qstp.h

Go to the documentation of this file.

/* 2025 Quantum Resistant Cryptographic Solutions Corporation
 * All Rights Reserved.
 *
 * NOTICE: This software and all accompanying materials are the exclusive 
 * property of Quantum Resistant Cryptographic Solutions Corporation (QRCS).
 * The intellectual and technical concepts contained within this implementation 
 * are proprietary to QRCS and its authorized licensors and are protected under 
 * applicable U.S. and international copyright, patent, and trade secret laws.
 *
 * CRYPTOGRAPHIC STANDARDS:
 * - This software includes implementations of cryptographic algorithms such as 
 *   SHA3, AES, and others. These algorithms are public domain or standardized 
 *   by organizations such as NIST and are NOT the property of QRCS.
 * - However, all source code, optimizations, and implementations in this library 
 *   are original works of QRCS and are protected under this license.
 *
 * RESTRICTIONS:
 * - Redistribution, modification, or unauthorized distribution of this software, 
 *   in whole or in part, is strictly prohibited.
 * - This software is provided for non-commercial, educational, and research 
 *   purposes only. Commercial use in any form is expressly forbidden.
 * - Licensing and authorized distribution are solely at the discretion of QRCS.
 * - Any use of this software implies acceptance of these restrictions.
 *
 * DISCLAIMER:
 * This software is provided "as is," without warranty of any kind, express or 
 * implied, including but not limited to warranties of merchantability or fitness 
 * for a particular purpose. QRCS disclaims all liability for any direct, indirect, 
 * incidental, or consequential damages resulting from the use or misuse of this software.
 *
 * FULL LICENSE:
 * This software is subject to the **Quantum Resistant Cryptographic Solutions 
 * Proprietary License (QRCS-PL)**. The complete license terms are included 
 * in the LICENSE.txt file distributed with this software.
 *
 * Written by: John G. Underhill
 * Contact: john.underhill@protonmail.com
 */
 
#ifndef QSTP_H
#define QSTP_H
 
#include "common.h"
#include "../../QSC/QSC/socketbase.h"
#include "../../QSC/QSC/rcs.h"
#include "../../QSC/QSC/sha3.h"

#define QSTP_CONFIG_DILITHIUM_KYBER

//* \def QSTP_CONFIG_DILITHIUM_MCELIECE
//* \brief Sets the asymmetric cryptographic primitive-set to Dilithium/McEliece.
//*/
//#define QSTP_CONFIG_DILITHIUM_MCELIECE

//* \def QSTP_CONFIG_SPHINCS_MCELIECE
//* \brief Sets the asymmetric cryptographic primitive-set to Sphincs+/McEliece, default is Dilithium/Kyber.
//* Note: You may have to increase the stack reserve size on both projects, as McEliece and Sphincs+ use many resources.
//*/
//#define QSTP_CONFIG_SPHINCS_MCELIECE
 
#if defined(QSTP_CONFIG_DILITHIUM_KYBER)
#   include "../../QSC/QSC/dilithium.h"
#   include "../../QSC/QSC/kyber.h"
#elif defined(QSTP_CONFIG_DILITHIUM_MCELIECE)
#   include "../../QSC/QSC/dilithium.h"
#   include "../../QSC/QSC/mceliece.h"
#elif defined(QSTP_CONFIG_SPHINCS_MCELIECE)
#   include "../../QSC/QSC/sphincsplus.h"
#   include "../../QSC/QSC/mceliece.h"
#else
#   error Invalid parameter set!
#endif
 
/* 
 * Valid parameter sets:
 *   McEliece-S1, Dilithium-S1(f,s)
 *   McEliece-S3, Dilithium-S3(f,s)
 *   McEliece-S5, Dilithium-S5(f,s)
 *   McEliece-S6, Dilithium-S5(f,s)
 *   Kyber-S1, Dilithium-S1
 *   Kyber-S3, Dilithium-S3
 *   Kyber-S5, Dilithium-S5
 *   Kyber-S6, Dilithium-S5
 *   McEliece-S1, Sphincs-S1(f,s)
 *   McEliece-S3, Sphincs-S3(f,s)
 *   McEliece-S5, Sphincs-S5(f,s)
 *   McEliece-S6, Sphincs-S5(f,s)
 *   McEliece-S7, Sphincs-S6(f,s)
 */

#define QSTP_PROTOCOL_SET_SIZE 42

QSTP_EXPORT_API typedef enum qstp_configuration_sets
{
    qstp_configuration_set_none = 0x00,                                          
    qstp_configuration_set_dilithium1_kyber1_rcs256_shake256 = 0x01,            
    qstp_configuration_set_dilithium3_kyber3_rcs256_shake256 = 0x02,            
    qstp_configuration_set_dilithium5_kyber5_rcs256_shake256 = 0x03,            
    qstp_configuration_set_dilithium5_kyber6_rcs512_shake512 = 0x04,            
    qstp_configuration_set_dilithium1_mceliece1_rcs256_shake256 = 0x05,          
    qstp_configuration_set_dilithium3_mceliece3_rcs256_shake256 = 0x06,          
    qstp_configuration_set_dilithium5_mceliece5_rcs256_shake256 = 0x07,          
    qstp_configuration_set_dilithium5_mceliece6_rcs256_shake256 = 0x08,          
    qstp_configuration_set_dilithium5_mceliece7_rcs256_shake256 = 0x09,          
    qstp_configuration_set_sphincsplus1f_mceliece1_rcs256_shake256 = 0x0A,        
    qstp_configuration_set_sphincsplus1s_mceliece1_rcs256_shake256 = 0x0B,        
    qstp_configuration_set_sphincsplus3f_mceliece3_rcs256_shake256 = 0x0C,        
    qstp_configuration_set_sphincsplus3s_mceliece3_rcs256_shake256 = 0x0D,        
    qstp_configuration_set_sphincsplus5f_mceliece5_rcs256_shake256 = 0x0E,        
    qstp_configuration_set_sphincsplus5s_mceliece5_rcs256_shake256 = 0x0F,        
    qstp_configuration_set_sphincsplus5f_mceliece6_rcs256_shake256 = 0x10,        
    qstp_configuration_set_sphincsplus5s_mceliece6_rcs256_shake256 = 0x11,        
    qstp_configuration_set_sphincsplus5f_mceliece7_rcs256_shake256 = 0x12,        
    qstp_configuration_set_sphincsplus5s_mceliece7_rcs256_shake256 = 0x13,        
} qstp_configuration_sets;
 
