QSC Post Quantum Cryptographic Library 1.3.0.0 (C1)
A post quantum secure library written in Ansi C
Loading...
Searching...
No Matches
tlsextensions.h
Go to the documentation of this file.
1/* 2020-2026 Quantum Resistant Cryptographic Solutions Corporation
2 * All Rights Reserved.
3 *
4 * NOTICE:
5 * This software and all accompanying materials are the exclusive property of
6 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual
7 * and technical concepts contained herein are proprietary to QRCS and are
8 * protected under applicable Canadian, U.S., and international copyright,
9 * patent, and trade secret laws.
10 *
11 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:
12 * - This software includes implementations of cryptographic primitives and
13 * algorithms that are standardized or in the public domain, such as AES
14 * and SHA-3, which are not proprietary to QRCS.
15 * - This software also includes cryptographic primitives, constructions, and
16 * algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and
17 * related components, which are proprietary to QRCS.
18 * - All source code, implementations, protocol compositions, optimizations,
19 * parameter selections, and engineering work contained in this software are
20 * original works of QRCS and are protected under this license.
21 *
22 * LICENSE AND USE RESTRICTIONS:
23 * - This software is licensed under the Quantum Resistant Cryptographic Solutions
24 * Public Research and Evaluation License (QRCS-PREL), 2025-2026.
25 * - Permission is granted solely for non-commercial evaluation, academic research,
26 * cryptographic analysis, interoperability testing, and feasibility assessment.
27 * - Commercial use, production deployment, commercial redistribution, or
28 * integration into products or services is strictly prohibited without a
29 * separate written license agreement executed with QRCS.
30 * - Licensing and authorized distribution are solely at the discretion of QRCS.
31 *
32 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:
33 * Portions of this software may include experimental, novel, or evolving
34 * cryptographic designs. Use of this software is entirely at the user's risk.
35 *
36 * DISCLAIMER:
37 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
38 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS
39 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL
40 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
41 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.
42 *
43 * FULL LICENSE:
44 * This software is subject to the Quantum Resistant Cryptographic Solutions
45 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms
46 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.
47 *
48 * Written by: John G. Underhill
49 * Contact: contact@qrcscorp.ca
50 */
51
52#ifndef QSC_TLS_EXTENSIONS_H
53#define QSC_TLS_EXTENSIONS_H
54
55#include "qsccommon.h"
56#include "tlserrors.h"
57#include "tlstypes.h"
58#include "tlslimits.h"
59#include "tlsstate.h"
60
61QSC_CPLUSPLUS_ENABLED_START
62
82
94 typedef struct qsc_tls_extension_bitmap
95{
96 uint64_t lowmask;
97 uint64_t highmask;
98 uint64_t psk_ke_mask;
99 uint64_t tailmask;
100} qsc_tls_extension_bitmap;
101
118
128QSC_EXPORT_API void qsc_tls_extensions_bitmap_initialize(qsc_tls_extension_bitmap* bitmap);
129
145QSC_EXPORT_API bool qsc_tls_extensions_bitmap_set(qsc_tls_extension_bitmap* bitmap, uint16_t extensiontype);
146
160QSC_EXPORT_API bool qsc_tls_extensions_is_permitted(qsc_tls_handshake_type message, qsc_tls_extension_type extensiontype);
161
174QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_supported_versions_client(uint8_t* output, size_t outlen, size_t* offset);
175
188QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_supported_versions_server(uint8_t* output, size_t outlen, size_t* offset);
189
204QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_supported_groups(uint8_t* output, size_t outlen, size_t* offset,
205 const qsc_tls_named_group* groups, size_t groupcount);
206
221QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_signature_algorithms(uint8_t* output, size_t outlen, size_t* offset,
222 const qsc_tls_signature_scheme* schemes, size_t schemecount);
223
238QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_signature_algorithms_cert(uint8_t* output, size_t outlen, size_t* offset,
239 const qsc_tls_signature_scheme* schemes, size_t schemecount);
240
256QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_key_share_client(uint8_t* output, size_t outlen, size_t* offset,
