xref: /freebsd/crypto/openssl/doc/man3/CMS_get0_RecipientInfos.pod (revision e71b70530d95c4f34d8bdbd78d1242df1ba4a945) 
1*e71b7053SJung-uk Kim=pod
2*e71b7053SJung-uk Kim
3*e71b7053SJung-uk Kim=head1 NAME
4*e71b7053SJung-uk Kim
5*e71b7053SJung-uk KimCMS_get0_RecipientInfos, CMS_RecipientInfo_type,
6*e71b7053SJung-uk KimCMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp,
7*e71b7053SJung-uk KimCMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id,
8*e71b7053SJung-uk KimCMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key,
9*e71b7053SJung-uk KimCMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt
10*e71b7053SJung-uk Kim- CMS envelopedData RecipientInfo routines
11*e71b7053SJung-uk Kim
12*e71b7053SJung-uk Kim=head1 SYNOPSIS
13*e71b7053SJung-uk Kim
14*e71b7053SJung-uk Kim #include <openssl/cms.h>
15*e71b7053SJung-uk Kim
16*e71b7053SJung-uk Kim STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
17*e71b7053SJung-uk Kim int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
18*e71b7053SJung-uk Kim
19*e71b7053SJung-uk Kim int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
20*e71b7053SJung-uk Kim                                           ASN1_OCTET_STRING **keyid,
21*e71b7053SJung-uk Kim                                           X509_NAME **issuer,
22*e71b7053SJung-uk Kim                                           ASN1_INTEGER **sno);
23*e71b7053SJung-uk Kim int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
24*e71b7053SJung-uk Kim int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
25*e71b7053SJung-uk Kim
26*e71b7053SJung-uk Kim int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
27*e71b7053SJung-uk Kim                                     ASN1_OCTET_STRING **pid,
28*e71b7053SJung-uk Kim                                     ASN1_GENERALIZEDTIME **pdate,
29*e71b7053SJung-uk Kim                                     ASN1_OBJECT **potherid,
30*e71b7053SJung-uk Kim                                     ASN1_TYPE **pothertype);
31*e71b7053SJung-uk Kim int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
32*e71b7053SJung-uk Kim                                    const unsigned char *id, size_t idlen);
33*e71b7053SJung-uk Kim int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
34*e71b7053SJung-uk Kim                                unsigned char *key, size_t keylen);
35*e71b7053SJung-uk Kim
36*e71b7053SJung-uk Kim int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
37*e71b7053SJung-uk Kim int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
38*e71b7053SJung-uk Kim
39*e71b7053SJung-uk Kim=head1 DESCRIPTION
40*e71b7053SJung-uk Kim
41*e71b7053SJung-uk KimThe function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo
42*e71b7053SJung-uk Kimstructures associated with a CMS EnvelopedData structure.
43*e71b7053SJung-uk Kim
44*e71b7053SJung-uk KimCMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure B<ri>.
45*e71b7053SJung-uk KimIt will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE,
46*e71b7053SJung-uk KimCMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER.
47*e71b7053SJung-uk Kim
48*e71b7053SJung-uk KimCMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient
49*e71b7053SJung-uk Kimidentifier associated with a specific CMS_RecipientInfo structure B<ri>, which
50*e71b7053SJung-uk Kimmust be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in
51*e71b7053SJung-uk KimB<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>.
52*e71b7053SJung-uk Kim
53*e71b7053SJung-uk KimCMS_RecipientInfo_ktri_cert_cmp() compares the certificate B<cert> against the
54*e71b7053SJung-uk KimCMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_TRANS.
55*e71b7053SJung-uk KimIt returns zero if the comparison is successful and non zero if not.
56*e71b7053SJung-uk Kim
57*e71b7053SJung-uk KimCMS_RecipientInfo_set0_pkey() associates the private key B<pkey> with
58*e71b7053SJung-uk Kimthe CMS_RecipientInfo structure B<ri>, which must be of type
59*e71b7053SJung-uk KimCMS_RECIPINFO_TRANS.
60*e71b7053SJung-uk Kim
61*e71b7053SJung-uk KimCMS_RecipientInfo_kekri_get0_id() retrieves the key information from the
62*e71b7053SJung-uk KimCMS_RecipientInfo structure B<ri> which must be of type CMS_RECIPINFO_KEK.  Any
63*e71b7053SJung-uk Kimof the remaining parameters can be NULL if the application is not interested in
64*e71b7053SJung-uk Kimthe value of a field. Where a field is optional and absent NULL will be written
65*e71b7053SJung-uk Kimto the corresponding parameter. The keyEncryptionAlgorithm field is written to
66*e71b7053SJung-uk KimB<palg>, the B<keyIdentifier> field is written to B<pid>, the B<date> field if
67*e71b7053SJung-uk Kimpresent is written to B<pdate>, if the B<other> field is present the components
68*e71b7053SJung-uk KimB<keyAttrId> and B<keyAttr> are written to parameters B<potherid> and
69*e71b7053SJung-uk KimB<pothertype>.
