mpdc.h

Go to the documentation of this file.

/* 2025 Quantum Resistant Cryptographic Solutions Corporation
 * All Rights Reserved.
 *
 * NOTICE: This software and all accompanying materials are the exclusive 
 * property of Quantum Resistant Cryptographic Solutions Corporation (QRCS).
 * The intellectual and technical concepts contained within this implementation 
 * are proprietary to QRCS and its authorized licensors and are protected under 
 * applicable U.S. and international copyright, patent, and trade secret laws.
 *
 * CRYPTOGRAPHIC STANDARDS:
 * - This software includes implementations of cryptographic algorithms such as 
 *   SHA3, AES, and others. These algorithms are public domain or standardized 
 *   by organizations such as NIST and are NOT the property of QRCS.
 * - However, all source code, optimizations, and implementations in this library 
 *   are original works of QRCS and are protected under this license.
 *
 * RESTRICTIONS:
 * - Redistribution, modification, or unauthorized distribution of this software, 
 *   in whole or in part, is strictly prohibited.
 * - This software is provided for non-commercial, educational, and research 
 *   purposes only. Commercial use in any form is expressly forbidden.
 * - Licensing and authorized distribution are solely at the discretion of QRCS.
 * - Any use of this software implies acceptance of these restrictions.
 *
 * DISCLAIMER:
 * This software is provided "as is," without warranty of any kind, express or 
 * implied, including but not limited to warranties of merchantability or fitness 
 * for a particular purpose. QRCS disclaims all liability for any direct, indirect, 
 * incidental, or consequential damages resulting from the use or misuse of this software.
 *
 * FULL LICENSE:
 * This software is subject to the **Quantum Resistant Cryptographic Solutions 
 * Proprietary License (QRCS-PL)**. The complete license terms are included 
 * in the LICENSE.txt file distributed with this software.
 *
 * Written by: John G. Underhill
 * Contact: john.underhill@protonmail.com
 */
 
#ifndef MPDC_MPDC_H
#define MPDC_MPDC_H
 
#include "common.h"
#include "../../QSC/QSC/rcs.h"
#include "../../QSC/QSC/sha3.h"
#include "../../QSC/QSC/socketbase.h"
 
#if defined(MPDC_CONFIG_DILITHIUM_KYBER)
#   include "../../QSC/QSC/dilithium.h"
#   include "../../QSC/QSC/kyber.h"
#elif defined(MPDC_CONFIG_SPHINCS_MCELIECE)
#   include "../../QSC/QSC/mceliece.h"
#   include "../../QSC/QSC/sphincsplus.h"
#else
#   error Invalid parameter set!
#endif

 
/* --- Function Mapping Macros --- */

#if defined(MPDC_CONFIG_SPHINCS_MCELIECE)
#   define mpdc_cipher_generate_keypair qsc_mceliece_generate_keypair
#   define mpdc_cipher_decapsulate qsc_mceliece_decapsulate
#   define mpdc_cipher_encapsulate qsc_mceliece_encapsulate
#   define mpdc_signature_generate_keypair qsc_sphincsplus_generate_keypair
#   define mpdc_signature_sign qsc_sphincsplus_sign
#   define mpdc_signature_verify qsc_sphincsplus_verify
#elif defined(MPDC_CONFIG_DILITHIUM_KYBER)
#   define mpdc_cipher_generate_keypair qsc_kyber_generate_keypair
#   define mpdc_cipher_decapsulate qsc_kyber_decapsulate
#   define mpdc_cipher_encapsulate qsc_kyber_encapsulate
#   define mpdc_signature_generate_keypair qsc_dilithium_generate_keypair
#   define mpdc_signature_sign qsc_dilithium_sign
#   define mpdc_signature_verify qsc_dilithium_verify
#else
#   error Invalid parameter set!
#endif
 
/* ### Modifiable Constants: These constants can be enabled to turn on protocol features ### */

// * \def MPDC_NETWORK_CLIENT_CONNECT
// * \brief Enable client to client encrypted tunnel.
// */
//#define MPDC_NETWORK_CLIENT_CONNECT

// * \def MPDC_NETWORK_MFK_HASH_CYCLED
// * \brief Enable mfk key cycling (default).
// */
//#define MPDC_NETWORK_MFK_HASH_CYCLED

