1*b0d17251Schristos=pod 2*b0d17251Schristos 3*b0d17251Schristos=head1 NAME 4*b0d17251Schristos 5*b0d17251SchristosEVP_PKEY-HMAC, EVP_KEYMGMT-HMAC, EVP_PKEY-Siphash, EVP_KEYMGMT-Siphash, 6*b0d17251SchristosEVP_PKEY-Poly1305, EVP_KEYMGMT-Poly1305, EVP_PKEY-CMAC, EVP_KEYMGMT-CMAC 7*b0d17251Schristos- EVP_PKEY legacy MAC keytypes and algorithm support 8*b0d17251Schristos 9*b0d17251Schristos=head1 DESCRIPTION 10*b0d17251Schristos 11*b0d17251SchristosThe B<HMAC> and B<CMAC> key types are implemented in OpenSSL's default and FIPS 12*b0d17251Schristosproviders. Additionally the B<Siphash> and B<Poly1305> key types are implemented 13*b0d17251Schristosin the default provider. Performing MAC operations via an EVP_PKEY 14*b0d17251Schristosis considered legacy and are only available for backwards compatibility purposes 15*b0d17251Schristosand for a restricted set of algorithms. The preferred way of performing MAC 16*b0d17251Schristosoperations is via the EVP_MAC APIs. See L<EVP_MAC_init(3)>. 17*b0d17251Schristos 18*b0d17251SchristosFor further details on using EVP_PKEY based MAC keys see 19*b0d17251SchristosL<EVP_SIGNATURE-HMAC(7)>, L<EVP_SIGNATURE-Siphash(7)>, 20*b0d17251SchristosL<EVP_SIGNATURE-Poly1305(7)> or L<EVP_SIGNATURE-CMAC(7)>. 21*b0d17251Schristos 22*b0d17251Schristos=head2 Common MAC parameters 23*b0d17251Schristos 24*b0d17251SchristosAll the B<MAC> keytypes support the following parameters. 25*b0d17251Schristos 26*b0d17251Schristos=over 4 27*b0d17251Schristos 28*b0d17251Schristos=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string> 29*b0d17251Schristos 30*b0d17251SchristosThe MAC key value. 31*b0d17251Schristos 32*b0d17251Schristos=item "properties" (B<OSSL_PKEY_PARAM_PROPERTIES>) <UTF8 string> 33*b0d17251Schristos 34*b0d17251SchristosA property query string to be used when any algorithms are fetched. 35*b0d17251Schristos 36*b0d17251Schristos=back 37*b0d17251Schristos 38*b0d17251Schristos=head2 CMAC parameters 39*b0d17251Schristos 40*b0d17251SchristosAs well as the parameters described above, the B<CMAC> keytype additionally 41*b0d17251Schristossupports the following parameters. 42*b0d17251Schristos 43*b0d17251Schristos=over 4 44*b0d17251Schristos 45*b0d17251Schristos=item "cipher" (B<OSSL_PKEY_PARAM_CIPHER>) <UTF8 string> 46*b0d17251Schristos 47*b0d17251SchristosThe name of a cipher to be used when generating the MAC. 48*b0d17251Schristos 49*b0d17251Schristos=item "engine" (B<OSSL_PKEY_PARAM_ENGINE>) <UTF8 string> 50*b0d17251Schristos 51*b0d17251SchristosThe name of an engine to be used for the specified cipher (if any). 52*b0d17251Schristos 53*b0d17251Schristos=back 54*b0d17251Schristos 55*b0d17251Schristos=head2 Common MAC key generation parameters 56*b0d17251Schristos 57*b0d17251SchristosMAC key generation is unusual in that no new key is actually generated. Instead 58*b0d17251Schristosa new provider side key object is created with the supplied raw key value. This 59*b0d17251Schristosis done for backwards compatibility with previous versions of OpenSSL. 60*b0d17251Schristos 61*b0d17251Schristos=over 4 62*b0d17251Schristos 63*b0d17251Schristos=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string> 64*b0d17251Schristos 65*b0d17251SchristosThe MAC key value. 66*b0d17251Schristos 67*b0d17251Schristos=back 68*b0d17251Schristos 69*b0d17251Schristos=head2 CMAC key generation parameters 70*b0d17251Schristos 71*b0d17251SchristosIn addition to the common MAC key generation parameters, the CMAC key generation 72*b0d17251Schristosadditionally recognises the following. 73*b0d17251Schristos 74*b0d17251Schristos=over 4 75*b0d17251Schristos 76*b0d17251Schristos=item "cipher" (B<OSSL_PKEY_PARAM_CIPHER>) <UTF8 string> 77*b0d17251Schristos 78*b0d17251SchristosThe name of a cipher to be used when generating the MAC. 79*b0d17251Schristos 80*b0d17251Schristos=back 81*b0d17251Schristos 82*b0d17251Schristos=head1 SEE ALSO 83*b0d17251Schristos 84*b0d17251SchristosL<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)> 85*b0d17251Schristos 86*b0d17251Schristos=head1 COPYRIGHT 87*b0d17251Schristos 88*b0d17251SchristosCopyright 2020 The OpenSSL Project Authors. All Rights Reserved. 89*b0d17251Schristos 90*b0d17251SchristosLicensed under the Apache License 2.0 (the "License"). You may not use 91*b0d17251Schristosthis file except in compliance with the License. You can obtain a copy 92*b0d17251Schristosin the file LICENSE in the source distribution or at 93*b0d17251SchristosL<https://www.openssl.org/source/license.html>. 94*b0d17251Schristos 95*b0d17251Schristos=cut 96