xref: /freebsd/secure/lib/libcrypto/man/man3/OSSL_CRMF_pbmp_new.3 (revision d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf)
Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)

Standard preamble:
========================================================================
..
..
.. Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================

Title "OSSL_CRMF_PBMP_NEW 3"
OSSL_CRMF_PBMP_NEW 3 "2023-08-01" "3.0.10" "OpenSSL"
For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
"NAME"
OSSL_CRMF_pbm_new, OSSL_CRMF_pbmp_new \- functions for producing Password-Based MAC (PBM)
"SYNOPSIS"
Header "SYNOPSIS" .Vb 1 #include <openssl/crmf.h> \& int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, const OSSL_CRMF_PBMPARAMETER *pbmp, const unsigned char *msg, size_t msglen, const unsigned char *sec, size_t seclen, unsigned char **mac, size_t *maclen); \& OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t saltlen, int owfnid, size_t itercnt, int macnid); .Ve
"DESCRIPTION"
Header "DESCRIPTION" \fBOSSL_CRMF_pbm_new() generates a \s-1PBM\s0 (Password-Based \s-1MAC\s0) based on given \s-1PBM\s0 parameters pbmp, message msg, and secret sec, along with the respective lengths msglen and seclen. The optional library context libctx and propq parameters may be used to influence the selection of the \s-1MAC\s0 algorithm referenced in the pbmp; see \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in crypto\|(7) for further information. On success writes the address of the newly allocated \s-1MAC\s0 via the mac reference parameter and writes the length via the \fImaclen reference parameter unless it its \s-1NULL.\s0

\fBOSSL_CRMF_pbmp_new() initializes and returns a new PBMParameter structure with a new random salt of given length saltlen, \s-1OWF\s0 (one-way function) \s-1NID\s0 owfnid, \s-1OWF\s0 iteration count itercnt, and \s-1MAC NID\s0 macnid. The library context libctx parameter may be used to select the provider for the random number generation (\s-1DRBG\s0) and may be \s-1NULL\s0 for the default.

"NOTES"
Header "NOTES" The algorithms for the \s-1OWF\s0 (one-way function) and for the \s-1MAC\s0 (message authentication code) may be any with a \s-1NID\s0 defined in <openssl/objects.h>. As specified by \s-1RFC 4210,\s0 these should include NID_hmac_sha1.

\s-1RFC 4210\s0 recommends that the salt \s-1SHOULD\s0 be at least 8 bytes (64 bits) long, where 16 bytes is common.

The iteration count must be at least 100, as stipulated by \s-1RFC 4211,\s0 and is limited to at most 100000 to avoid DoS through manipulated or otherwise malformed input.

"RETURN VALUES"
Header "RETURN VALUES" \fBOSSL_CRMF_pbm_new() returns 1 on success, 0 on error.

\fBOSSL_CRMF_pbmp_new() returns a new and initialized \s-1OSSL_CRMF_PBMPARAMETER\s0 structure, or \s-1NULL\s0 on error.

"EXAMPLES"
Header "EXAMPLES" .Vb 5 OSSL_CRMF_PBMPARAMETER *pbm = NULL; unsigned char *msg = "Hello"; unsigned char *sec = "SeCrEt"; unsigned char *mac = NULL; size_t maclen; \& if ((pbm = OSSL_CRMF_pbmp_new(16, NID_sha256, 500, NID_hmac_sha1) == NULL)) goto err; if (!OSSL_CRMF_pbm_new(pbm, msg, 5, sec, 6, &mac, &maclen)) goto err; .Ve
"SEE ALSO"
Header "SEE ALSO" \s-1RFC 4211\s0 section 4.4
"HISTORY"
Header "HISTORY" The OpenSSL \s-1CRMF\s0 support was added in OpenSSL 3.0.
"COPYRIGHT"
Header "COPYRIGHT" Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.