//#define MPDC_NETWORK_PROTOCOL_IPV6

// * \def MPDC_EXTENDED_SESSION_SECURITY
// * \brief Enable 512-bit security on session tunnels.
// */
//#define MPDC_EXTENDED_SESSION_SECURITY
 
/* ### End of Modifiable Constants ### */
 
 
#if defined(MPDC_CONFIG_DILITHIUM_KYBER)

#   define MPDC_ASYMMETRIC_CIPHERTEXT_SIZE (QSC_KYBER_CIPHERTEXT_SIZE)

#   define MPDC_ASYMMETRIC_PRIVATE_KEY_SIZE (QSC_KYBER_PRIVATEKEY_SIZE)

#   define MPDC_ASYMMETRIC_PUBLIC_KEY_SIZE (QSC_KYBER_PUBLICKEY_SIZE)

#   define MPDC_ASYMMETRIC_SIGNATURE_SIZE (QSC_DILITHIUM_SIGNATURE_SIZE)

#   define MPDC_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_DILITHIUM_PRIVATEKEY_SIZE)

#   define MPDC_ASYMMETRIC_VERIFICATION_KEY_SIZE (QSC_DILITHIUM_PUBLICKEY_SIZE)
 
#   if defined(QSC_DILITHIUM_S1P2544) && defined(QSC_KYBER_S1P1632)
#       define MPDC_CHILD_CERTIFICATE_STRING_SIZE 5612
#       define MPDC_PARAMATERS_DILITHIUM_KYBER_D1K1
#       define MPDC_ROOT_CERTIFICATE_STRING_SIZE 2188
#       define MPDC_SIGNATURE_ENCODING_SIZE 3272
#       define MPDC_VERIFICATION_KEY_ENCODING_SIZE 1752
#   elif defined(QSC_DILITHIUM_S3P4016) && defined(QSC_KYBER_S3P2400)
#       define MPDC_CHILD_CERTIFICATE_STRING_SIZE 7648
#       define MPDC_PARAMATERS_DILITHIUM_KYBER_D3K3
#       define MPDC_ROOT_CERTIFICATE_STRING_SIZE 3053
#       define MPDC_SIGNATURE_ENCODING_SIZE 4436
#       define MPDC_VERIFICATION_KEY_ENCODING_SIZE 2604
#   elif defined(QSC_DILITHIUM_S5P4880) && defined(QSC_KYBER_S5P3168)
#       define MPDC_CHILD_CERTIFICATE_STRING_SIZE 10311
#       define MPDC_PARAMATERS_DILITHIUM_KYBER_D5K5
#       define MPDC_ROOT_CERTIFICATE_STRING_SIZE 3919
#       define MPDC_SIGNATURE_ENCODING_SIZE 6172
#       define MPDC_VERIFICATION_KEY_ENCODING_SIZE 3456
#   elif defined(QSC_DILITHIUM_S5P4880) && defined(QSC_KYBER_S6P3936)
#       define MPDC_CHILD_CERTIFICATE_STRING_SIZE 10311
#       define MPDC_PARAMATERS_DILITHIUM_KYBER_D5K6
#       define MPDC_ROOT_CERTIFICATE_STRING_SIZE 3919
#       define MPDC_SIGNATURE_ENCODING_SIZE 6172
#       define MPDC_VERIFICATION_KEY_ENCODING_SIZE 3456
#   else
        /* The library signature scheme and asymmetric cipher parameter sets 
        must be synchronized to a common security level; s1, s3, s5, s5+ */
#       error the library parameter sets are mismatched!
#   endif
 
#elif defined(MPDC_CONFIG_SPHINCS_MCELIECE)

