QSC/x509csr_8h_source.html

/* 2020-2026 Quantum Resistant Cryptographic Solutions Corporation

 * All Rights Reserved.

 *

 * NOTICE:

 * This software and all accompanying materials are the exclusive property of

 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual

 * and technical concepts contained herein are proprietary to QRCS and are

 * protected under applicable Canadian, U.S., and international copyright,

 * patent, and trade secret laws.

 *

 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:

 * - This software includes implementations of cryptographic primitives and

 *   algorithms that are standardized or in the public domain, such as AES

 *   and SHA-3, which are not proprietary to QRCS.

 * - This software also includes cryptographic primitives, constructions, and

 *   algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and

 *   related components, which are proprietary to QRCS.

 * - All source code, implementations, protocol compositions, optimizations,

 *   parameter selections, and engineering work contained in this software are

 *   original works of QRCS and are protected under this license.

 *

 * LICENSE AND USE RESTRICTIONS:

 * - This software is licensed under the Quantum Resistant Cryptographic Solutions

 *   Public Research and Evaluation License (QRCS-PREL), 2025-2026.

 * - Permission is granted solely for non-commercial evaluation, academic research,

 *   cryptographic analysis, interoperability testing, and feasibility assessment.

 * - Commercial use, production deployment, commercial redistribution, or

 *   integration into products or services is strictly prohibited without a

 *   separate written license agreement executed with QRCS.

 * - Licensing and authorized distribution are solely at the discretion of QRCS.

 *

 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:

 * Portions of this software may include experimental, novel, or evolving

 * cryptographic designs. Use of this software is entirely at the user's risk.

 *

 * DISCLAIMER:

 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS

 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL

 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES

 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.

 *

 * FULL LICENSE:

 * This software is subject to the Quantum Resistant Cryptographic Solutions

 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms

 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.

 *

 * Written by: John G. Underhill

 * Contact: contact@qrcscorp.ca

 */


#ifndef QSC_X509_CSR_H

#define QSC_X509_CSR_H


#include "qsccommon.h"

#include "x509types.h"


QSC_CPLUSPLUS_ENABLED_START


#define QSC_X509_CSR_ATTRIBUTES_MAX 8U


#define QSC_X509_CSR_ATTRIBUTE_VALUE_MAX 1024U


#define QSC_X509_CSR_WRITE_MAX 16384U


QSC_EXPORT_API typedef struct qsc_x509_csr_attribute_t

{

    qsc_asn1_oid oid;

    uint8_t value[QSC_X509_CSR_ATTRIBUTE_VALUE_MAX];

    size_t valuelen;

} qsc_x509_csr_attribute;


QSC_EXPORT_API typedef struct qsc_x509_csr_t

{

    uint32_t version;

    qsc_x509_name subject;

    qsc_x509_subject_public_key_info spki;

    qsc_x509_algorithm_identifier signaturealgorithm;

    qsc_x509_extensions extensions;

    qsc_x509_csr_attribute attributes[QSC_X509_CSR_ATTRIBUTES_MAX];

    size_t attributecount;

    uint8_t signature[QSC_X509_SIGNATURE_MAX];

    size_t signaturelen;

    uint8_t signatureunusedbits;

    const uint8_t* infodata;

    size_t infodatalen;

    const uint8_t* der;

    size_t derlen;

    bool derowned;

} qsc_x509_csr;


typedef bool (*qsc_x509_csr_signature_verify_callback)(const qsc_x509_csr* csr, void* state);


QSC_EXPORT_API bool qsc_x509_csr_verify_with_spki(const qsc_x509_csr* csr, const qsc_x509_subject_public_key_info* signerspki);


QSC_EXPORT_API void qsc_x509_csr_initialize(qsc_x509_csr* csr);


QSC_EXPORT_API void qsc_x509_csr_clear(qsc_x509_csr* csr);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_subject(qsc_x509_csr* csr, const qsc_x509_name* subject);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_spki(qsc_x509_csr* csr, const qsc_x509_subject_public_key_info* spki);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_signature_algorithm(qsc_x509_csr* csr, const qsc_x509_algorithm_identifier* signaturealgorithm);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_extension_request(qsc_x509_csr* csr, const qsc_x509_extensions* extensions);


