xref: /openbsd/lib/libcrypto/man/CMAC_Init.3 (revision 9ea232b5) 
1.\" $OpenBSD: CMAC_Init.3,v 1.5 2023/12/25 15:52:18 schwarze Exp $
2.\"
3.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: December 25 2023 $
18.Dt CMAC_INIT 3
19.Os
20.Sh NAME
21.Nm CMAC_CTX_new ,
22.Nm CMAC_Init ,
23.Nm CMAC_Update ,
24.Nm CMAC_Final ,
25.Nm CMAC_resume ,
26.Nm CMAC_CTX_copy ,
27.Nm CMAC_CTX_get0_cipher_ctx ,
28.Nm CMAC_CTX_cleanup ,
29.Nm CMAC_CTX_free
30.Nd Cipher-based message authentication code
31.Sh SYNOPSIS
32.In openssl/cmac.h
33.Ft CMAC_CTX *
34.Fn CMAC_CTX_new void
35.Ft int
36.Fo CMAC_Init
37.Fa "CMAC_CTX *ctx"
38.Fa "const void *key"
39.Fa "size_t key_len"
40.Fa "const EVP_CIPHER *cipher"
41.Fa "ENGINE *engine"
42.Fc
43.Ft int
44.Fo CMAC_Update
45.Fa "CMAC_CTX *ctx"
46.Fa "const void *in_data"
47.Fa "size_t in_len"
48.Fc
49.Ft int
50.Fo CMAC_Final
51.Fa "CMAC_CTX *ctx"
52.Fa "unsigned char *out_mac"
53.Fa "size_t *out_len"
54.Fc
55.Ft int
56.Fn CMAC_resume "CMAC_CTX *ctx"
57.Ft int
58.Fo CMAC_CTX_copy
59.Fa "CMAC_CTX *out_ctx"
60.Fa "CMAC_CTX *in_ctx"
61.Fc
62.Ft EVP_CIPHER_CTX *
63.Fn CMAC_CTX_get0_cipher_ctx "CMAC_CTX *ctx"
64.Ft void
65.Fn CMAC_CTX_cleanup "CMAC_CTX *ctx"
66.Ft void
67.Fn CMAC_CTX_free "CMAC_CTX *ctx"
68.Sh DESCRIPTION
69CMAC is a message authentication code algorithm that can employ an
70arbitrary block cipher using a symmetric key.
71.Pp
72The present manual page describes low-level functions implementing CMAC.
73Instead of using these functions directly,
74application programs normally call
75.Xr EVP_PKEY_CTX_new_id 3
76with an argument of
77.Dv EVP_PKEY_CMAC
78and then pass the resulting
79.Vt EVP_MD_CTX
80object to
81.Xr EVP_DigestInit_ex 3 .
82.Pp
83The CMAC API is object-oriented.
84Calculating a message authentication code requires a
85.Vt CMAC_CTX
86object.
87Usually, the functions
88.Fn CMAC_CTX_new ,
89.Fn CMAC_Init ,
90.Fn CMAC_Update ,
91.Fn CMAC_Final ,
92and
93.Fn CMAC_CTX_free
94need to be called in this order.
95.Pp
96.Fn CMAC_CTX_new
97allocates a new
98.Vt CMAC_CTX
99object, initializes the embedded
100.Vt EVP_CIPHER_CTX
101object, and marks the object itself as uninitialized.
102.Pp
103.Fn CMAC_Init
104selects the given block
105.Fa cipher
106for use by
107.Fa ctx .
108Functions to obtain suitable
109.Vt EVP_CIPHER
110objects are listed in the CIPHER LISTING section of the
111.Xr EVP_Cipher 3
112manual page.
113Unless
114.Fa key
115is
116.Dv NULL ,
117.Fn CMAC_Init
118also initializes
119.Fa ctx
120for use with the given symmetric
121.Fa key
122that is
123.Fa key_len
124bytes long.
125In particular, it calculates and internally stores the two subkeys
126and initializes
127.Fa ctx
128for subsequently feeding in data with
129.Fn CMAC_Update .
130The
131.Fa engine
132argument is ignored; passing
133.Dv NULL
134is recommended.
135.Pp
136If
137.Fa ctx
138is already initialized,
139.Fn CMAC_Init
140can be called again with
141.Fa key
142and
143.Fa cipher
144both set to
145.Dv NULL
146and
147.Fa key_len
148set to 0.
149In that case, any data already processed is discarded and
150.Fa ctx
151is re-initialized to start reading data anew.