70*e71b7053SJung-uk Kim
71*e71b7053SJung-uk KimCMS_RecipientInfo_kekri_id_cmp() compares the ID in the B<id> and B<idlen>
72*e71b7053SJung-uk Kimparameters against the B<keyIdentifier> CMS_RecipientInfo structure B<ri>,
73*e71b7053SJung-uk Kimwhich must be of type CMS_RECIPINFO_KEK.  It returns zero if the comparison is
74*e71b7053SJung-uk Kimsuccessful and non zero if not.
75*e71b7053SJung-uk Kim
76*e71b7053SJung-uk KimCMS_RecipientInfo_set0_key() associates the symmetric key B<key> of length
77*e71b7053SJung-uk KimB<keylen> with the CMS_RecipientInfo structure B<ri>, which must be of type
78*e71b7053SJung-uk KimCMS_RECIPINFO_KEK.
79*e71b7053SJung-uk Kim
80*e71b7053SJung-uk KimCMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure
81*e71b7053SJung-uk KimB<ri> in structure B<cms>. A key must have been associated with the structure
82*e71b7053SJung-uk Kimfirst.
83*e71b7053SJung-uk Kim
84*e71b7053SJung-uk KimCMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo structure
85*e71b7053SJung-uk KimB<ri> in structure B<cms>. A key must have been associated with the structure
86*e71b7053SJung-uk Kimfirst and the content encryption key must be available: for example by a
87*e71b7053SJung-uk Kimprevious call to CMS_RecipientInfo_decrypt().
88*e71b7053SJung-uk Kim
89*e71b7053SJung-uk Kim=head1 NOTES
90*e71b7053SJung-uk Kim
91*e71b7053SJung-uk KimThe main purpose of these functions is to enable an application to lookup
92*e71b7053SJung-uk Kimrecipient keys using any appropriate technique when the simpler method
93*e71b7053SJung-uk Kimof CMS_decrypt() is not appropriate.
94*e71b7053SJung-uk Kim
95*e71b7053SJung-uk KimIn typical usage and application will retrieve all CMS_RecipientInfo structures
96*e71b7053SJung-uk Kimusing CMS_get0_RecipientInfos() and check the type of each using
97*e71b7053SJung-uk KimCMS_RecipientInfo_type(). Depending on the type the CMS_RecipientInfo structure
98*e71b7053SJung-uk Kimcan be ignored or its key identifier data retrieved using an appropriate
99*e71b7053SJung-uk Kimfunction. Then if the corresponding secret or private key can be obtained by
100*e71b7053SJung-uk Kimany appropriate means it can then associated with the structure and
101*e71b7053SJung-uk KimCMS_RecipientInfo_decrypt() called. If successful CMS_decrypt() can be called
102*e71b7053SJung-uk Kimwith a NULL key to decrypt the enveloped content.
103*e71b7053SJung-uk Kim
104*e71b7053SJung-uk KimThe CMS_RecipientInfo_encrypt() can be used to add a new recipient to an
105*e71b7053SJung-uk Kimexisting enveloped data structure. Typically an application will first decrypt
106*e71b7053SJung-uk Kiman appropriate CMS_RecipientInfo structure to make the content encrypt key
107*e71b7053SJung-uk Kimavailable, it will then add a new recipient using a function such as
108*e71b7053SJung-uk KimCMS_add1_recipient_cert() and finally encrypt the content encryption key
109*e71b7053SJung-uk Kimusing CMS_RecipientInfo_encrypt().
110*e71b7053SJung-uk Kim
111*e71b7053SJung-uk Kim=head1 RETURN VALUES
112*e71b7053SJung-uk Kim
113*e71b7053SJung-uk KimCMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if
114*e71b7053SJung-uk Kiman error occurs.
115*e71b7053SJung-uk Kim
116*e71b7053SJung-uk KimCMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(),
117*e71b7053SJung-uk KimCMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and
118*e71b7053SJung-uk KimCMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs.
119*e71b7053SJung-uk KimCMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs.
120*e71b7053SJung-uk Kim
121*e71b7053SJung-uk KimCMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0
122*e71b7053SJung-uk Kimfor a successful comparison and non zero otherwise.
123*e71b7053SJung-uk Kim
124*e71b7053SJung-uk KimAny error can be obtained from L<ERR_get_error(3)>.
125*e71b7053SJung-uk Kim
126*e71b7053SJung-uk Kim=head1 SEE ALSO
127*e71b7053SJung-uk Kim
128*e71b7053SJung-uk KimL<ERR_get_error(3)>, L<CMS_decrypt(3)>
129*e71b7053SJung-uk Kim
130*e71b7053SJung-uk Kim=head1 COPYRIGHT
131*e71b7053SJung-uk Kim
132*e71b7053SJung-uk KimCopyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
133*e71b7053SJung-uk Kim
134*e71b7053SJung-uk KimLicensed under the OpenSSL license (the "License").  You may not use
135*e71b7053SJung-uk Kimthis file except in compliance with the License.  You can obtain a copy
136*e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at
137*e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>.
138*e71b7053SJung-uk Kim
139*e71b7053SJung-uk Kim=cut
140