QSC_EXPORT_API const qsc_x509_extensions* qsc_x509_csr_get_extension_request(const qsc_x509_csr* csr);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_copy_extension_request(const qsc_x509_csr* csr, qsc_x509_extensions* extensions);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_encode_info_der(const qsc_x509_csr* csr, uint8_t* output, size_t* outputlen);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_encode_der(const qsc_x509_csr* csr, qsc_x509_certificate_sign_callback signcallback, void* context, uint8_t* output, size_t* outputlen);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_sign(const qsc_x509_csr* csr, qsc_x509_certificate_sign_callback signcallback, void* context, uint8_t* output, size_t* outputlen);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_decode_der(qsc_x509_csr* csr, const uint8_t* input, size_t inputlen);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_decode_pem(qsc_x509_csr* csr, const char* input, size_t inputlen);


QSC_EXPORT_API const qsc_x509_extension* qsc_x509_csr_find_extension(const qsc_x509_csr* csr, qsc_x509_extension_type type);


QSC_EXPORT_API bool qsc_x509_csr_verify(const qsc_x509_csr* csr);


QSC_EXPORT_API bool qsc_x509_csr_verify_ex(const qsc_x509_csr* csr, qsc_x509_csr_signature_verify_callback verifycallback, void* state);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_encode_pem(const uint8_t* der, size_t derlen, char* output, size_t* outputlen);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_add_attribute(qsc_x509_csr* csr, const qsc_asn1_oid* oid, const uint8_t* value, size_t valuelen);


QSC_EXPORT_API const qsc_x509_csr_attribute* qsc_x509_csr_get_attribute(const qsc_x509_csr* csr, const qsc_asn1_oid* oid);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_subject_alt_name(qsc_x509_csr* csr, const qsc_x509_subject_alt_name* subjectaltname);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_add_san_dns(qsc_x509_csr* csr, const char* dnsname, size_t dnsnamelen);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_add_san_ip(qsc_x509_csr* csr, const uint8_t* address, size_t addresslen);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_extended_key_usage(qsc_x509_csr* csr, const qsc_x509_extended_key_usage* extendedkeyusage);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_subject_key_identifier(qsc_x509_csr* csr, const qsc_x509_subject_key_identifier* subjectkeyidentifier);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_ml_dsa_signature_algorithm(qsc_x509_csr* csr, uint32_t level);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_ml_dsa_spki(qsc_x509_csr* csr, uint32_t level, const uint8_t* publickey, size_t publickeylen);


QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_ml_kem_spki(qsc_x509_csr* csr, uint32_t level, const uint8_t* publickey, size_t publickeylen);


QSC_CPLUSPLUS_ENABLED_END


#endif

qsc_asn1_status
enum qsc_asn1_status_t qsc_asn1_status
ASN.1 helper status codes.

qsc_asn1_oid
QSC_EXPORT_API struct qsc_asn1_oid_t qsc_asn1_oid
A decoded ASN.1 OBJECT IDENTIFIER.

qsccommon.h
Contains common definitions for the Quantum Secure Cryptographic (QSC) library.

QSC_EXPORT_API
#define QSC_EXPORT_API
API export macro for Microsoft compilers when importing from a DLL.
Definition qsccommon.h:605

qsc_x509_csr_attribute_t
A decoded or mutable PKCS#10 CSR attribute.
Definition x509csr.h:110

qsc_x509_csr_attribute_t::valuelen
size_t valuelen
Definition x509csr.h:113

qsc_x509_csr_attribute_t::value
uint8_t value[QSC_X509_CSR_ATTRIBUTE_VALUE_MAX]
Definition x509csr.h:112

qsc_x509_csr_attribute_t::oid
qsc_asn1_oid oid
Definition x509csr.h:111

qsc_x509_csr_t
A decoded or mutable PKCS#10 certificate signing request.
Definition x509csr.h:120

qsc_x509_csr_t::infodata
const uint8_t * infodata
Definition x509csr.h:131

qsc_x509_csr_t::signature
uint8_t signature[QSC_X509_SIGNATURE_MAX]
Definition x509csr.h:128

qsc_x509_csr_t::attributes
qsc_x509_csr_attribute attributes[QSC_X509_CSR_ATTRIBUTES_MAX]
Definition x509csr.h:126

qsc_x509_csr_t::signaturelen
size_t signaturelen
Definition x509csr.h:129

qsc_x509_csr_t::infodatalen
size_t infodatalen
Definition x509csr.h:132

qsc_x509_csr_t::derlen
size_t derlen
Definition x509csr.h:134

qsc_x509_csr_t::spki
qsc_x509_subject_public_key_info spki
Definition x509csr.h:123

