113d40330Schristos=pod 213d40330Schristos 313d40330Schristos=head1 NAME 413d40330Schristos 513d40330SchristosCMS_get0_RecipientInfos, CMS_RecipientInfo_type, 613d40330SchristosCMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, 713d40330SchristosCMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, 8*b0d17251SchristosCMS_RecipientInfo_kari_set0_pkey_and_peer, 9*b0d17251SchristosCMS_RecipientInfo_kari_set0_pkey, 1013d40330SchristosCMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, 1113d40330SchristosCMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt 1213d40330Schristos- CMS envelopedData RecipientInfo routines 1313d40330Schristos 1413d40330Schristos=head1 SYNOPSIS 1513d40330Schristos 1613d40330Schristos #include <openssl/cms.h> 1713d40330Schristos 1813d40330Schristos STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); 1913d40330Schristos int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); 2013d40330Schristos 2113d40330Schristos int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, 2213d40330Schristos ASN1_OCTET_STRING **keyid, 2313d40330Schristos X509_NAME **issuer, 2413d40330Schristos ASN1_INTEGER **sno); 2513d40330Schristos int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); 2613d40330Schristos int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); 27*b0d17251Schristos int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, 28*b0d17251Schristos EVP_PKEY *pk, X509 *peer); 29*b0d17251Schristos int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); 3013d40330Schristos int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, 3113d40330Schristos ASN1_OCTET_STRING **pid, 3213d40330Schristos ASN1_GENERALIZEDTIME **pdate, 3313d40330Schristos ASN1_OBJECT **potherid, 3413d40330Schristos ASN1_TYPE **pothertype); 3513d40330Schristos int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 3613d40330Schristos const unsigned char *id, size_t idlen); 3713d40330Schristos int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 3813d40330Schristos unsigned char *key, size_t keylen); 3913d40330Schristos 4013d40330Schristos int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); 4113d40330Schristos int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); 4213d40330Schristos 4313d40330Schristos=head1 DESCRIPTION 4413d40330Schristos 4513d40330SchristosThe function CMS_get0_RecipientInfos() returns all the CMS_RecipientInfo 4613d40330Schristosstructures associated with a CMS EnvelopedData structure. 4713d40330Schristos 4813d40330SchristosCMS_RecipientInfo_type() returns the type of CMS_RecipientInfo structure B<ri>. 4913d40330SchristosIt will currently return CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, 5013d40330SchristosCMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIPINFO_OTHER. 5113d40330Schristos 5213d40330SchristosCMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate recipient 5313d40330Schristosidentifier associated with a specific CMS_RecipientInfo structure B<ri>, which 5413d40330Schristosmust be of type CMS_RECIPINFO_TRANS. Either the keyidentifier will be set in 5513d40330SchristosB<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>. 5613d40330Schristos 5713d40330SchristosCMS_RecipientInfo_ktri_cert_cmp() compares the certificate B<cert> against the 5813d40330SchristosCMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_TRANS. 5913d40330SchristosIt returns zero if the comparison is successful and non zero if not. 6013d40330Schristos 6113d40330SchristosCMS_RecipientInfo_set0_pkey() associates the private key B<pkey> with 6213d40330Schristosthe CMS_RecipientInfo structure B<ri>, which must be of type 6313d40330SchristosCMS_RECIPINFO_TRANS. 6413d40330Schristos 65*b0d17251SchristosCMS_RecipientInfo_kari_set0_pkey_and_peer() associates the private key B<pkey> 66*b0d17251Schristosand peer certificate B<peer> with the CMS_RecipientInfo structure B<ri>, which 67*b0d17251Schristosmust be of type CMS_RECIPINFO_AGREE. 68*b0d17251Schristos 69*b0d17251SchristosCMS_RecipientInfo_kari_set0_pkey() associates the private key B<pkey> with the 70*b0d17251SchristosCMS_RecipientInfo structure B<ri>, which must be of type CMS_RECIPINFO_AGREE. 71*b0d17251Schristos 7213d40330SchristosCMS_RecipientInfo_kekri_get0_id() retrieves the key information from the 7313d40330SchristosCMS_RecipientInfo structure B<ri> which must be of type CMS_RECIPINFO_KEK. Any 7413d40330Schristosof the remaining parameters can be NULL if the application is not interested in 7513d40330Schristosthe value of a field. Where a field is optional and absent NULL will be written 7613d40330Schristosto the corresponding parameter. The keyEncryptionAlgorithm field is written to 7713d40330SchristosB<palg>, the B<keyIdentifier> field is written to B<pid>, the B<date> field if 7813d40330Schristospresent is written to B<pdate>, if the B<other> field is present the components 7913d40330SchristosB<keyAttrId> and B<keyAttr> are written to parameters B<potherid> and 8013d40330SchristosB<pothertype>. 