#if defined(QSTP_CONFIG_DILITHIUM_MCELIECE)

#   define qstp_cipher_generate_keypair qsc_mceliece_generate_keypair
#   define qstp_cipher_decapsulate qsc_mceliece_decapsulate
#   define qstp_cipher_encapsulate qsc_mceliece_encapsulate
#   define qstp_signature_generate_keypair qsc_dilithium_generate_keypair
#   define qstp_signature_sign qsc_dilithium_sign
#   define qstp_signature_verify qsc_dilithium_verify

#   define QSTP_ASYMMETRIC_CIPHER_TEXT_SIZE (QSC_MCELIECE_CIPHERTEXT_SIZE)

#   define QSTP_ASYMMETRIC_PRIVATE_KEY_SIZE (QSC_MCELIECE_PRIVATEKEY_SIZE)

#   define QSTP_ASYMMETRIC_PUBLIC_KEY_SIZE (QSC_MCELIECE_PUBLICKEY_SIZE)

#   define QSTP_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_DILITHIUM_PRIVATEKEY_SIZE)

#   define QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE (QSC_DILITHIUM_PUBLICKEY_SIZE)

#   define QSTP_ASYMMETRIC_SIGNATURE_SIZE (QSC_DILITHIUM_SIGNATURE_SIZE)

#   if defined(QSC_DILITHIUM_S1P2544) && defined(QSC_MCELIECE_S1N3488T64)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "dilithium-s1_mceliece-s1_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_dilithium1_mceliece1_rcs256_shake256;
#   elif defined(QSC_DILITHIUM_S3P4016) && defined(QSC_MCELIECE_S3N4608T96)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "dilithium-s3_mceliece-s3_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_dilithium3_mceliece3_rcs256_shake256;
#   elif defined(QSC_DILITHIUM_S5P4880) && defined(QSC_MCELIECE_S5N6688T128)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "dilithium-s5_mceliece-s5_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_dilithium5_mceliece5_rcs256_shake256;
#   elif defined(QSC_DILITHIUM_S5P4880) && defined(QSC_MCELIECE_S6N6960T119)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "dilithium-s5_mceliece-s6_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_dilithium5_mceliece6_rcs256_shake256;
#   elif defined(QSC_DILITHIUM_S5P4880) && defined(QSC_MCELIECE_S7N8192T128)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "dilithium-s5_mceliece-s7_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_dilithium5_mceliece7_rcs256_shake256;
#   else
#       error the library parameter sets are mismatched!
#   endif
 
#elif defined(QSTP_CONFIG_DILITHIUM_KYBER)

#   define qstp_cipher_generate_keypair qsc_kyber_generate_keypair
#   define qstp_cipher_decapsulate qsc_kyber_decapsulate
#   define qstp_cipher_encapsulate qsc_kyber_encapsulate
#   define qstp_signature_generate_keypair qsc_dilithium_generate_keypair
#   define qstp_signature_sign qsc_dilithium_sign
#   define qstp_signature_verify qsc_dilithium_verify

#   define QSTP_ASYMMETRIC_CIPHER_TEXT_SIZE (QSC_KYBER_CIPHERTEXT_SIZE)

#   define QSTP_ASYMMETRIC_PRIVATE_KEY_SIZE (QSC_KYBER_PRIVATEKEY_SIZE)

#   define QSTP_ASYMMETRIC_PUBLIC_KEY_SIZE (QSC_KYBER_PUBLICKEY_SIZE)

#   define QSTP_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_DILITHIUM_PRIVATEKEY_SIZE)

#   define QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE (QSC_DILITHIUM_PUBLICKEY_SIZE)

#   define QSTP_ASYMMETRIC_SIGNATURE_SIZE (QSC_DILITHIUM_SIGNATURE_SIZE)

#   if defined(QSC_DILITHIUM_S1P2544) && defined(QSC_KYBER_S1P1632)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "dilithium-s1_kyber-s1_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_dilithium1_kyber1_rcs256_shake256;
#   elif defined(QSC_DILITHIUM_S3P4016) && defined(QSC_KYBER_S3P2400)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "dilithium-s3_kyber-s3_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_dilithium3_kyber3_rcs256_shake256;
#   elif defined(QSC_DILITHIUM_S5P4880) && defined(QSC_KYBER_S5P3168)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "dilithium-s5_kyber-s5_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_dilithium5_kyber5_rcs256_shake256;
#   elif defined(QSC_DILITHIUM_S5P4880) && defined(QSC_KYBER_S6P3936)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "dilithium-s5_kyber-s6_rcs-512_sha3-512";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_dilithium5_kyber6_rcs512_shake512;
#   else
#       error the library parameter sets are mismatched!
#   endif
 
#elif defined(QSTP_CONFIG_SPHINCS_MCELIECE)

#   define qstp_cipher_generate_keypair qsc_mceliece_generate_keypair
#   define qstp_cipher_decapsulate qsc_mceliece_decapsulate
#   define qstp_cipher_encapsulate qsc_mceliece_encapsulate
#   define qstp_signature_generate_keypair qsc_sphincsplus_generate_keypair
#   define qstp_signature_sign qsc_sphincsplus_sign
#   define qstp_signature_verify qsc_sphincsplus_verify

