DKTP support header Common defined parameters and functions of the DKTP client and server implementations.
More...
|
|
#define | DKTP_CONFIG_DILITHIUM_KYBER |
| | Sets the asymmetric cryptographic primitive-set to Dilithium/Kyber.
|
|
#define | DKTP_DOMAIN_IDENTITY_SIZE 16U |
| | The size of the domain identity string. This string size can be modified to accomodate different length domain strings.
|
|
#define | DKTP_ASYMMETRIC_RATCHET |
| | Enable the asymmetric ratchet option.
|
|
#define | DKTP_CONFIG_SIZE 48U |
| | The size of the protocol configuration string.
|
|
#define | DKTP_HASH_SIZE 64U |
| | The 512-bit hash function size.
|
|
#define | DKTP_MACKEY_SIZE 64U |
| | The 512-bit mac key size.
|
|
#define | DKTP_MACTAG_SIZE 64U |
| | The 512-bit mac key size.
|
|
#define | DKTP_SYMMETRIC_KEY_SIZE 64U |
| | The 512-bit symmetric cipher key size.
|
|
#define | DKTP_SYMMETRIC_NONCE_SIZE 32U |
| | The 256-bit symmetric cipher nonce size.
|
|
#define | DKTP_ASYMMETRIC_KEYCHAIN_COUNT 10U |
| | The key-chain asymmetric key count.
|
|
#define | DKTP_CLIENT_PORT 31118U |
| | The default client port address.
|
|
#define | DKTP_CONNECTIONS_INIT 1000U |
| | The intitial DKTP connections queue size.
|
|
#define | DKTP_CONNECTIONS_MAX 50000U |
| | The maximum number of connections Calculated given approx 5k (3480 connection state + 1500 mtu + overhead), per connection on 256GB of DRAM. Can be scaled to a greater number provided the hardware can support it.
|
|
#define | DKTP_CONNECTION_MTU 1500U |
| | The DKTP packet buffer size.
|
|
#define | DKTP_ERROR_SEQUENCE 0xFF00000000000000ULL |
| | The packet error sequence number.
|
|
#define | DKTP_ERROR_MESSAGE_SIZE 1U |
| | The packet error message size.
|
|
#define | DKTP_FLAG_SIZE 1U |
| | The packet flag size.
|
|
#define | DKTP_HEADER_SIZE 21U |
| | The DKTP packet header size.
|
|
#define | DKTP_KEEPALIVE_STRING 20U |
| | The keep alive string size.
|
|
#define | DKTP_KEEPALIVE_TIMEOUT (120U * 1000U) |
| | The keep alive timeout in milliseconds (2 minutes)
|
|
#define | DKTP_KEYID_SIZE 16U |
| | The DKTP key identity size.
|
|
#define | DKTP_MSGLEN_SIZE 4U |
| | The size of the packet message length.
|
|
#define | DKTP_NONCE_SIZE 32U |
| | The size of the symmetric cipher nonce.
|
|
#define | DKTP_SERVER_PORT 31119U |
| | The default server port address.
|
|
#define | DKTP_PACKET_TIME_THRESHOLD 60U |
| | The maximum number of seconds a packet is valid Note: On interior networks with a shared (NTP) time source, this could be set at 1 second, depending on network and device traffic conditions. For exterior networks, this time needs to be adjusted to account for clock-time differences, between 30-100 seconds.
|
|
#define | DKTP_POLLING_INTERVAL (120U * 1000U) |
| | The polling interval in milliseconds (2 minutes)
|
|
#define | DKTP_PUBKEY_DURATION_DAYS 365U |
| | The number of days a public key remains valid.
|
|
#define | DKTP_PUBKEY_DURATION_SECONDS (DKTP_PUBKEY_DURATION_DAYS * 24U * 60U * 60U) |
| | The number of seconds a public key remains valid.
|
|
#define | DKTP_PUBKEY_LINE_LENGTH 64U |
| | The line length of the printed DKTP public key.
|
|
#define | DKTP_SECRET_SIZE 32U |
| | The size of the shared secret for each channel.
|
|
#define | DKTP_SEQUENCE_SIZE 8U |
| | The size of the packet sequence number.
|
|
#define | DKTP_SEQUENCE_TERMINATOR 0xFFFFFFFFUL |
| | The sequence number of a packet that closes a connection.
|
|
#define | DKTP_TIMESTAMP_SIZE 8U |
| | The key expiration timestamp size.
|
|
#define | DKTP_TIMESTAMP_STRING_SIZE 20U |
| | The key expiration timestamp string size.
|
|
#define | DKTP_MESSAGE_MAX 0x3D090000UL |
| | The maximum message size used during the key exchange (1 GB)
|
|
#define | dktp_cipher_generate_keypair qsc_kyber_generate_keypair |
| | Generate an asymmetric cipher key-pair.
|
|
#define | dktp_cipher_decapsulate qsc_kyber_decapsulate |
| | Decapsulate a shared-secret with the asymmetric cipher.
