QSC/x509crl_8h_source.html

/* 2020-2026 Quantum Resistant Cryptographic Solutions Corporation

 * All Rights Reserved.

 *

 * NOTICE:

 * This software and all accompanying materials are the exclusive property of

 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual

 * and technical concepts contained herein are proprietary to QRCS and are

 * protected under applicable Canadian, U.S., and international copyright,

 * patent, and trade secret laws.

 *

 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:

 * - This software includes implementations of cryptographic primitives and

 *   algorithms that are standardized or in the public domain, such as AES

 *   and SHA-3, which are not proprietary to QRCS.

 * - This software also includes cryptographic primitives, constructions, and

 *   algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and

 *   related components, which are proprietary to QRCS.

 * - All source code, implementations, protocol compositions, optimizations,

 *   parameter selections, and engineering work contained in this software are

 *   original works of QRCS and are protected under this license.

 *

 * LICENSE AND USE RESTRICTIONS:

 * - This software is licensed under the Quantum Resistant Cryptographic Solutions

 *   Public Research and Evaluation License (QRCS-PREL), 2025-2026.

 * - Permission is granted solely for non-commercial evaluation, academic research,

 *   cryptographic analysis, interoperability testing, and feasibility assessment.

 * - Commercial use, production deployment, commercial redistribution, or

 *   integration into products or services is strictly prohibited without a

 *   separate written license agreement executed with QRCS.

 * - Licensing and authorized distribution are solely at the discretion of QRCS.

 *

 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:

 * Portions of this software may include experimental, novel, or evolving

 * cryptographic designs. Use of this software is entirely at the user's risk.

 *

 * DISCLAIMER:

 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS

 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL

 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES

 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.

 *

 * FULL LICENSE:

 * This software is subject to the Quantum Resistant Cryptographic Solutions

 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms

 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.

 *

 * Written by: John G. Underhill

 * Contact: contact@qrcscorp.ca

 */


#ifndef QSC_X509_CRL_H

#define QSC_X509_CRL_H


#include "qsccommon.h"

#include "x509types.h"


QSC_CPLUSPLUS_ENABLED_START


#define QSC_X509_CRL_ENTRY_MAX 512U


#define QSC_X509_CRL_REVOKED_MAX 1024U


typedef struct qsc_x509_crl_entry_t

{

    uint8_t serialnumber[QSC_X509_SERIAL_NUMBER_MAX];

    size_t serialnumberlen;

    qsc_asn1_time revocationdate;

    uint8_t rawextensions[QSC_X509_CRL_ENTRY_MAX];

    size_t rawextensionslen;

} qsc_x509_crl_entry;


typedef struct qsc_x509_crl_t

{

    uint32_t version;

    qsc_x509_algorithm_identifier tbsignature;

    qsc_x509_name issuer;

    qsc_asn1_time thisupdate;

    bool nextupdate_present;

    qsc_asn1_time nextupdate;

    qsc_x509_crl_entry revoked[QSC_X509_CRL_REVOKED_MAX];

    size_t revokedcount;

    qsc_x509_extensions extensions;

    qsc_x509_algorithm_identifier signaturealgorithm;

    uint8_t signature[QSC_X509_SIGNATURE_MAX];

    size_t signaturelen;

    uint8_t signatureunusedbits;

    const uint8_t* tbsdata;

    size_t tbsdatalen;

    const uint8_t* der;

    size_t derlen;

} qsc_x509_crl;


typedef enum qsc_x509_crl_verify_status_t

{


    QSC_X509_CRL_VERIFY_STATUS_SUCCESS = 0,

    QSC_X509_CRL_VERIFY_STATUS_INVALID_INPUT = 1,

    QSC_X509_CRL_VERIFY_STATUS_INVALID_CRL = 2,

    QSC_X509_CRL_VERIFY_STATUS_ALGORITHM_MISMATCH = 3,

    QSC_X509_CRL_VERIFY_STATUS_ISSUER_MISMATCH = 4,

    QSC_X509_CRL_VERIFY_STATUS_EXPIRED = 5,

    QSC_X509_CRL_VERIFY_STATUS_NOT_YET_VALID = 6,

    QSC_X509_CRL_VERIFY_STATUS_KEY_USAGE_REJECTED = 7,

    QSC_X509_CRL_VERIFY_STATUS_SIGNATURE_REJECTED = 8,

    QSC_X509_CRL_VERIFY_STATUS_CALLBACK_FAILURE = 9,

    QSC_X509_CRL_VERIFY_STATUS_UNSUPPORTED = 10

} qsc_x509_crl_verify_status;


typedef bool (*qsc_x509_crl_signature_verify_callback)(const qsc_x509_crl* crl, const qsc_x509_certificate* issuer, void* state);


QSC_EXPORT_API void qsc_x509_crl_clear(qsc_x509_crl* crl);


QSC_EXPORT_API qsc_asn1_status qsc_x509_crl_decode_der(const uint8_t* der, size_t derlen, qsc_x509_crl* crl);