#   define QSTP_ASYMMETRIC_CIPHER_TEXT_SIZE (QSC_MCELIECE_CIPHERTEXT_SIZE)

#   define QSTP_ASYMMETRIC_PRIVATE_KEY_SIZE (QSC_MCELIECE_PRIVATEKEY_SIZE)

#   define QSTP_ASYMMETRIC_PUBLIC_KEY_SIZE (QSC_MCELIECE_PUBLICKEY_SIZE)

#   define QSTP_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_SPHINCSPLUS_PRIVATEKEY_SIZE)

#   define QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE (QSC_SPHINCSPLUS_PUBLICKEY_SIZE)

#   define QSTP_ASYMMETRIC_SIGNATURE_SIZE (QSC_SPHINCSPLUS_SIGNATURE_SIZE)

#   if defined(QSC_MCELIECE_S1N3488T64) && defined(QSC_SPHINCSPLUS_S1S128SHAKERF)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "mceliece-s1_sphincs-f1_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_sphincsplus1f_mceliece1_rcs256_shake256;
#   elif defined(QSC_MCELIECE_S1N3488T64) && defined(QSC_SPHINCSPLUS_S1S128SHAKERS)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "mceliece-s1_sphincs-s1_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_sphincsplus1s_mceliece1_rcs256_shake256;
#   elif defined(QSC_MCELIECE_S3N4608T96) && defined(QSC_SPHINCSPLUS_S3S192SHAKERF)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "mceliece-s3_sphincs-f3_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_sphincsplus3f_mceliece3_rcs256_shake256;
#   elif defined(QSC_MCELIECE_S3N4608T96) && defined(QSC_SPHINCSPLUS_S3S192SHAKERS)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "mceliece-s3_sphincs-s3_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_sphincsplus3s_mceliece3_rcs256_shake256;
#   elif defined(QSC_MCELIECE_S5N6688T128) && defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "mceliece-s5_sphincs-f5_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_sphincsplus5f_mceliece5_rcs256_shake256;
#   elif defined(QSC_MCELIECE_S5N6688T128) && defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "mceliece-s5_sphincs-s5_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_sphincsplus5s_mceliece5_rcs256_shake256;
#   elif defined(QSC_MCELIECE_S6N6960T119) && defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "mceliece-s6_sphincs-f5_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_sphincsplus5f_mceliece6_rcs256_shake256;
#   elif defined(QSC_MCELIECE_S6N6960T119) && defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "mceliece-s6_sphincs-s5_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_sphincsplus5s_mceliece6_rcs256_shake256;
#   elif defined(QSC_MCELIECE_S7N8192T128) && defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "mceliece-s7_sphincs-f5_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_sphincsplus5f_mceliece7_rcs256_shake256;
#   elif defined(QSC_MCELIECE_S7N8192T128) && defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
        static const char QSTP_PROTOCOL_SET_STRING[QSTP_PROTOCOL_SET_SIZE] = "mceliece-s7_sphincs-s5_rcs-256_sha3-256";
        static const qstp_configuration_sets QSTP_CONFIGURATION_SET = qstp_configuration_set_sphincsplus5s_mceliece7_rcs256_shake256;
#   else
        /* The library signature scheme and asymmetric cipher parameter sets must be synchronized 
           to a common security level; s1, s3, s5 or s6. Check the QSC library common.h file for alignment. */
#       error Invalid parameter sets, check the QSC library settings 
#   endif
 
#endif

#define QSTP_ACTIVE_VERSION 1

#define QSTP_CERTIFICATE_ALGORITHM_SIZE 1

#define QSTP_CERTIFICATE_DESIGNATION_SIZE 1

#define QSTP_CERTIFICATE_EXPIRATION_SIZE 16

#define QSTP_CERTIFICATE_HASH_SIZE 32

#define QSTP_CERTIFICATE_ISSUER_SIZE 32

#define QSTP_CERTIFICATE_LINE_LENGTH 64

#define QSTP_CERTIFICATE_DEFAULT_PERIOD ((uint64_t)365 * 24 * 60 * 60)

#define QSTP_CERTIFICATE_DEFAULT_DURATION_DAYS 365

#define QSTP_CERTIFICATE_DEFAULT_DURATION_SECONDS (QSTP_CERTIFICATE_DEFAULT_DURATION_DAYS * 24 * 60 * 60)

#define QSTP_CERTIFICATE_LINE_LENGTH 64

#define QSTP_CERTIFICATE_MAXIMUM_PERIOD (QSTP_CERTIFICATE_DEFAULT_PERIOD * 2)

#define QSTP_CERTIFICATE_MINIMUM_PERIOD ((uint64_t)1 * 24 * 60 * 60)

#define QSTP_CERTIFICATE_SERIAL_SIZE 16

#define QSTP_CERTIFICATE_SERIAL_ENCODED_SIZE 32

#define QSTP_CERTIFICATE_SIGNED_HASH_SIZE (QSTP_ASYMMETRIC_SIGNATURE_SIZE + QSTP_CERTIFICATE_HASH_SIZE)

#define QSTP_CERTIFICATE_TIMESTAMP_SIZE 8

#define QSTP_CERTIFICATE_VERSION_SIZE 1

#define QSTP_CONNECTIONS_INIT 1000

#define QSTP_CONNECTIONS_MAX 50000

#define QSTP_CONNECTION_MTU 1500

#define QSTP_KEEPALIVE_TIMEOUT (120 * 1000)

#define QSTP_MACTAG_SIZE 32

#define QSTP_NONCE_SIZE 32

#define QSTP_PACKET_ERROR_SEQUENCE 0xFF00000000000000ULL

#define QSTP_PACKET_ERROR_SIZE 1

#define QSTP_PACKET_FLAG_SIZE 1

#define QSTP_PACKET_HEADER_SIZE 21

#define QSTP_PACKET_MESSAGE_LENGTH_SIZE 4

#define QSTP_PACKET_MESSAGE_MAX 0x3D090000

#define QSTP_PACKET_REVOCATION_SEQUENCE 0xFFUL

#define QSTP_PACKET_SEQUENCE_SIZE 8

#define QSTP_PACKET_SEQUENCE_TERMINATOR 0xFFFFFFFFUL

#define QSTP_PACKET_TIME_THRESHOLD 60

#define QSTP_SECRET_SIZE 32

#define QSTP_CLIENT_PORT 32118

#define QSTP_SERVER_PORT 32119

#define QSTP_ROOT_PORT 32120

#define QSTP_SYMMETRIC_KEY_SIZE 32

#define QSTP_STORAGE_PATH_MAX 260

#define QSTP_ROOT_CERTIFICATE_SIZE (QSTP_CERTIFICATE_HASH_SIZE + \
    QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    QSTP_CERTIFICATE_ISSUER_SIZE + \
    QSTP_CERTIFICATE_SERIAL_SIZE + \
    QSTP_CERTIFICATE_EXPIRATION_SIZE + \
    QSTP_CERTIFICATE_ALGORITHM_SIZE + \
    QSTP_CERTIFICATE_VERSION_SIZE)

