1=pod 2 3=head1 NAME 4 5EVP_MAC-HMAC - The HMAC EVP_MAC implementation 6 7=head1 DESCRIPTION 8 9Support for computing HMAC MACs through the B<EVP_MAC> API. 10 11This implementation uses EVP_MD functions to get access to the underlying 12digest. 13 14=head2 Identity 15 16This implementation is identified with this name and properties, to be 17used with EVP_MAC_fetch(): 18 19=over 4 20 21=item "HMAC", "provider=default" or "provider=fips" 22 23=back 24 25=head2 Supported parameters 26 27The general description of these parameters can be found in 28L<EVP_MAC(3)/PARAMETERS>. 29 30The following parameters can be set with EVP_MAC_CTX_set_params(): 31 32=over 4 33 34=item "key" (B<OSSL_MAC_PARAM_KEY>) <octet string> 35 36Sets the MAC key. 37Setting this parameter is identical to passing a I<key> to L<EVP_MAC_init(3)>. 38 39=item "digest" (B<OSSL_MAC_PARAM_DIGEST>) <UTF8 string> 40 41Sets the name of the underlying digest to be used. 42 43=item "properties" (B<OSSL_MAC_PARAM_PROPERTIES>) <UTF8 string> 44 45Sets the properties to be queried when trying to fetch the underlying digest. 46This must be given together with the digest naming parameter ("digest", or 47B<OSSL_MAC_PARAM_DIGEST>) to be considered valid. 48 49=item "digest-noinit" (B<OSSL_MAC_PARAM_DIGEST_NOINIT>) <integer> 50 51A flag to set the MAC digest to not initialise the implementation 52specific data. 53The value 0 or 1 is expected. 54This option is deprecated and will be removed in a future release. 55It may be set but is currently ignored 56 57=item "digest-oneshot" (B<OSSL_MAC_PARAM_DIGEST_ONESHOT>) <integer> 58 59A flag to set the MAC digest to be a one-shot operation. 60The value 0 or 1 is expected. 61This option is deprecated and will be removed in a future release. 62It may be set but is currently ignored. 63 64=item "tls-data-size" (B<OSSL_MAC_PARAM_TLS_DATA_SIZE>) <unsigned integer> 65 66=item "key-check" (B<OSSL_MAC_PARAM_FIPS_KEY_CHECK>) <integer> 67 68See L<provider-mac(7)/Mac Parameters>. 69 70=back 71 72=for comment The "flags" parameter is passed directly to HMAC_CTX_set_flags(). 73 74The following parameters can be retrieved with EVP_MAC_CTX_get_params(): 75 76=over 4 77 78=item "size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer> 79 80The "size" parameter can also be retrieved with EVP_MAC_CTX_get_mac_size(). 81The length of the "size" parameter is equal to that of an B<unsigned int>. 82 83=item "block-size" (B<OSSL_MAC_PARAM_BLOCK_SIZE>) <unsigned integer> 84 85Gets the MAC block size. The "block-size" parameter can also be retrieved with 86EVP_MAC_CTX_get_block_size(). 87 88=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer> 89 90See L<provider-mac(7)/Mac Parameters>. 91 92=back 93 94=head1 SEE ALSO 95 96L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>, 97L<EVP_MAC(3)/PARAMETERS>, L<OSSL_PARAM(3)>, L<HMAC(3)> 98 99=head1 COPYRIGHT 100 101Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. 102 103Licensed under the Apache License 2.0 (the "License"). You may not use 104this file except in compliance with the License. You can obtain a copy 105in the file LICENSE in the source distribution or at 106L<https://www.openssl.org/source/license.html>. 107 108=cut 109