|
|
#define | dktp_cipher_encapsulate qsc_kyber_encapsulate |
| | Encapsulate a shared-secret with the asymmetric cipher.
|
|
#define | dktp_signature_generate_keypair qsc_dilithium_generate_keypair |
| | Generate an asymmetric signature key-pair.
|
|
#define | dktp_signature_sign qsc_dilithium_sign |
| | Sign a message with the asymmetric signature scheme.
|
|
#define | dktp_signature_verify qsc_dilithium_verify |
| | Verify a message with the asymmetric signature scheme.
|
|
#define | DKTP_ASYMMETRIC_CIPHER_TEXT_SIZE (QSC_KYBER_CIPHERTEXT_SIZE) |
| | The byte size of the asymmetric cipher-text array.
|
|
#define | DKTP_ASYMMETRIC_DECAPSULATION_KEY_SIZE (QSC_KYBER_PRIVATEKEY_SIZE) |
| | The byte size of the asymmetric cipher private-key array.
|
|
#define | DKTP_ASYMMETRIC_ENCAPSULATION_KEY_SIZE (QSC_KYBER_PUBLICKEY_SIZE) |
| | The byte size of the asymmetric cipher public-key array.
|
|
#define | DKTP_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_DILITHIUM_PRIVATEKEY_SIZE) |
| | The byte size of the asymmetric signature signing-key array.
|
|
#define | DKTP_ASYMMETRIC_VERIFY_KEY_SIZE (QSC_DILITHIUM_PUBLICKEY_SIZE) |
| | The byte size of the asymmetric signature verification-key array.
|
|
#define | DKTP_ASYMMETRIC_SIGNATURE_SIZE (QSC_DILITHIUM_SIGNATURE_SIZE) |
| | The byte size of the asymmetric signature array.
|
|
#define | DKTP_REMOTE_PEER_KEY_ENCODED_SIZE (DKTP_KEYID_SIZE + DKTP_TIMESTAMP_SIZE + DKTP_CONFIG_SIZE + DKTP_SECRET_SIZE + DKTP_ASYMMETRIC_VERIFY_KEY_SIZE) |
| | The peer key size.
|
|
#define | DKTP_LOCAL_PEER_KEY_ENCODED_SIZE (DKTP_KEYID_SIZE + DKTP_KEYID_SIZE + DKTP_TIMESTAMP_SIZE + DKTP_CONFIG_SIZE + DKTP_SECRET_SIZE + DKTP_ASYMMETRIC_SIGNING_KEY_SIZE + DKTP_ASYMMETRIC_VERIFY_KEY_SIZE) |
| | The secret signature key size.
|
|
#define | DKTP_ERROR_STRING_DEPTH 30U |
| | The depth of the DKTP error string array.
|
|
#define | DKTP_ERROR_STRING_WIDTH 128U |
| | The width of each DKTP error string.
|
|
#define | DKTP_MESSAGE_STRING_DEPTH 21U |
| | The depth of the DKTP message string array.
|
|
#define | DKTP_MESSAGE_STRING_WIDTH 128U |
| | The width of each DKTP message string.
|
|
| DKTP_EXPORT_API void | dktp_connection_close (dktp_connection_state *cns, dktp_errors err, bool notify) |
| | Close the network connection between hosts.
|
| DKTP_EXPORT_API void | dktp_connection_state_dispose (dktp_connection_state *cns) |
| | Reset the connection state.
|
| DKTP_EXPORT_API const char * | dktp_error_to_string (dktp_errors error) |
| | Return a pointer to a string description of an error code.
|
| DKTP_EXPORT_API void | dktp_header_create (dktp_network_packet *packetout, dktp_flags flag, uint64_t sequence, uint32_t msglen) |
| | Populate a packet header and set the creation time.
|
| DKTP_EXPORT_API dktp_errors | dktp_header_validate (dktp_connection_state *cns, const dktp_network_packet *packetin, dktp_flags kexflag, dktp_flags pktflag, uint64_t sequence, uint32_t msglen) |
| | Validate a packet header and timestamp.
|
| DKTP_EXPORT_API void | dktp_generate_keypair (dktp_remote_peer_key *enckey, dktp_local_peer_key *deckey, const uint8_t keyid[DKTP_KEYID_SIZE]) |
| | Generate a DKTP key-pair; generates the public and private asymmetric signature keys.
|
| DKTP_EXPORT_API const char * | dktp_get_error_description (dktp_messages emsg) |
| | Get the error string description.
|
| DKTP_EXPORT_API void | dktp_log_error (dktp_messages emsg, qsc_socket_exceptions err, const char *msg) |
| | Log the message, socket error, and string description.
|
| DKTP_EXPORT_API void | dktp_log_message (dktp_messages emsg) |
| | Log a message.
|
| DKTP_EXPORT_API void | dktp_log_write (dktp_messages emsg, const char *msg) |
| | Log a message and description.
|
| DKTP_EXPORT_API void | dktp_packet_clear (dktp_network_packet *packet) |
| | Clear a packet's state.