#define QSTP_ROOT_SIGNATURE_KEY_SIZE (QSTP_CERTIFICATE_ISSUER_SIZE + \
    QSTP_CERTIFICATE_SERIAL_SIZE + \
    QSTP_ASYMMETRIC_SIGNING_KEY_SIZE + \
    QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    QSTP_CERTIFICATE_EXPIRATION_SIZE + \
    QSTP_CERTIFICATE_ALGORITHM_SIZE + \
    QSTP_CERTIFICATE_VERSION_SIZE)

#define QSTP_SERVER_CERTIFICATE_SIZE (QSTP_CERTIFICATE_SIGNED_HASH_SIZE + \
    QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    QSTP_CERTIFICATE_ISSUER_SIZE + \
    QSTP_CERTIFICATE_SERIAL_SIZE + \
    QSTP_CERTIFICATE_SERIAL_SIZE + \
    QSTP_CERTIFICATE_EXPIRATION_SIZE + \
    QSTP_CERTIFICATE_ALGORITHM_SIZE + \
    QSTP_CERTIFICATE_DESIGNATION_SIZE + \
    QSTP_CERTIFICATE_VERSION_SIZE)

#define QSTP_SERVER_SIGNATURE_KEY_SIZE (QSTP_ASYMMETRIC_SIGNING_KEY_SIZE + \
    QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    QSTP_CERTIFICATE_ISSUER_SIZE + \
    QSTP_CERTIFICATE_HASH_SIZE + \
    QSTP_CERTIFICATE_SERIAL_SIZE + \
    QSTP_CERTIFICATE_EXPIRATION_SIZE + \
    QSTP_CERTIFICATE_ALGORITHM_SIZE + \
    QSTP_CERTIFICATE_DESIGNATION_SIZE + \
    QSTP_CERTIFICATE_VERSION_SIZE)

#define QSTP_PROTOCOL_SET_DEPTH 12
 
/* protocol set strings */
static const char QSTP_PARAMETER_STRINGS[QSTP_PROTOCOL_SET_DEPTH][QSTP_PROTOCOL_SET_SIZE] =
{
    "dilithium-s1_kyber-s1_rcs-256_sha3-256",
    "dilithium-s3_kyber-s3_rcs-256_sha3-256",
    "dilithium-s5_kyber-s5_rcs-256_sha3-256",
    "dilithium-s5_kyber-s6_rcs-256_sha3-256",
    "dilithium-s1_mceliece-s1_rcs-256_sha3-256",
    "dilithium-s3_mceliece-s3_rcs-256_sha3-256",
    "dilithium-s5_mceliece-s5_rcs-256_sha3-256",
    "sphincs-1f_mceliece-s1_rcs-256_sha3-256",
    "sphincs-3f_mceliece-s3_rcs-256_sha3-256",
    "sphincs-5f_mceliece-s5_rcs-256_sha3-256",
    "sphincs-5f_mceliece-s6_rcs-256_sha3-256",
    "sphincs-5f_mceliece-s7_rcs-256_sha3-256",
};
 
/* error code strings */
#define QSTP_MESSAGE_STRING_DEPTH 20
#define QSTP_MESSAGE_STRING_WIDTH 128
 
static const char QSTP_MESSAGE_STRINGS[QSTP_MESSAGE_STRING_DEPTH][QSTP_MESSAGE_STRING_WIDTH] =
{
    "No configuration was specified.",
    "The socket accept failed.",
    "The listener socket could not connect.",
    "The listener socket could not bind to the address.",
    "The listener socket could not be created.",
    "The server connected to a host.",
    "The socket receive function failed.",
    "The server memory allocation request has failed.",
    "The key exchange has experienced a failure.",
    "The server has disconnected the client.",
    "The server has disconnected the client due to an error.",
    "The server has had a socket level error.",
    "The server has reached the maximum number of connections.",
    "The server listener socket has failed.",
    "The server has run out of socket connections.",
    "The message decryption has failed.",
    "The keepalive function has failed.",
    "The keepalive period has been exceeded",
    "The connection failed or was interrupted.",
    "The function received an invalid request."
};

#define QSTP_ERROR_STRING_DEPTH 30
#define QSTP_ERROR_STRING_WIDTH 128
 
static const char QSTP_ERROR_STRINGS[QSTP_ERROR_STRING_DEPTH][QSTP_ERROR_STRING_WIDTH] =
{
    "No error was detected",
    "The socket accept function returned an error",
    "The symmetric cipher had an authentication failure",
    "The keep alive check failed",
    "The communications channel has failed",
    "The device could not make a connection to the remote host",
    "The transmission failed at the KEX connection phase",
    "The asymmetric cipher failed to decapsulate the shared secret",
    "The decryption authentication has failed",
    "The transmission failed at the KEX establish phase",
    "The transmission failed at the KEX exchange phase",
    "The public - key hash is invalid",
    "The server has run out of socket connections",
    "The expected input was invalid",
    "The packet flag was unexpected",
    "The keep alive has expired with no response",
    "The decryption authentication has failed",
    "The QSTP public key has expired ",
    "The key identity is unrecognized",
    "The ratchet operation has failed",
    "The listener function failed to initialize",
    "The server has run out of memory",
    "The packet has valid time expired",
    "The packet was received out of sequence",
    "The random generator has failed",
    "The receiver failed at the network layer",
    "The signing function has failed",
    "The transmitter failed at the network layer",
    "The protocol string was not recognized",
    "The expected data could not be verified"
};