#   define MPDC_ASYMMETRIC_CIPHERTEXT_SIZE (QSC_MCELIECE_CIPHERTEXT_SIZE)

#   define MPDC_ASYMMETRIC_PRIVATE_KEY_SIZE (QSC_MCELIECE_PRIVATEKEY_SIZE)

#   define MPDC_ASYMMETRIC_PUBLIC_KEY_SIZE (QSC_MCELIECE_PUBLICKEY_SIZE)

#   define MPDC_ASYMMETRIC_SIGNATURE_SIZE (QSC_SPHINCSPLUS_SIGNATURE_SIZE)

#   define MPDC_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_SPHINCSPLUS_PRIVATEKEY_SIZE)

#   define MPDC_ASYMMETRIC_VERIFICATION_KEY_SIZE (QSC_SPHINCSPLUS_PUBLICKEY_SIZE)
 
#   if defined(QSC_MCELIECE_S1N3488T64)
#       if defined(QSC_SPHINCSPLUS_S1S128SHAKERF)
#           define MPDC_CHILD_CERTIFICATE_STRING_SIZE 23737
#           define MPDC_PARAMATERS_SPHINCSF_MCELIECE_SF1M1
#           define MPDC_ROOT_CERTIFICATE_STRING_SIZE 455
#           define MPDC_SIGNATURE_ENCODING_SIZE 22828
#           define MPDC_VERIFICATION_KEY_ENCODING_SIZE 44
#       elif defined(QSC_SPHINCSPLUS_S1S128SHAKERS)
#           define MPDC_CHILD_CERTIFICATE_STRING_SIZE 11237
#           define MPDC_PARAMATERS_SPHINCSS_MCELIECE_SS1M1
#           define MPDC_ROOT_CERTIFICATE_STRING_SIZE 455
#           define MPDC_SIGNATURE_ENCODING_SIZE 10520
#           define MPDC_VERIFICATION_KEY_ENCODING_SIZE 44
#       endif
#   elif defined(QSC_MCELIECE_S3N4608T96)
#       if defined(QSC_SPHINCSPLUS_S3S192SHAKERF)
#           define MPDC_CHILD_CERTIFICATE_STRING_SIZE 48912
#           define MPDC_PARAMATERS_SPHINCSF_MCELIECE_SF3M3
#           define MPDC_ROOT_CERTIFICATE_STRING_SIZE 476
#           define MPDC_SIGNATURE_ENCODING_SIZE 47596
#           define MPDC_VERIFICATION_KEY_ENCODING_SIZE 64
#       elif defined(QSC_SPHINCSPLUS_S3S192SHAKERS)
#           define MPDC_CHILD_CERTIFICATE_STRING_SIZE 22588
#           define MPDC_PARAMATERS_SPHINCSS_MCELIECE_SS3M3
#           define MPDC_ROOT_CERTIFICATE_STRING_SIZE 476
#           define MPDC_SIGNATURE_ENCODING_SIZE 21676
#           define MPDC_VERIFICATION_KEY_ENCODING_SIZE 64
#       endif
#   elif defined(QSC_MCELIECE_S5N6688T128)
#       if defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
#           define MPDC_CHILD_CERTIFICATE_STRING_SIZE 68158
#           define MPDC_PARAMATERS_SPHINCSF_MCELIECE_SF5M5
#           define MPDC_ROOT_CERTIFICATE_STRING_SIZE 501
#           define MPDC_SIGNATURE_ENCODING_SIZE 66520
#           define MPDC_VERIFICATION_KEY_ENCODING_SIZE 88
#       elif defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
#           define MPDC_CHILD_CERTIFICATE_STRING_SIZE 40987
#           define MPDC_PARAMATERS_SPHINCSS_MCELIECE_SS5M5
#           define MPDC_ROOT_CERTIFICATE_STRING_SIZE 501
#           define MPDC_SIGNATURE_ENCODING_SIZE 39768
#           define MPDC_VERIFICATION_KEY_ENCODING_SIZE 88
#       endif
#   elif defined(QSC_MCELIECE_S6N6960T119)
#       if defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
#           define MPDC_CHILD_CERTIFICATE_STRING_SIZE 68157
#           define MPDC_PARAMATERS_SPHINCSF_MCELIECE_SF5M6
#           define MPDC_ROOT_CERTIFICATE_STRING_SIZE 501
#           define MPDC_SIGNATURE_ENCODING_SIZE 66520
#           define MPDC_VERIFICATION_KEY_ENCODING_SIZE 88
#       elif defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
#           define MPDC_CHILD_CERTIFICATE_STRING_SIZE 40987
#           define MPDC_PARAMATERS_SPHINCSS_MCELIECE_SS5M6
#           define MPDC_ROOT_CERTIFICATE_STRING_SIZE 501
#           define MPDC_SIGNATURE_ENCODING_SIZE 39768
#           define MPDC_VERIFICATION_KEY_ENCODING_SIZE 88
#       endif
#   elif defined(QSC_MCELIECE_S7N8192T128)
#       if defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
#           define MPDC_CHILD_CERTIFICATE_STRING_SIZE 68157
#           define MPDC_PARAMATERS_SPHINCSF_MCELIECE_SF5M7
#           define MPDC_ROOT_CERTIFICATE_STRING_SIZE 501
#           define MPDC_SIGNATURE_ENCODING_SIZE 66520
#           define MPDC_VERIFICATION_KEY_ENCODING_SIZE 88
#       elif defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
#           define MPDC_CHILD_CERTIFICATE_STRING_SIZE 40987
#           define MPDC_PARAMATERS_SPHINCSS_MCELIECE_SS5M7
#           define MPDC_ROOT_CERTIFICATE_STRING_SIZE 501
#           define MPDC_SIGNATURE_ENCODING_SIZE 39768
#           define MPDC_VERIFICATION_KEY_ENCODING_SIZE 88
#       else
#           error Invalid parameter sets, check the QSC library settings 
#       endif
#   else
    /* The library signature scheme and asymmetric cipher parameter sets 
    must be synchronized to a common security level; s1, s3, s5 or s6.
    Check the QSC library common.h file for cipher and signature security level alignment. */
#   error Invalid parameter sets, check the QSC library settings 
#   endif
#endif

