x509verify.h

Go to the documentation of this file.

/* 2020-2026 Quantum Resistant Cryptographic Solutions Corporation
 * All Rights Reserved.
 *
 * NOTICE:
 * This software and all accompanying materials are the exclusive property of
 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual
 * and technical concepts contained herein are proprietary to QRCS and are
 * protected under applicable Canadian, U.S., and international copyright,
 * patent, and trade secret laws.
 *
 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:
 * - This software includes implementations of cryptographic primitives and
 *   algorithms that are standardized or in the public domain, such as AES
 *   and SHA-3, which are not proprietary to QRCS.
 * - This software also includes cryptographic primitives, constructions, and
 *   algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and
 *   related components, which are proprietary to QRCS.
 * - All source code, implementations, protocol compositions, optimizations,
 *   parameter selections, and engineering work contained in this software are
 *   original works of QRCS and are protected under this license.
 *
 * LICENSE AND USE RESTRICTIONS:
 * - This software is licensed under the Quantum Resistant Cryptographic Solutions
 *   Public Research and Evaluation License (QRCS-PREL), 2025-2026.
 * - Permission is granted solely for non-commercial evaluation, academic research,
 *   cryptographic analysis, interoperability testing, and feasibility assessment.
 * - Commercial use, production deployment, commercial redistribution, or
 *   integration into products or services is strictly prohibited without a
 *   separate written license agreement executed with QRCS.
 * - Licensing and authorized distribution are solely at the discretion of QRCS.
 *
 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:
 * Portions of this software may include experimental, novel, or evolving
 * cryptographic designs. Use of this software is entirely at the user's risk.
 *
 * DISCLAIMER:
 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS
 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL
 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.
 *
 * FULL LICENSE:
 * This software is subject to the Quantum Resistant Cryptographic Solutions
 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms
 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.
 *
 * Written by: John G. Underhill
 * Contact: contact@qrcscorp.ca
 */
 
#ifndef QSC_X509_VERIFY_H
#define QSC_X509_VERIFY_H
 
#include "qsccommon.h"
#include "x509types.h"
#include "x509time.h"
#include "x509rev.h"
 
QSC_CPLUSPLUS_ENABLED_START


typedef enum qsc_x509_verify_status_t
{
    QSC_X509_VERIFY_STATUS_SUCCESS = 0,                         
    QSC_X509_VERIFY_STATUS_INVALID_INPUT = 1,                   
    QSC_X509_VERIFY_STATUS_INVALID_CERTIFICATE = 2,             
    QSC_X509_VERIFY_STATUS_ALGORITHM_MISMATCH = 3,              
    QSC_X509_VERIFY_STATUS_EXPIRED = 4,                         
    QSC_X509_VERIFY_STATUS_NOT_YET_VALID = 5,                   
    QSC_X509_VERIFY_STATUS_ISSUER_MISMATCH = 6,                 
    QSC_X509_VERIFY_STATUS_KEY_IDENTIFIER_MISMATCH = 7,         
    QSC_X509_VERIFY_STATUS_NOT_CA = 8,                          
    QSC_X509_VERIFY_STATUS_PATH_LENGTH_EXCEEDED = 9,            
    QSC_X509_VERIFY_STATUS_KEY_USAGE_REJECTED = 10,             
    QSC_X509_VERIFY_STATUS_SIGNATURE_REJECTED = 11,             
    QSC_X509_VERIFY_STATUS_TRUST_NOT_FOUND = 12,                
    QSC_X509_VERIFY_STATUS_UNSUPPORTED = 13,                    
    QSC_X509_VERIFY_STATUS_CALLBACK_FAILURE = 14,               
    QSC_X509_VERIFY_STATUS_UNSUPPORTED_CRITICAL_EXTENSION = 15, 
    QSC_X509_VERIFY_STATUS_PURPOSE_REJECTED = 16,               
    QSC_X509_VERIFY_STATUS_REVOKED = 17,                        
    QSC_X509_VERIFY_STATUS_REVOCATION_UNKNOWN = 18,             
    QSC_X509_VERIFY_STATUS_CHAIN_LOOP = 19,                     
    QSC_X509_VERIFY_STATUS_NAME_MISMATCH = 20                   
} qsc_x509_verify_status;

typedef bool (*qsc_x509_signature_verify_callback)(const qsc_x509_certificate* certificate, const qsc_x509_certificate* issuer, void* state);

typedef enum qsc_x509_verify_purpose_t
{
    QSC_X509_VERIFY_PURPOSE_GENERIC = 0,                        
    QSC_X509_VERIFY_PURPOSE_TLS_SERVER = 1,                     
    QSC_X509_VERIFY_PURPOSE_TLS_CLIENT = 2                      
} qsc_x509_verify_purpose;

typedef struct qsc_x509_verify_options_t
{
    qsc_x509_verify_purpose purpose;                            
    const qsc_x509_revocation_options* revocation;              
    bool rejectunsupportedcriticalextensions;                   
} qsc_x509_verify_options;

QSC_EXPORT_API void qsc_x509_verify_options_initialize(qsc_x509_verify_options* options);

QSC_EXPORT_API bool qsc_x509_certificate_is_self_issued(const qsc_x509_certificate* certificate);

QSC_EXPORT_API bool qsc_x509_certificate_is_self_signed(const qsc_x509_certificate* certificate, qsc_x509_signature_verify_callback callback, void* state);

QSC_EXPORT_API bool qsc_x509_certificate_is_ca(const qsc_x509_certificate* certificate);

QSC_EXPORT_API bool qsc_x509_certificate_allows_server_auth(const qsc_x509_certificate* certificate);

QSC_EXPORT_API bool qsc_x509_certificate_allows_client_auth(const qsc_x509_certificate* certificate);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_certificate_check_structure(const qsc_x509_certificate* certificate);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_certificate_check_algorithms(const qsc_x509_certificate* certificate);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_certificate_check_validity(const qsc_x509_certificate* certificate, const qsc_asn1_time* ascnow);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_certificate_check_purpose(const qsc_x509_certificate* certificate, qsc_x509_verify_purpose purpose);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_certificate_check_hostname(const qsc_x509_certificate* certificate, const char* hostname);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_certificate_check_ip_address(const qsc_x509_certificate* certificate, const uint8_t* address, size_t addresslen);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_certificate_check_issuer(const qsc_x509_certificate* issuer, const qsc_x509_certificate* subject, size_t remainingdepth);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_certificate_verify(const qsc_x509_certificate* certificate, const qsc_x509_certificate* issuer, const qsc_asn1_time* now, qsc_x509_signature_verify_callback callback, void* state);

QSC_EXPORT_API bool qsc_x509_chain_is_anchored(const qsc_x509_chain* chain, const qsc_x509_store* store);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_chain_verify(const qsc_x509_chain* chain, const qsc_x509_store* store, const qsc_asn1_time* now, qsc_x509_signature_verify_callback callback, void* state);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_certificate_verify_ex(const qsc_x509_certificate* certificate, const qsc_x509_certificate* issuer,
    const qsc_asn1_time* now, qsc_x509_signature_verify_callback callback, void* state, const qsc_x509_verify_options* options);

QSC_EXPORT_API qsc_x509_verify_status qsc_x509_chain_verify_ex(const qsc_x509_chain* chain, const qsc_x509_store* store,
    const qsc_asn1_time* now, qsc_x509_signature_verify_callback callback, void* state, const qsc_x509_verify_options* options);
 
QSC_CPLUSPLUS_ENABLED_END
 
#endif