QSTP_EXPORT_API typedef enum qstp_messages
{
    qstp_messages_none = 0x00,                        
    qstp_messages_accept_fail = 0x01,              
    qstp_messages_listen_fail = 0x02,              
    qstp_messages_bind_fail = 0x03,                  
    qstp_messages_create_fail = 0x04,              
    qstp_messages_connect_success = 0x05,          
    qstp_messages_receive_fail = 0x06,                
    qstp_messages_allocate_fail = 0x07,              
    qstp_messages_kex_fail = 0x08,                    
    qstp_messages_disconnect = 0x09,                
    qstp_messages_disconnect_fail = 0x0A,          
    qstp_messages_socket_message = 0x0B,            
    qstp_messages_queue_empty = 0x0C,              
    qstp_messages_listener_fail = 0x0D,              
    qstp_messages_sockalloc_fail = 0x0E,            
    qstp_messages_decryption_fail = 0x0F,          
    qstp_messages_keepalive_fail = 0x10,            
    qstp_messages_keepalive_timeout = 0x11,          
    qstp_messages_connection_fail = 0x12,          
    qstp_messages_invalid_request = 0x13,          
} qstp_messages;

QSTP_EXPORT_API typedef enum qstp_errors
{
    qstp_error_none = 0x00,                          
    qstp_error_accept_fail = 0x01,                    
    qstp_error_authentication_failure = 0x02,      
    qstp_error_bad_keep_alive = 0x03,              
    qstp_error_channel_down = 0x04,                  
    qstp_error_connection_failure = 0x05,          
    qstp_error_connect_failure = 0x06,                
    qstp_error_decapsulation_failure = 0x07,        
    qstp_error_decryption_failure = 0x08,          
    qstp_error_establish_failure = 0x09,            
    qstp_error_exchange_failure = 0x0A,              
    qstp_error_hash_invalid = 0x0B,                  
    qstp_error_hosts_exceeded = 0x0C,              
    qstp_error_invalid_input = 0x0D,                
    qstp_error_invalid_request = 0x0E,                
    qstp_error_keepalive_expired = 0x0F,            
    qstp_error_keepalive_timeout = 0x10,            
    qstp_error_key_expired = 0x11,                    
    qstp_error_key_unrecognized = 0x12,              
    qstp_error_keychain_fail = 0x13,                
    qstp_error_listener_fail = 0x14,                
    qstp_error_memory_allocation = 0x15,            
    qstp_error_message_time_invalid = 0x16,          
    qstp_error_packet_unsequenced = 0x17,          
    qstp_error_random_failure = 0x18,              
    qstp_error_receive_failure = 0x19,                
    qstp_error_signature_failure = 0x1A,            
    qstp_error_transmit_failure = 0x1B,              
    qstp_error_unknown_protocol = 0x1C,              
    qstp_error_verify_failure = 0x1D,              
} qstp_errors;

QSTP_EXPORT_API typedef enum qstp_flags
{
    qstp_flag_none = 0x00,                            
    qstp_flag_connect_request = 0x01,              
    qstp_flag_connect_response = 0x02,                
    qstp_flag_connection_terminate = 0x03,            
    qstp_flag_encrypted_message = 0x04,              
    qstp_flag_exstart_request = 0x05,              
    qstp_flag_exstart_response = 0x06,                
    qstp_flag_exchange_request = 0x07,                
    qstp_flag_exchange_response = 0x08,              
    qstp_flag_establish_request = 0x09,              
    qstp_flag_establish_response = 0x0A,            
    qstp_flag_keep_alive_request = 0x0B,            
    qstp_flag_keep_alive_response = 0x0C,          
    qstp_flag_remote_connected = 0x0E,                
    qstp_flag_remote_terminated = 0x0F,              
    qstp_flag_session_established = 0x10,          
    qstp_flag_session_establish_verify = 0x11,        
    qstp_flag_unrecognized_protocol = 0x12,          
    qstp_flag_certificate_revoke = 0x13,            
    qstp_flag_transfer_request = 0x14,                
    qstp_flag_error_condition = 0xFF,              
} qstp_flags;

QSTP_EXPORT_API typedef enum qstp_network_designations
{
    qstp_network_designation_none = 0x00,              
    mpdc_network_designation_client = 0x01,              
    mpdc_network_designation_root = 0x02,              
    mpdc_network_designation_server = 0x03,              
    mpdc_network_designation_all = 0xFF,                
} qstp_network_designations;

QSTP_EXPORT_API typedef enum qstp_version_sets
{
    qstp_version_set_none = 0x00,                      
    qstp_version_set_one_zero = 0x01,                  
} qstp_version_sets;

QSTP_EXPORT_API typedef struct qstp_certificate_expiration
{
    uint64_t from;  
    uint64_t to;  
} qstp_certificate_expiration;

QSTP_EXPORT_API typedef struct qstp_keep_alive_state
{
    qsc_socket target;    
    uint64_t etime;        
    uint64_t seqctr;  
    bool recd;          
} qstp_keep_alive_state;

QSTP_EXPORT_API typedef struct qstp_server_certificate
{
    uint8_t csig[QSTP_CERTIFICATE_SIGNED_HASH_SIZE];   
    char issuer[QSTP_CERTIFICATE_ISSUER_SIZE];            
    uint8_t rootser[QSTP_CERTIFICATE_SERIAL_SIZE];       
    uint8_t serial[QSTP_CERTIFICATE_SERIAL_SIZE];     
    uint8_t verkey[QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE];   
    qstp_certificate_expiration expiration;                
    qstp_configuration_sets algorithm;                  
    qstp_version_sets version;                          
} qstp_server_certificate;

QSTP_EXPORT_API typedef struct qstp_server_signature_key
{
    char issuer[QSTP_CERTIFICATE_ISSUER_SIZE];            
    uint8_t schash[QSTP_CERTIFICATE_HASH_SIZE];         
    uint8_t serial[QSTP_CERTIFICATE_SERIAL_SIZE];     
    uint8_t sigkey[QSTP_ASYMMETRIC_SIGNING_KEY_SIZE]; 
    uint8_t verkey[QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE];   
    qstp_certificate_expiration expiration;                
    qstp_configuration_sets algorithm;                  
    qstp_version_sets version;                          
} qstp_server_signature_key;

