|
|
#define | AERN_USE_RCS_ENCRYPTION |
| | If the RCS encryption option is chosen SKDP uses the more modern RCS stream cipher with KMAC/QMAC authentication. The default symmetric cipher/authenticator is AES-256/GCM (GMAC Counter Mode) NIST standardized per SP800-38a.
|
|
#define | aern_cipher_state qsc_rcs_state |
|
#define | aern_cipher_dispose qsc_rcs_dispose |
|
#define | aern_cipher_initialize qsc_rcs_initialize |
|
#define | aern_cipher_keyparams qsc_rcs_keyparams |
|
#define | aern_cipher_set_associated qsc_rcs_set_associated |
|
#define | aern_cipher_transform qsc_rcs_transform |
|
#define | AERN_ACTIVE_VERSION 1U |
| | The AERN active version.
|
|
#define | AERN_ACTIVE_VERSION_SIZE 2U |
| | The AERN active version size.
|
|
#define | AERN_APS_FULL_TRUST 1000001U |
| | The full trust designation number.
|
|
#define | AERN_APS_MINIMUM_TRUST 1U |
| | The minimum trust designation number.
|
|
#define | AERN_APS_NAME_MAX_SIZE 256U |
| | The maximum aps name string length in characters. The last character must be a string terminator.
|
|
#define | AERN_APS_TWOWAY_TRUST 1000002U |
| | The two-way trust designation number.
|
|
#define | AERN_APPLICATION_ADC_PORT 38762U |
| | The default ADC port number.
|
|
#define | AERN_APPLICATION_APS_PORT 38766U |
| | The default APS port number.
|
|
#define | AERN_APPLICATION_ARS_PORT 38764U |
| | The default ARS port number.
|
|
#define | AERN_APPLICATION_CLIENT_PORT 37761U |
| | The default AERN Client port number.
|
|
#define | AERN_APPLICATION_IDG_PORT 38763U |
| | The default AERN IDG port number.
|
|
#define | AERN_CANONICAL_NAME_MINIMUM_SIZE 3U |
| | The minimum canonical name size.
|
|
#define | AERN_CERTIFICATE_ADDRESS_SIZE 22U |
| | The maximum IP address length.
|
|
#define | AERN_CERTIFICATE_ALGORITHM_SIZE 1U |
| | The algorithm type.
|
|
#define | AERN_CERTIFICATE_DEFAULT_PERIOD ((uint64_t)365U * 24U * 60U * 60U) |
| | The default certificate validity period in milliseconds.
|
|
#define | AERN_CERTIFICATE_DESIGNATION_SIZE 1U |
| | The size of the child certificate designation field.
|
|
#define | AERN_CERTIFICATE_EXPIRATION_SIZE 16U |
| | The certificate expiration date length.
|
|
#define | AERN_CERTIFICATE_HASH_SIZE 32U |
| | The size of the certificate hash in bytes.
|
|
#define | AERN_CERTIFICATE_ISSUER_SIZE 256U |
| | The maximum certificate issuer string length. The last character must be a string terminator.
|
|
#define | AERN_CERTIFICATE_LINE_LENGTH 64U |
| | The line length of the printed AERN certificate.
|
|
#define | AERN_CERTIFICATE_MAXIMUM_PERIOD (AERN_CERTIFICATE_DEFAULT_PERIOD * 2U) |
| | The maximum certificate validity period in milliseconds.
|
|
#define | AERN_CERTIFICATE_MINIMUM_PERIOD ((uint64_t)1U * 24U * 60U * 60U) |
| | The minimum certificate validity period in milliseconds.
|
|
#define | AERN_CERTIFICATE_SERIAL_SIZE 16U |
| | The certificate serial number field length.
|
|
#define | AERN_CERTIFICATE_HINT_SIZE (AERN_CERTIFICATE_HASH_SIZE + AERN_CERTIFICATE_SERIAL_SIZE) |
| | The topological hint.
|
|
#define | AERN_CERTIFICATE_SIGNED_HASH_SIZE (AERN_ASYMMETRIC_SIGNATURE_SIZE + AERN_CERTIFICATE_HASH_SIZE) |
| | The size of the signature and hash field in a certificate.
|
|
#define | AERN_CERTIFICATE_VERSION_SIZE 1U |
| | The version id.
|
| #define | AERN_CERTIFICATE_CHILD_SIZE |
| | The length of a child certificate.
|
| #define | AERN_CERTIFICATE_IDG_SIZE |
| | The length of an IDG certificate.
|
| #define | AERN_CERTIFICATE_ROOT_SIZE |
| | The length of the root certificate.
|
|
#define | AERN_CRYPTO_SYMMETRIC_KEY_SIZE 32U |
| | The byte length of the symmetric cipher key.
|
|
#define | AERN_CRYPTO_SYMMETRIC_NONCE_SIZE 32U |
| | The byte length of the symmetric cipher nonce.
