diff options
author | slontis <shane.lontis@oracle.com> | 2022-12-15 09:57:09 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-12-16 16:36:49 +0100 |
commit | 211c47ca1b1ac129dcee59d383cae44e36532bb9 (patch) | |
tree | 2e785913a515555bb576ec07d1eb30bdefab9a0a /doc/man7 | |
parent | timing_load_creds requires POSIX1.2001 due to rusage (diff) | |
download | openssl-211c47ca1b1ac129dcee59d383cae44e36532bb9.tar.xz openssl-211c47ca1b1ac129dcee59d383cae44e36532bb9.zip |
Add KMAC support to KBKDF.
Now that ACVP test vectors exist, support has been added for this mode.
See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Note that the test vectors used fairly large values for the input key
and the context, so the contraints for these has been increased from
256 to 512 bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19916)
Diffstat (limited to 'doc/man7')
-rw-r--r-- | doc/man7/EVP_KDF-KB.pod | 8 | ||||
-rw-r--r-- | doc/man7/EVP_MAC-KMAC.pod | 3 |
2 files changed, 7 insertions, 4 deletions
diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod index d4b5f7b8d8..1b9342f691 100644 --- a/doc/man7/EVP_KDF-KB.pod +++ b/doc/man7/EVP_KDF-KB.pod @@ -29,7 +29,7 @@ used if unspecified. =item "mac" (B<OSSL_KDF_PARAM_MAC>) <UTF8 string> -The value is either CMAC or HMAC. +The value is either CMAC, HMAC, KMAC128 or KMAC256. =item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string> @@ -68,7 +68,7 @@ The default value of B<32> will be used if unspecified. =back Depending on whether mac is CMAC or HMAC, either digest or cipher is required -(respectively) and the other is unused. +(respectively) and the other is unused. They are unused for KMAC128 and KMAC256. The parameters key, salt, info, and seed correspond to KI, Label, Context, and IV (respectively) in SP800-108. As in that document, salt, info, and seed are @@ -166,9 +166,11 @@ L<EVP_KDF(3)/PARAMETERS> This functionality was added in OpenSSL 3.0. +Support for KMAC was added in OpenSSL 3.1. + =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. Copyright 2019 Red Hat, Inc. Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod index 0197a4b3c1..1065c166db 100644 --- a/doc/man7/EVP_MAC-KMAC.pod +++ b/doc/man7/EVP_MAC-KMAC.pod @@ -41,11 +41,12 @@ EVP_MAC_CTX_get_params(), or with EVP_MAC_CTX_get_block_size(). Sets the MAC key. Setting this parameter is identical to passing a I<key> to L<EVP_MAC_init(3)>. +The length of the key (in bytes) must be in the range 4...512. =item "custom" (B<OSSL_MAC_PARAM_CUSTOM>) <octet string> Sets the custom value. -It is an optional value of at most 256 bytes, and is empty by default. +It is an optional value with a length of at most 512 bytes, and is empty by default. =item "size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer> |