QSTP_EXPORT_API typedef struct qstp_root_certificate
{
    uint8_t verkey[QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE]; 
    char issuer[QSTP_CERTIFICATE_ISSUER_SIZE];            
    uint8_t serial[QSTP_CERTIFICATE_SERIAL_SIZE];     
    qstp_certificate_expiration expiration;                
    qstp_configuration_sets algorithm;                  
    qstp_version_sets version;                          
} qstp_root_certificate;

QSTP_EXPORT_API typedef struct qstp_root_signature_key
{
    char issuer[QSTP_CERTIFICATE_ISSUER_SIZE];            
    uint8_t serial[QSTP_CERTIFICATE_SERIAL_SIZE];     
    uint8_t sigkey[QSTP_ASYMMETRIC_SIGNING_KEY_SIZE]; 
    uint8_t verkey[QSTP_ASYMMETRIC_VERIFICATION_KEY_SIZE]; 
    qstp_certificate_expiration expiration;                
    qstp_configuration_sets algorithm;                  
    qstp_version_sets version;                          
} qstp_root_signature_key;

QSTP_EXPORT_API typedef struct qstp_network_packet
{
    uint8_t flag;           
    uint32_t msglen;      
    uint64_t sequence;      
    uint64_t utctime;        
    uint8_t* pmessage;      
} qstp_network_packet;

QSTP_EXPORT_API typedef struct qstp_connection_state
{
    qsc_socket target;        
    qsc_rcs_state rxcpr;   
    qsc_rcs_state txcpr;   
    uint64_t rxseq;            
    uint64_t txseq;            
    uint32_t cid;            
    qstp_flags exflag;      
    bool receiver;          
} qstp_connection_state;
 
/* Default key and path names (hidden from documentation) */
static const char QSTP_CLIENT_DIRECTORY_PATH[] = "Client";
static const char QSTP_ROOT_CERTIFICATE_EXTENSION_NAME[] = ".qrr";
static const char QSTP_ROOT_DIRECTORY_PATH[] = "Root";
static const char QSTP_ROOT_PRIVATE_KEY_NAME[] = "root_secret_key.qsk";
static const char QSTP_ROOT_PUBLIC_CERTIFICATE_NAME[] = "root_public_cert.qrr";
static const char QSTP_SERVER_CERTIFICATE_EXTENSION_NAME[] = ".qrc";
static const char QSTP_SERVER_DIRECTORY_PATH[] = "Server";
static const char QSTP_SERVER_PRIVATE_KEY_NAME[] = "server_secret_key.qsk";
static const char QSTP_SERVER_PUBLIC_CERTIFICATE_NAME[] = "server_public_cert.qrc";
 
/* Public key encoding constants (hidden from documentation) */
#define QSTP_CERTIFICATE_SEPERATOR_SIZE 1
#define QSTP_CHILD_CERTIFICATE_HEADER_SIZE 54
#define QSTP_CHILD_CERTIFICATE_HASH_PREFIX_SIZE 30
#define QSTP_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX_SIZE 23
#define QSTP_CHILD_CERTIFICATE_ISSUER_PREFIX_SIZE 9
#define QSTP_CHILD_CERTIFICATE_NAME_PREFIX_SIZE 7
#define QSTP_CHILD_CERTIFICATE_SERIAL_PREFIX_SIZE 9
#define QSTP_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX_SIZE 14
#define QSTP_CHILD_CERTIFICATE_VALID_FROM_PREFIX_SIZE 13
#define QSTP_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE 11
#define QSTP_CHILD_CERTIFICATE_ALGORITHM_PREFIX_SIZE 12
#define QSTP_CHILD_CERTIFICATE_VERSION_PREFIX_SIZE 10
#define QSTP_CHILD_CERTIFICATE_DESIGNATION_PREFIX_SIZE 14
#define QSTP_CHILD_CERTIFICATE_ADDRESS_PREFIX_SIZE 10
#define QSTP_CHILD_CERTIFICATE_PUBLICKEY_PREFIX_SIZE 13
#define QSTP_CHILD_CERTIFICATE_FOOTER_SIZE 52

static const char QSTP_CHILD_CERTIFICATE_HEADER[QSTP_CHILD_CERTIFICATE_HEADER_SIZE] = "------BEGIN QSTP CHILD PUBLIC CERTIFICATE BLOCK------";
static const char QSTP_CHILD_CERTIFICATE_ROOT_HASH_PREFIX[QSTP_CHILD_CERTIFICATE_HASH_PREFIX_SIZE] = "Root Signed Public Key Hash: ";
static const char QSTP_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX[QSTP_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX_SIZE] = "Public Signature Key: ";
static const char QSTP_CHILD_CERTIFICATE_ISSUER_PREFIX[QSTP_CHILD_CERTIFICATE_ISSUER_PREFIX_SIZE] = "Issuer: ";
static const char QSTP_CHILD_CERTIFICATE_NAME_PREFIX[QSTP_CHILD_CERTIFICATE_NAME_PREFIX_SIZE] = "Name: ";
static const char QSTP_CHILD_CERTIFICATE_SERIAL_PREFIX[QSTP_CHILD_CERTIFICATE_SERIAL_PREFIX_SIZE] = "Serial: ";
static const char QSTP_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX[QSTP_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX_SIZE] = "Root Serial: ";
static const char QSTP_CHILD_CERTIFICATE_VALID_FROM_PREFIX[QSTP_CHILD_CERTIFICATE_VALID_FROM_PREFIX_SIZE] = "Valid From: ";
static const char QSTP_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX[QSTP_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE] = "Valid To: ";
static const char QSTP_CHILD_CERTIFICATE_PROTOCOL_PREFIX[QSTP_CHILD_CERTIFICATE_ALGORITHM_PREFIX_SIZE] = "Algorithm: ";
static const char QSTP_CHILD_CERTIFICATE_VERSION_PREFIX[QSTP_CHILD_CERTIFICATE_VERSION_PREFIX_SIZE] = "Version: ";
static const char QSTP_CHILD_CERTIFICATE_DESIGNATION_PREFIX[QSTP_CHILD_CERTIFICATE_DESIGNATION_PREFIX_SIZE] = "Designation: ";
static const char QSTP_CHILD_CERTIFICATE_ADDRESS_PREFIX[QSTP_CHILD_CERTIFICATE_ADDRESS_PREFIX_SIZE] = "Address: ";
static const char QSTP_CHILD_CERTIFICATE_PUBLICKEY_PREFIX[QSTP_CHILD_CERTIFICATE_PUBLICKEY_PREFIX_SIZE] = "Public Key: ";
static const char QSTP_CHILD_CERTIFICATE_FOOTER[QSTP_CHILD_CERTIFICATE_FOOTER_SIZE] = "------END QSTP CHILD PUBLIC CERTIFICATE BLOCK------";