|
|
#define | AERN_CRYPTO_SEED_SIZE 64U |
| | The seed array byte size.
|
|
#define | AERN_CRYPTO_SYMMETRIC_TOKEN_SIZE 32U |
| | The byte length of the symmetric token.
|
|
#define | AERN_CRYPTO_SYMMETRIC_HASH_SIZE 32U |
| | The hash function output byte size.
|
|
#define | AERN_CRYPTO_SYMMETRIC_MAC_SIZE 32U |
| | The MAC function output byte size.
|
|
#define | AERN_CRYPTO_SYMMETRIC_SECRET_SIZE 32U |
| | The shared secret byte size.
|
|
#define | AERN_CRYPTO_SYMMETRIC_SESSION_KEY_SIZE 32U |
| | The session key security size.
|
|
#define | AERN_ADC_CONVERGENCE_INTERVAL (60U * 60U * 24U) |
| | The interval between aps convergence checks (default is 24 hours).
|
|
#define | AERN_ADC_IP_MAX 0x41U |
| | The maximum ip address length.
|
|
#define | AERN_ADC_PENALTY_MAX 0x100U |
| | The maximum unreachable penalty before the ADC is deemed unreliable.
|
|
#define | AERN_ADC_REDUCTION_INTERVAL 1000000UL |
| | The time before a penalty is reduced for a flapping ADC in milliseconds.
|
| #define | AERN_ADC_UPDATE_WAIT_TIME (7U * 24U * 60U * 60U) |
| | The interval in milliseconds between topology full updates.
|
|
#define | AERN_ERROR_STRING_DEPTH 26U |
| | The number of error strings.
|
|
#define | AERN_ERROR_STRING_WIDTH 128U |
| | The maximum size in characters of an error string.
|
|
#define | AERN_MESSAGE_MAX_SIZE 1400000UL |
| | The maximum message size (max signature + max certificate sizes).
|
|
#define | AERN_MFK_EXPIRATION_PERIOD ((uint64_t)60U * 24U * 60U * 60U) |
| | The MFK validity period in milliseconds.
|
|
#define | AERN_MINIMUM_PATH_LENGTH 9U |
| | The minimum file path length.
|
|
#define | AERN_NETWORK_CONNECTION_MTU 1500U |
| | The AERN packet buffer size.
|
|
#define | AERN_NETWORK_DOMAIN_NAME_MAX_SIZE 256U |
| | The maximum domain name length in characters. The last character must be a string terminator.
|
|
#define | AERN_NETWORK_MAX_APSS 1000000UL |
| | The maximum number of aps connections in a network.
|
|
#define | AERN_NETWORK_NODE_ID_SIZE 16 |
| | The node identification string length.
|
|
#define | AERN_PERIOD_DAY_TO_SECONDS (24U * 60U * 60U) |
| | A period of one day in seconds.
|
|
#define | AERN_SOCKET_TERMINATOR_SIZE 1U |
| | The packet delimiter byte size.
|
|
#define | AERN_PACKET_ERROR_SIZE 1U |
| | The packet error message byte size.
|
|
#define | AERN_PACKET_HEADER_SIZE 22U |
| | The AERN packet header size.
|
|
#define | AERN_PACKET_SUBHEADER_SIZE 16U |
| | The AERN packet sub-header size.
|
|
#define | AERN_PACKET_SEQUENCE_TERMINATOR 0xFFFFFFFFUL |
| | The sequence number of a packet that closes a connection.
|
|
#define | AERN_PACKET_TIME_SIZE 8U |
| | The byte size of the serialized packet time parameter.
|
|
#define | AERN_PACKET_TIME_THRESHOLD 60U |
| | The maximum number of seconds a packet is valid.
|
|
#define | AERN_NETWORK_TERMINATION_MESSAGE_SIZE 1U |
| | The network termination message size.
|
|
#define | AERN_NETWORK_TERMINATION_PACKET_SIZE (AERN_PACKET_HEADER_SIZE + AERN_NETWORK_TERMINATION_MESSAGE_SIZE) |
| | The network termination packet size.
|
|
#define | AERN_X509_CERTIFICATE_SIZE 4096U |
| | x509 implementation where algorithm/signature output size is stored.
|
|
#define | AERN_IDG_HINT_SIZE (AERN_CERTIFICATE_HASH_SIZE + AERN_CERTIFICATE_SERIAL_SIZE) |
| | Hint query; certificate hash, root serial number hi=(H(cert) | rsn) idg query asks if a peer knows of the root security server for a domain; if the peer does know the root of the other domain, it sends back information about that rds (address, certificate hash, root serial number, and trust metric).
|
|
#define | AERN_PROTOCOL_SET_SIZE 41U |
| | The size of the protocol configuration string.