#define MPDC_ACTIVE_VERSION 1

#define MPDC_ACTIVE_VERSION_SIZE 2

#define MPDC_APPLICATION_AGENT_PORT 37766

#define MPDC_AGENT_FULL_TRUST 1000001

#define MPDC_AGENT_MINIMUM_TRUST 1

#define MPDC_AGENT_NAME_MAX_SIZE 256

#define MPDC_AGENT_TWOWAY_TRUST 1000002

#define MPDC_APPLICATION_CLIENT_PORT 37761

#define MPDC_APPLICATION_DLA_PORT 37762

#define MPDC_APPLICATION_IDG_PORT 37763

#define MPDC_APPLICATION_RDS_PORT 37764

#define MPDC_APPLICATION_MAS_PORT 37765

#define MPDC_CANONICAL_NAME_MINIMUM_SIZE 3

#define MPDC_CERTIFICATE_ADDRESS_SIZE 22

#define MPDC_CERTIFICATE_ALGORITHM_SIZE 1

#define MPDC_CERTIFICATE_DEFAULT_PERIOD ((uint64_t)365 * 24 * 60 * 60)

#define MPDC_CERTIFICATE_DESIGNATION_SIZE 1

#define MPDC_CERTIFICATE_EXPIRATION_SIZE 16

#define MPDC_CERTIFICATE_HASH_SIZE 32

#define MPDC_CERTIFICATE_ISSUER_SIZE 256

#define MPDC_CERTIFICATE_LINE_LENGTH 64

#define MPDC_CERTIFICATE_MAXIMUM_PERIOD (MPDC_CERTIFICATE_DEFAULT_PERIOD * 2)

#define MPDC_CERTIFICATE_MINIMUM_PERIOD ((uint64_t)1 * 24 * 60 * 60)

#define MPDC_CERTIFICATE_SERIAL_SIZE 16

#define MPDC_CERTIFICATE_HINT_SIZE (MPDC_CERTIFICATE_HASH_SIZE + MPDC_CERTIFICATE_SERIAL_SIZE)

#define MPDC_CERTIFICATE_SIGNED_HASH_SIZE (MPDC_ASYMMETRIC_SIGNATURE_SIZE + MPDC_CERTIFICATE_HASH_SIZE)

#define MPDC_CERTIFICATE_VERSION_SIZE 1

#define MPDC_CERTIFICATE_CHILD_SIZE (MPDC_CERTIFICATE_SIGNED_HASH_SIZE + \
    MPDC_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    MPDC_CERTIFICATE_ISSUER_SIZE + \
    MPDC_CERTIFICATE_SERIAL_SIZE + \
    MPDC_CERTIFICATE_SERIAL_SIZE + \
    MPDC_CERTIFICATE_EXPIRATION_SIZE + \
    MPDC_CERTIFICATE_DESIGNATION_SIZE + \
    MPDC_CERTIFICATE_ALGORITHM_SIZE + \
    MPDC_CERTIFICATE_VERSION_SIZE)

