tlsclient.h

Go to the documentation of this file.

/* 2020-2026 Quantum Resistant Cryptographic Solutions Corporation
 * All Rights Reserved.
 *
 * NOTICE:
 * This software and all accompanying materials are the exclusive property of
 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual
 * and technical concepts contained herein are proprietary to QRCS and are
 * protected under applicable Canadian, U.S., and international copyright,
 * patent, and trade secret laws.
 *
 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:
 * - This software includes implementations of cryptographic primitives and
 *   algorithms that are standardized or in the public domain, such as AES
 *   and SHA-3, which are not proprietary to QRCS.
 * - This software also includes cryptographic primitives, constructions, and
 *   algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and
 *   related components, which are proprietary to QRCS.
 * - All source code, implementations, protocol compositions, optimizations,
 *   parameter selections, and engineering work contained in this software are
 *   original works of QRCS and are protected under this license.
 *
 * LICENSE AND USE RESTRICTIONS:
 * - This software is licensed under the Quantum Resistant Cryptographic Solutions
 *   Public Research and Evaluation License (QRCS-PREL), 2025-2026.
 * - Permission is granted solely for non-commercial evaluation, academic research,
 *   cryptographic analysis, interoperability testing, and feasibility assessment.
 * - Commercial use, production deployment, commercial redistribution, or
 *   integration into products or services is strictly prohibited without a
 *   separate written license agreement executed with QRCS.
 * - Licensing and authorized distribution are solely at the discretion of QRCS.
 *
 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:
 * Portions of this software may include experimental, novel, or evolving
 * cryptographic designs. Use of this software is entirely at the user's risk.
 *
 * DISCLAIMER:
 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS
 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL
 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.
 *
 * FULL LICENSE:
 * This software is subject to the Quantum Resistant Cryptographic Solutions
 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms
 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.
 *
 * Written by: John G. Underhill
 * Contact: contact@qrcscorp.ca
 */
 
#ifndef QSC_TLS_CLIENT_H
#define QSC_TLS_CLIENT_H
 
#include "qsccommon.h"
#include "tlserrors.h"
#include "tlstypes.h"
#include "tlslimits.h"
#include "tlsstate.h"
#include "tlscert.h"
#include "tlsgroups.h"
#include "tlskeyschedule.h"
#include "tlsrecord.h"
#include "tlssession.h"
#include "tlstranscript.h"
 
QSC_CPLUSPLUS_ENABLED_START


typedef enum qsc_tls_client_phase
{
    qsc_tls_client_phase_initial = 0,                          
    qsc_tls_client_phase_waiting_server_hello = 1,            
    qsc_tls_client_phase_waiting_encrypted_extensions = 2,    
    qsc_tls_client_phase_waiting_certificate = 3,             
    qsc_tls_client_phase_waiting_certificate_verify = 4,      
    qsc_tls_client_phase_waiting_finished = 5,                
    qsc_tls_client_phase_established = 6,                     
    qsc_tls_client_phase_closed = 7,                          
    qsc_tls_client_phase_failed = 8                           
} qsc_tls_client_phase;

typedef struct qsc_tls_client_config
{
    const qsc_tls_cipher_suite* ciphersuites;                 
    size_t ciphersuitecount;                                  
    const qsc_tls_named_group* groups;                        
    size_t groupcount;                                        
    const qsc_tls_signature_scheme* sigschemes;               
    size_t sigschemecount;                                    
    const char* hostname;                                     
    qsc_tls_certificate_interface certinterface;              
    qsc_tls_alpn_protocols alpn;                              
    const qsc_tls_session_ticket* offeredticket;              
    bool enableearlydata;                                     
} qsc_tls_client_config;

typedef struct qsc_tls_client_state
{
    qsc_tls_client_config config;                             
    qsc_tls_client_phase phase;                               
    qsc_tls_cipher_suite negotiatedsuite;                     
    qsc_tls_hash_algorithm negotiatedhash;                    
    qsc_tls_named_group negotiatedgroup;                      
    qsc_tls_signature_scheme negotiatedsigscheme;             
    uint8_t clientrandom[32U];                                
    uint8_t serverrandom[32U];                                
    uint8_t clienthello[QSC_TLS_CLIENT_HELLO_BODY_MAX_SIZE + 4U]; 
    uint8_t retryclienthello[QSC_TLS_CLIENT_HELLO_BODY_MAX_SIZE + 4U]; 
    uint8_t helloretryrequest[QSC_TLS_SERVER_HELLO_BODY_MAX_SIZE + 4U]; 
    qsc_tls_transcript_state transcript;                      
    qsc_tls_key_schedule_state keyschedule;                   
    qsc_tls_record_state readrecord;                          
    qsc_tls_record_state writerecord;                         
    qsc_tls_key_exchange_state keyexchange;                   
    qsc_tls_peer_capabilities peercapabilities;               
    qsc_tls_alert_description lastalert;                      
    uint8_t selectedalpn[QSC_TLS_MAX_ALPN_SIZE];              
    uint8_t peercertificate[QSC_TLS_CERTIFICATE_MAX_SIZE];     
    size_t selectedalpnlen;                                   
    size_t peercertificatelen;                                
    size_t clienthellolen;                                    
    size_t retryclienthellolen;                               
    size_t helloretryrequestlen;                              
    bool alpnselected;                                        
    bool serverauthenticated;                                 
    bool changecipherspecreceived;                            
    bool helloretryrequestconsumed;                           
    bool clientrandomgenerated;                               
    bool pskoffered;                                          
    bool pskaccepted;                                         
    bool earlydataoffered;                                    
    bool earlydataaccepted;                                   
} qsc_tls_client_state;


QSC_EXPORT_API qsc_tls_status qsc_tls_client_config_set_certificate_interface(qsc_tls_client_config* config,
    const qsc_tls_certificate_interface* iface, const char* hostname);
 
QSC_EXPORT_API qsc_tls_status qsc_tls_client_initialize(qsc_tls_client_state* state, const qsc_tls_client_config* config);

QSC_EXPORT_API void qsc_tls_client_dispose(qsc_tls_client_state* state);

QSC_EXPORT_API qsc_tls_status qsc_tls_client_send_hello(qsc_tls_client_state* state, uint8_t* output, size_t outlen, size_t* written);

QSC_EXPORT_API qsc_tls_status qsc_tls_client_process_record(qsc_tls_client_state* state, const uint8_t* input, size_t inlen, size_t* consumed, uint8_t* output, size_t outlen, size_t* written);

QSC_EXPORT_API bool qsc_tls_client_is_handshake_complete(const qsc_tls_client_state* state);

QSC_EXPORT_API qsc_tls_cipher_suite qsc_tls_client_get_negotiated_cipher_suite(const qsc_tls_client_state* state);
 
QSC_CPLUSPLUS_ENABLED_END
 
#endif