xref: /openssl/doc/man7/EVP_MAC-CMAC.pod (revision 7ed6de99) 
1=pod
2
3=head1 NAME
4
5EVP_MAC-CMAC - The CMAC EVP_MAC implementation
6
7=head1 DESCRIPTION
8
9Support for computing CMAC MACs through the B<EVP_MAC> API.
10
11This implementation uses EVP_CIPHER functions to get access to the underlying
12cipher.
13
14=head2 Identity
15
16This implementation is identified with this name and properties, to be
17used with EVP_MAC_fetch():
18
19=over 4
20
21=item "CMAC", "provider=default" or "provider=fips"
22
23=back
24
25=head2 Supported parameters
26
27The general description of these parameters can be found in
28L<EVP_MAC(3)/PARAMETERS>.
29
30The following parameter can be set with EVP_MAC_CTX_set_params():
31
32=over 4
33
34=item "key" (B<OSSL_MAC_PARAM_KEY>) <octet string>
35
36Sets the MAC key.
37Setting this parameter is identical to passing a I<key> to L<EVP_MAC_init(3)>.
38
39=item "cipher" (B<OSSL_MAC_PARAM_CIPHER>) <UTF8 string>
40
41Sets the name of the underlying cipher to be used. The mode of the cipher
42must be CBC.
43
44=item "properties" (B<OSSL_MAC_PARAM_PROPERTIES>) <UTF8 string>
45
46Sets the properties to be queried when trying to fetch the underlying cipher.
47This must be given together with the cipher naming parameter to be considered
48valid.
49
50=item "encrypt-check" (B<OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK>) <integer>
51
52This option is used by the OpenSSL FIPS provider.
53If required this parameter should be set before EVP_MAC_init()
54
55The default value of 1 causes an error when a unapproved Triple-DES encryption
56operation is triggered.
57Setting this to 0 will ignore the error and set the approved
58"fips-indicator" to 0.
59This option breaks FIPS compliance if it causes the approved "fips-indicator"
60to return 0.
61
62=back
63
64The following parameters can be retrieved with
65EVP_MAC_CTX_get_params():
66
67=over 4
68
69=item "size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer>
70
71The "size" parameter can also be retrieved with with EVP_MAC_CTX_get_mac_size().
72The length of the "size" parameter is equal to that of an B<unsigned int>.
73
74
75=item "block-size" (B<OSSL_MAC_PARAM_BLOCK_SIZE>) <unsigned integer>
76
77Gets the MAC block size.  The "block-size" parameter can also be retrieved with
78EVP_MAC_CTX_get_block_size().
79
80=item "fips-indicator" (B<OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
81
82This option is used by the OpenSSL FIPS provider.
83
84A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
85This may be used after calling EVP_MAC_final().
86It may return 0 if the "encrypt-check" option is set to 0.
87
88=back
89
90=head1 SEE ALSO
91
92L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
93L<EVP_MAC(3)/PARAMETERS>, L<OSSL_PARAM(3)>
94
95=head1 COPYRIGHT
96
97Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
98
99Licensed under the Apache License 2.0 (the "License").  You may not use
100this file except in compliance with the License.  You can obtain a copy
101in the file LICENSE in the source distribution or at
102L<https://www.openssl.org/source/license.html>.
103
104=cut
105