#define MPDC_CERTIFICATE_IDG_SIZE (MPDC_ASYMMETRIC_SIGNATURE_SIZE + \
    MPDC_CERTIFICATE_HASH_SIZE + \
    MPDC_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    MPDC_CERTIFICATE_ISSUER_SIZE + \
    MPDC_CERTIFICATE_ADDRESS_SIZE + \
    MPDC_CERTIFICATE_SERIAL_SIZE + \
    MPDC_CERTIFICATE_SERIAL_SIZE + \
    MPDC_CERTIFICATE_EXPIRATION_SIZE + \
    MPDC_CERTIFICATE_DESIGNATION_SIZE + \
    MPDC_CERTIFICATE_ALGORITHM_SIZE + \
    MPDC_CERTIFICATE_VERSION_SIZE)

#define MPDC_CERTIFICATE_ROOT_SIZE (MPDC_CERTIFICATE_HASH_SIZE + \
    MPDC_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    MPDC_CERTIFICATE_ISSUER_SIZE + \
    MPDC_CERTIFICATE_SERIAL_SIZE + \
    MPDC_CERTIFICATE_EXPIRATION_SIZE + \
    MPDC_CERTIFICATE_ALGORITHM_SIZE + \
    MPDC_CERTIFICATE_VERSION_SIZE)

#define MPDC_CRYPTO_SYMMETRIC_KEY_SIZE 32

#define MPDC_CRYPTO_SYMMETRIC_NONCE_SIZE 32

#define MPDC_CRYPTO_SEED_SIZE 64

#define MPDC_CRYPTO_SYMMETRIC_TOKEN_SIZE 32

#define MPDC_CRYPTO_SYMMETRIC_HASH_SIZE 32

#if defined(MPDC_EXTENDED_SESSION_SECURITY)
#   define MPDC_CRYPTO_SYMMETRIC_MAC_SIZE 64
#else
#   define MPDC_CRYPTO_SYMMETRIC_MAC_SIZE 32
#endif

#define MPDC_CRYPTO_SYMMETRIC_SECRET_SIZE 32

#if defined(MPDC_EXTENDED_SESSION_SECURITY)
#   define MPDC_CRYPTO_SYMMETRIC_SESSION_KEY_SIZE 64
#else
#   define MPDC_CRYPTO_SYMMETRIC_SESSION_KEY_SIZE 32
#endif

#define MPDC_DLA_CONVERGENCE_INTERVAL (60 * 60 * 24)

#define MPDC_DLA_IP_MAX 0x41

#define MPDC_DLA_PENALTY_MAX 0x100

#define MPDC_DLA_REDUCTION_INTERVAL 1000000

#define MPDC_DLA_UPDATE_WAIT_TIME (7 * 24 * 60 * 60)

#define MPDC_ERROR_STRING_DEPTH 26

#define MPDC_ERROR_STRING_WIDTH 128

#define MPDC_MESSAGE_MAX_SIZE 1400000

#define MPDC_MFK_EXPIRATION_PERIOD ((uint64_t)60 * 24 * 60 * 60)

#define MPDC_MINIMUM_PATH_LENGTH 9

#define MPDC_NETWORK_CONNECTION_MTU 1500

#define MPDC_NETWORK_DOMAIN_NAME_MAX_SIZE 256

#define MPDC_NETWORK_MAX_AGENTS 1000000

#define MPDC_NETWORK_NODE_ID_SIZE 16

#define MPDC_PERIOD_DAY_TO_SECONDS (24 * 60 * 60)

#define MPDC_SOCKET_TERMINATOR_SIZE 1

#define MPDC_PACKET_ERROR_SIZE 1

#define MPDC_PACKET_HEADER_SIZE 22

#define MPDC_PACKET_SUBHEADER_SIZE 16

#define MPDC_PACKET_SEQUENCE_TERMINATOR 0xFFFFFFFFUL

#define MPDC_PACKET_TIME_SIZE 8

#define MPDC_PACKET_TIME_THRESHOLD 60

#define MPDC_NETWORK_TERMINATION_MESSAGE_SIZE 1

#define MPDC_NETWORK_TERMINATION_PACKET_SIZE (MPDC_PACKET_HEADER_SIZE + MPDC_NETWORK_TERMINATION_MESSAGE_SIZE)
 
