aern.h

Go to the documentation of this file.

/* 2025 Quantum Resistant Cryptographic Solutions Corporation
 * All Rights Reserved.
 *
 * NOTICE: This software and all accompanying materials are the exclusive 
 * property of Quantum Resistant Cryptographic Solutions Corporation (QRCS).
 * The intellectual and technical concepts contained within this implementation 
 * are proprietary to QRCS and its authorized licensors and are protected under 
 * applicable U.S. and international copyright, patent, and trade secret laws.
 *
 * CRYPTOGRAPHIC STANDAARS:
 * - This software includes implementations of cryptographic algorithms such as 
 *   SHA3, AES, and others. These algorithms are public domain or standardized 
 *   by organizations such as NIST and are NOT the property of QRCS.
 * - However, all source code, optimizations, and implementations in this library 
 *   are original works of QRCS and are protected under this license.
 *
 * RESTRICTIONS:
 * - Redistribution, modification, or unauthorized distribution of this software, 
 *   in whole or in part, is strictly prohibited.
 * - This software is provided for non-commercial, educational, and research 
 *   purposes only. Commercial use in any form is expressly forbidden.
 * - Licensing and authorized distribution are solely at the discretion of QRCS.
 * - Any use of this software implies acceptance of these restrictions.
 *
 * DISCLAIMER:
 * This software is provided "as is," without warranty of any kind, express or 
 * implied, including but not limited to warranties of merchantability or fitness 
 * for a particular purpose. QRCS disclaims all liability for any direct, indirect, 
 * incidental, or consequential damages resulting from the use or misuse of this software.
 *
 * FULL LICENSE:
 * This software is subject to the **Quantum Resistant Cryptographic Solutions 
 * Proprietary License (QRCS-PL)**. The complete license terms are included 
 * in the LICENSE.txt file distributed with this software.
 *
 * Written by: John G. Underhill
 * Contact: contact@qrcscorp.ca
 */
 
#ifndef AERN_AERN_H
#define AERN_AERN_H
 
#include "aerncommon.h"
#include "sha3.h"
#include "socketbase.h"
 
#if defined(AERN_CONFIG_DILITHIUM_KYBER)
#   include "dilithium.h"
#   include "kyber.h"
#elif defined(AERN_CONFIG_SPHINCS_MCELIECE)
#   include "mceliece.h"
#   include "sphincsplus.h"
#else
#   error Invalid parameter set!
#endif

 
/* --- Function Mapping Macros --- */

#define AERN_USE_RCS_ENCRYPTION
 
#if defined(AERN_USE_RCS_ENCRYPTION)
#   include "rcs.h"
#   define aern_cipher_state qsc_rcs_state
#   define aern_cipher_dispose qsc_rcs_dispose
#   define aern_cipher_initialize qsc_rcs_initialize
#   define aern_cipher_keyparams qsc_rcs_keyparams
#   define aern_cipher_set_associated qsc_rcs_set_associated
#   define aern_cipher_transform qsc_rcs_transform
#else
#   include "aes.h"
#   define aern_cipher_state qsc_aes_gcm256_state
#   define aern_cipher_dispose qsc_aes_gcm256_dispose
#   define aern_cipher_initialize qsc_aes_gcm256_initialize
#   define aern_cipher_keyparams qsc_aes_keyparams
#   define aern_cipher_set_associated qsc_aes_gcm256_set_associated
#   define aern_cipher_transform qsc_aes_gcm256_transform
#endif

#if defined(AERN_CONFIG_SPHINCS_MCELIECE)
#   define aern_cipher_generate_keypair qsc_mceliece_generate_keypair
#   define aern_cipher_decapsulate qsc_mceliece_decapsulate
#   define aern_cipher_encapsulate qsc_mceliece_encapsulate
#   define aern_signature_generate_keypair qsc_sphincsplus_generate_keypair
#   define aern_signature_sign qsc_sphincsplus_sign
#   define aern_signature_verify qsc_sphincsplus_verify
#elif defined(AERN_CONFIG_DILITHIUM_KYBER)
#   define aern_cipher_generate_keypair qsc_kyber_generate_keypair
#   define aern_cipher_decapsulate qsc_kyber_decapsulate
#   define aern_cipher_encapsulate qsc_kyber_encapsulate
#   define aern_signature_generate_keypair qsc_dilithium_generate_keypair
#   define aern_signature_sign qsc_dilithium_sign
#   define aern_signature_verify qsc_dilithium_verify
#else
#   error Invalid parameter set!
#endif
 
/* ### Modifiable Constants: These constants can be enabled to turn on protocol features ### */

// * \def AERN_NETWORK_CLIENT_CONNECT
// * \brief Enable client to client encrypted tunnel.
// */
//#define AERN_NETWORK_CLIENT_CONNECT

// * \def AERN_NETWORK_MFK_HASH_CYCLED
// * \brief Enable mfk key cycling (default).
// */
//#define AERN_NETWORK_MFK_HASH_CYCLED

//#define AERN_NETWORK_PROTOCOL_IPV6

// * \def AERN_EXTENDED_SESSION_SECURITY
// * \brief Enable 512-bit security on session tunnels.
// */
//#define AERN_EXTENDED_SESSION_SECURITY
 
/* ### End of Modifiable Constants ### */
 
 
#if defined(AERN_CONFIG_DILITHIUM_KYBER)