#define QSTP_ROOT_CERTIFICATE_HEADER_SIZE 53
#define QSTP_ROOT_CERTIFICATE_HASH_PREFIX_SIZE 19
#define QSTP_ROOT_CERTIFICATE_PUBLICKEY_PREFIX_SIZE 13
#define QSTP_ROOT_CERTIFICATE_ISSUER_PREFIX_SIZE 9
#define QSTP_ROOT_CERTIFICATE_NAME_PREFIX_SIZE 7
#define QSTP_ROOT_CERTIFICATE_SERIAL_PREFIX_SIZE 9
#define QSTP_ROOT_CERTIFICATE_FOOTER_SIZE 51
#define QSTP_ROOT_CERTIFICATE_VALID_FROM_PREFIX_SIZE 13
#define QSTP_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE 11
#define QSTP_ROOT_CERTIFICATE_ALGORITHM_PREFIX_SIZE 12
#define QSTP_ROOT_CERTIFICATE_VERSION_PREFIX_SIZE 10
#define QSTP_ROOT_CERTIFICATE_DEFAULT_NAME_SIZE 18
#define QSTP_ROOT_ACTIVE_VERSION_STRING_SIZE 5
#define QSTP_CERTIFICATE_DEFAULT_DOMAIN_SIZE 5

static const char QSTP_ROOT_CERTIFICATE_HEADER[QSTP_ROOT_CERTIFICATE_HEADER_SIZE] = "------BEGIN QSTP ROOT PUBLIC CERTIFICATE BLOCK------";
static const char QSTP_ROOT_CERTIFICATE_ISSUER_PREFIX[QSTP_ROOT_CERTIFICATE_ISSUER_PREFIX_SIZE] = "Issuer: ";
static const char QSTP_ROOT_CERTIFICATE_NAME_PREFIX[QSTP_ROOT_CERTIFICATE_NAME_PREFIX_SIZE] = "Name: ";
static const char QSTP_ROOT_CERTIFICATE_SERIAL_PREFIX[QSTP_ROOT_CERTIFICATE_SERIAL_PREFIX_SIZE] = "Serial: ";
static const char QSTP_ROOT_CERTIFICATE_VALID_FROM_PREFIX[QSTP_ROOT_CERTIFICATE_VALID_FROM_PREFIX_SIZE] = "Valid From: ";
static const char QSTP_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX[QSTP_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE] = "Valid To: ";
static const char QSTP_ROOT_CERTIFICATE_PROTOCOL_PREFIX[QSTP_ROOT_CERTIFICATE_ALGORITHM_PREFIX_SIZE] = "Algorithm: ";
static const char QSTP_ROOT_CERTIFICATE_VERSION_PREFIX[QSTP_ROOT_CERTIFICATE_VERSION_PREFIX_SIZE] = "Version: ";
static const char QSTP_ROOT_CERTIFICATE_HASH_PREFIX[QSTP_ROOT_CERTIFICATE_HASH_PREFIX_SIZE] = "Certificate Hash: ";
static const char QSTP_ROOT_CERTIFICATE_PUBLICKEY_PREFIX[QSTP_ROOT_CERTIFICATE_PUBLICKEY_PREFIX_SIZE] = "Public Key: ";
static const char QSTP_ROOT_CERTIFICATE_FOOTER[QSTP_ROOT_CERTIFICATE_FOOTER_SIZE] = "------END QSTP ROOT PUBLIC CERTIFICATE BLOCK------";
static const char QSTP_ROOT_CERTIFICATE_DEFAULT_NAME[QSTP_ROOT_CERTIFICATE_DEFAULT_NAME_SIZE] = " Root Certificate";
static const char QSTP_ACTIVE_VERSION_STRING[QSTP_ROOT_ACTIVE_VERSION_STRING_SIZE] = "0x01";
static const char QSTP_CERTIFICATE_DEFAULT_DOMAIN[QSTP_CERTIFICATE_DEFAULT_DOMAIN_SIZE] = "QSTP";

QSTP_EXPORT_API qstp_configuration_sets qstp_configuration_from_string(const char* config);

QSTP_EXPORT_API const char* qstp_configuration_to_string(qstp_configuration_sets cset);

QSTP_EXPORT_API void qstp_connection_close(qstp_connection_state* cns, qstp_errors err, bool notify);

QSTP_EXPORT_API void qstp_connection_state_dispose(qstp_connection_state* cns);

QSTP_EXPORT_API qstp_errors qstp_decrypt_packet(qstp_connection_state* cns, uint8_t* message, size_t* msglen, const qstp_network_packet* packetin);

QSTP_EXPORT_API qstp_errors qstp_encrypt_packet(qstp_connection_state* cns, qstp_network_packet* packetout, const uint8_t* message, size_t msglen);

QSTP_EXPORT_API const char* qstp_error_to_string(qstp_errors error);

QSTP_EXPORT_API void qstp_header_create(qstp_network_packet* packetout, qstp_flags flag, uint64_t sequence, uint32_t msglen);

QSTP_EXPORT_API qstp_errors qstp_header_validate(qstp_connection_state* cns, const qstp_network_packet* packetin, qstp_flags flag, uint64_t sequence, uint32_t msglen);

QSTP_EXPORT_API const char* qstp_get_error_description(qstp_messages emsg);

QSTP_EXPORT_API void qstp_packet_header_deserialize(const uint8_t* header, qstp_network_packet* packet);