257 qsc_tls_named_group group, const uint8_t* publicshare, size_t publicsharelen);
258
274QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_key_share_server(uint8_t* output, size_t outlen, size_t* offset,
275 qsc_tls_named_group group, const uint8_t* publicshare, size_t publicsharelen);
276
290QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_key_share_hello_retry(uint8_t* output, size_t outlen, size_t* offset, qsc_tls_named_group group);
291
305QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_server_name(uint8_t* output, size_t outlen, size_t* offset, const char* hostname);
306
320QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_alpn(uint8_t* output, size_t outlen, size_t* offset, const qsc_tls_alpn_protocols* alpn);
321
334QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_alpn(const uint8_t* input, size_t inplen, qsc_tls_alpn_protocols* alpn);
335
350QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_select_alpn(const qsc_tls_alpn_protocols* clientalpn, const qsc_tls_alpn_protocols* serveralpn,
351 uint8_t* selected, size_t selectedcap, size_t* selectedlen);
352
367QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_psk_key_exchange_modes(uint8_t* output, size_t outlen, size_t* offset,
368 const uint8_t* modes, size_t modecount);
369
382QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_early_data_empty(uint8_t* output, size_t outlen, size_t* offset);
383
397QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_early_data_max(uint8_t* output, size_t outlen, size_t* offset, uint32_t maxearlydatasize);
398
411QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_early_data_max(const uint8_t* input, size_t inplen, uint32_t* maxearlydatasize);
412
432QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_pre_shared_key_offer(uint8_t* output, size_t outlen, size_t* offset,
433 const qsc_tls_psk_identity_view* identities, size_t identitycount, size_t binderlen, size_t* binderoffset);
434
448QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_pre_shared_key_server(uint8_t* output, size_t outlen, size_t* offset, uint16_t selidentity);
449
469QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_pre_shared_key_offer(const uint8_t* input, size_t inplen, qsc_tls_psk_identity_view* identities,
470 const uint8_t** binders, size_t* binderlens, size_t capacity, size_t* count, size_t* binderblockoffset);
471
484QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_pre_shared_key_server(const uint8_t* input, size_t inplen, uint16_t* selidentity);
485
498QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_supported_versions_client(const uint8_t* input, size_t inplen, bool* acceptstls13);
499
512QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_supported_versions_server(const uint8_t* input, size_t inplen, uint16_t* selectedversion);
513
528QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_supported_groups(const uint8_t* input, size_t inplen, qsc_tls_named_group* groups,
529 size_t groupcapacity, size_t* groupcount);
530
546QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_signature_algorithms(const uint8_t* input, size_t inplen, qsc_tls_signature_scheme* schemes,
547 size_t schemecapacity, size_t* schemecount);
548
565QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_key_share_client_hello(const uint8_t* input, size_t inplen, qsc_tls_named_group* groups,
566 const uint8_t** shares, size_t* sharelens, size_t capacity, size_t* count);
567
583QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_key_share_server_hello(const uint8_t* input, size_t inplen, qsc_tls_named_group* selectedgroup,
584 const uint8_t** share, size_t* sharelen);
585
598QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_key_share_hello_retry(const uint8_t* input, size_t inplen, qsc_tls_named_group* requestedgroup);
599
613QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_server_name(const uint8_t* input, size_t inplen, const char** hostname, size_t* hostnamelen);
614
630QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_select_cipher_suite(const uint8_t* clientsuites, size_t clientsuiteslen, const qsc_tls_cipher_suite* serverpreference,
631 size_t serverpreferencecount, qsc_tls_cipher_suite* selected);
632
647QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_select_key_share(const qsc_tls_named_group* groups, size_t groupcount, const qsc_tls_named_group* serverpreference,
648 size_t serverpreferencecount, qsc_tls_named_group* selected);
649
650QSC_CPLUSPLUS_ENABLED_END
651
652#endif
qsccommon.h
Contains common definitions for the Quantum Secure Cryptographic (QSC) library.