#   define AERN_ASYMMETRIC_CIPHERTEXT_SIZE (QSC_KYBER_CIPHERTEXT_SIZE)

#   define AERN_ASYMMETRIC_PRIVATE_KEY_SIZE (QSC_KYBER_PRIVATEKEY_SIZE)

#   define AERN_ASYMMETRIC_PUBLIC_KEY_SIZE (QSC_KYBER_PUBLICKEY_SIZE)

#   define AERN_ASYMMETRIC_SIGNATURE_SIZE (QSC_DILITHIUM_SIGNATURE_SIZE)

#   define AERN_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_DILITHIUM_PRIVATEKEY_SIZE)

#   define AERN_ASYMMETRIC_VERIFICATION_KEY_SIZE (QSC_DILITHIUM_PUBLICKEY_SIZE)
 
#   if defined(QSC_DILITHIUM_S1P44) && defined(QSC_KYBER_S1K2P512)
#       define AERN_CHILD_CERTIFICATE_STRING_SIZE 5612U
#       define AERN_PARAMATERS_DILITHIUM_KYBER_D1K1
#       define AERN_ROOT_CERTIFICATE_STRING_SIZE 2188U
#       define AERN_SIGNATURE_ENCODING_SIZE 3312U
#       define AERN_VERIFICATION_KEY_ENCODING_SIZE 1752U
#   elif defined(QSC_DILITHIUM_S3P65) && defined(QSC_KYBER_S3K3P768)
#       define AERN_CHILD_CERTIFICATE_STRING_SIZE 7648U
#       define AERN_PARAMATERS_DILITHIUM_KYBER_D3K3
#       define AERN_ROOT_CERTIFICATE_STRING_SIZE 3053U
#       define AERN_SIGNATURE_ENCODING_SIZE 4476U
#       define AERN_VERIFICATION_KEY_ENCODING_SIZE 2604
#   elif defined(QSC_DILITHIUM_S5P87) && defined(QSC_KYBER_S5K4P1024)
#       define AERN_CHILD_CERTIFICATE_STRING_SIZE 10311U
#       define AERN_PARAMATERS_DILITHIUM_KYBER_D5K5
#       define AERN_ROOT_CERTIFICATE_STRING_SIZE 3919U
#       define AERN_SIGNATURE_ENCODING_SIZE 6212U
#       define AERN_VERIFICATION_KEY_ENCODING_SIZE 3456U
#   elif defined(QSC_DILITHIUM_S5P87) && defined(QSC_KYBER_S6K5P1280)
#       define AERN_CHILD_CERTIFICATE_STRING_SIZE 10311U
#       define AERN_PARAMATERS_DILITHIUM_KYBER_D5K6
#       define AERN_ROOT_CERTIFICATE_STRING_SIZE 3919U
#       define AERN_SIGNATURE_ENCODING_SIZE 6172U
#       define AERN_VERIFICATION_KEY_ENCODING_SIZE 3456U
#   else
        /* The library signature scheme and asymmetric cipher parameter sets 
        must be synchronized to a common security level; s1, s3, s5, s5+ */
#       error the library parameter sets are mismatched!
#   endif
 
#elif defined(AERN_CONFIG_SPHINCS_MCELIECE)

#   define AERN_ASYMMETRIC_CIPHERTEXT_SIZE (QSC_MCELIECE_CIPHERTEXT_SIZE)

#   define AERN_ASYMMETRIC_PRIVATE_KEY_SIZE (QSC_MCELIECE_PRIVATEKEY_SIZE)

#   define AERN_ASYMMETRIC_PUBLIC_KEY_SIZE (QSC_MCELIECE_PUBLICKEY_SIZE)

#   define AERN_ASYMMETRIC_SIGNATURE_SIZE (QSC_SPHINCSPLUS_SIGNATURE_SIZE)

#   define AERN_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_SPHINCSPLUS_PRIVATEKEY_SIZE)

#   define AERN_ASYMMETRIC_VERIFICATION_KEY_SIZE (QSC_SPHINCSPLUS_PUBLICKEY_SIZE)
 
#   if defined(QSC_MCELIECE_S1N3488T64)
#       if defined(QSC_SPHINCSPLUS_S1S128SHAKERF)
#           define AERN_CHILD_CERTIFICATE_STRING_SIZE 23737U
#           define AERN_PARAMATERS_SPHINCSF_MCELIECE_SF1M1
#           define AERN_ROOT_CERTIFICATE_STRING_SIZE 455U
#           define AERN_SIGNATURE_ENCODING_SIZE 22828U
#           define AERN_VERIFICATION_KEY_ENCODING_SIZE 44U
#       elif defined(QSC_SPHINCSPLUS_S1S128SHAKERS)
#           define AERN_CHILD_CERTIFICATE_STRING_SIZE 11237U
#           define AERN_PARAMATERS_SPHINCSS_MCELIECE_SS1M1
#           define AERN_ROOT_CERTIFICATE_STRING_SIZE 455U
#           define AERN_SIGNATURE_ENCODING_SIZE 10520U
#           define AERN_VERIFICATION_KEY_ENCODING_SIZE 44U
#       endif
#   elif defined(QSC_MCELIECE_S3N4608T96)
#       if defined(QSC_SPHINCSPLUS_S3S192SHAKERF)
#           define AERN_CHILD_CERTIFICATE_STRING_SIZE 48912U
#           define AERN_PARAMATERS_SPHINCSF_MCELIECE_SF3M3
#           define AERN_ROOT_CERTIFICATE_STRING_SIZE 476U
#           define AERN_SIGNATURE_ENCODING_SIZE 47596U
#           define AERN_VERIFICATION_KEY_ENCODING_SIZE 64U
#       elif defined(QSC_SPHINCSPLUS_S3S192SHAKERS)
#           define AERN_CHILD_CERTIFICATE_STRING_SIZE 22588U
#           define AERN_PARAMATERS_SPHINCSS_MCELIECE_SS3M3
#           define AERN_ROOT_CERTIFICATE_STRING_SIZE 476U
#           define AERN_SIGNATURE_ENCODING_SIZE 21676U
#           define AERN_VERIFICATION_KEY_ENCODING_SIZE 64U
#       endif
#   elif defined(QSC_MCELIECE_S5N6688T128)
#       if defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
#           define AERN_CHILD_CERTIFICATE_STRING_SIZE 68158U
#           define AERN_PARAMATERS_SPHINCSF_MCELIECE_SF5M5
#           define AERN_ROOT_CERTIFICATE_STRING_SIZE 501U
#           define AERN_SIGNATURE_ENCODING_SIZE 66520U
#           define AERN_VERIFICATION_KEY_ENCODING_SIZE 88U
#       elif defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
#           define AERN_CHILD_CERTIFICATE_STRING_SIZE 40987U
#           define AERN_PARAMATERS_SPHINCSS_MCELIECE_SS5M5
#           define AERN_ROOT_CERTIFICATE_STRING_SIZE 501U
#           define AERN_SIGNATURE_ENCODING_SIZE 39768U
#           define AERN_VERIFICATION_KEY_ENCODING_SIZE 88U
#       endif
#   elif defined(QSC_MCELIECE_S6N6960T119)
#       if defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
#           define AERN_CHILD_CERTIFICATE_STRING_SIZE 68157U
#           define AERN_PARAMATERS_SPHINCSF_MCELIECE_SF5M6
#           define AERN_ROOT_CERTIFICATE_STRING_SIZE 501U
#           define AERN_SIGNATURE_ENCODING_SIZE 66520U
#           define AERN_VERIFICATION_KEY_ENCODING_SIZE 88U
#       elif defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
#           define AERN_CHILD_CERTIFICATE_STRING_SIZE 40987U
#           define AERN_PARAMATERS_SPHINCSS_MCELIECE_SS5M6
#           define AERN_ROOT_CERTIFICATE_STRING_SIZE 501U
#           define AERN_SIGNATURE_ENCODING_SIZE 39768U
#           define AERN_VERIFICATION_KEY_ENCODING_SIZE 88U
#       endif
#   elif defined(QSC_MCELIECE_S7N8192T128)
#       if defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
#           define AERN_CHILD_CERTIFICATE_STRING_SIZE 68157U
#           define AERN_PARAMATERS_SPHINCSF_MCELIECE_SF5M7
#           define AERN_ROOT_CERTIFICATE_STRING_SIZE 501U
#           define AERN_SIGNATURE_ENCODING_SIZE 66520U
#           define AERN_VERIFICATION_KEY_ENCODING_SIZE 88U
#       elif defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
#           define AERN_CHILD_CERTIFICATE_STRING_SIZE 40987U
#           define AERN_PARAMATERS_SPHINCSS_MCELIECE_SS5M7
#           define AERN_ROOT_CERTIFICATE_STRING_SIZE 501U
#           define AERN_SIGNATURE_ENCODING_SIZE 39768U
#           define AERN_VERIFICATION_KEY_ENCODING_SIZE 88U
#       else
#           error Invalid parameter sets, check the QSC library settings 
#       endif
#   else
    /* The library signature scheme and asymmetric cipher parameter sets 
    must be synchronized to a common security level; s1, s3, s5 or s6.
    Check the QSC library common.h file for cipher and signature security level alignment. */
#   error Invalid parameter sets, check the QSC library settings 
#   endif
#endif