/* enumerations */

MPDC_EXPORT_API typedef enum mpdc_configuration_sets
{
    mpdc_configuration_set_none = 0x00,                                          
    mpdc_configuration_set_dilithium1_kyber1_rcs256_shake256 = 0x01,            
    mpdc_configuration_set_dilithium3_kyber3_rcs256_shake256 = 0x02,            
    mpdc_configuration_set_dilithium5_kyber5_rcs256_shake256 = 0x03,            
    mpdc_configuration_set_dilithium5_kyber6_rcs512_shake256 = 0x04,            
    mpdc_configuration_set_sphincsplus1f_mceliece1_rcs256_shake256 = 0x05,        
    mpdc_configuration_set_sphincsplus1s_mceliece1_rcs256_shake256 = 0x06,        
    mpdc_configuration_set_sphincsplus3f_mceliece3_rcs256_shake256 = 0x07,        
    mpdc_configuration_set_sphincsplus3s_mceliece3_rcs256_shake256 = 0x08,        
    mpdc_configuration_set_sphincsplus5f_mceliece5_rcs256_shake256 = 0x09,        
    mpdc_configuration_set_sphincsplus5s_mceliece5_rcs256_shake256 = 0x0A,        
    mpdc_configuration_set_sphincsplus5f_mceliece6_rcs256_shake256 = 0x0B,        
    mpdc_configuration_set_sphincsplus5s_mceliece6_rcs256_shake256 = 0x0C,        
    mpdc_configuration_set_sphincsplus5f_mceliece7_rcs256_shake256 = 0x0D,        
    mpdc_configuration_set_sphincsplus5s_mceliece7_rcs256_shake256 = 0x0E,        
} mpdc_configuration_sets;

MPDC_EXPORT_API typedef enum mpdc_network_designations
{
    mpdc_network_designation_none = 0x00,                          
    mpdc_network_designation_agent = 0x01,                            
    mpdc_network_designation_client = 0x02,                          
    mpdc_network_designation_dla = 0x03,                            
    mpdc_network_designation_idg = 0x04,                            
    mpdc_network_designation_mas = 0x05,                            
    mpdc_network_designation_remote = 0x06,                          
    mpdc_network_designation_rds = 0x07,                            
    mpdc_network_designation_revoked = 0x08,                        
    mpdc_network_designation_all = 0xFF,                            
} mpdc_network_designations;

MPDC_EXPORT_API typedef enum mpdc_network_errors
{
    mpdc_network_error_none = 0x00,                                  
    mpdc_network_error_accept_fail = 0x01,                            
    mpdc_network_error_auth_failure = 0x02,                          
    mpdc_network_error_bad_keep_alive = 0x03,                      
    mpdc_network_error_channel_down = 0x04,                          
    mpdc_network_error_connection_failure = 0x05,                  
    mpdc_network_error_decryption_failure = 0x06,                  
    mpdc_network_error_establish_failure = 0x07,                    
    mpdc_network_error_general_failure = 0x08,                        
    mpdc_network_error_hosts_exceeded = 0x09,                      
    mpdc_network_error_identity_unknown = 0x10,                      
    mpdc_network_error_invalid_input = 0x1A,                        
    mpdc_network_error_invalid_request = 0x1B,                        
    mpdc_network_error_keep_alive_expired = 0x1C,                  
    mpdc_network_error_keep_alive_timeout = 0x1D,                  
    mpdc_network_error_kex_auth_failure = 0x1E,                      
    mpdc_network_error_key_not_recognized = 0x1F,                  
    mpdc_network_error_key_has_expired = 0x20,                        
    mpdc_network_error_listener_fail = 0x21,                        
    mpdc_network_error_memory_allocation = 0x22,                    
    mpdc_network_error_packet_unsequenced = 0x23,                  
    mpdc_network_error_random_failure = 0x24,                      
    mpdc_network_error_ratchet_fail = 0x25,                          
    mpdc_network_error_receive_failure = 0x26,                        
    mpdc_network_error_transmit_failure = 0x27,                      
    mpdc_network_error_unknown_protocol = 0x28,                      
    mpdc_network_error_unsequenced = 0x29,                            
    mpdc_network_error_verify_failure = 0x2A,                      
} mpdc_network_errors;