QSTP_EXPORT_API void qstp_packet_header_serialize(const qstp_network_packet* packet, uint8_t* header);

QSTP_EXPORT_API void qstp_log_error(qstp_messages emsg, qsc_socket_exceptions err, const char* msg);

QSTP_EXPORT_API void qstp_log_message(qstp_messages emsg);

QSTP_EXPORT_API void qstp_log_write(qstp_messages emsg, const char* msg);

QSTP_EXPORT_API void qstp_packet_clear(qstp_network_packet* packet);

QSTP_EXPORT_API void qstp_packet_error_message(qstp_network_packet* packet, qstp_errors error);

QSTP_EXPORT_API void qstp_packet_set_utc_time(qstp_network_packet* packet);

QSTP_EXPORT_API bool qstp_packet_time_valid(const qstp_network_packet* packet);

QSTP_EXPORT_API size_t qstp_packet_to_stream(const qstp_network_packet* packet, uint8_t* pstream);

QSTP_EXPORT_API bool qstp_root_certificate_compare(const qstp_root_certificate* a, const qstp_root_certificate* b);

QSTP_EXPORT_API bool qstp_root_certificate_decode(qstp_root_certificate* root, const char* enck, size_t enclen);

QSTP_EXPORT_API void qstp_root_certificate_deserialize(qstp_root_certificate* root, const uint8_t input[QSTP_ROOT_CERTIFICATE_SIZE]);

QSTP_EXPORT_API size_t qstp_root_certificate_encode(char* enck, size_t enclen, const qstp_root_certificate* root);

QSTP_EXPORT_API size_t qstp_root_certificate_encoded_size();

QSTP_EXPORT_API void qstp_root_certificate_extract(qstp_root_certificate* root, const qstp_root_signature_key* kset);

QSTP_EXPORT_API void qstp_root_certificate_hash(uint8_t output[QSTP_CERTIFICATE_HASH_SIZE], const qstp_root_certificate* root);

QSTP_EXPORT_API void qstp_root_certificate_serialize(uint8_t output[QSTP_ROOT_CERTIFICATE_SIZE], const qstp_root_certificate* root);

QSTP_EXPORT_API size_t qstp_root_certificate_sign(qstp_server_certificate* cert, const qstp_root_certificate* root, const uint8_t* rsigkey);

QSTP_EXPORT_API bool qstp_root_certificate_verify(const qstp_root_certificate* root, const qstp_server_certificate* cert);

QSTP_EXPORT_API bool qstp_root_certificate_to_file(const qstp_root_certificate* root, const char* fpath);

QSTP_EXPORT_API bool qstp_root_file_to_certificate(qstp_root_certificate* root, const char* fpath);

QSTP_EXPORT_API bool qstp_root_file_to_key(qstp_root_signature_key* kset, const char* fpath);

QSTP_EXPORT_API void qstp_root_get_issuer(char issuer[QSTP_CERTIFICATE_ISSUER_SIZE]);

QSTP_EXPORT_API void qstp_root_key_deserialize(qstp_root_signature_key* kset, const uint8_t input[QSTP_ROOT_SIGNATURE_KEY_SIZE]);

QSTP_EXPORT_API bool qstp_root_key_to_file(const qstp_root_signature_key* kset, const char* fpath);

QSTP_EXPORT_API void qstp_root_key_serialize(uint8_t serk[QSTP_ROOT_SIGNATURE_KEY_SIZE], const qstp_root_signature_key* kset);

QSTP_EXPORT_API bool qstp_server_certificate_compare(const qstp_server_certificate* a, const qstp_server_certificate* b);

QSTP_EXPORT_API void qstp_server_certificate_deserialize(qstp_server_certificate* cert, const uint8_t input[QSTP_SERVER_CERTIFICATE_SIZE]);

QSTP_EXPORT_API size_t qstp_server_certificate_encode(char* enck, size_t enclen, const qstp_server_certificate* cert);

QSTP_EXPORT_API size_t qstp_server_certificate_encoded_size();

QSTP_EXPORT_API void qstp_server_certificate_extract(qstp_server_certificate* cert, const qstp_server_signature_key* kset);

QSTP_EXPORT_API void qstp_server_certificate_hash(uint8_t output[QSTP_CERTIFICATE_HASH_SIZE], const qstp_server_certificate* cert);

QSTP_EXPORT_API void qstp_server_root_certificate_hash(uint8_t rshash[QSTP_CERTIFICATE_HASH_SIZE], const qstp_root_certificate* root, const qstp_server_certificate* cert);

QSTP_EXPORT_API void qstp_server_certificate_serialize(uint8_t output[QSTP_SERVER_CERTIFICATE_SIZE], const qstp_server_certificate* cert);

QSTP_EXPORT_API bool qstp_server_certificate_to_file(const qstp_server_certificate* cert, const char* fpath);

QSTP_EXPORT_API bool qstp_server_file_to_certificate(qstp_server_certificate* cert, const char* fpath);

QSTP_EXPORT_API bool qstp_server_file_to_key(qstp_server_signature_key* kset, const char* fpath);

QSTP_EXPORT_API void qstp_server_get_issuer(char issuer[QSTP_CERTIFICATE_ISSUER_SIZE]);

QSTP_EXPORT_API void qstp_server_key_deserialize(qstp_server_signature_key* kset, const uint8_t input[QSTP_SERVER_SIGNATURE_KEY_SIZE]);

QSTP_EXPORT_API void qstp_server_key_serialize(uint8_t output[QSTP_SERVER_SIGNATURE_KEY_SIZE], const qstp_server_signature_key* kset);

QSTP_EXPORT_API bool qstp_server_key_to_file(const qstp_server_signature_key* kset, const char* fpath);

QSTP_EXPORT_API uint8_t qstp_version_from_string(const char* sver, size_t sverlen);

QSTP_EXPORT_API void qstp_version_to_string(char* sver, uint8_t version);

QSTP_EXPORT_API bool qstp_test_root_certificate_encoding(const qstp_root_certificate* root);

QSTP_EXPORT_API bool qstp_test_server_certificate_encoding(const qstp_server_certificate* cert);
 
 
#endif