8113d40330Schristos 8213d40330SchristosCMS_RecipientInfo_kekri_id_cmp() compares the ID in the B<id> and B<idlen> 8313d40330Schristosparameters against the B<keyIdentifier> CMS_RecipientInfo structure B<ri>, 8413d40330Schristoswhich must be of type CMS_RECIPINFO_KEK. It returns zero if the comparison is 8513d40330Schristossuccessful and non zero if not. 8613d40330Schristos 8713d40330SchristosCMS_RecipientInfo_set0_key() associates the symmetric key B<key> of length 8813d40330SchristosB<keylen> with the CMS_RecipientInfo structure B<ri>, which must be of type 8913d40330SchristosCMS_RECIPINFO_KEK. 9013d40330Schristos 9113d40330SchristosCMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure 9213d40330SchristosB<ri> in structure B<cms>. A key must have been associated with the structure 9313d40330Schristosfirst. 9413d40330Schristos 9513d40330SchristosCMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo structure 9613d40330SchristosB<ri> in structure B<cms>. A key must have been associated with the structure 9713d40330Schristosfirst and the content encryption key must be available: for example by a 9813d40330Schristosprevious call to CMS_RecipientInfo_decrypt(). 9913d40330Schristos 10013d40330Schristos=head1 NOTES 10113d40330Schristos 10213d40330SchristosThe main purpose of these functions is to enable an application to lookup 10313d40330Schristosrecipient keys using any appropriate technique when the simpler method 10413d40330Schristosof CMS_decrypt() is not appropriate. 10513d40330Schristos 10613d40330SchristosIn typical usage and application will retrieve all CMS_RecipientInfo structures 10713d40330Schristosusing CMS_get0_RecipientInfos() and check the type of each using 10813d40330SchristosCMS_RecipientInfo_type(). Depending on the type the CMS_RecipientInfo structure 10913d40330Schristoscan be ignored or its key identifier data retrieved using an appropriate 11013d40330Schristosfunction. Then if the corresponding secret or private key can be obtained by 11113d40330Schristosany appropriate means it can then associated with the structure and 11213d40330SchristosCMS_RecipientInfo_decrypt() called. If successful CMS_decrypt() can be called 11313d40330Schristoswith a NULL key to decrypt the enveloped content. 11413d40330Schristos 11513d40330SchristosThe CMS_RecipientInfo_encrypt() can be used to add a new recipient to an 11613d40330Schristosexisting enveloped data structure. Typically an application will first decrypt 11713d40330Schristosan appropriate CMS_RecipientInfo structure to make the content encrypt key 11813d40330Schristosavailable, it will then add a new recipient using a function such as 11913d40330SchristosCMS_add1_recipient_cert() and finally encrypt the content encryption key 12013d40330Schristosusing CMS_RecipientInfo_encrypt(). 12113d40330Schristos 12213d40330Schristos=head1 RETURN VALUES 12313d40330Schristos 12413d40330SchristosCMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if 12513d40330Schristosan error occurs. 12613d40330Schristos 12713d40330SchristosCMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(), 12813d40330SchristosCMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and 12913d40330SchristosCMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs. 13013d40330SchristosCMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs. 13113d40330Schristos 13213d40330SchristosCMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0 13313d40330Schristosfor a successful comparison and non zero otherwise. 13413d40330Schristos 13513d40330SchristosAny error can be obtained from L<ERR_get_error(3)>. 13613d40330Schristos 13713d40330Schristos=head1 SEE ALSO 13813d40330Schristos 13913d40330SchristosL<ERR_get_error(3)>, L<CMS_decrypt(3)> 14013d40330Schristos 141*b0d17251Schristos=head1 HISTORY 142*b0d17251Schristos 143*b0d17251SchristosB<CMS_RecipientInfo_kari_set0_pkey_and_peer> and B<CMS_RecipientInfo_kari_set0_pkey> 144*b0d17251Schristoswere added in OpenSSL 3.0. 145*b0d17251Schristos 14613d40330Schristos=head1 COPYRIGHT 14713d40330Schristos 148*b0d17251SchristosCopyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. 14913d40330Schristos 150*b0d17251SchristosLicensed under the Apache License 2.0 (the "License"). You may not use 15113d40330Schristosthis file except in compliance with the License. You can obtain a copy 15213d40330Schristosin the file LICENSE in the source distribution or at 15313d40330SchristosL<https://www.openssl.org/source/license.html>. 15413d40330Schristos 15513d40330Schristos=cut 156