#define AERN_ACTIVE_VERSION 1U

#define AERN_ACTIVE_VERSION_SIZE 2U

#define AERN_APS_FULL_TRUST 1000001U

#define AERN_APS_MINIMUM_TRUST 1U

#define AERN_APS_NAME_MAX_SIZE 256U

#define AERN_APS_TWOWAY_TRUST 1000002U

#define AERN_APPLICATION_ADC_PORT 38762U

#define AERN_APPLICATION_APS_PORT 38766U

#define AERN_APPLICATION_ARS_PORT 38764U

#define AERN_APPLICATION_CLIENT_PORT 37761U

#define AERN_APPLICATION_IDG_PORT 38763U

#define AERN_CANONICAL_NAME_MINIMUM_SIZE 3U

#define AERN_CERTIFICATE_ADDRESS_SIZE 22U

#define AERN_CERTIFICATE_ALGORITHM_SIZE 1U

#define AERN_CERTIFICATE_DEFAULT_PERIOD ((uint64_t)365U * 24U * 60U * 60U)

#define AERN_CERTIFICATE_DESIGNATION_SIZE 1U

#define AERN_CERTIFICATE_EXPIRATION_SIZE 16U

#define AERN_CERTIFICATE_HASH_SIZE 32U

#define AERN_CERTIFICATE_ISSUER_SIZE 256U

#define AERN_CERTIFICATE_LINE_LENGTH 64U

#define AERN_CERTIFICATE_MAXIMUM_PERIOD (AERN_CERTIFICATE_DEFAULT_PERIOD * 2U)

#define AERN_CERTIFICATE_MINIMUM_PERIOD ((uint64_t)1U * 24U * 60U * 60U)

#define AERN_CERTIFICATE_SERIAL_SIZE 16U

#define AERN_CERTIFICATE_HINT_SIZE (AERN_CERTIFICATE_HASH_SIZE + AERN_CERTIFICATE_SERIAL_SIZE)

#define AERN_CERTIFICATE_SIGNED_HASH_SIZE (AERN_ASYMMETRIC_SIGNATURE_SIZE + AERN_CERTIFICATE_HASH_SIZE)

#define AERN_CERTIFICATE_VERSION_SIZE 1U

#define AERN_CERTIFICATE_CHILD_SIZE (AERN_CERTIFICATE_SIGNED_HASH_SIZE + \
    AERN_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    AERN_CERTIFICATE_ISSUER_SIZE + \
    AERN_CERTIFICATE_SERIAL_SIZE + \
    AERN_CERTIFICATE_SERIAL_SIZE + \
    AERN_CERTIFICATE_EXPIRATION_SIZE + \
    AERN_CERTIFICATE_DESIGNATION_SIZE + \
    AERN_CERTIFICATE_ALGORITHM_SIZE + \
    AERN_CERTIFICATE_VERSION_SIZE)

#define AERN_CERTIFICATE_IDG_SIZE (AERN_ASYMMETRIC_SIGNATURE_SIZE + \
    AERN_CERTIFICATE_HASH_SIZE + \
    AERN_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    AERN_CERTIFICATE_ISSUER_SIZE + \
    AERN_CERTIFICATE_ADDRESS_SIZE + \
    AERN_CERTIFICATE_SERIAL_SIZE + \
    AERN_CERTIFICATE_SERIAL_SIZE + \
    AERN_CERTIFICATE_EXPIRATION_SIZE + \
    AERN_CERTIFICATE_DESIGNATION_SIZE + \
    AERN_CERTIFICATE_ALGORITHM_SIZE + \
    AERN_CERTIFICATE_VERSION_SIZE)

#define AERN_CERTIFICATE_ROOT_SIZE (AERN_CERTIFICATE_HASH_SIZE + \
    AERN_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    AERN_CERTIFICATE_ISSUER_SIZE + \
    AERN_CERTIFICATE_SERIAL_SIZE + \
    AERN_CERTIFICATE_EXPIRATION_SIZE + \
    AERN_CERTIFICATE_ALGORITHM_SIZE + \
    AERN_CERTIFICATE_VERSION_SIZE)

#define AERN_CRYPTO_SYMMETRIC_KEY_SIZE 32U

#if defined(AERN_USE_RCS_ENCRYPTION)
#   define AERN_CRYPTO_SYMMETRIC_NONCE_SIZE 32U
#else
#   define AERN_CRYPTO_SYMMETRIC_NONCE_SIZE 16U
#endif

#define AERN_CRYPTO_SEED_SIZE 64U

#define AERN_CRYPTO_SYMMETRIC_TOKEN_SIZE 32U

#define AERN_CRYPTO_SYMMETRIC_HASH_SIZE 32U

#if defined(AERN_USE_RCS_ENCRYPTION)
#   if defined(AERN_EXTENDED_SESSION_SECURITY)
#       define AERN_CRYPTO_SYMMETRIC_MAC_SIZE 64U
#   else
#       define AERN_CRYPTO_SYMMETRIC_MAC_SIZE 32U
#   endif
#else
#   define AERN_CRYPTO_SYMMETRIC_MAC_SIZE 16U
#endif

#define AERN_CRYPTO_SYMMETRIC_SECRET_SIZE 32U

#if defined(AERN_EXTENDED_SESSION_SECURITY)
#   define AERN_CRYPTO_SYMMETRIC_SESSION_KEY_SIZE 64U
#else
#   define AERN_CRYPTO_SYMMETRIC_SESSION_KEY_SIZE 32U
#endif

#define AERN_ADC_CONVERGENCE_INTERVAL (60U * 60U * 24U)

#define AERN_ADC_IP_MAX 0x41U

#define AERN_ADC_PENALTY_MAX 0x100U

#define AERN_ADC_REDUCTION_INTERVAL 1000000UL

#define AERN_ADC_UPDATE_WAIT_TIME (7U * 24U * 60U * 60U)

#define AERN_ERROR_STRING_DEPTH 26U

#define AERN_ERROR_STRING_WIDTH 128U

#define AERN_MESSAGE_MAX_SIZE 1400000UL

#define AERN_MFK_EXPIRATION_PERIOD ((uint64_t)60U * 24U * 60U * 60U)

