122 lines
4.8 KiB
HTML
122 lines
4.8 KiB
HTML
|
<?xml version="1.0" ?>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||
|
<head>
|
||
|
<title>EVP_PKEY-HMAC</title>
|
||
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||
|
<link rev="made" href="mailto:" />
|
||
|
</head>
|
||
|
|
||
|
<body>
|
||
|
|
||
|
|
||
|
|
||
|
<ul id="index">
|
||
|
<li><a href="#NAME">NAME</a></li>
|
||
|
<li><a href="#DESCRIPTION">DESCRIPTION</a>
|
||
|
<ul>
|
||
|
<li><a href="#Common-MAC-parameters">Common MAC parameters</a></li>
|
||
|
<li><a href="#CMAC-parameters">CMAC parameters</a></li>
|
||
|
<li><a href="#Common-MAC-key-generation-parameters">Common MAC key generation parameters</a></li>
|
||
|
<li><a href="#CMAC-key-generation-parameters">CMAC key generation parameters</a></li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li><a href="#SEE-ALSO">SEE ALSO</a></li>
|
||
|
<li><a href="#COPYRIGHT">COPYRIGHT</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<h1 id="NAME">NAME</h1>
|
||
|
|
||
|
<p>EVP_PKEY-HMAC, EVP_KEYMGMT-HMAC, EVP_PKEY-Siphash, EVP_KEYMGMT-Siphash, EVP_PKEY-Poly1305, EVP_KEYMGMT-Poly1305, EVP_PKEY-CMAC, EVP_KEYMGMT-CMAC - EVP_PKEY legacy MAC keytypes and algorithm support</p>
|
||
|
|
||
|
<h1 id="DESCRIPTION">DESCRIPTION</h1>
|
||
|
|
||
|
<p>The <b>HMAC</b> and <b>CMAC</b> key types are implemented in OpenSSL's default and FIPS providers. Additionally the <b>Siphash</b> and <b>Poly1305</b> key types are implemented in the default provider. Performing MAC operations via an EVP_PKEY is considered legacy and are only available for backwards compatibility purposes and for a restricted set of algorithms. The preferred way of performing MAC operations is via the EVP_MAC APIs. See <a href="../man3/EVP_MAC_init.html">EVP_MAC_init(3)</a>.</p>
|
||
|
|
||
|
<p>For further details on using EVP_PKEY based MAC keys see <a href="../man7/EVP_SIGNATURE-HMAC.html">EVP_SIGNATURE-HMAC(7)</a>, <a href="../man7/EVP_SIGNATURE-Siphash.html">EVP_SIGNATURE-Siphash(7)</a>, <a href="../man7/EVP_SIGNATURE-Poly1305.html">EVP_SIGNATURE-Poly1305(7)</a> or <a href="../man7/EVP_SIGNATURE-CMAC.html">EVP_SIGNATURE-CMAC(7)</a>.</p>
|
||
|
|
||
|
<h2 id="Common-MAC-parameters">Common MAC parameters</h2>
|
||
|
|
||
|
<p>All the <b>MAC</b> keytypes support the following parameters.</p>
|
||
|
|
||
|
<dl>
|
||
|
|
||
|
<dt id="priv-OSSL_PKEY_PARAM_PRIV_KEY-octet-string">"priv" (<b>OSSL_PKEY_PARAM_PRIV_KEY</b>) <octet string></dt>
|
||
|
<dd>
|
||
|
|
||
|
<p>The MAC key value.</p>
|
||
|
|
||
|
</dd>
|
||
|
<dt id="properties-OSSL_PKEY_PARAM_PROPERTIES-UTF8-string">"properties" (<b>OSSL_PKEY_PARAM_PROPERTIES</b>) <UTF8 string></dt>
|
||
|
<dd>
|
||
|
|
||
|
<p>A property query string to be used when any algorithms are fetched.</p>
|
||
|
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<h2 id="CMAC-parameters">CMAC parameters</h2>
|
||
|
|
||
|
<p>As well as the parameters described above, the <b>CMAC</b> keytype additionally supports the following parameters.</p>
|
||
|
|
||
|
<dl>
|
||
|
|
||
|
<dt id="cipher-OSSL_PKEY_PARAM_CIPHER-UTF8-string">"cipher" (<b>OSSL_PKEY_PARAM_CIPHER</b>) <UTF8 string></dt>
|
||
|
<dd>
|
||
|
|
||
|
<p>The name of a cipher to be used when generating the MAC.</p>
|
||
|
|
||
|
</dd>
|
||
|
<dt id="engine-OSSL_PKEY_PARAM_ENGINE-UTF8-string">"engine" (<b>OSSL_PKEY_PARAM_ENGINE</b>) <UTF8 string></dt>
|
||
|
<dd>
|
||
|
|
||
|
<p>The name of an engine to be used for the specified cipher (if any).</p>
|
||
|
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<h2 id="Common-MAC-key-generation-parameters">Common MAC key generation parameters</h2>
|
||
|
|
||
|
<p>MAC key generation is unusual in that no new key is actually generated. Instead a new provider side key object is created with the supplied raw key value. This is done for backwards compatibility with previous versions of OpenSSL.</p>
|
||
|
|
||
|
<dl>
|
||
|
|
||
|
<dt id="priv-OSSL_PKEY_PARAM_PRIV_KEY-octet-string1">"priv" (<b>OSSL_PKEY_PARAM_PRIV_KEY</b>) <octet string></dt>
|
||
|
<dd>
|
||
|
|
||
|
<p>The MAC key value.</p>
|
||
|
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<h2 id="CMAC-key-generation-parameters">CMAC key generation parameters</h2>
|
||
|
|
||
|
<p>In addition to the common MAC key generation parameters, the CMAC key generation additionally recognises the following.</p>
|
||
|
|
||
|
<dl>
|
||
|
|
||
|
<dt id="cipher-OSSL_PKEY_PARAM_CIPHER-UTF8-string1">"cipher" (<b>OSSL_PKEY_PARAM_CIPHER</b>) <UTF8 string></dt>
|
||
|
<dd>
|
||
|
|
||
|
<p>The name of a cipher to be used when generating the MAC.</p>
|
||
|
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<h1 id="SEE-ALSO">SEE ALSO</h1>
|
||
|
|
||
|
<p><a href="../man3/EVP_KEYMGMT.html">EVP_KEYMGMT(3)</a>, <a href="../man3/EVP_PKEY.html">EVP_PKEY(3)</a>, <a href="../man7/provider-keymgmt.html">provider-keymgmt(7)</a></p>
|
||
|
|
||
|
<h1 id="COPYRIGHT">COPYRIGHT</h1>
|
||
|
|
||
|
<p>Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.</p>
|
||
|
|
||
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
||
|
|
||
|
|
||
|
</body>
|
||
|
|
||
|
</html>
|
||
|
|
||
|
|