152.Pp
153.Fn CMAC_Update
154processes
155.Fa in_len
156bytes of input data pointed to by
157.Fa in_data .
158Depending on the number of input bytes already cached in
159.Fa ctx ,
160on
161.Fa in_len ,
162and on the block size, this may encrypt zero or more blocks.
163Unless
164.Fa in_len
165is zero, this function leaves at least one byte and at most one
166block of input cached but unprocessed inside the
167.Fa ctx
168object.
169.Fn CMAC_Update
170can be called multiple times
171to concatenate several chunks of input data of varying sizes.
172.Pp
173.Fn CMAC_Final
174stores the length of the message authentication code in bytes,
175which equals the cipher block size, into
176.Pf * Fa out_len .
177Unless
178.Fa out_mac
179is
180.Dv NULL ,
181it encrypts the last block, padding it if required, and copies the
182resulting message authentication code to
183.Fa out_mac .
184The caller is responsible for providing a buffer of sufficient size.
185.Pp
186Calling
187.Fn CMAC_resume
188after
189.Fn CMAC_Final
190allows the user to subsequently append additional data with
191.Fn CMAC_Update .
192Otherwise, unless
193.Fn CMAC_Init
194is called to start from scratch,
195.Fn CMAC_Update
196can no longer be used after
197.Fn CMAC_Final .
198.Pp
199.Fn CMAC_CTX_copy
200performs a deep copy of the already initialized
201.Fa in_ctx
202into
203.Fa out_ctx .
204.Pp
205.Fn CMAC_CTX_cleanup
206zeros out both subkeys and all temporary data in
207.Fa ctx
208and in the embedded
209.Vt EVP_CIPHER_CTX
210object, frees all allocated memory associated with it,
211except for
212.Fa ctx
213itself, and marks it as uninitialized,
214such that it can be reused for subsequent
215.Fn CMAC_Init .
216.Pp
217.Fn CMAC_CTX_free
218calls
219.Fn CMAC_CTX_cleanup ,
220then frees
221.Fa ctx
222itself.
223If
224.Fa ctx
225is
226.Dv NULL ,
227no action occurs.
228.Sh RETURN VALUES
229.Fn CMAC_CTX_new
230returns the new context object or
231.Dv NULL
232in case of failure.
233It succeeds unless memory is exhausted.
234.Pp
235.Fn CMAC_Init ,
236.Fn CMAC_Update ,
237.Fn CMAC_Final ,
238.Fn CMAC_resume ,
239and
240.Fn CMAC_CTX_copy
241return 1 on success or 0 on failure.
242.Fn CMAC_Init
243fails if initializing the embedded
244.Vt EVP_CIPHER_CTX
245object fails.
246The others fail if
247.Fa in_ctx
248is uninitialized.
249.Fn CMAC_Update
250and
251.Fn CMAC_Final
252also fail if encrypting a block fails, and
253.Fn CMAC_CTX_copy
254if copying the embedded
255.Vt EVP_CIPHER_CTX
256object fails, which can for example happen when memory is exhausted.
257.Pp
258.Fn CMAC_CTX_get0_cipher_ctx
259returns an internal pointer to the
260.Vt EVP_CIPHER_CTX
261object that is embedded in
262.Fa ctx .
263.Sh ERRORS
264The CMAC code itself does not use the
265.In openssl/err.h
266framework, so in general, the reasons for failure cannot be found out with
267.Xr ERR_get_error 3 .
268However, since the
269.Xr EVP_Cipher 3
270functions are used internally, entries may still get pushed onto
271the error stack in some cases of failure.
272.Sh SEE ALSO
273.Xr EVP_aes_128_cbc 3 ,
274.Xr EVP_Cipher 3 ,
275.Xr EVP_DigestInit 3 ,
276.Xr EVP_PKEY_CTX_new_id 3 ,
277.Xr HMAC 3
278.Sh STANDARDS
279.Rs
280.%A Morris Dworkin
281.%T "Recommendation for Block Cipher Modes of Operation:\
282 The CMAC Mode for Authentication"
283.%I National Institute of Standards and Technology
284.%R NIST Special Publication 800-38B
285.%U https://doi.org/10.6028/NIST.SP.800-38B
286.%C Gaithersburg, Maryland
287.%D May 2005, updated October 6, 2016
288.Re
289.Sh HISTORY
290These functions first appeared in OpenSSL 1.0.1
291and have been available since
292.Ox 5.3 .
293