|
| DKTP_EXPORT_API dktp_errors | dktp_packet_decrypt (dktp_connection_state *cns, uint8_t *message, size_t *msglen, const dktp_network_packet *packetin) |
| | Decrypt a message and copy it to the message output.
|
| DKTP_EXPORT_API dktp_errors | dktp_packet_encrypt (dktp_connection_state *cns, dktp_network_packet *packetout, const uint8_t *message, size_t msglen) |
| | Encrypt a message and build an output packet.
|
| DKTP_EXPORT_API void | dktp_packet_error_message (dktp_network_packet *packet, dktp_errors error) |
| | Populate a packet structure with an error message.
|
| DKTP_EXPORT_API void | dktp_packet_header_deserialize (const uint8_t *header, dktp_network_packet *packet) |
| | Deserialize a byte array to a packet header.
|
| DKTP_EXPORT_API void | dktp_packet_header_serialize (const dktp_network_packet *packet, uint8_t *header) |
| | Serialize a packet header to a byte array.
|
| DKTP_EXPORT_API void | dktp_packet_set_utc_time (dktp_network_packet *packet) |
| | Sets the local UTC seconds time in the packet header.
|
| DKTP_EXPORT_API bool | dktp_packet_time_valid (const dktp_network_packet *packet) |
| | Checks the local UTC seconds time against the packet sent time for validity within the packet time threshold.
|
| DKTP_EXPORT_API size_t | dktp_packet_to_stream (const dktp_network_packet *packet, uint8_t *pstream) |
| | Serialize a packet to a byte array.
|
| DKTP_EXPORT_API void | dktp_local_peer_key_deserialize (dktp_local_peer_key *lpk, const uint8_t slpk[DKTP_LOCAL_PEER_KEY_ENCODED_SIZE]) |
| | Deserialize a local peer key structure and copy to an array.
|
| DKTP_EXPORT_API void | dktp_local_peer_key_erase (dktp_local_peer_key *lpk) |
| | Erase a local peer key.
|
| DKTP_EXPORT_API void | dktp_local_peer_key_serialize (uint8_t slpk[DKTP_LOCAL_PEER_KEY_ENCODED_SIZE], const dktp_local_peer_key *lpk) |
| | Serialize a local peer key structure.
|
| DKTP_EXPORT_API void | dktp_remote_peer_key_erase (dktp_remote_peer_key *rpk) |
| | Erase a remote peer key.
|
| DKTP_EXPORT_API bool | dktp_remote_peer_key_compare (const dktp_remote_peer_key *a, const dktp_remote_peer_key *b) |
| | Compares two public keys for equality.
|
| DKTP_EXPORT_API void | dktp_remote_peer_key_deserialize (dktp_remote_peer_key *rpk, const uint8_t srpk[DKTP_REMOTE_PEER_KEY_ENCODED_SIZE]) |
| | Deserialize a remote peer key and populate a remote peer key structure.
|
| DKTP_EXPORT_API void | dktp_remote_peer_key_serialize (uint8_t srpk[DKTP_REMOTE_PEER_KEY_ENCODED_SIZE], const dktp_remote_peer_key *rpk) |
| | Serialize a remote peer key structure and copy to an array.
|
| DKTP_EXPORT_API void | dktp_stream_to_packet (const uint8_t *pstream, dktp_network_packet *packet) |
| | Deserialize a byte array to a packet.
|
DKTP support header Common defined parameters and functions of the DKTP client and server implementations.
Note: These definitions determine the asymmetric protocol set used by DKTP. The individual parameter sets for each cipher and signature scheme, can be configured in the QSC libraries qsccommon.h file. For maximum security, I recommend the McElice/SPHINCS+ set. For a balance of performance and security, the Dilithium/Kyber, or Dilithium/McEliece sets are recommended.
Parameter Sets: Kyber-S1, Dilithium-S1 Kyber-S3, Dilithium-S3 Kyber-S5, Dilithium-S5 Kyber-S6, Dilithium-S5 McEliece-S1, Dilithium-S1 McEliece-S3, Dilithium-S3 McEliece-S5, Dilithium-S5 McEliece-S6, Dilithium-S5 McEliece-S7, Dilithium-S5 McEliece-S1, Sphincs-S1(f,s) McEliece-S3, Sphincs-S3(f,s) McEliece-S5, Sphincs-S5(f,s) McEliece-S6, Sphincs-S5(f,s) McEliece-S7, Sphincs-S6(f,s)
Recommended: Kyber-S5, Dilithium-S5 Kyber-S6, Dilithium-S5 McEliece-S5, Dilithium-S5 McEliece-S5, Sphincs-S5(f,s)
The parameter sets used by DKTP are selected in the QSC library in the libraries qsccommon.h file. Settings are at library defaults, however, a true 512-bit security system can be acheived by selecting the McEliece/SPHINCS+ parameter in DKTP and setting SPHINCS+ to one of the 512-bit options in the QSC library.
1.14.0