x509certwrite.h

Go to the documentation of this file.

/* 2020-2026 Quantum Resistant Cryptographic Solutions Corporation
 * All Rights Reserved.
 *
 * NOTICE:
 * This software and all accompanying materials are the exclusive property of
 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual
 * and technical concepts contained herein are proprietary to QRCS and are
 * protected under applicable Canadian, U.S., and international copyright,
 * patent, and trade secret laws.
 *
 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:
 * - This software includes implementations of cryptographic primitives and
 *   algorithms that are standardized or in the public domain, such as AES
 *   and SHA-3, which are not proprietary to QRCS.
 * - This software also includes cryptographic primitives, constructions, and
 *   algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and
 *   related components, which are proprietary to QRCS.
 * - All source code, implementations, protocol compositions, optimizations,
 *   parameter selections, and engineering work contained in this software are
 *   original works of QRCS and are protected under this license.
 *
 * LICENSE AND USE RESTRICTIONS:
 * - This software is licensed under the Quantum Resistant Cryptographic Solutions
 *   Public Research and Evaluation License (QRCS-PREL), 2025-2026.
 * - Permission is granted solely for non-commercial evaluation, academic research,
 *   cryptographic analysis, interoperability testing, and feasibility assessment.
 * - Commercial use, production deployment, commercial redistribution, or
 *   integration into products or services is strictly prohibited without a
 *   separate written license agreement executed with QRCS.
 * - Licensing and authorized distribution are solely at the discretion of QRCS.
 *
 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:
 * Portions of this software may include experimental, novel, or evolving
 * cryptographic designs. Use of this software is entirely at the user's risk.
 *
 * DISCLAIMER:
 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS
 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL
 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.
 *
 * FULL LICENSE:
 * This software is subject to the Quantum Resistant Cryptographic Solutions
 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms
 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.
 *
 * Written by: John G. Underhill
 * Contact: contact@qrcscorp.ca
 */
 
#ifndef QSC_X509_CERTWRITE_H
#define QSC_X509_CERTWRITE_H
 
#include "qsccommon.h"
#include "x509cert.h"
#include "x509csr.h"
#include "x509types.h"
 
QSC_CPLUSPLUS_ENABLED_START


#define QSC_X509_CERT_ISSUANCE_PROPAGATE_SUBJECT_ALT_NAME 0x00000001U

#define QSC_X509_CERT_ISSUANCE_PROPAGATE_EXTENDED_KEY_USAGE 0x00000002U

#define QSC_X509_CERT_ISSUANCE_PROPAGATE_SUBJECT_KEY_IDENTIFIER 0x00000004U

#define QSC_X509_CERT_ISSUANCE_PROPAGATE_UNKNOWN_NON_CRITICAL 0x00000008U

#define QSC_X509_CERT_ISSUANCE_PROPAGATE_DEFAULT (QSC_X509_CERT_ISSUANCE_PROPAGATE_SUBJECT_ALT_NAME | QSC_X509_CERT_ISSUANCE_PROPAGATE_EXTENDED_KEY_USAGE)

#define QSC_X509_CERT_PROFILE_NONE 0U

#define QSC_X509_CERT_PROFILE_ROOT_CA 1U

#define QSC_X509_CERT_PROFILE_INTERMEDIATE_CA 2U

#define QSC_X509_CERT_PROFILE_TLS_SERVER 3U

#define QSC_X509_CERT_PROFILE_TLS_CLIENT 4U

QSC_EXPORT_API void qsc_x509_certificate_builder_initialize(qsc_x509_certificate_builder* builder);

QSC_EXPORT_API void qsc_x509_certificate_builder_clear(qsc_x509_certificate_builder* builder);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_serial(qsc_x509_certificate_builder* builder, const uint8_t* serialnumber, size_t serialnumberlen);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_issuer(qsc_x509_certificate_builder* builder, const qsc_x509_name* issuer);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_subject(qsc_x509_certificate_builder* builder, const qsc_x509_name* subject);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_validity(qsc_x509_certificate_builder* builder, const qsc_x509_validity* validity);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_spki(qsc_x509_certificate_builder* builder, const qsc_x509_subject_public_key_info* spki);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_signature_algorithm(qsc_x509_certificate_builder* builder, const qsc_x509_algorithm_identifier* signaturealgorithm);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_basic_constraints(qsc_x509_certificate_builder* builder, const qsc_x509_basic_constraints* basicconstraints);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_key_usage(qsc_x509_certificate_builder* builder, const qsc_x509_key_usage* keyusage);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_extended_key_usage(qsc_x509_certificate_builder* builder, const qsc_x509_extended_key_usage* extendedkeyusage);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_subject_key_identifier(qsc_x509_certificate_builder* builder, const qsc_x509_subject_key_identifier* subjectkeyidentifier);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_authority_key_identifier(qsc_x509_certificate_builder* builder, const qsc_x509_authority_key_identifier* authoritykeyidentifier);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_add_subject_alt_name_dns(qsc_x509_certificate_builder* builder, const char* dnsname, size_t dsnamelen);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_add_subject_alt_name_ip(qsc_x509_certificate_builder* builder, const uint8_t* address, size_t addresslen);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_add_extension(qsc_x509_certificate_builder* builder, const qsc_x509_extension* extension);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_encode_tbs_der(const qsc_x509_certificate_builder* builder, uint8_t* output, size_t* outputlen);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_sign(const qsc_x509_certificate_builder* builder, qsc_x509_certificate_sign_callback signcallback, void* context, uint8_t* output, size_t* outputlen);

QSC_EXPORT_API qsc_asn1_status qsc_x509_cert_issuance_validate_csr(const qsc_x509_csr* csr);

QSC_EXPORT_API qsc_asn1_status qsc_x509_cert_issuance_filter_requested_extensions(const qsc_x509_csr* csr, uint32_t policyflags, qsc_x509_extensions* filteredextensions);

QSC_EXPORT_API qsc_asn1_status qsc_x509_cert_issuance_apply_csr_extensions(qsc_x509_certificate_builder* builder, const qsc_x509_csr* csr, uint32_t policyflags);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_set_issuer_from_certificate(qsc_x509_certificate_builder* builder, const qsc_x509_certificate* issuer);

QSC_EXPORT_API qsc_asn1_status qsc_x509_compute_subject_key_identifier(const qsc_x509_subject_public_key_info* spki, qsc_x509_subject_key_identifier* subjectkeyidentifier);

QSC_EXPORT_API qsc_asn1_status qsc_x509_compute_authority_key_identifier(const qsc_x509_certificate* issuer, qsc_x509_authority_key_identifier* authoritykeyidentifier);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_apply_generated_identifiers(qsc_x509_certificate_builder* builder, const qsc_x509_certificate* issuer);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_apply_profile(qsc_x509_certificate_builder* builder, uint32_t profile);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_builder_validate_profile(const qsc_x509_certificate_builder* builder, const qsc_x509_certificate* issuer, uint32_t profile);

QSC_EXPORT_API qsc_asn1_status qsc_x509_certificate_encode_pem(const uint8_t* der, size_t derlen, char* output, size_t* outputlen);
 
QSC_CPLUSPLUS_ENABLED_END
 
#endif