QSC_EXPORT_API
#define QSC_EXPORT_API
API export macro for Microsoft compilers when importing from a DLL.
Definition qsccommon.h:645
qsc_tls_alpn_protocols
Stores a bounded ordered ALPN protocol list and its negotiation policy.
Definition tlsstate.h:102
qsc_tls_extension_bitmap
Tracks extension types observed while parsing one TLS handshake message.
Definition tlsextensions.h:95
qsc_tls_extension_bitmap::highmask
uint64_t highmask
Definition tlsextensions.h:97
qsc_tls_extension_bitmap::psk_ke_mask
uint64_t psk_ke_mask
Definition tlsextensions.h:98
qsc_tls_extension_bitmap::lowmask
uint64_t lowmask
Definition tlsextensions.h:96
qsc_tls_extension_bitmap::tailmask
uint64_t tailmask
Definition tlsextensions.h:99
qsc_tls_psk_identity_view
Non-owning view of a TLS pre-shared-key identity.
Definition tlsextensions.h:113
qsc_tls_psk_identity_view::identitylen
size_t identitylen
Definition tlsextensions.h:115
qsc_tls_psk_identity_view::identity
const uint8_t * identity
Definition tlsextensions.h:114
qsc_tls_psk_identity_view::obfuscatedticketage
uint32_t obfuscatedticketage
Definition tlsextensions.h:116
tlserrors.h
TLS status code definitions and diagnostic string conversion.
qsc_tls_status
qsc_tls_status
Definition tlserrors.h:65
qsc_tls_extensions_encode_key_share_server
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_key_share_server(uint8_t *output, size_t outlen, size_t *offset, qsc_tls_named_group group, const uint8_t *publicshare, size_t publicsharelen)
Encode the ServerHello key_share extension.
Definition tlsextensions.c:384
qsc_tls_extensions_encode_supported_versions_client
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_supported_versions_client(uint8_t *output, size_t outlen, size_t *offset)
Encode the ClientHello supported_versions extension.
Definition tlsextensions.c:145
qsc_tls_extensions_decode_key_share_client_hello
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_key_share_client_hello(const uint8_t *input, size_t inplen, qsc_tls_named_group *groups, const uint8_t **shares, size_t *sharelens, size_t capacity, size_t *count)
Decode a ClientHello key_share extension body.
Definition tlsextensions.c:903
qsc_tls_extensions_encode_early_data_empty
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_early_data_empty(uint8_t *output, size_t outlen, size_t *offset)
Encode an empty early_data extension.
Definition tlsextensions.c:1168
qsc_tls_extensions_encode_supported_groups
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_supported_groups(uint8_t *output, size_t outlen, size_t *offset, const qsc_tls_named_group *groups, size_t groupcount)
Encode the supported_groups extension.
Definition tlsextensions.c:213
qsc_tls_extensions_decode_pre_shared_key_server
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_pre_shared_key_server(const uint8_t *input, size_t inplen, uint16_t *selidentity)
Decode a ServerHello pre_shared_key extension body.
Definition tlsextensions.c:1470
qsc_tls_extensions_encode_pre_shared_key_server
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_pre_shared_key_server(uint8_t *output, size_t outlen, size_t *offset, uint16_t selidentity)
Encode a ServerHello pre_shared_key extension.
Definition tlsextensions.c:1329
qsc_tls_extensions_encode_key_share_client
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_key_share_client(uint8_t *output, size_t outlen, size_t *offset, qsc_tls_named_group group, const uint8_t *publicshare, size_t publicsharelen)
Encode the ClientHello key_share extension.
Definition tlsextensions.c:338
qsc_tls_extensions_encode_server_name
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_server_name(uint8_t *output, size_t outlen, size_t *offset, const char *hostname)
Encode the server_name extension.
