x509pkcs12.h File Reference

PKCS #12 bundle parsing and encrypted private-key decryption interface. More...

#include "qsccommon.h"
#include "x509cert.h"
#include "x509key.h"

Go to the source code of this file.

Data Structures
struct	qsc_x509_pkcs12_bundle_t

Macros
#define	QSC_X509_PKCS12_MAX_CERTIFICATES   16U
	The maximum number of certificates retained in a parsed PKCS #12 bundle.
#define	QSC_X509_PKCS12_DER_MAX   16384U
	The maximum supported DER size for PKCS #12 processing buffers.
#define	QSC_X509_PKCS12_USE_AES
	Select AES as the default PKCS #12 content-encryption backend.

Typedefs
typedef struct qsc_x509_pkcs12_bundle_t	qsc_x509_pkcs12_bundle

Functions
QSC_EXPORT_API void	qsc_x509_pkcs12_initialize (qsc_x509_pkcs12_bundle *bundle)
	Initialize a PKCS #12 bundle container.
QSC_EXPORT_API bool	qsc_x509_pkcs12_parse (const uint8_t *data, size_t datalen, const char *password, qsc_x509_pkcs12_bundle *bundle)
	Parse a PKCS #12 bundle from DER.
QSC_EXPORT_API bool	qsc_x509_pkcs12_decrypt_encrypted_private_key_info (const uint8_t *data, size_t datalen, const char *password, uint8_t *privatekeyinfo, size_t privatekeyinfocapacity, size_t *privatekeyinfolen)
	Decrypt an EncryptedPrivateKeyInfo object.

Detailed Description

PKCS #12 bundle parsing and encrypted private-key decryption interface.

This header defines constants, container types, and helper functions used to parse PKCS #12 bundles carrying a private key and associated certificate chain material. The interface exposes a compact bundle object that stores an optional decoded private key together with a bounded certificate collection.

The public API supports bundle initialization, top-level PKCS #12 parsing, and direct decryption of an EncryptedPrivateKeyInfo object using a supplied password. The parser currently accepts a version 3 PFX container carrying a PKCS #7 data AuthSafe, validates the outer MAC using HMAC-SHA-256, and extracts certificate bags, PKCS #8 key bags, and shrouded key bags. Cipher selection for private-key decryption is controlled by the supporting PKCS #12 crypto implementation and associated compile-time feature macros.

Macro Definition Documentation

QSC_X509_PKCS12_USE_AES

#define QSC_X509_PKCS12_USE_AES

Select AES as the default PKCS #12 content-encryption backend.

This macro is defined automatically when no alternative PKCS #12 encryption backend has been selected at compile time.

Function Documentation

qsc_x509_pkcs12_decrypt_encrypted_private_key_info()

QSC_EXPORT_API bool qsc_x509_pkcs12_decrypt_encrypted_private_key_info	(	const uint8_t *	data,
		size_t	datalen,
		const char *	password,
		uint8_t *	privatekeyinfo,
		size_t	privatekeyinfocapacity,
		size_t *	privatekeyinfolen )

Decrypt an EncryptedPrivateKeyInfo object.

Decrypts a DER encoded EncryptedPrivateKeyInfo structure using the supplied password and writes the recovered PrivateKeyInfo bytes to the caller-supplied output buffer.

Parameters

data	[const] The DER encoded EncryptedPrivateKeyInfo input buffer.
datalen	The length of the input buffer in bytes.
password	[const] The password used to decrypt the private key object.
privatekeyinfo	The destination buffer receiving the decrypted PrivateKeyInfo bytes.
privatekeyinfocapacity	The capacity of the destination buffer in bytes.
privatekeyinfolen	The number of bytes written to the destination buffer.

Returns

Returns true if decryption completed successfully; otherwise returns false.

qsc_x509_pkcs12_initialize()

QSC_EXPORT_API void qsc_x509_pkcs12_initialize

(

qsc_x509_pkcs12_bundle *

bundle

)

Initialize a PKCS #12 bundle container.

Resets the bundle object to a clean default state before parsing or reuse.

Parameters

bundle

[struct] The PKCS #12 bundle container to initialize.

Returns

[void] This function does not return a value.

qsc_x509_pkcs12_parse()

QSC_EXPORT_API bool qsc_x509_pkcs12_parse	(	const uint8_t *	data,
		size_t	datalen,
		const char *	password,
		qsc_x509_pkcs12_bundle *	bundle )

Parse a PKCS #12 bundle from DER.

Decodes a PKCS #12 container, validates the outer MAC, applies password-based decryption where required, extracts the private key when present, and loads any decoded certificates into the destination bundle object. The destination bundle is reinitialized before parsing begins.

Parameters

data	[const] The DER encoded PKCS #12 input buffer.
datalen	The length of the input buffer in bytes.
password	[const] The password used to decrypt protected contents.
bundle	[struct] The destination parsed PKCS #12 bundle object.

Returns

Returns true if parsing completed successfully; otherwise returns false.