#define AERN_MINIMUM_PATH_LENGTH 9U

#define AERN_NETWORK_CONNECTION_MTU 1500U

#define AERN_NETWORK_DOMAIN_NAME_MAX_SIZE 256U

#define AERN_NETWORK_MAX_APSS 1000000UL

#define AERN_NETWORK_NODE_ID_SIZE 16

#define AERN_PERIOD_DAY_TO_SECONDS (24U * 60U * 60U)

#define AERN_SOCKET_TERMINATOR_SIZE 1U

#define AERN_PACKET_ERROR_SIZE 1U

#define AERN_PACKET_HEADER_SIZE 22U

#define AERN_PACKET_SUBHEADER_SIZE 16U

#define AERN_PACKET_SEQUENCE_TERMINATOR 0xFFFFFFFFUL

#define AERN_PACKET_TIME_SIZE 8U

#define AERN_PACKET_TIME_THRESHOLD 60U

#define AERN_NETWORK_TERMINATION_MESSAGE_SIZE 1U

#define AERN_NETWORK_TERMINATION_PACKET_SIZE (AERN_PACKET_HEADER_SIZE + AERN_NETWORK_TERMINATION_MESSAGE_SIZE)
 
/* enumerations */

AERN_EXPORT_API typedef enum aern_configuration_sets
{
    aern_configuration_set_none = 0x00U,                                     
    aern_configuration_set_dilithium1_kyber1_rcs256_shake256 = 0x01U,           
    aern_configuration_set_dilithium3_kyber3_rcs256_shake256 = 0x02U,           
    aern_configuration_set_dilithium5_kyber5_rcs256_shake256 = 0x03U,           
    aern_configuration_set_dilithium5_kyber6_rcs512_shake256 = 0x04U,           
    aern_configuration_set_sphincsplus1f_mceliece1_rcs256_shake256 = 0x05U,       
    aern_configuration_set_sphincsplus1s_mceliece1_rcs256_shake256 = 0x06U,       
    aern_configuration_set_sphincsplus3f_mceliece3_rcs256_shake256 = 0x07U,       
    aern_configuration_set_sphincsplus3s_mceliece3_rcs256_shake256 = 0x08U,       
    aern_configuration_set_sphincsplus5f_mceliece5_rcs256_shake256 = 0x09U,       
    aern_configuration_set_sphincsplus5s_mceliece5_rcs256_shake256 = 0x0AU,       
    aern_configuration_set_sphincsplus5f_mceliece6_rcs256_shake256 = 0x0BU,       
    aern_configuration_set_sphincsplus5s_mceliece6_rcs256_shake256 = 0x0CU,       
    aern_configuration_set_sphincsplus5f_mceliece7_rcs256_shake256 = 0x0DU,       
    aern_configuration_set_sphincsplus5s_mceliece7_rcs256_shake256 = 0x0EU,       
} aern_configuration_sets;

AERN_EXPORT_API typedef enum aern_network_designations
{
    aern_network_designation_none = 0x00U,                         
    aern_network_designation_aps = 0x01U,                           
    aern_network_designation_client = 0x02U,                     
    aern_network_designation_ads = 0x03U,                           
    aern_network_designation_remote = 0x04U,                     
    aern_network_designation_ars = 0x05U,                           
    aern_network_designation_revoked = 0x06U,                       
    aern_network_designation_idg = 0x07U,                           
    aern_network_designation_all = 0xFFU,                           
} aern_network_designations;

AERN_EXPORT_API typedef enum aern_network_errors
{
    aern_network_error_none = 0x00U,                             
    aern_network_error_accept_fail = 0x01U,                           
    aern_network_error_auth_failure = 0x02U,                     
    aern_network_error_bad_keep_alive = 0x03U,                     
    aern_network_error_channel_down = 0x04U,                     
    aern_network_error_connection_failure = 0x05U,                 
    aern_network_error_decryption_failure = 0x06U,                 
    aern_network_error_establish_failure = 0x07U,                   
    aern_network_error_general_failure = 0x08U,                       
    aern_network_error_hosts_exceeded = 0x09U,                     
    aern_network_error_identity_unknown = 0x10U,                 
    aern_network_error_invalid_input = 0x1AU,                       
    aern_network_error_invalid_request = 0x1BU,                       
    aern_network_error_keep_alive_expired = 0x1CU,                 
    aern_network_error_keep_alive_timeout = 0x1DU,                 
    aern_network_error_kex_auth_failure = 0x1EU,                 
    aern_network_error_key_not_recognized = 0x1FU,                 
    aern_network_error_key_has_expired = 0x20U,                       
    aern_network_error_listener_fail = 0x21U,                       
    aern_network_error_memory_allocation = 0x22U,                   
    aern_network_error_packet_unsequenced = 0x23U,                 
    aern_network_error_random_failure = 0x24U,                     
    aern_network_error_ratchet_fail = 0x25U,                     
    aern_network_error_receive_failure = 0x26U,                       
    aern_network_error_transmit_failure = 0x27U,                 
    aern_network_error_unknown_protocol = 0x28U,                 
    aern_network_error_unsequenced = 0x29U,                           
    aern_network_error_verify_failure = 0x2AU,                     
} aern_network_errors;

AERN_EXPORT_API typedef enum aern_network_flags
{
    aern_network_flag_none = 0x00U,                                   
    aern_network_flag_connection_terminate_request = 0x01U,           
    aern_network_flag_error_condition = 0x02U,                     
    aern_network_flag_fragment_collection_request = 0x03U,         
    aern_network_flag_fragment_collection_response = 0x04U,           
    aern_network_flag_fragment_request = 0x05U,                       
    aern_network_flag_fragment_response = 0x06U,                 
    aern_network_flag_fragment_query_request = 0x07U,               
    aern_network_flag_fragment_query_response = 0x08U,             
    aern_network_flag_incremental_update_request = 0x09U,           
    aern_network_flag_incremental_update_response = 0x0AU,         
    aern_network_flag_register_request = 0x0BU,                       
    aern_network_flag_register_response = 0x0CU,                 
    aern_network_flag_register_update_request = 0x0DU,             
    aern_network_flag_register_update_response = 0x0EU,               
    aern_network_flag_keep_alive_request = 0x0FU,                   
    aern_network_flag_keep_alive_response = 0x10U,                 
    aern_network_flag_mfk_establish = 0x11U,                     
    aern_network_flag_mfk_request = 0x12U,                         
    aern_network_flag_mfk_response = 0x13U,                           
    aern_network_flag_mfk_verify = 0x14U,                           
    aern_network_flag_network_announce_broadcast = 0x15U,           
    aern_network_flag_network_converge_request = 0x16U,               
    aern_network_flag_network_converge_response = 0x17U,         
    aern_network_flag_network_converge_update = 0x18U,             
    aern_network_flag_network_resign_request = 0x19U,               
    aern_network_flag_network_resign_response = 0x1AU,             
    aern_network_flag_network_revocation_broadcast = 0x1BU,           
    aern_network_flag_network_signature_request = 0x1CU,         
    aern_network_flag_system_error_condition = 0x1DU,               
    aern_network_flag_tunnel_connection_terminate = 0x1EU,         
    aern_network_flag_tunnel_encrypted_message = 0x1FU,               
    aern_network_flag_tunnel_session_established = 0x20U,           
    aern_network_flag_tunnel_transfer_request = 0x21U,             
    aern_network_flag_topology_query_request = 0x22U,               
    aern_network_flag_topology_query_response = 0x23U,             
    aern_network_flag_topology_status_request = 0x24U,             
    aern_network_flag_topology_status_response = 0x25U,               
    aern_network_flag_topology_status_available = 0x26U,         
    aern_network_flag_topology_status_synchronized = 0x27U,           
    aern_network_flag_topology_status_unavailable = 0x28U,         
    aern_network_flag_network_remote_signing_request = 0x29U,       
    aern_network_flag_network_remote_signing_response = 0x2AU,     
} aern_network_flags;