qsc_x509_csr_t::signaturealgorithm
qsc_x509_algorithm_identifier signaturealgorithm
Definition x509csr.h:124

qsc_x509_csr_t::extensions
qsc_x509_extensions extensions
Definition x509csr.h:125

qsc_x509_csr_t::der
const uint8_t * der
Definition x509csr.h:133

qsc_x509_csr_t::derowned
bool derowned
Definition x509csr.h:135

qsc_x509_csr_t::version
uint32_t version
Definition x509csr.h:121

qsc_x509_csr_t::signatureunusedbits
uint8_t signatureunusedbits
Definition x509csr.h:130

qsc_x509_csr_t::subject
qsc_x509_name subject
Definition x509csr.h:122

qsc_x509_csr_t::attributecount
size_t attributecount
Definition x509csr.h:127

qsc_x509_csr_set_signature_algorithm
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_signature_algorithm(qsc_x509_csr *csr, const qsc_x509_algorithm_identifier *signaturealgorithm)
Set the CSR signature algorithm identifier.
Definition x509csr.c:625

qsc_x509_csr_sign
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_sign(const qsc_x509_csr *csr, qsc_x509_certificate_sign_callback signcallback, void *context, uint8_t *output, size_t *outputlen)
Sign and encode a CSR as DER.
Definition x509csr.c:1131

qsc_x509_csr_set_extended_key_usage
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_extended_key_usage(qsc_x509_csr *csr, const qsc_x509_extended_key_usage *extendedkeyusage)
Set the requested Extended Key Usage extension.
Definition x509csr.c:831

qsc_x509_csr_initialize
QSC_EXPORT_API void qsc_x509_csr_initialize(qsc_x509_csr *csr)
Initialize a CSR object.
Definition x509csr.c:559

qsc_x509_csr_signature_verify_callback
bool(* qsc_x509_csr_signature_verify_callback)(const qsc_x509_csr *csr, void *state)
Caller-supplied CSR signature verification callback type.
Definition x509csr.h:151

qsc_x509_csr_set_extension_request
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_extension_request(qsc_x509_csr *csr, const qsc_x509_extensions *extensions)
Set the normalized extensionRequest payload.
Definition x509csr.c:646

qsc_x509_csr_set_ml_dsa_signature_algorithm
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_ml_dsa_signature_algorithm(qsc_x509_csr *csr, uint32_t level)
Set the CSR signature algorithm to an ML-DSA variant.
Definition x509csr.c:871

qsc_x509_csr_decode_pem
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_decode_pem(qsc_x509_csr *csr, const char *input, size_t inputlen)
Decode a PEM encoded CSR.
Definition x509csr.c:1330

QSC_X509_CSR_ATTRIBUTES_MAX
#define QSC_X509_CSR_ATTRIBUTES_MAX
The maximum number of generic non-extension CSR attributes stored in a CSR object.
Definition x509csr.h:86

qsc_x509_csr_encode_info_der
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_encode_info_der(const qsc_x509_csr *csr, uint8_t *output, size_t *outputlen)
Encode the CertificationRequestInfo structure as DER.
Definition x509csr.c:987

qsc_x509_csr_verify_with_spki
QSC_EXPORT_API bool qsc_x509_csr_verify_with_spki(const qsc_x509_csr *csr, const qsc_x509_subject_public_key_info *signerspki)
Verify a CSR signature against a caller-supplied signer SPKI.
Definition x509csr.c:1446

qsc_x509_csr_decode_der
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_decode_der(qsc_x509_csr *csr, const uint8_t *input, size_t inputlen)
Decode a DER encoded CSR.
Definition x509csr.c:1144

qsc_x509_csr_verify
QSC_EXPORT_API bool qsc_x509_csr_verify(const qsc_x509_csr *csr)
Verify a CSR using its contained subject public key information.
Definition x509csr.c:1425

qsc_x509_csr_set_ml_kem_spki
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_ml_kem_spki(qsc_x509_csr *csr, uint32_t level, const uint8_t *publickey, size_t publickeylen)
Set the CSR subject public key information to an ML-KEM key.
Definition x509csr.c:948

qsc_x509_csr_attribute
QSC_EXPORT_API struct qsc_x509_csr_attribute_t qsc_x509_csr_attribute
A decoded or mutable PKCS#10 CSR attribute.