Definition tlsextensions.c:446
qsc_tls_extensions_decode_early_data_max
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_early_data_max(const uint8_t *input, size_t inplen, uint32_t *maxearlydatasize)
Decode an early_data maximum-size extension body.
Definition tlsextensions.c:1219
qsc_tls_extensions_encode_supported_versions_server
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_supported_versions_server(uint8_t *output, size_t outlen, size_t *offset)
Encode the ServerHello supported_versions extension.
Definition tlsextensions.c:185
qsc_tls_extensions_is_permitted
QSC_EXPORT_API bool qsc_tls_extensions_is_permitted(qsc_tls_handshake_type message, qsc_tls_extension_type extensiontype)
Test whether an extension is permitted in a handshake message.
Definition tlsextensions.c:80
qsc_tls_extensions_encode_pre_shared_key_offer
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_pre_shared_key_offer(uint8_t *output, size_t outlen, size_t *offset, const qsc_tls_psk_identity_view *identities, size_t identitycount, size_t binderlen, size_t *binderoffset)
Encode a ClientHello pre_shared_key extension.
Definition tlsextensions.c:1245
qsc_tls_extensions_encode_key_share_hello_retry
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_key_share_hello_retry(uint8_t *output, size_t outlen, size_t *offset, qsc_tls_named_group group)
Encode the HelloRetryRequest key_share extension.
Definition tlsextensions.c:418
qsc_tls_extensions_encode_psk_key_exchange_modes
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_psk_key_exchange_modes(uint8_t *output, size_t outlen, size_t *offset, const uint8_t *modes, size_t modecount)
Encode the psk_key_exchange_modes extension.
Definition tlsextensions.c:685
qsc_tls_extensions_bitmap_initialize
QSC_EXPORT_API void qsc_tls_extensions_bitmap_initialize(qsc_tls_extension_bitmap *bitmap)
Reset a TLS extension appearance bitmap.
Definition tlsextensions.c:27
qsc_tls_extensions_encode_early_data_max
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_early_data_max(uint8_t *output, size_t outlen, size_t *offset, uint32_t maxearlydatasize)
Encode an early_data maximum-size extension.
Definition tlsextensions.c:1191
qsc_tls_extensions_decode_alpn
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_alpn(const uint8_t *input, size_t inplen, qsc_tls_alpn_protocols *alpn)
Decode the application_layer_protocol_negotiation extension body.
Definition tlsextensions.c:566
qsc_tls_extensions_decode_supported_versions_server
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_supported_versions_server(const uint8_t *input, size_t inplen, uint16_t *selectedversion)
Decode a ServerHello supported_versions extension body.
Definition tlsextensions.c:773
qsc_tls_extensions_encode_signature_algorithms_cert
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_signature_algorithms_cert(uint8_t *output, size_t outlen, size_t *offset, const qsc_tls_signature_scheme *schemes, size_t schemecount)
Encode the signature_algorithms_cert extension.
Definition tlsextensions.c:296
qsc_tls_extensions_encode_signature_algorithms
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_signature_algorithms(uint8_t *output, size_t outlen, size_t *offset, const qsc_tls_signature_scheme *schemes, size_t schemecount)
Encode the signature_algorithms extension.
Definition tlsextensions.c:254
qsc_tls_extensions_decode_server_name
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_server_name(const uint8_t *input, size_t inplen, const char **hostname, size_t *hostnamelen)
Decode a server_name extension body.
Definition tlsextensions.c:1038
qsc_tls_extensions_decode_supported_groups
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_supported_groups(const uint8_t *input, size_t inplen, qsc_tls_named_group *groups, size_t groupcapacity, size_t *groupcount)
Decode a supported_groups extension body.
