementation Support for computing HMAC MACs through the B API. +This implementation uses EVP_MD functions to get access to the underlying +digest. + =head2 Identity This implementation is identified with this name and properties, to be @@ -30,22 +33,37 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =item "digest" (B) +Sets the name of the underlying digest to be used. + +=item "properties" (B) + +Sets the properties to be queried when trying to fetch the underlying digest. +This must be given together with the digest naming parameter ("digest", or +B) to be considered valid. + =item "digest-noinit" (B) +A flag to set the MAC digest to not initialise the implementation +specific data. +The value 0 or 1 is expected. + =item "digest-oneshot" (B) -=item "properties" (B) +A flag to set the MAC digest to be a one-shot operation. +The value 0 or 1 is expected. =item "tls-data-size" (B) =back -The "flags" parameter is passed directly to HMAC_CTX_set_flags(). +=for comment The "flags" parameter is passed directly to HMAC_CTX_set_flags(). -The following parameter can be retrieved with -EVP_MAC_CTX_get_params(): +The following parameter can be retrieved with EVP_MAC_CTX_get_params(): =over 4 diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod index 46fce762744..504622b7d19 100644 --- a/doc/man7/EVP_MAC-KMAC.pod +++ b/doc/man7/EVP_MAC-KMAC.pod @@ -36,10 +36,19 @@ The length of the "size" parameter should not exceed that of a B. =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =item "custom" (B) +Sets the custom value. +It is an optional value of at most 127 bytes, and is empty by default. + =item "size" (B) +Sets the MAC size. +By default, it is 16 for C and 32 for C. + =item "xof" (B) The "xof" parameter value is expected to be 1 or 0. Use 1 to enable XOF mode. diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod index 8a0989ab71f..a7e2f234399 100644 --- a/doc/man7/EVP_MAC-Poly1305.pod +++ b/doc/man7/EVP_MAC-Poly1305.pod @@ -30,6 +30,9 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =back The following parameters can be retrieved with @@ -39,6 +42,8 @@ EVP_MAC_CTX_get_params(): =item "size" (B) +Gets the MAC size. + =back The "size" parameter can also be retrieved with with EVP_MAC_CTX_get_mac_size(). diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod index 2b6f2ae4e40..01849f7c4ad 100644 --- a/doc/man7/EVP_MAC-Siphash.pod +++ b/doc/man7/EVP_MAC-Siphash.pod @@ -34,8 +34,13 @@ The length of the "size" parameter should not exceed that of a B. =item "key" (B) +Sets the MAC key. +Setting this parameter is identical to passing a I to L. + =item "size" (B) +Sets the MAC size. + =item "c-rounds" (B) Specifies the number of rounds per message block. By default this is I<2>. diff --git a/doc/man7/provider-mac.pod b/doc/man7/provider-mac.pod index 47f26ca89b3..8b4ce936133 100644 --- a/doc/man7/provider-mac.pod +++ b/doc/man7/provider-mac.pod @@ -152,9 +152,11 @@ with the provider side context I in its current state if it is not NULL. Otherwise, they return the parameters associated with the provider side algorithm I. +All MAC implementations are expected to handle the following parameters: -Parameters currently recognised by built-in macs are as follows. Not all -parameters are relevant to, or are understood by all macs: +=over 4 + +=item with OSSL_FUNC_set_ctx_params(): =over 4 @@ -163,56 +165,21 @@ parameters are relevant to, or are understood by all macs: Sets the key in the associated MAC ctx. This is identical to passing a I argument to the OSSL_FUNC_mac_init() function. -=item "iv" (B) - -Sets the IV of the underlying cipher, when applicable. - -=item "custom" (B) - -Sets the custom string in the associated MAC ctx. - -=item "salt" (B) - -Sets the salt of the underlying cipher, when applicable. - -=item "xof" (B) - -Sets XOF mode in the associated MAC ctx. -0 means no XOF mode, 1 means XOF mode. - -=item "digest-noinit" (B) - -A simple flag to set the MAC digest to not initialise the -implementation specific data. The value 0 or 1 is expected. - -=item "digest-oneshot" (B) - -A simple flag to set the MAC digest to be a oneshot operation. -The value 0 or 1 is expected. - - -=for comment We need to investigate if this is the right approach - -=item "cipher" (B) - -=item "digest" (B) - -Sets the name of the underlying cipher or digest to be used. -It must name a suitable algorithm for the MAC that's being used. +=back -=item "properties" (B) +=item with OSSL_FUNC_get_params(): -Sets the properties to be queried when trying to fetch the underlying algorithm. -This must be given together with the algorithm naming parameter to be -considered valid. +=over 4 =item "size" (B) -Can be used to get the resulting MAC size. +Can be used to get the default MAC size (which might be the only allowable +MAC size for the implementation). -With some MAC algorithms, it can also be used to set the size that the -resulting MAC should have. -Allowable sizes are decided within each implementation. +Note that some implementations allow setting the size that the resulting MAC +should have as well, see the documentation of the implementation. + +=back =back @@ -231,7 +198,11 @@ array, or NULL if none is offered. =head1 SEE ALSO -L, L +L, +L, L, L, +L, L, L, +L + =head1 HISTORY -- 2.47.3