1#ifndef QSC_TLS_SERVER_H
2#define QSC_TLS_SERVER_H
14QSC_CPLUSPLUS_ENABLED_START
31 qsc_tls_server_phase_waiting_client_certificate_verify = 5,
32 qsc_tls_server_phase_waiting_client_finished = 6,
33 qsc_tls_server_phase_established = 7,
34 qsc_tls_server_phase_closed = 8,
35 qsc_tls_server_phase_failed = 9,
75 size_t ciphersuitepreferencecount;
77 size_t groupspreferencecount;
79 size_t sigschemepreferencecount;
108 uint8_t clientrandom[32U];
109 uint8_t serverrandom[32U];
111 size_t serverkeysharelen;
113 size_t sharedsecretlen;
126 size_t clientalpncount;
128 size_t selectedalpnlen;
130 bool helloretryrequestsent;
132 bool clientauthenticated;
133 bool changecipherspecreceived;
139 size_t stashedserverfinhashlen;
141 uint8_t legacy_session_id[32U];
142 size_t legacy_session_id_len;
222 const uint8_t* privatekeydata,
size_t privatekeylen);
253 uint8_t* output,
size_t outlen,
size_t* written);
258QSC_CPLUSPLUS_ENABLED_END
Contains common definitions for the Quantum Secure Cryptographic (QSC) library.
#define QSC_EXPORT_API
API export macro for Microsoft compilers when importing from a DLL.
Definition qsccommon.h:645
Stores a bounded ordered ALPN protocol list and its negotiation policy.
Definition tlsstate.h:102
Certificate validation and signature verification callback set.
Definition tlscert.h:148
A non-owning view over a single encoded certificate.
Definition tlscert.h:80
TLS 1.3 key schedule state and derived secret container.
Definition tlskeyschedule.h:129
Stores the configured local certificate chain and CertificateVerify signing configuration.
Definition tlsstate.h:130
Stores the peer-advertised supported groups and signature-scheme capabilities.
Definition tlsstate.h:115
Stores the active TLS traffic keying material and sequence number for one record direction.
Definition tlsstate.h:88
A server certificate identity selectable by SNI.
Definition tlsserver.h:62
bool configured
Definition tlsserver.h:65
char hostname[QSC_TLS_MAX_HOSTNAME_SIZE+1U]
Definition tlsserver.h:63
qsc_tls_local_certificate_config localcert
Definition tlsserver.h:64
Immutable server configuration.
Definition tlsserver.h:73
qsc_tls_certificate_interface clientcertinterface
Definition tlsserver.h:84
qsc_tls_client_authorization_callback clientauthcallback
Definition tlsserver.h:85
bool acceptearlydata
Definition tlsserver.h:93
bool requiresni
Definition tlsserver.h:83
qsc_tls_server_certificate_identity identities[QSC_TLS_MAX_SERVER_IDENTITIES]
Definition tlsserver.h:81
qsc_tls_alpn_protocols alpn
Definition tlsserver.h:88
void * clientauthstate
Definition tlsserver.h:86
size_t identitycount
Definition tlsserver.h:82
qsc_tls_psk_lookup_callback psklookup
Definition tlsserver.h:91
bool requestclientauth
Definition tlsserver.h:89
void * psklookupstate
Definition tlsserver.h:92
bool requireclientauthorization
Definition tlsserver.h:87
bool requireclientauth
Definition tlsserver.h:90
Server handshake state container.
Definition tlsserver.h:101
uint16_t selectedpskidentity
Definition tlsserver.h:135
bool earlydatadone
Definition tlsserver.h:137
bool pskaccepted
Definition tlsserver.h:134
char servername[QSC_TLS_MAX_HOSTNAME_SIZE+1U]
Definition tlsserver.h:120
size_t servernamelen
Definition tlsserver.h:121
bool servernameaccepted
Definition tlsserver.h:123
uint8_t stashedserverfinhash[QSC_TLS_HASH_MAX_SIZE]
Definition tlsserver.h:138
qsc_tls_named_group hrrgroup
Definition tlsserver.h:131
bool earlydataaccepted
Definition tlsserver.h:136
bool servernamereceived
Definition tlsserver.h:122
Stores the active transcript hash context and its selected hash algorithm.
Definition tlsstate.h:72
TLS certificate bridge types and validation callbacks.
bool(* qsc_tls_client_authorization_callback)(const qsc_tls_client_authorization_info *info, void *state)
Authorize a cryptographically valid mTLS client certificate.
Definition tlscert.h:203
#define QSC_TLS_HASH_MAX_SIZE
Defines the maximum supported transcript hash size in bytes.
Definition tlsdefs.h:120
TLS status code definitions and diagnostic string conversion.
qsc_tls_status
Definition tlserrors.h:65
TLS named-group descriptors and key-share helper routines.
TLS 1.3 key schedule, HKDF label derivation, traffic-secret expansion, Finished verification,...