AERN_EXPORT_API typedef enum aern_protocol_errors
{
    aern_protocol_error_none = 0x00U,                               
    aern_protocol_error_authentication_failure = 0x01U,               
    aern_protocol_error_certificate_not_found = 0x02U,             
    aern_protocol_error_channel_down = 0x03U,                       
    aern_protocol_error_connection_failure = 0x04U,                   
    aern_protocol_error_connect_failure = 0x05U,                 
    aern_protocol_error_convergence_failure = 0x06U,             
    aern_protocol_error_convergence_synchronized = 0x07U,           
    aern_protocol_error_decapsulation_failure = 0x08U,             
    aern_protocol_error_decoding_failure = 0x09U,                   
    aern_protocol_error_decryption_failure = 0x0AU,                   
    aern_protocol_error_establish_failure = 0x0BU,                 
    aern_protocol_error_exchange_failure = 0x0CU,                   
    aern_protocol_error_file_not_deleted = 0x0DU,                   
    aern_protocol_error_file_not_found = 0x0EU,                       
    aern_protocol_error_file_not_written = 0x0FU,                   
    aern_protocol_error_hash_invalid = 0x10U,                       
    aern_protocol_error_hosts_exceeded = 0x11U,                       
    aern_protocol_error_invalid_request = 0x12U,                 
    aern_protocol_error_certificate_expired = 0x13U,             
    aern_protocol_error_key_expired = 0x14U,                     
    aern_protocol_error_key_unrecognized = 0x15U,                   
    aern_protocol_error_listener_fail = 0x16U,                     
    aern_protocol_error_memory_allocation = 0x17U,                 
    aern_protocol_error_message_time_invalid = 0x18U,               
    aern_protocol_error_message_verification_failure = 0x19U,       
    aern_protocol_error_no_usable_address = 0x1AU,                 
    aern_protocol_error_node_not_available = 0x1BU,                   
    aern_protocol_error_node_not_found = 0x1CU,                       
    aern_protocol_error_node_was_registered = 0x1DU,             
    aern_protocol_error_operation_cancelled = 0x1EU,             
    aern_protocol_error_packet_header_invalid = 0x1FU,             
    aern_protocol_error_packet_unsequenced = 0x20U,                   
    aern_protocol_error_receive_failure = 0x21U,                 
    aern_protocol_error_root_signature_invalid = 0x22U,               
    aern_protocol_error_serialization_failure = 0x23U,             
    aern_protocol_error_signature_failure = 0x24U,                 
    aern_protocol_error_signing_failure = 0x25U,                 
    aern_protocol_error_socket_binding = 0x26U,                       
    aern_protocol_error_socket_creation = 0x27U,                 
    aern_protocol_error_transmit_failure = 0x28U,                   
    aern_protocol_error_topology_no_aps = 0x29U,                 
    aern_protocol_error_unknown_protocol = 0x2AU,                   
    aern_protocol_error_verification_failure = 0x2BU,               
} aern_protocol_errors;

AERN_EXPORT_API typedef enum aern_version_sets
{
    aern_version_set_none = 0x00U,                                 
    aern_version_set_one_zero = 0x01U,                             
} aern_version_sets;
 
/* public structures */

AERN_EXPORT_API typedef struct aern_certificate_expiration
{
    uint64_t from;                                                  
    uint64_t to;                                                  
} aern_certificate_expiration;

AERN_EXPORT_API typedef struct aern_child_certificate
{
    uint8_t csig[AERN_CERTIFICATE_SIGNED_HASH_SIZE];               
    uint8_t verkey[AERN_ASYMMETRIC_VERIFICATION_KEY_SIZE];            
    char issuer[AERN_CERTIFICATE_ISSUER_SIZE];                        
    uint8_t serial[AERN_CERTIFICATE_SERIAL_SIZE];                 
    uint8_t rootser[AERN_CERTIFICATE_SERIAL_SIZE];                   
    aern_certificate_expiration expiration;                            
    aern_network_designations designation;                          
    aern_configuration_sets algorithm;                              
    uint8_t version;                                             
} aern_child_certificate;

#define AERN_X509_CERTIFICATE_SIZE 4096U

#define AERN_IDG_HINT_SIZE (AERN_CERTIFICATE_HASH_SIZE + AERN_CERTIFICATE_SERIAL_SIZE)

AERN_EXPORT_API typedef struct aern_idg_hint
{
    uint8_t chash[AERN_CERTIFICATE_HASH_SIZE];                       
    uint8_t rootser[AERN_CERTIFICATE_SERIAL_SIZE];                   
} aern_idg_hint;

AERN_EXPORT_API typedef struct aern_idg_certificate
{
    uint8_t csig[AERN_CERTIFICATE_SIGNED_HASH_SIZE];               
    uint8_t vkey[AERN_ASYMMETRIC_VERIFICATION_KEY_SIZE];            
    uint8_t xcert[AERN_X509_CERTIFICATE_SIZE];                       
    uint8_t serial[AERN_CERTIFICATE_SERIAL_SIZE];                 
    uint8_t rootser[AERN_CERTIFICATE_SERIAL_SIZE];                   
    uint8_t hint[AERN_CERTIFICATE_HINT_SIZE];                     
    char issuer[AERN_CERTIFICATE_ISSUER_SIZE];                        
    aern_certificate_expiration expiration;                            
    aern_network_designations designation;                          
    aern_configuration_sets algorithm;                              
    uint8_t version;                                             
} aern_idg_certificate;

AERN_EXPORT_API typedef struct aern_connection_state
{
    qsc_socket target;                                                
    aern_cipher_state rxcpr;                                           
    aern_cipher_state txcpr;                                           
    uint64_t rxseq;                                                    
    uint64_t txseq;                                                    
    uint32_t instance;                                              
    aern_network_flags exflag;                                      
} aern_connection_state;

