summaryrefslogtreecommitdiffstats
path: root/doc/man7
diff options
context:
space:
mode:
authorslontis <shane.lontis@oracle.com>2022-12-15 09:57:09 +0100
committerTomas Mraz <tomas@openssl.org>2022-12-16 16:36:49 +0100
commit211c47ca1b1ac129dcee59d383cae44e36532bb9 (patch)
tree2e785913a515555bb576ec07d1eb30bdefab9a0a /doc/man7
parenttiming_load_creds requires POSIX1.2001 due to rusage (diff)
downloadopenssl-211c47ca1b1ac129dcee59d383cae44e36532bb9.tar.xz
openssl-211c47ca1b1ac129dcee59d383cae44e36532bb9.zip
Add KMAC support to KBKDF.
Now that ACVP test vectors exist, support has been added for this mode. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf Note that the test vectors used fairly large values for the input key and the context, so the contraints for these has been increased from 256 to 512 bytes. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19916)
Diffstat (limited to 'doc/man7')
-rw-r--r--doc/man7/EVP_KDF-KB.pod8
-rw-r--r--doc/man7/EVP_MAC-KMAC.pod3
2 files changed, 7 insertions, 4 deletions
diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod
index d4b5f7b8d8..1b9342f691 100644
--- a/doc/man7/EVP_KDF-KB.pod
+++ b/doc/man7/EVP_KDF-KB.pod
@@ -29,7 +29,7 @@ used if unspecified.
=item "mac" (B<OSSL_KDF_PARAM_MAC>) <UTF8 string>
-The value is either CMAC or HMAC.
+The value is either CMAC, HMAC, KMAC128 or KMAC256.
=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
@@ -68,7 +68,7 @@ The default value of B<32> will be used if unspecified.
=back
Depending on whether mac is CMAC or HMAC, either digest or cipher is required
-(respectively) and the other is unused.
+(respectively) and the other is unused. They are unused for KMAC128 and KMAC256.
The parameters key, salt, info, and seed correspond to KI, Label, Context, and
IV (respectively) in SP800-108. As in that document, salt, info, and seed are
@@ -166,9 +166,11 @@ L<EVP_KDF(3)/PARAMETERS>
This functionality was added in OpenSSL 3.0.
+Support for KMAC was added in OpenSSL 3.1.
+
=head1 COPYRIGHT
-Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2019 Red Hat, Inc.
Licensed under the Apache License 2.0 (the "License"). You may not use
diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod
index 0197a4b3c1..1065c166db 100644
--- a/doc/man7/EVP_MAC-KMAC.pod
+++ b/doc/man7/EVP_MAC-KMAC.pod
@@ -41,11 +41,12 @@ EVP_MAC_CTX_get_params(), or with EVP_MAC_CTX_get_block_size().
Sets the MAC key.
Setting this parameter is identical to passing a I<key> to L<EVP_MAC_init(3)>.
+The length of the key (in bytes) must be in the range 4...512.
=item "custom" (B<OSSL_MAC_PARAM_CUSTOM>) <octet string>
Sets the custom value.
-It is an optional value of at most 256 bytes, and is empty by default.
+It is an optional value with a length of at most 512 bytes, and is empty by default.
=item "size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer>