x509types.h

/* 2020-2026 Quantum Resistant Cryptographic Solutions Corporation
 * All Rights Reserved.
 *
 * NOTICE:
 * This software and all accompanying materials are the exclusive property of
 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual
 * and technical concepts contained herein are proprietary to QRCS and are
 * protected under applicable Canadian, U.S., and international copyright,
 * patent, and trade secret laws.
 *
 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:
 * - This software includes implementations of cryptographic primitives and
 *   algorithms that are standardized or in the public domain, such as AES
 *   and SHA-3, which are not proprietary to QRCS.
 * - This software also includes cryptographic primitives, constructions, and
 *   algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and
 *   related components, which are proprietary to QRCS.
 * - All source code, implementations, protocol compositions, optimizations,
 *   parameter selections, and engineering work contained in this software are
 *   original works of QRCS and are protected under this license.
 *
 * LICENSE AND USE RESTRICTIONS:
 * - This software is licensed under the Quantum Resistant Cryptographic Solutions
 *   Public Research and Evaluation License (QRCS-PREL), 2025-2026.
 * - Permission is granted solely for non-commercial evaluation, academic research,
 *   cryptographic analysis, interoperability testing, and feasibility assessment.
 * - Commercial use, production deployment, commercial redistribution, or
 *   integration into products or services is strictly prohibited without a
 *   separate written license agreement executed with QRCS.
 * - Licensing and authorized distribution are solely at the discretion of QRCS.
 *
 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:
 * Portions of this software may include experimental, novel, or evolving
 * cryptographic designs. Use of this software is entirely at the user's risk.
 *
 * DISCLAIMER:
 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS
 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL
 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.
 *
 * FULL LICENSE:
 * This software is subject to the Quantum Resistant Cryptographic Solutions
 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms
 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.
 *
 * Written by: John G. Underhill
 * Contact: contact@qrcscorp.ca
 */
 
#ifndef QSC_X509_TYPES_H
#define QSC_X509_TYPES_H
 
#include "qsccommon.h"
#include "asn1.h"
#include "oid.h"
 
QSC_CPLUSPLUS_ENABLED_START


#define QSC_X509_NAME_ATTRIBUTE_STRING_MAX 256U

#define QSC_X509_NAME_ATTRIBUTES_MAX 32U

#define QSC_X509_EXTENSIONS_MAX 32U

#define QSC_X509_SAN_ENTRIES_MAX 16U

#define QSC_X509_KEY_IDENTIFIER_MAX 32U

#define QSC_X509_SERIAL_NUMBER_MAX 20U

#define QSC_X509_ML_DSA_44_PUBLICKEY_SIZE 1312U

#define QSC_X509_ML_DSA_65_PUBLICKEY_SIZE 1952U

#define QSC_X509_ML_DSA_87_PUBLICKEY_SIZE 2592U

#define QSC_X509_ML_DSA_44_SIGNATURE_SIZE 2420U

#define QSC_X509_ML_DSA_65_SIGNATURE_SIZE 3309U

#define QSC_X509_ML_DSA_87_SIGNATURE_SIZE 4627U

#define QSC_X509_ML_KEM_512_PUBLICKEY_SIZE 800U

#define QSC_X509_ML_KEM_768_PUBLICKEY_SIZE 1184U

#define QSC_X509_ML_KEM_1024_PUBLICKEY_SIZE 1568U

#define QSC_X509_SIGNATURE_MAX 4627U

#define QSC_X509_SPKI_MAX 2624U

typedef enum qsc_x509_public_key_algorithm_t
{
    QSC_X509_PUBLIC_KEY_ALGORITHM_NONE = 0,                     
    QSC_X509_PUBLIC_KEY_ALGORITHM_RSA,                          
    QSC_X509_PUBLIC_KEY_ALGORITHM_EC,                           
    QSC_X509_PUBLIC_KEY_ALGORITHM_ML_DSA,                       
    QSC_X509_PUBLIC_KEY_ALGORITHM_ML_KEM                        
} qsc_x509_public_key_algorithm;
 

typedef enum qsc_x509_pqc_algorithm_class_t
{
    QSC_X509_PQC_ALGORITHM_CLASS_NONE = 0,                      
    QSC_X509_PQC_ALGORITHM_CLASS_SIGNATURE,                     
    QSC_X509_PQC_ALGORITHM_CLASS_KEM                            
} qsc_x509_pqc_algorithm_class;

typedef enum qsc_x509_signature_algorithm_t
{
    QSC_X509_SIGNATURE_ALGORITHM_NONE = 0,                      
    QSC_X509_SIGNATURE_ALGORITHM_RSA_MD5,                       
    QSC_X509_SIGNATURE_ALGORITHM_RSA_SHA1,                      
    QSC_X509_SIGNATURE_ALGORITHM_RSA_SHA256,                    
    QSC_X509_SIGNATURE_ALGORITHM_RSA_SHA384,                    
    QSC_X509_SIGNATURE_ALGORITHM_RSA_SHA512,                    
    QSC_X509_SIGNATURE_ALGORITHM_ECDSA_SHA1,                    
    QSC_X509_SIGNATURE_ALGORITHM_ECDSA_SHA256,                  
    QSC_X509_SIGNATURE_ALGORITHM_ECDSA_SHA384,                  
    QSC_X509_SIGNATURE_ALGORITHM_ECDSA_SHA512,                  
    QSC_X509_SIGNATURE_ALGORITHM_ML_DSA_44,                     
    QSC_X509_SIGNATURE_ALGORITHM_ML_DSA_65,                     
    QSC_X509_SIGNATURE_ALGORITHM_ML_DSA_87                      
} qsc_x509_signature_algorithm;


typedef enum qsc_x509_pqc_parameter_set_t
{
    QSC_X509_PQC_PARAMETER_SET_NONE = 0,                        
    QSC_X509_PQC_PARAMETER_SET_ML_DSA_44,                       
    QSC_X509_PQC_PARAMETER_SET_ML_DSA_65,                       
    QSC_X509_PQC_PARAMETER_SET_ML_DSA_87,                       
    QSC_X509_PQC_PARAMETER_SET_ML_KEM_512,                      
    QSC_X509_PQC_PARAMETER_SET_ML_KEM_768,                      
    QSC_X509_PQC_PARAMETER_SET_ML_KEM_1024,                     
} qsc_x509_pqc_parameter_set;
typedef enum qsc_x509_hash_algorithm_t
{
    QSC_X509_HASH_ALGORITHM_NONE = 0,                           
    QSC_X509_HASH_ALGORITHM_MD5,                                
    QSC_X509_HASH_ALGORITHM_SHA1,                               
    QSC_X509_HASH_ALGORITHM_SHA224,                             
    QSC_X509_HASH_ALGORITHM_SHA256,                             
    QSC_X509_HASH_ALGORITHM_SHA384,                             
    QSC_X509_HASH_ALGORITHM_SHA512                              
} qsc_x509_hash_algorithm;

typedef enum qsc_x509_named_curve_t
{
    QSC_X509_NAMED_CURVE_NONE = 0,                              
    QSC_X509_NAMED_CURVE_PRIME256V1,                            
    QSC_X509_NAMED_CURVE_SECP384R1,                             
    QSC_X509_NAMED_CURVE_SECP521R1                              
} qsc_x509_named_curve;

typedef enum qsc_x509_name_attribute_type_t
{
    QSC_X509_NAME_ATTRIBUTE_NONE = 0,                           
    QSC_X509_NAME_ATTRIBUTE_COMMON_NAME,                        
    QSC_X509_NAME_ATTRIBUTE_SURNAME,                            
    QSC_X509_NAME_ATTRIBUTE_SERIAL_NUMBER,                      
    QSC_X509_NAME_ATTRIBUTE_COUNTRY_NAME,                       
    QSC_X509_NAME_ATTRIBUTE_LOCALITY_NAME,                      
    QSC_X509_NAME_ATTRIBUTE_STATE_OR_PROVINCE,                  
    QSC_X509_NAME_ATTRIBUTE_STREET_ADDRESS,                     
    QSC_X509_NAME_ATTRIBUTE_ORGANIZATION_NAME,                  
    QSC_X509_NAME_ATTRIBUTE_ORGANIZATIONAL_UNIT,                
    QSC_X509_NAME_ATTRIBUTE_TITLE,                              
    QSC_X509_NAME_ATTRIBUTE_DESCRIPTION,                        
    QSC_X509_NAME_ATTRIBUTE_GIVEN_NAME,                         
    QSC_X509_NAME_ATTRIBUTE_INITIALS,                           
    QSC_X509_NAME_ATTRIBUTE_GENERATION_QUALIFIER,               
    QSC_X509_NAME_ATTRIBUTE_DN_QUALIFIER,                       
    QSC_X509_NAME_ATTRIBUTE_PSEUDONYM,                          
    QSC_X509_NAME_ATTRIBUTE_DOMAIN_COMPONENT,                   
    QSC_X509_NAME_ATTRIBUTE_EMAIL_ADDRESS,                      
    QSC_X509_NAME_ATTRIBUTE_UNKNOWN                             
} qsc_x509_name_attribute_type;

typedef enum qsc_x509_general_name_type_t
{
    QSC_X509_GENERAL_NAME_NONE = 0,                             
    QSC_X509_GENERAL_NAME_OTHER_NAME,                           
    QSC_X509_GENERAL_NAME_RFC822_NAME,                          
    QSC_X509_GENERAL_NAME_DNS_NAME,                             
    QSC_X509_GENERAL_NAME_X400_ADDRESS,                         
    QSC_X509_GENERAL_NAME_DIRECTORY_NAME,                       
    QSC_X509_GENERAL_NAME_EDI_PARTY_NAME,                       
    QSC_X509_GENERAL_NAME_UNIFORM_RESOURCE_IDENTIFIER,          
    QSC_X509_GENERAL_NAME_IP_ADDRESS,                           
    QSC_X509_GENERAL_NAME_REGISTERED_ID                         
} qsc_x509_general_name_type;

typedef enum qsc_x509_storage_class_t
{
    QSC_X509_STORAGE_CLASS_NONE = 0,                            
    QSC_X509_STORAGE_CLASS_BORROWED,                            
    QSC_X509_STORAGE_CLASS_OWNED                                
} qsc_x509_storage_class;

QSC_EXPORT_API typedef struct qsc_x509_encoded_region_t
{
    const uint8_t* data;                                        
    size_t length;                                              
    qsc_x509_storage_class storage;                             
} qsc_x509_encoded_region;

typedef qsc_x509_encoded_region qsc_x509_signed_region;
 
typedef enum qsc_x509_extension_type_t
{
    QSC_X509_EXTENSION_NONE = 0,                                
    QSC_X509_EXTENSION_SUBJECT_KEY_IDENTIFIER,                  
    QSC_X509_EXTENSION_KEY_USAGE,                               
    QSC_X509_EXTENSION_SUBJECT_ALT_NAME,                        
    QSC_X509_EXTENSION_ISSUER_ALT_NAME,                         
    QSC_X509_EXTENSION_BASIC_CONSTRAINTS,                       
    QSC_X509_EXTENSION_NAME_CONSTRAINTS,                        
    QSC_X509_EXTENSION_CRL_DISTRIBUTION_POINTS,                 
    QSC_X509_EXTENSION_CERTIFICATE_POLICIES,                    
    QSC_X509_EXTENSION_CRL_NUMBER,                              
    QSC_X509_EXTENSION_AUTHORITY_KEY_IDENTIFIER,                
    QSC_X509_EXTENSION_EXTENDED_KEY_USAGE,                      
    QSC_X509_EXTENSION_AUTHORITY_INFO_ACCESS,                   
    QSC_X509_EXTENSION_SUBJECT_INFO_ACCESS,                     
    QSC_X509_EXTENSION_UNKNOWN                                  
} qsc_x509_extension_type;

typedef enum qsc_x509_key_usage_bits_t
{
    QSC_X509_KEY_USAGE_DIGITAL_SIGNATURE = 0x0001U,             
    QSC_X509_KEY_USAGE_NON_REPUDIATION = 0x0002U,               
    QSC_X509_KEY_USAGE_KEY_ENCIPHERMENT = 0x0004U,              
    QSC_X509_KEY_USAGE_DATA_ENCIPHERMENT = 0x0008U,             
    QSC_X509_KEY_USAGE_KEY_AGREEMENT = 0x0010U,                 
    QSC_X509_KEY_USAGE_KEY_CERT_SIGN = 0x0020U,                 
    QSC_X509_KEY_USAGE_CRL_SIGN = 0x0040U,                      
    QSC_X509_KEY_USAGE_ENCIPHER_ONLY = 0x0080U,                 
    QSC_X509_KEY_USAGE_DECIPHER_ONLY = 0x0100U                  
} qsc_x509_key_usage_bits;

typedef enum qsc_x509_extended_key_usage_bits_t
{
    QSC_X509_EXTENDED_KEY_USAGE_NONE = 0x0000U,                 
    QSC_X509_EXTENDED_KEY_USAGE_ANY = 0x0001U,                  
    QSC_X509_EXTENDED_KEY_USAGE_SERVER_AUTH = 0x0002U,          
    QSC_X509_EXTENDED_KEY_USAGE_CLIENT_AUTH = 0x0004U,          
    QSC_X509_EXTENDED_KEY_USAGE_CODE_SIGNING = 0x0008U,         
    QSC_X509_EXTENDED_KEY_USAGE_EMAIL_PROTECTION = 0x0010U,     
    QSC_X509_EXTENDED_KEY_USAGE_TIME_STAMPING = 0x0020U,        
    QSC_X509_EXTENDED_KEY_USAGE_OCSP_SIGNING = 0x0040U          
} qsc_x509_extended_key_usage_bits;

QSC_EXPORT_API typedef struct qsc_x509_algorithm_identifier_t
{
    qsc_oid_id oid;                                             
    qsc_x509_public_key_algorithm publickey;                    
    qsc_x509_signature_algorithm signature;                     
    qsc_x509_hash_algorithm hash;                               
    qsc_x509_named_curve curve;                                 
    qsc_x509_pqc_parameter_set pqcparameter;                    
    qsc_asn1_oid algorithm_oid;                                 
    qsc_asn1_oid parameter_oid;                                 
    bool parameters_present;                                    
    bool parameters_null;                                       
    bool parameters_oid;                                        
} qsc_x509_algorithm_identifier;

QSC_EXPORT_API typedef struct qsc_x509_name_attribute_t
{
    qsc_x509_name_attribute_type type;                          
    qsc_oid_id oid;                                             
    qsc_asn1_oid attribute_oid;                                 
    uint8_t string_tag;                                         
    uint16_t rdn_index;                                         
    size_t length;                                              
    char value[QSC_X509_NAME_ATTRIBUTE_STRING_MAX + 1U];        
} qsc_x509_name_attribute;

QSC_EXPORT_API typedef struct qsc_x509_name_t
{
    qsc_x509_name_attribute attributes[QSC_X509_NAME_ATTRIBUTES_MAX];   
    size_t count;                                               
} qsc_x509_name;

QSC_EXPORT_API typedef struct qsc_x509_validity_t
{
    qsc_asn1_time notbefore;                                    
    qsc_asn1_time notafter;                                     
} qsc_x509_validity;

QSC_EXPORT_API typedef struct qsc_x509_general_name_t
{
    qsc_x509_general_name_type type;                            
    qsc_oid_id oid;                                             
    qsc_asn1_oid registeredid;                                  
    size_t length;                                              
    uint8_t data[QSC_X509_NAME_ATTRIBUTE_STRING_MAX + 1U];      
} qsc_x509_general_name;

QSC_EXPORT_API typedef struct qsc_x509_subject_public_key_info_t
{
    qsc_x509_algorithm_identifier algorithm;                    
    uint8_t publickey[QSC_X509_SPKI_MAX];                       
    size_t publickeylen;                                        
    uint8_t unusedbits;                                         
} qsc_x509_subject_public_key_info;

QSC_EXPORT_API typedef struct qsc_x509_basic_constraints_t
{
    bool present;                                               
    bool critical;                                              
    bool ca;                                                    
    bool pathlen_present;                                       
    uint32_t pathlen;                                           
} qsc_x509_basic_constraints;

QSC_EXPORT_API typedef struct qsc_x509_key_usage_t
{
    bool present;                                               
    bool critical;                                              
    uint16_t bits;                                              
} qsc_x509_key_usage;

QSC_EXPORT_API typedef struct qsc_x509_extended_key_usage_t
{
    bool present;                                               
    bool critical;                                              
    uint32_t bits;                                              
} qsc_x509_extended_key_usage;

QSC_EXPORT_API typedef struct qsc_x509_subject_key_identifier_t
{
    bool present;                                               
    bool critical;                                              
    uint8_t identifier[QSC_X509_KEY_IDENTIFIER_MAX];            
    size_t identifierlen;                                       
} qsc_x509_subject_key_identifier;

QSC_EXPORT_API typedef struct qsc_x509_authority_key_identifier_t
{
    bool present;                                               
    bool critical;                                              
    uint8_t keyidentifier[QSC_X509_KEY_IDENTIFIER_MAX];         
    size_t keyidentifierlen;                                    
    bool issuer_present;                                        
    bool issuername_present;                                    
    qsc_x509_name issuername;                                   
    bool serial_present;                                        
    uint8_t serial[QSC_X509_SERIAL_NUMBER_MAX];                 
    size_t seriallen;                                           
} qsc_x509_authority_key_identifier;

QSC_EXPORT_API typedef struct qsc_x509_crl_number_t
{
    bool present;                                               
    bool critical;                                              
    uint8_t value[QSC_X509_SERIAL_NUMBER_MAX];                  
    size_t valuelen;                                            
} qsc_x509_crl_number;

QSC_EXPORT_API typedef struct qsc_x509_subject_alt_name_t
{
    bool present;                                               
    bool critical;                                              
    qsc_x509_general_name entries[QSC_X509_SAN_ENTRIES_MAX];    
    size_t count;                                               
} qsc_x509_subject_alt_name;

QSC_EXPORT_API typedef struct qsc_x509_issuer_alt_name_t
{
    bool present;                                               
    bool critical;                                              
    qsc_x509_general_name entries[QSC_X509_SAN_ENTRIES_MAX];    
    size_t count;                                               
} qsc_x509_issuer_alt_name;

QSC_EXPORT_API typedef struct qsc_x509_extension_t
{
    qsc_x509_extension_type type;                               
    qsc_oid_id oid;                                             
    qsc_asn1_oid extension_oid;                                 
    bool critical;                                              
    uint8_t value[QSC_X509_SPKI_MAX];                           
    size_t valuelen;                                            
    qsc_x509_encoded_region rawextnvalue;                       
    bool decoded;                                               
} qsc_x509_extension;

QSC_EXPORT_API typedef struct qsc_x509_extensions_t
{
    qsc_x509_extension entries[QSC_X509_EXTENSIONS_MAX];        
    size_t count;                                               
    bool decoded;                                               
    bool duplicatesrejected;                                    
    qsc_x509_basic_constraints basicconstraints;                
    qsc_x509_key_usage keyusage;                                
    qsc_x509_extended_key_usage extendedkeyusage;               
    qsc_x509_subject_key_identifier subjectkeyidentifier;       
    qsc_x509_crl_number crlnumber;                              
    qsc_x509_authority_key_identifier authoritykeyidentifier;   
    qsc_x509_subject_alt_name subjectaltname;                   
    qsc_x509_issuer_alt_name issueraltname;                     
} qsc_x509_extensions;

QSC_EXPORT_API typedef struct qsc_x509_certificate_t
{
    uint32_t version;                                           
    uint8_t serialnumber[QSC_X509_SERIAL_NUMBER_MAX];           
    size_t serialnumberlen;                                     
    qsc_x509_algorithm_identifier tbsignature;                  
    qsc_x509_name issuer;                                       
    qsc_x509_validity validity;                                 
    qsc_x509_name subject;                                      
    qsc_x509_subject_public_key_info subjectpublickeyinfo;      
    bool issueruniqueid_present;                                
    bool subjectuniqueid_present;                               
    qsc_x509_extensions extensions;                             
    qsc_x509_algorithm_identifier signaturealgorithm;           
    uint8_t signature[QSC_X509_SIGNATURE_MAX];                  
    size_t signaturelen;                                        
    uint8_t signatureunusedbits;                                
    const uint8_t* tbsdata;                                     
    size_t tbsdatalen;                                          
    const uint8_t* der;                                         
    size_t derlen;                                              
    bool derowned;                                              
} qsc_x509_certificate;

QSC_EXPORT_API typedef struct qsc_x509_trust_anchor_t
{
    qsc_x509_certificate certificate;                           
    bool selfsigned;                                            
} qsc_x509_trust_anchor;

QSC_EXPORT_API typedef struct qsc_x509_chain_t
{
    qsc_x509_certificate* certificates;                         
    size_t count;                                               
} qsc_x509_chain;

QSC_EXPORT_API typedef struct qsc_x509_store_t
{
    qsc_x509_trust_anchor* anchors;                             
    size_t count;                                               
    size_t capacity;                                            
} qsc_x509_store;

#define QSC_X509_CERTIFICATE_WRITE_MAX 8192U

typedef qsc_asn1_status (*qsc_x509_certificate_sign_callback)(qsc_x509_signature_algorithm signaturealgorithm,
    const uint8_t* tbsdata, size_t tbsdatalen, uint8_t* signature, size_t* signaturelen, void* context);

QSC_EXPORT_API typedef struct qsc_x509_certificate_builder_t
{
    uint32_t version;                                           
    uint8_t serialnumber[QSC_X509_SERIAL_NUMBER_MAX];           
    size_t serialnumberlen;                                     
    qsc_x509_name issuer;                                       
    qsc_x509_validity validity;                                 
    qsc_x509_name subject;                                      
    qsc_x509_subject_public_key_info spki;                      
    qsc_x509_algorithm_identifier signaturealgorithm;           
    qsc_x509_extensions extensions;                             
} qsc_x509_certificate_builder;
 
QSC_CPLUSPLUS_ENABLED_END
 
#endif