AERN_EXPORT_API typedef struct aern_keep_alive_state
{
    qsc_socket target;                                                
    uint64_t etime;                                                    
    uint64_t seqctr;                                              
    bool recd;                                                      
} aern_keep_alive_state;

typedef struct aern_mfkey_state
{
    uint8_t serial[AERN_CERTIFICATE_SERIAL_SIZE];                 
    uint8_t mfk[AERN_CRYPTO_SYMMETRIC_KEY_SIZE];                   
} aern_mfkey_state;

AERN_EXPORT_API typedef struct aern_network_packet
{
    uint8_t flag;                                                   
    uint32_t msglen;                                              
    uint64_t sequence;                                              
    uint64_t utctime;                                                
    uint8_t* pmessage;                                              
} aern_network_packet;

AERN_EXPORT_API typedef struct aern_root_certificate
{
    uint8_t verkey[AERN_ASYMMETRIC_VERIFICATION_KEY_SIZE];            
    char issuer[AERN_CERTIFICATE_ISSUER_SIZE];                        
    uint8_t serial[AERN_CERTIFICATE_SERIAL_SIZE];                 
    aern_certificate_expiration expiration;                            
    aern_configuration_sets algorithm;                              
    aern_version_sets version;                                      
} aern_root_certificate;

AERN_EXPORT_API typedef struct aern_serialized_symmetric_key
{
    uint64_t keyid;                                                    
    uint8_t key[AERN_CRYPTO_SYMMETRIC_KEY_SIZE];                   
    uint8_t nonce[AERN_CRYPTO_SYMMETRIC_NONCE_SIZE];               
} aern_serialized_symmetric_key;

AERN_EXPORT_API typedef struct aern_signature_keypair
{
    uint8_t prikey[AERN_ASYMMETRIC_SIGNING_KEY_SIZE];             
    uint8_t pubkey[AERN_ASYMMETRIC_VERIFICATION_KEY_SIZE];            
} aern_signature_keypair;

AERN_EXPORT_API typedef struct aern_cipher_keypair
{
    uint8_t prikey[AERN_ASYMMETRIC_PRIVATE_KEY_SIZE];             
    uint8_t pubkey[AERN_ASYMMETRIC_PUBLIC_KEY_SIZE];              
} aern_cipher_keypair;
 
/* public key encoding constants */

 
#define AERN_CERTIFICATE_SEPERATOR_SIZE 1U
#define AERN_CHILD_CERTIFICATE_HEADER_SIZE 64U
#define AERN_CHILD_CERTIFICATE_ROOT_HASH_PREFIX_SIZE 30U
#define AERN_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX_SIZE 23U
#define AERN_CHILD_CERTIFICATE_ISSUER_PREFIX_SIZE 9U
#define AERN_CHILD_CERTIFICATE_NAME_PREFIX_SIZE 7U
#define AERN_CHILD_CERTIFICATE_SERIAL_PREFIX_SIZE 9U
#define AERN_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX_SIZE 14U
#define AERN_CHILD_CERTIFICATE_VALID_FROM_PREFIX_SIZE 13U
#define AERN_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE 6U
#define AERN_CHILD_CERTIFICATE_ALGORITHM_PREFIX_SIZE 12U
#define AERN_CHILD_CERTIFICATE_VERSION_PREFIX_SIZE 10U
#define AERN_CHILD_CERTIFICATE_DESIGNATION_PREFIX_SIZE 14U
#define AERN_CHILD_CERTIFICATE_ADDRESS_PREFIX_SIZE 10U
#define AERN_CHILD_CERTIFICATE_FOOTER_SIZE 64U
#define AERN_CHILD_CERTIFICATE_DEFAULT_NAME_SIZE 19U
 
static const char AERN_CHILD_CERTIFICATE_HEADER[AERN_CHILD_CERTIFICATE_HEADER_SIZE] = "-----------BEGIN AERN CHILD PUBLIC CERTIFICATE BLOCK-----------";
static const char AERN_CHILD_CERTIFICATE_ROOT_HASH_PREFIX[AERN_CHILD_CERTIFICATE_ROOT_HASH_PREFIX_SIZE] = "Root Signed Public Key Hash: ";
static const char AERN_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX[AERN_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX_SIZE] = "Public Signature Key: ";
static const char AERN_CHILD_CERTIFICATE_ISSUER_PREFIX[AERN_CHILD_CERTIFICATE_ISSUER_PREFIX_SIZE] = "Issuer: ";
static const char AERN_CHILD_CERTIFICATE_NAME_PREFIX[AERN_CHILD_CERTIFICATE_NAME_PREFIX_SIZE] = "Name: ";
static const char AERN_CHILD_CERTIFICATE_SERIAL_PREFIX[AERN_CHILD_CERTIFICATE_SERIAL_PREFIX_SIZE] = "Serial: ";
static const char AERN_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX[AERN_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX_SIZE] = "Root Serial: ";
static const char AERN_CHILD_CERTIFICATE_VALID_FROM_PREFIX[AERN_CHILD_CERTIFICATE_VALID_FROM_PREFIX_SIZE] = "Valid From: ";
static const char AERN_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX[AERN_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE] = " To: ";
static const char AERN_CHILD_CERTIFICATE_ALGORITHM_PREFIX[AERN_CHILD_CERTIFICATE_ALGORITHM_PREFIX_SIZE] = "Algorithm: ";
static const char AERN_CHILD_CERTIFICATE_VERSION_PREFIX[AERN_CHILD_CERTIFICATE_VERSION_PREFIX_SIZE] = "Version: ";
static const char AERN_CHILD_CERTIFICATE_DESIGNATION_PREFIX[AERN_CHILD_CERTIFICATE_DESIGNATION_PREFIX_SIZE] = "Designation: ";
static const char AERN_CHILD_CERTIFICATE_ADDRESS_PREFIX[AERN_CHILD_CERTIFICATE_ADDRESS_PREFIX_SIZE] = "Address: ";
static const char AERN_CHILD_CERTIFICATE_FOOTER[AERN_CHILD_CERTIFICATE_FOOTER_SIZE] = "------------END AERN CHILD PUBLIC CERTIFICATE BLOCK------------";
static const char AERN_CHILD_CERTIFICATE_DEFAULT_NAME[AERN_CHILD_CERTIFICATE_DEFAULT_NAME_SIZE] = " Child Certificate";
 