|
|
#define | AERN_NETWORK_ERROR_STRING_DEPTH 28U |
|
#define | AERN_NETWORK_ERROR_STRING_SIZE 128U |
|
| AERN_EXPORT_API void | aern_connection_close (qsc_socket *rsock, aern_network_errors err, bool notify) |
| | Close the network connection between hosts.
|
| AERN_EXPORT_API aern_protocol_errors | aern_decrypt_packet (aern_connection_state *cns, uint8_t *message, size_t *msglen, const aern_network_packet *packetin) |
| | Decrypt a message and copy it to the output buffer.
|
| AERN_EXPORT_API aern_protocol_errors | aern_encrypt_packet (aern_connection_state *cns, aern_network_packet *packetout, const uint8_t *message, size_t msglen) |
| | Encrypt a message and build an output packet.
|
| AERN_EXPORT_API void | aern_connection_state_dispose (aern_connection_state *cns) |
| | Dispose of the tunnel connection state.
|
| AERN_EXPORT_API const char * | aern_network_error_to_string (aern_network_errors error) |
| | Return a pointer to a string description of a network error code.
|
| AERN_EXPORT_API const char * | aern_protocol_error_to_string (aern_protocol_errors error) |
| | Return a pointer to a string description of a protocol error code.
|
| AERN_EXPORT_API void | aern_packet_clear (aern_network_packet *packet) |
| | Clear the state of a network packet.
|
| AERN_EXPORT_API void | aern_packet_error_message (aern_network_packet *packet, aern_protocol_errors error) |
| | Populate a packet structure with an error message.
|
| AERN_EXPORT_API void | aern_packet_header_deserialize (const uint8_t *header, aern_network_packet *packet) |
| | Deserialize a byte array into a packet header.
|
| AERN_EXPORT_API void | aern_packet_header_serialize (const aern_network_packet *packet, uint8_t *header) |
| | Serialize a packet header into a byte array.
|
| AERN_EXPORT_API void | aern_packet_set_utc_time (aern_network_packet *packet) |
| | Set the local UTC time in the packet header.
|
| AERN_EXPORT_API bool | aern_packet_time_valid (const aern_network_packet *packet) |
| | Check if the packet's UTC time is within the valid time threshold.
|
| AERN_EXPORT_API size_t | aern_packet_to_stream (const aern_network_packet *packet, uint8_t *pstream) |
| | Serialize a network packet to a byte stream.
|
| AERN_EXPORT_API void | aern_stream_to_packet (const uint8_t *pstream, aern_network_packet *packet) |
| | Deserialize a byte stream into a network packet.
|
AERN Common Definitions and Protocol Configuration.
This header defines the common constants, macros, enumerations, structures, and function prototypes for the Anonymous Encrypted Relay Network (AERN). It provides configuration for the cryptographic parameter sets, certificate handling, network protocol operations, and socket communication required to implement the AERN protocol.
The AERN protocol leverages a combination of asymmetric cipher and signature schemes from the QSC library. The parameter sets can be configured in the QSC library's common.h file. For maximum security, the McEliece/SPHINCS+ parameter set is recommended; for a balance of performance and security, the Dilithium/Kyber parameter set is advised.
Key components defined in this header include:
- Function Mapping Macros: Aliases that map AERN high-level cryptographic operations (key generation, encapsulation/decapsulation, signing, and verification) to the corresponding functions in the QSC library, based on the selected configuration.
- Modifiable Constants: Preprocessor definitions that enable or disable protocol features (e.g., client-to-client encrypted tunneling, master fragment key cycling, IPv6 networking, and extended session security).
- Parameter Macros: Definitions for key sizes, certificate field sizes, network settings, and timing values that ensure consistency across the AERN protocol implementation.
- Enumerations: Enumerated types for AERN configuration sets, network designations, network and protocol error codes, and version sets.
- Structures: Data structures representing various certificates (ADC, APS, ROOT), connection and keep alive states, network packets, and cryptographic key pairs. These structures are central to protocol operations such as certificate management and secure message exchange.
- Static Constants: Predefined strings for certificate header/footer information and network designation labels.
- Public API Functions: Prototypes for functions handling connection management, packet encryption/decryption, packet serialization/deserialization, and error string conversion.
- Note
- When using the McEliece/SPHINCS+ configuration in Visual Studio, it is recommended to increase the maximum stack size (for example, to 200KB) to accommodate the larger key sizes.
- Test
- Although this header does not directly implement test routines, it underpins multiple test modules that validate:
- The correct mapping of AERN high-level function calls to the underlying QSC library routines.
- The consistency and accuracy of defined constants (e.g., key sizes, certificate sizes, network parameters).
- The proper serialization/deserialization of packet headers and full packets (via aern_packet_header_serialize and aern_stream_to_packet).
- The correct conversion of error codes to descriptive strings (using aern_network_error_to_string and aern_protocol_error_to_string).
These tests collectively ensure the robustness, consistency, and security of the AERN protocol configuration.
1.14.0