xref: /freebsd/crypto/openssl/doc/man3/HMAC.pod (revision 31d62a73c2e6ac0ff413a7a17700ffc7dce254ef) 
1=pod
2
3=head1 NAME
4
5HMAC,
6HMAC_CTX_new,
7HMAC_CTX_reset,
8HMAC_CTX_free,
9HMAC_Init,
10HMAC_Init_ex,
11HMAC_Update,
12HMAC_Final,
13HMAC_CTX_copy,
14HMAC_CTX_set_flags,
15HMAC_CTX_get_md,
16HMAC_size
17- HMAC message authentication code
18
19=head1 SYNOPSIS
20
21 #include <openssl/hmac.h>
22
23 unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
24                     int key_len, const unsigned char *d, int n,
25                     unsigned char *md, unsigned int *md_len);
26
27 HMAC_CTX *HMAC_CTX_new(void);
28 int HMAC_CTX_reset(HMAC_CTX *ctx);
29
30 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
31                  const EVP_MD *md, ENGINE *impl);
32 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
33 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
34
35 void HMAC_CTX_free(HMAC_CTX *ctx);
36
37 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
38 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
39 const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
40
41 size_t HMAC_size(const HMAC_CTX *e);
42
43Deprecated:
44
45 #if OPENSSL_API_COMPAT < 0x10100000L
46 int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
47               const EVP_MD *md);
48 #endif
49
50=head1 DESCRIPTION
51
52HMAC is a MAC (message authentication code), i.e. a keyed hash
53function used for message authentication, which is based on a hash
54function.
55
56HMAC() computes the message authentication code of the B<n> bytes at
57B<d> using the hash function B<evp_md> and the key B<key> which is
58B<key_len> bytes long.
59
60It places the result in B<md> (which must have space for the output of
61the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
62If B<md> is NULL, the digest is placed in a static array.  The size of
63the output is placed in B<md_len>, unless it is B<NULL>. Note: passing a NULL
64value for B<md>  to use the static array is not thread safe.
65
66B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
67
68HMAC_CTX_new() creates a new HMAC_CTX in heap memory.
69
70HMAC_CTX_reset() zeroes an existing B<HMAC_CTX> and associated
71resources, making it suitable for new computations as if it was newly
72created with HMAC_CTX_new().
73
74HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
75releases any associated resources and finally frees the B<HMAC_CTX>
76itself.
77
78The following functions may be used if the message is not completely
79stored in memory:
80
81HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use the hash
82function B<evp_md> and key B<key>. If both are NULL, or if B<key> is NULL
83and B<evp_md> is the same as the previous call, then the
84existing key is
85reused. B<ctx> must have been created with HMAC_CTX_new() before the first use
86of an B<HMAC_CTX> in this function.
87
88If HMAC_Init_ex() is called with B<key> NULL and B<evp_md> is not the
89same as the previous digest used by B<ctx> then an error is returned
90because reuse of an existing key with a different digest is not supported.
91
92HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
93function B<evp_md> and the key B<key> which is B<key_len> bytes
94long.
95
96HMAC_Update() can be called repeatedly with chunks of the message to
97be authenticated (B<len> bytes at B<data>).
98
99HMAC_Final() places the message authentication code in B<md>, which
100must have space for the hash function output.
101
102HMAC_CTX_copy() copies all of the internal state from B<sctx> into B<dctx>.
103
104HMAC_CTX_set_flags() applies the specified flags to the internal EVP_MD_CTXs.
105These flags have the same meaning as for L<EVP_MD_CTX_set_flags(3)>.
106
107HMAC_CTX_get_md() returns the EVP_MD that has previously been set for the
108supplied HMAC_CTX.
109
110HMAC_size() returns the length in bytes of the underlying hash function output.
111
112=head1 RETURN VALUES
113
114HMAC() returns a pointer to the message authentication code or NULL if
115an error occurred.
116
117HMAC_CTX_new() returns a pointer to a new B<HMAC_CTX> on success or
118B<NULL> if an error occurred.
119
120HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
121HMAC_CTX_copy() return 1 for success or 0 if an error occurred.
122
123HMAC_CTX_get_md() return the EVP_MD previously set for the supplied HMAC_CTX or
124NULL if no EVP_MD has been set.
125
126HMAC_size() returns the length in bytes of the underlying hash function output
127or zero on error.
128
129=head1 CONFORMING TO
130
131RFC 2104
132
133=head1 SEE ALSO
134
135L<SHA1(3)>, L<evp(7)>
136
137=head1 HISTORY
138
139HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL 1.1.0.
140
141HMAC_CTX_cleanup() existed in OpenSSL before version 1.1.0.
142
143HMAC_CTX_new(), HMAC_CTX_free() and HMAC_CTX_get_md() are new in OpenSSL 1.1.0.
144
145HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in
146OpenSSL before version 1.0.0.
147
148=head1 COPYRIGHT
149
150Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
151
152Licensed under the OpenSSL license (the "License").  You may not use
153this file except in compliance with the License.  You can obtain a copy
154in the file LICENSE in the source distribution or at
155L<https://www.openssl.org/source/license.html>.
156
157=cut
158