QSC_EXPORT_API qsc_asn1_status qsc_x509_crl_encode_der(const qsc_x509_crl* crl, uint8_t* output, size_t* outputlen);


QSC_EXPORT_API bool qsc_x509_crl_is_current(const qsc_x509_crl* crl, const qsc_asn1_time* now);


QSC_EXPORT_API qsc_x509_crl_verify_status qsc_x509_crl_check_algorithms(const qsc_x509_crl* crl);


QSC_EXPORT_API const qsc_x509_crl_entry* qsc_x509_crl_find_serial(const qsc_x509_crl* crl, const uint8_t* serial, size_t seriallen);


QSC_EXPORT_API bool qsc_x509_certificate_is_revoked_by_crl(const qsc_x509_certificate* certificate, const qsc_x509_crl* crl);


QSC_EXPORT_API bool qsc_x509_crl_is_revoked(const qsc_x509_crl* crl, const qsc_x509_certificate* certificate);


QSC_EXPORT_API qsc_x509_crl_verify_status qsc_x509_crl_verify(const qsc_x509_crl* crl, const qsc_x509_certificate* issuer, const qsc_asn1_time* now, qsc_x509_crl_signature_verify_callback callback, void* state);


QSC_CPLUSPLUS_ENABLED_END


#endif

qsc_asn1_status
enum qsc_asn1_status_t qsc_asn1_status
ASN.1 helper status codes.

qsc_asn1_time
QSC_EXPORT_API struct qsc_asn1_time_t qsc_asn1_time
A normalized ASN.1 time representation.

qsccommon.h
Contains common definitions for the Quantum Secure Cryptographic (QSC) library.

QSC_EXPORT_API
#define QSC_EXPORT_API
API export macro for Microsoft compilers when importing from a DLL.
Definition qsccommon.h:605

qsc_x509_crl_entry_t
Definition x509crl.h:108

qsc_x509_crl_entry_t::serialnumberlen
size_t serialnumberlen
Definition x509crl.h:110

qsc_x509_crl_entry_t::revocationdate
qsc_asn1_time revocationdate
Definition x509crl.h:111

qsc_x509_crl_entry_t::rawextensions
uint8_t rawextensions[QSC_X509_CRL_ENTRY_MAX]
Definition x509crl.h:112

qsc_x509_crl_entry_t::rawextensionslen
size_t rawextensionslen
Definition x509crl.h:113

qsc_x509_crl_entry
A decoded revoked-certificate entry from a CRL.

qsc_x509_crl_t
Definition x509crl.h:127

qsc_x509_crl_t::nextupdate
qsc_asn1_time nextupdate
Definition x509crl.h:133

qsc_x509_crl_t::nextupdate_present
bool nextupdate_present
Definition x509crl.h:132

qsc_x509_crl_t::tbsdata
const uint8_t * tbsdata
Definition x509crl.h:141

qsc_x509_crl_t::signature
uint8_t signature[QSC_X509_SIGNATURE_MAX]
Definition x509crl.h:138

qsc_x509_crl_t::signaturelen
size_t signaturelen
Definition x509crl.h:139

qsc_x509_crl_t::tbsdatalen
size_t tbsdatalen
Definition x509crl.h:142

qsc_x509_crl_t::issuer
qsc_x509_name issuer
Definition x509crl.h:130

qsc_x509_crl_t::derlen
size_t derlen
Definition x509crl.h:144

qsc_x509_crl_t::signaturealgorithm
qsc_x509_algorithm_identifier signaturealgorithm
Definition x509crl.h:137

qsc_x509_crl_t::extensions
qsc_x509_extensions extensions
Definition x509crl.h:136

qsc_x509_crl_t::tbsignature
qsc_x509_algorithm_identifier tbsignature
Definition x509crl.h:129

qsc_x509_crl_t::der
const uint8_t * der
Definition x509crl.h:143

qsc_x509_crl_t::revoked
qsc_x509_crl_entry revoked[QSC_X509_CRL_REVOKED_MAX]
Definition x509crl.h:134

qsc_x509_crl_t::signatureunusedbits
uint8_t signatureunusedbits
Definition x509crl.h:140

qsc_x509_crl_t::thisupdate
qsc_asn1_time thisupdate
Definition x509crl.h:131

qsc_x509_crl_t::revokedcount
size_t revokedcount
Definition x509crl.h:135

qsc_x509_crl
A decoded X.509 CertificateList object.