qsc_x509_csr_set_subject
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_subject(qsc_x509_csr *csr, const qsc_x509_name *subject)
Set the CSR subject distinguished name.
Definition x509csr.c:581

qsc_x509_csr_encode_pem
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_encode_pem(const uint8_t *der, size_t derlen, char *output, size_t *outputlen)
Encode a DER CSR as PEM.
Definition x509csr.c:1492

qsc_x509_csr_find_extension
QSC_EXPORT_API const qsc_x509_extension * qsc_x509_csr_find_extension(const qsc_x509_csr *csr, qsc_x509_extension_type type)
Find a requested extension by type.
Definition x509csr.c:1386

qsc_x509_csr_copy_extension_request
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_copy_extension_request(const qsc_x509_csr *csr, qsc_x509_extensions *extensions)
Copy the normalized extensionRequest payload.
Definition x509csr.c:685

qsc_x509_csr_set_subject_key_identifier
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_subject_key_identifier(qsc_x509_csr *csr, const qsc_x509_subject_key_identifier *subjectkeyidentifier)
Set the requested Subject Key Identifier extension.
Definition x509csr.c:851

qsc_x509_csr_verify_ex
QSC_EXPORT_API bool qsc_x509_csr_verify_ex(const qsc_x509_csr *csr, qsc_x509_csr_signature_verify_callback verifycallback, void *state)
Verify a CSR using a caller-supplied verification callback.
Definition x509csr.c:1406

QSC_X509_CSR_ATTRIBUTE_VALUE_MAX
#define QSC_X509_CSR_ATTRIBUTE_VALUE_MAX
The maximum number of DER octets stored for a generic CSR attribute value.
Definition x509csr.h:92

qsc_x509_csr
QSC_EXPORT_API struct qsc_x509_csr_t qsc_x509_csr
A decoded or mutable PKCS#10 certificate signing request.

qsc_x509_csr_clear
QSC_EXPORT_API void qsc_x509_csr_clear(qsc_x509_csr *csr)
Clear a CSR object.
Definition x509csr.c:570

qsc_x509_csr_add_san_ip
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_add_san_ip(qsc_x509_csr *csr, const uint8_t *address, size_t addresslen)
Add an IP address to the requested Subject Alternative Name extension.
Definition x509csr.c:808

qsc_x509_csr_add_attribute
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_add_attribute(qsc_x509_csr *csr, const qsc_asn1_oid *oid, const uint8_t *value, size_t valuelen)
Add a generic non-extension CSR attribute.
Definition x509csr.c:705

qsc_x509_csr_get_extension_request
QSC_EXPORT_API const qsc_x509_extensions * qsc_x509_csr_get_extension_request(const qsc_x509_csr *csr)
Get the normalized extensionRequest payload.
Definition x509csr.c:667

qsc_x509_csr_set_ml_dsa_spki
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_ml_dsa_spki(qsc_x509_csr *csr, uint32_t level, const uint8_t *publickey, size_t publickeylen)
Set the CSR subject public key information to an ML-DSA key.
Definition x509csr.c:909

qsc_x509_csr_get_attribute
QSC_EXPORT_API const qsc_x509_csr_attribute * qsc_x509_csr_get_attribute(const qsc_x509_csr *csr, const qsc_asn1_oid *oid)
Get a generic CSR attribute by OID.
Definition x509csr.c:744

qsc_x509_csr_set_spki
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_spki(qsc_x509_csr *csr, const qsc_x509_subject_public_key_info *spki)
Set the CSR subject public key information.
Definition x509csr.c:600

qsc_x509_csr_set_subject_alt_name
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_set_subject_alt_name(qsc_x509_csr *csr, const qsc_x509_subject_alt_name *subjectaltname)
Set the requested Subject Alternative Name extension.
Definition x509csr.c:765

qsc_x509_csr_encode_der
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_encode_der(const qsc_x509_csr *csr, qsc_x509_certificate_sign_callback signcallback, void *context, uint8_t *output, size_t *outputlen)
Encode and sign a complete CSR as DER.
Definition x509csr.c:1070

qsc_x509_csr_add_san_dns
QSC_EXPORT_API qsc_asn1_status qsc_x509_csr_add_san_dns(qsc_x509_csr *csr, const char *dnsname, size_t dnsnamelen)
Add a DNS name to the requested Subject Alternative Name extension.
Definition x509csr.c:785