Fixed upper bounds used by the TLS implementation.
#define QSC_TLS_MAX_ALPN_SIZE
Maximum ALPN identifier length in bytes.
Definition tlslimits.h:127
#define QSC_TLS_MAX_SHARED_SECRET_SIZE
Maximum combined shared-secret size across the current classical and hybrid groups.
Definition tlslimits.h:249
#define QSC_TLS_MAX_HOSTNAME_SIZE
Maximum hostname length accepted by the TLS layer.
Definition tlslimits.h:121
#define QSC_TLS_MAX_SERVER_IDENTITIES
Maximum number of SNI-selectable certificate identities stored by a TLS server configuration.
Definition tlslimits.h:139
#define QSC_TLS_MAX_HYBRID_SERVER_KEYSHARE_SIZE
Maximum hybrid server key-share size in bytes.
Definition tlslimits.h:237
#define QSC_TLS_MAX_ALPN_PROTOCOLS
Maximum number of ALPN identifiers stored in a TLS endpoint policy.
Definition tlslimits.h:133
bool(* qsc_tls_psk_lookup_callback)(const uint8_t *identity, size_t identitylen, uint8_t *psk_out, size_t pskcap, size_t *psk_len_out, qsc_tls_cipher_suite *suite_out, uint32_t *max_early_data_out, void *state)
Server-side PSK lookup callback.
Definition tlsserver.h:49
qsc_tls_server_state_phase
Definition tlsserver.h:25
@ qsc_tls_server_phase_sending_flight1
Definition tlsserver.h:29
@ qsc_tls_server_phase_waiting_client_certificate
Definition tlsserver.h:30
@ qsc_tls_server_phase_waiting_client_hello_2
Definition tlsserver.h:28
@ qsc_tls_server_phase_waiting_end_of_early_data
Definition tlsserver.h:36
@ qsc_tls_server_phase_initial
Definition tlsserver.h:26
@ qsc_tls_server_phase_waiting_client_hello
Definition tlsserver.h:27
QSC_EXPORT_API qsc_tls_status qsc_tls_server_config_set_certificate_interface(qsc_tls_server_config *config, const qsc_tls_certificate_interface *iface, bool requestclientauth, bool requireclientauth)
Copy a client-certificate validation interface into a TLS server configuration.
Definition tlsserver.c:266
QSC_EXPORT_API qsc_tls_status qsc_tls_server_config_set_sni_required(qsc_tls_server_config *config, bool required)
Configure whether the server requires a recognized SNI hostname.
Definition tlsserver.c:126
QSC_EXPORT_API qsc_tls_status qsc_tls_server_authorize_client_certificate(qsc_tls_server_state *state, const qsc_tls_certificate_view *chain, size_t chainlength)
Validate and authorize a presented mTLS client certificate chain.
Definition tlsserver.c:186
QSC_EXPORT_API qsc_tls_status qsc_tls_server_process_record(qsc_tls_server_state *state, const uint8_t *input, size_t inlen, size_t *consumed, uint8_t *output, size_t outlen, size_t *written)
Process an inbound record and optionally produce an outbound flight.
Definition tlsserver.c:381
QSC_EXPORT_API qsc_tls_status qsc_tls_server_config_set_client_authorization(qsc_tls_server_config *config, qsc_tls_client_authorization_callback callback, void *state, bool required)
Configure the server-side mTLS application authorization callback.
Definition tlsserver.c:141
QSC_EXPORT_API qsc_tls_status qsc_tls_server_config_add_certificate_identity(qsc_tls_server_config *config, const char *hostname, const qsc_tls_local_certificate_config *localcert)
Add an SNI-selectable certificate identity to a TLS server configuration.
Definition tlsserver.c:89
QSC_EXPORT_API qsc_tls_status qsc_tls_server_config_set_local_certificate(qsc_tls_server_config *config, const qsc_tls_certificate_view *chain, size_t chainlength, qsc_tls_signature_scheme verifyscheme, const uint8_t *privatekeydata, size_t privatekeylen)
Copy a local certificate chain and private signing key into a TLS server configuration.
Definition tlsserver.c:291
TLS internal state container type definitions shared across the record and handshake layers.
TLS 1.3 transcript-hash helpers.
Public TLS type definitions.
qsc_tls_cipher_suite
TLS 1.3 cipher-suite identifiers.
Definition tlstypes.h:129
qsc_tls_named_group
TLS named-group identifiers for classical, ML-KEM, and hybrid key exchange groups.
Definition tlstypes.h:159
qsc_tls_alert_description
TLS alert description codes carried in Alert protocol messages.
Definition tlstypes.h:94
qsc_tls_hash_algorithm
Identifies the transcript and HKDF hash algorithm associated with a TLS cipher suite.
Definition tlstypes.h:69
qsc_tls_signature_scheme
TLS signature-scheme identifiers.
Definition tlstypes.h:179
1.14.0