QSC_X509_CRL_ENTRY_MAX
#define QSC_X509_CRL_ENTRY_MAX
Maximum encoded size, in bytes, of a single CRL revoked-certificate entry.
Definition x509crl.h:84

qsc_x509_crl_is_current
QSC_EXPORT_API bool qsc_x509_crl_is_current(const qsc_x509_crl *crl, const qsc_asn1_time *now)
Test whether a CRL is current at a supplied evaluation time.
Definition x509crl.c:592

qsc_x509_crl_encode_der
QSC_EXPORT_API qsc_asn1_status qsc_x509_crl_encode_der(const qsc_x509_crl *crl, uint8_t *output, size_t *outputlen)
Encode a decoded CRL object as DER.
Definition x509crl.c:398

qsc_x509_certificate_is_revoked_by_crl
QSC_EXPORT_API bool qsc_x509_certificate_is_revoked_by_crl(const qsc_x509_certificate *certificate, const qsc_x509_crl *crl)
Test whether a certificate is revoked by a CRL.
Definition x509crl.c:672

qsc_x509_crl_find_serial
QSC_EXPORT_API const qsc_x509_crl_entry * qsc_x509_crl_find_serial(const qsc_x509_crl *crl, const uint8_t *serial, size_t seriallen)
Find a revoked entry by certificate serial number.
Definition x509crl.c:647

qsc_x509_crl_verify
QSC_EXPORT_API qsc_x509_crl_verify_status qsc_x509_crl_verify(const qsc_x509_crl *crl, const qsc_x509_certificate *issuer, const qsc_asn1_time *now, qsc_x509_crl_signature_verify_callback callback, void *state)
Verify a decoded CRL against an issuer certificate.
Definition x509crl.c:695

qsc_x509_crl_signature_verify_callback
bool(* qsc_x509_crl_signature_verify_callback)(const qsc_x509_crl *crl, const qsc_x509_certificate *issuer, void *state)
Caller supplied CRL signature verification callback.
Definition x509crl.h:188

QSC_X509_CRL_REVOKED_MAX
#define QSC_X509_CRL_REVOKED_MAX
The maximum number of revoked certificate entries retained in a decoded CRL.
Definition x509crl.h:96

qsc_x509_crl_decode_der
QSC_EXPORT_API qsc_asn1_status qsc_x509_crl_decode_der(const uint8_t *der, size_t derlen, qsc_x509_crl *crl)
Decode a DER encoded X.509 CRL.
Definition x509crl.c:459

qsc_x509_crl_check_algorithms
QSC_EXPORT_API qsc_x509_crl_verify_status qsc_x509_crl_check_algorithms(const qsc_x509_crl *crl)
Check CRL signature algorithm consistency.
Definition x509crl.c:615

qsc_x509_crl_is_revoked
QSC_EXPORT_API bool qsc_x509_crl_is_revoked(const qsc_x509_crl *crl, const qsc_x509_certificate *certificate)
Test whether a certificate is revoked by a CRL.
Definition x509crl.c:756

qsc_x509_crl_clear
QSC_EXPORT_API void qsc_x509_crl_clear(qsc_x509_crl *crl)
Clear a decoded CRL object.
Definition x509crl.c:353

qsc_x509_crl_verify_status_t
qsc_x509_crl_verify_status_t
Definition x509crl.h:157

QSC_X509_CRL_VERIFY_STATUS_KEY_USAGE_REJECTED
@ QSC_X509_CRL_VERIFY_STATUS_KEY_USAGE_REJECTED
Definition x509crl.h:166

QSC_X509_CRL_VERIFY_STATUS_UNSUPPORTED
@ QSC_X509_CRL_VERIFY_STATUS_UNSUPPORTED
Definition x509crl.h:169

QSC_X509_CRL_VERIFY_STATUS_INVALID_CRL
@ QSC_X509_CRL_VERIFY_STATUS_INVALID_CRL
Definition x509crl.h:161

QSC_X509_CRL_VERIFY_STATUS_CALLBACK_FAILURE
@ QSC_X509_CRL_VERIFY_STATUS_CALLBACK_FAILURE
Definition x509crl.h:168

QSC_X509_CRL_VERIFY_STATUS_INVALID_INPUT
@ QSC_X509_CRL_VERIFY_STATUS_INVALID_INPUT
Definition x509crl.h:160

QSC_X509_CRL_VERIFY_STATUS_ISSUER_MISMATCH
@ QSC_X509_CRL_VERIFY_STATUS_ISSUER_MISMATCH
Definition x509crl.h:163

QSC_X509_CRL_VERIFY_STATUS_NOT_YET_VALID
@ QSC_X509_CRL_VERIFY_STATUS_NOT_YET_VALID
Definition x509crl.h:165

QSC_X509_CRL_VERIFY_STATUS_EXPIRED
@ QSC_X509_CRL_VERIFY_STATUS_EXPIRED
Definition x509crl.h:164

QSC_X509_CRL_VERIFY_STATUS_ALGORITHM_MISMATCH
@ QSC_X509_CRL_VERIFY_STATUS_ALGORITHM_MISMATCH
Definition x509crl.h:162

QSC_X509_CRL_VERIFY_STATUS_SIGNATURE_REJECTED
@ QSC_X509_CRL_VERIFY_STATUS_SIGNATURE_REJECTED
Definition x509crl.h:167