Definition tlsextensions.c:799
qsc_tls_extensions_decode_pre_shared_key_offer
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_pre_shared_key_offer(const uint8_t *input, size_t inplen, qsc_tls_psk_identity_view *identities, const uint8_t **binders, size_t *binderlens, size_t capacity, size_t *count, size_t *binderblockoffset)
Decode a ClientHello pre_shared_key extension body.
Definition tlsextensions.c:1357
qsc_tls_extensions_decode_supported_versions_client
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_supported_versions_client(const uint8_t *input, size_t inplen, bool *acceptstls13)
Decode a ClientHello supported_versions extension body.
Definition tlsextensions.c:727
qsc_tls_extensions_encode_alpn
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_encode_alpn(uint8_t *output, size_t outlen, size_t *offset, const qsc_tls_alpn_protocols *alpn)
Encode the application_layer_protocol_negotiation extension.
Definition tlsextensions.c:516
qsc_tls_extensions_decode_key_share_hello_retry
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_key_share_hello_retry(const uint8_t *input, size_t inplen, qsc_tls_named_group *requestedgroup)
Decode a HelloRetryRequest key_share extension body.
Definition tlsextensions.c:1006
qsc_tls_extensions_select_cipher_suite
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_select_cipher_suite(const uint8_t *clientsuites, size_t clientsuiteslen, const qsc_tls_cipher_suite *serverpreference, size_t serverpreferencecount, qsc_tls_cipher_suite *selected)
Select a mutually supported cipher suite.
Definition tlsextensions.c:1098
qsc_tls_extensions_select_alpn
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_select_alpn(const qsc_tls_alpn_protocols *clientalpn, const qsc_tls_alpn_protocols *serveralpn, uint8_t *selected, size_t selectedcap, size_t *selectedlen)
Select a mutually supported ALPN protocol.
Definition tlsextensions.c:641
qsc_tls_extensions_bitmap_set
QSC_EXPORT_API bool qsc_tls_extensions_bitmap_set(qsc_tls_extension_bitmap *bitmap, uint16_t extensiontype)
Mark an extension type as present in an appearance bitmap.
Definition tlsextensions.c:37
qsc_tls_extensions_decode_key_share_server_hello
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_key_share_server_hello(const uint8_t *input, size_t inplen, qsc_tls_named_group *selectedgroup, const uint8_t **share, size_t *sharelen)
Decode a ServerHello key_share extension body.
Definition tlsextensions.c:971
qsc_tls_extensions_select_key_share
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_select_key_share(const qsc_tls_named_group *groups, size_t groupcount, const qsc_tls_named_group *serverpreference, size_t serverpreferencecount, qsc_tls_named_group *selected)
Select a mutually supported key-share group.
Definition tlsextensions.c:1141
qsc_tls_extensions_decode_signature_algorithms
QSC_EXPORT_API qsc_tls_status qsc_tls_extensions_decode_signature_algorithms(const uint8_t *input, size_t inplen, qsc_tls_signature_scheme *schemes, size_t schemecapacity, size_t *schemecount)
Decode a signature_algorithms extension body.
Definition tlsextensions.c:851
tlslimits.h
Fixed upper bounds used by the TLS implementation.
tlsstate.h
TLS internal state container type definitions shared across the record and handshake layers.
tlstypes.h
Public TLS type definitions.
qsc_tls_extension_type
qsc_tls_extension_type
TLS extension type identifiers.
Definition tlstypes.h:141
qsc_tls_cipher_suite
qsc_tls_cipher_suite
TLS 1.3 cipher-suite identifiers.
Definition tlstypes.h:129
qsc_tls_named_group
qsc_tls_named_group
TLS named-group identifiers for classical, ML-KEM, and hybrid key exchange groups.
Definition tlstypes.h:159
qsc_tls_handshake_type
qsc_tls_handshake_type
TLS 1.3 handshake message type codes per RFC 8446 section B.3.
Definition tlstypes.h:194
qsc_tls_signature_scheme
qsc_tls_signature_scheme
TLS signature-scheme identifiers.
Definition tlstypes.h:179