#define AERN_NETWORK_DESIGNATION_SIZE 33
static const char AERN_NETWORK_DESIGNATION_NONE[AERN_NETWORK_DESIGNATION_SIZE] = "aern_network_designation_none";
static const char AERN_NETWORK_DESIGNATION_APS[AERN_NETWORK_DESIGNATION_SIZE] = "aern_network_designation_aps";
static const char AERN_NETWORK_DESIGNATION_CLIENT[AERN_NETWORK_DESIGNATION_SIZE] = "aern_network_designation_client";
static const char AERN_NETWORK_DESIGNATION_ADS[AERN_NETWORK_DESIGNATION_SIZE] = "aern_network_designation_ads";
static const char AERN_NETWORK_DESIGNATION_IDG[AERN_NETWORK_DESIGNATION_SIZE] = "aern_network_designation_idg";
static const char AERN_NETWORK_DESIGNATION_REMOTE[AERN_NETWORK_DESIGNATION_SIZE] = "aern_network_designation_remote";
static const char AERN_NETWORK_DESIGNATION_ROOT[AERN_NETWORK_DESIGNATION_SIZE] = "aern_network_designation_ars";
static const char AERN_NETWORK_DESIGNATION_ALL[AERN_NETWORK_DESIGNATION_SIZE] = "aern_network_designation_all";


#define AERN_PROTOCOL_SET_SIZE 41U
 
/* Valid parameter sets: 
Kyber-S1, Dilithium-S1
Kyber-S3, Dilithium-S3
Kyber-S5, Dilithium-S5
Kyber-S6, Dilithium-S5
McEliece-S1, Sphincs-S1(f,s)
McEliece-S3, Sphincs-S3(f,s)
McEliece-S5, Sphincs-S5(f,s)
McEliece-S6, Sphincs-S5(f,s)
McEliece-S7, Sphincs-S6(f,s) */

 
#if defined(AERN_PARAMATERS_DILITHIUM_KYBER_D1K1)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "dilithium-s1_kyber-s1_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_dilithium1_kyber1_rcs256_shake256;
#elif defined(AERN_PARAMATERS_DILITHIUM_KYBER_D3K3)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "dilithium-s3_kyber-s3_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_dilithium3_kyber3_rcs256_shake256;
#elif defined(AERN_PARAMATERS_DILITHIUM_KYBER_D5K5)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "dilithium-s5_kyber-s5_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_dilithium5_kyber5_rcs256_shake256;
#elif defined(AERN_PARAMATERS_DILITHIUM_KYBER_D5K6)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "dilithium-s5_kyber-s6_rcs-512_sha3-512";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_dilithium5_kyber6_rcs512_shake256;
#elif defined(AERN_PARAMATERS_SPHINCSF_MCELIECE_SF1M1) 
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "sphincs-1f_mceliece-s1_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_sphincsplus1f_mceliece1_rcs256_shake256;
#elif defined(AERN_PARAMATERS_SPHINCSPLUS_S1S128SHAKERS)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "sphincs-1s_mceliece-s1_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_sphincsplus1s_mceliece1_rcs256_shake256;
#elif defined(AERN_PARAMATERS_SPHINCSF_MCELIECE_SF3M3)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "sphincs-3f_mceliece-s3_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_sphincsplus3f_mceliece3_rcs256_shake256;
#elif defined(AERN_PARAMATERS_SPHINCSPLUS_S3S192SHAKERS)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "sphincs-3s_mceliece-s3_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_sphincsplus3s_mceliece3_rcs256_shake256;
#elif defined(AERN_PARAMATERS_SPHINCSF_MCELIECE_SF5M5)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "sphincs-5f_mceliece-s5_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_sphincsplus5f_mceliece5_rcs256_shake256;
#elif defined(AERN_PARAMATERS_SPHINCSPLUS_S5S256SHAKERS)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "sphincs-5s_mceliece-s5_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_sphincsplus5s_mceliece5_rcs256_shake256;
#elif defined(AERN_PARAMATERS_SPHINCSF_MCELIECE_SF5M6)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "sphincs-5f_mceliece-s6_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_sphincsplus5f_mceliece6_rcs256_shake256;
#elif defined(AERN_PARAMATERS_SPHINCSPLUS_S5S256SHAKERS)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "sphincs-5s_mceliece-s6_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_sphincsplus5s_mceliece6_rcs256_shake256;
#elif defined(AERN_PARAMATERS_SPHINCSF_MCELIECE_SF5M7)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "sphincs-5f_mceliece-s7_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_sphincsplus5f_mceliece7_rcs256_shake256;
#elif defined(AERN_PARAMATERS_SPHINCSPLUS_S5S256SHAKERS)
static const char AERN_CONFIG_STRING[AERN_PROTOCOL_SET_SIZE] = "sphincs-5s_mceliece-s7_rcs-256_sha3-256";
static const aern_configuration_sets AERN_CONFIGURATION_SET = aern_configuration_set_sphincsplus5s_mceliece7_rcs256_shake256;
#else
#   error Invalid parameter set!
#endif


 
#define AERN_ROOT_CERTIFICATE_HEADER_SIZE 64U
#define AERN_ROOT_CERTIFICATE_HASH_PREFIX_SIZE 19U
#define AERN_ROOT_CERTIFICATE_PUBLICKEY_PREFIX_SIZE 13U
#define AERN_ROOT_CERTIFICATE_ISSUER_PREFIX_SIZE 9U
#define AERN_ROOT_CERTIFICATE_NAME_PREFIX_SIZE 7U
#define AERN_ROOT_CERTIFICATE_SERIAL_PREFIX_SIZE 9U
#define AERN_ROOT_CERTIFICATE_FOOTER_SIZE 64U
#define AERN_ROOT_CERTIFICATE_VALID_FROM_PREFIX_SIZE 13U
#define AERN_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE 6U
#define AERN_ROOT_CERTIFICATE_ALGORITHM_PREFIX_SIZE 12U
#define AERN_ROOT_CERTIFICATE_VERSION_PREFIX_SIZE 10U
#define AERN_ROOT_CERTIFICATE_DEFAULT_NAME_SIZE 18U
#define AERN_ACTIVE_VERSION_STRING_SIZE 5U


 
static const char AERN_ROOT_CERTIFICATE_HEADER[AERN_ROOT_CERTIFICATE_HEADER_SIZE] = "------------BEGIN AERN ROOT PUBLIC CERTIFICATE BLOCK-----------";
static const char AERN_ROOT_CERTIFICATE_ISSUER_PREFIX[AERN_ROOT_CERTIFICATE_ISSUER_PREFIX_SIZE] = "Issuer: ";
static const char AERN_ROOT_CERTIFICATE_NAME_PREFIX[AERN_ROOT_CERTIFICATE_NAME_PREFIX_SIZE] = "Name: ";
static const char AERN_ROOT_CERTIFICATE_SERIAL_PREFIX[AERN_ROOT_CERTIFICATE_SERIAL_PREFIX_SIZE] = "Serial: ";
static const char AERN_ROOT_CERTIFICATE_VALID_FROM_PREFIX[AERN_ROOT_CERTIFICATE_VALID_FROM_PREFIX_SIZE] = "Valid From: ";
static const char AERN_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX[AERN_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE] = " To: ";
static const char AERN_ROOT_CERTIFICATE_ALGORITHM_PREFIX[AERN_ROOT_CERTIFICATE_ALGORITHM_PREFIX_SIZE] = "Algorithm: ";
static const char AERN_ROOT_CERTIFICATE_VERSION_PREFIX[AERN_ROOT_CERTIFICATE_VERSION_PREFIX_SIZE] = "Version: ";
static const char AERN_ROOT_CERTIFICATE_HASH_PREFIX[AERN_ROOT_CERTIFICATE_HASH_PREFIX_SIZE] = "Certificate Hash: ";
static const char AERN_ROOT_CERTIFICATE_PUBLICKEY_PREFIX[AERN_ROOT_CERTIFICATE_PUBLICKEY_PREFIX_SIZE] = "Public Key: ";
static const char AERN_ROOT_CERTIFICATE_FOOTER[AERN_ROOT_CERTIFICATE_FOOTER_SIZE] = "------------END AERN ROOT PUBLIC CERTIFICATE BLOCK-------------";
static const char AERN_ROOT_CERTIFICATE_DEFAULT_NAME[AERN_ROOT_CERTIFICATE_DEFAULT_NAME_SIZE] = " Root Certificate";
 
static const char AERN_ACTIVE_VERSION_STRING[AERN_ACTIVE_VERSION_STRING_SIZE] = "0x01";
static const char AERN_CERTIFICATE_CHILD_EXTENSION[] = ".ccert";
static const char AERN_CERTIFICATE_MFCOL_EXTENSION[] = ".mfcol";
static const char AERN_CERTIFICATE_ROOT_EXTENSION[] = ".rcert";
static const char AERN_CERTIFICATE_TOPOLOGY_EXTENSION[] = ".dtop";
static const char AERN_APPLICATION_ROOT_PATH[] = "\\AERN";
static const char AERN_CERTIFICATE_BACKUP_PATH[] = "\\Backup";
static const char AERN_CERTIFICATE_STORE_PATH[] = "\\Certificates";
static const char AERN_ROOT_CERTIFICATE_PATH[] = "\\Root";
static const char AERN_CERTIFICATE_TOPOLOGY_PATH[] = "\\Topology";

 
#define AERN_NETWORK_ERROR_STRING_DEPTH 28U
#define AERN_NETWORK_ERROR_STRING_SIZE 128U

 
static const char AERN_NETWORK_ERROR_STRINGS[AERN_NETWORK_ERROR_STRING_DEPTH][AERN_NETWORK_ERROR_STRING_SIZE] =
{
    "No error was detected",
    "The socket accept function returned an error",
    "The cipher authentication has failed",
    "The keep alive check failed",
    "The communications channel has failed",
    "The device could not make a connnection to the remote host",
    "The decryption authentication has failed",
    "The transmission failed at the kex establish phase",
    "The connection experienced an unexpected error",
    "The server has run out of socket connections",
    "The random generator experienced a failure",
    "The input is invalid",
    "The request is invalid",
    "The keep alive has expired with no response",
    "The keepalive failure counter has exceeded maximum ",
    "The kex authentication has failed",
    "The key-id is not recognized",
    "The certificate has expired",
    "The listener function failed to initialize",
    "The server has run out of memory",
    "The random generator experienced a failure",
    "The random generator experienced a failure",
    "The ratchet operation has failed",
    "The receiver failed at the network layer",
    "The transmitter failed at the network layer",
    "The protocol version is unknown",
    "The packet was received out of sequence",
    "The expected data could not be verified"
};
 
#define AERN_PROTOCOL_ERROR_STRING_DEPTH 44U
#define AERN_PROTOCOL_ERROR_STRING_SIZE 128U
 
static const char AERN_PROTOCOL_ERROR_STRINGS[AERN_PROTOCOL_ERROR_STRING_DEPTH][AERN_PROTOCOL_ERROR_STRING_SIZE] =
{
    "No error was detected",
    "The symmetric cipher had an authentication failure",
    "The node certificate could not be found",
    "The communications channel has failed",
    "The device could not make a connection to the remote host",
    "The transmission failed at the KEX connection phase",
    "The convergence call has returned an error",
    "The database is already synchronized",
    "The asymmetric cipher failed to decapsulate the shared secret",
    "The node or certificate decoding failed",
    "The decryption authentication has failed",
    "The transmission failed at the KEX establish phase",
    "The transmission failed at the KEX exchange phase",
    "The application could not delete a local file",
    "The file could not be found",
    "The file could not be written to storage",
    "The public-key hash is invalid",
    "The server has run out of socket connections",
    "The packet flag was unexpected",
    "The certificate has expired and is invalid",
    "The AERN public key has expired ",
    "The key identity is unrecognized",
    "The listener function failed to initialize",
    "The server has run out of memory",
    "The network time is invalid or has substantial delay",
    "The expected data could not be verified",
    "The server has no usable IP address, assign in configuration",
    "The node is offline or not available for connection",
    "The node could not be found in the database",
    "The node was previously registered in the database",
    "The operation was cancelled by the user",
    "The packet header received was invalid",
    "The packet was received out of sequence",
    "The receiver failed at the network layer",
    "The root signature failed authentication",
    "The certificate could not be serialized",
    "The signature scheme could not sign a message",
    "The transmission failed to sign the data",
    "The socket could not be bound to an IP address",
    "The socket could not be created",
    "The transmitter failed at the network layer",
    "The topological database has no aps entries",
    "The protocol string was not recognized",
    "The transmission failed at the KEX verify phase"
};

 
/* API */

AERN_EXPORT_API void aern_connection_close(qsc_socket* rsock, aern_network_errors err, bool notify);

AERN_EXPORT_API aern_protocol_errors aern_decrypt_packet(aern_connection_state* cns, uint8_t* message, size_t* msglen, const aern_network_packet* packetin);

AERN_EXPORT_API aern_protocol_errors aern_encrypt_packet(aern_connection_state* cns, aern_network_packet* packetout, const uint8_t* message, size_t msglen);

AERN_EXPORT_API void aern_connection_state_dispose(aern_connection_state* cns);

AERN_EXPORT_API const char* aern_network_error_to_string(aern_network_errors error);

AERN_EXPORT_API const char* aern_protocol_error_to_string(aern_protocol_errors error);

AERN_EXPORT_API void aern_packet_clear(aern_network_packet* packet);

AERN_EXPORT_API void aern_packet_error_message(aern_network_packet* packet, aern_protocol_errors error);

AERN_EXPORT_API void aern_packet_header_deserialize(const uint8_t* header, aern_network_packet* packet);

AERN_EXPORT_API void aern_packet_header_serialize(const aern_network_packet* packet, uint8_t* header);

AERN_EXPORT_API void aern_packet_set_utc_time(aern_network_packet* packet);

AERN_EXPORT_API bool aern_packet_time_valid(const aern_network_packet* packet);

AERN_EXPORT_API size_t aern_packet_to_stream(const aern_network_packet* packet, uint8_t* pstream);

AERN_EXPORT_API void aern_stream_to_packet(const uint8_t* pstream, aern_network_packet* packet);
 
#endif