MPDC_EXPORT_API typedef enum mpdc_network_flags
{
    mpdc_network_flag_none = 0x00,                                    
    mpdc_network_flag_connection_terminate_request = 0x01,            
    mpdc_network_flag_error_condition = 0x02,                      
    mpdc_network_flag_fragment_collection_request = 0x03,          
    mpdc_network_flag_fragment_collection_response = 0x04,            
    mpdc_network_flag_fragment_request = 0x05,                        
    mpdc_network_flag_fragment_response = 0x06,                      
    mpdc_network_flag_fragment_query_request = 0x07,                
    mpdc_network_flag_fragment_query_response = 0x08,              
    mpdc_network_flag_incremental_update_request = 0x09,            
    mpdc_network_flag_incremental_update_response = 0x0A,          
    mpdc_network_flag_register_request = 0x0B,                        
    mpdc_network_flag_register_response = 0x0C,                      
    mpdc_network_flag_register_update_request = 0x0D,              
    mpdc_network_flag_register_update_response = 0x0E,                
    mpdc_network_flag_keep_alive_request = 0x0F,                    
    mpdc_network_flag_keep_alive_response = 0x10,                  
    mpdc_network_flag_mfk_establish = 0x11,                          
    mpdc_network_flag_mfk_request = 0x12,                          
    mpdc_network_flag_mfk_response = 0x13,                            
    mpdc_network_flag_mfk_verify = 0x14,                            
    mpdc_network_flag_network_announce_broadcast = 0x15,            
    mpdc_network_flag_network_converge_request = 0x16,                
    mpdc_network_flag_network_converge_response = 0x17,              
    mpdc_network_flag_network_converge_update = 0x18,              
    mpdc_network_flag_network_resign_request = 0x19,                
    mpdc_network_flag_network_resign_response = 0x1A,              
    mpdc_network_flag_network_revocation_broadcast = 0x1B,            
    mpdc_network_flag_network_signature_request = 0x1C,              
    mpdc_network_flag_system_error_condition = 0x1D,                
    mpdc_network_flag_tunnel_connection_terminate = 0x1E,          
    mpdc_network_flag_tunnel_encrypted_message = 0x1F,                
    mpdc_network_flag_tunnel_session_established = 0x20,            
    mpdc_network_flag_tunnel_transfer_request = 0x21,              
    mpdc_network_flag_topology_query_request = 0x22,                
    mpdc_network_flag_topology_query_response = 0x23,              
    mpdc_network_flag_topology_status_request = 0x24,              
    mpdc_network_flag_topology_status_response = 0x25,                
    mpdc_network_flag_topology_status_available = 0x26,              
    mpdc_network_flag_topology_status_synchronized = 0x27,            
    mpdc_network_flag_topology_status_unavailable = 0x28,          
    mpdc_network_flag_network_remote_signing_request = 0x29,        
    mpdc_network_flag_network_remote_signing_response = 0x2A,      
} mpdc_network_flags;

MPDC_EXPORT_API typedef enum mpdc_protocol_errors
{
    mpdc_protocol_error_none = 0x00,                                
    mpdc_protocol_error_authentication_failure = 0x01,                
    mpdc_protocol_error_certificate_not_found = 0x02,              
    mpdc_protocol_error_channel_down = 0x03,                        
    mpdc_protocol_error_connection_failure = 0x04,                    
    mpdc_protocol_error_connect_failure = 0x05,                      
    mpdc_protocol_error_convergence_failure = 0x06,                  
    mpdc_protocol_error_convergence_synchronized = 0x07,            
    mpdc_protocol_error_decapsulation_failure = 0x08,              
    mpdc_protocol_error_decoding_failure = 0x09,                    
    mpdc_protocol_error_decryption_failure = 0x0A,                    
    mpdc_protocol_error_establish_failure = 0x0B,                  
    mpdc_protocol_error_exchange_failure = 0x0C,                    
    mpdc_protocol_error_file_not_deleted = 0x0D,                    
    mpdc_protocol_error_file_not_found = 0x0E,                        
    mpdc_protocol_error_file_not_written = 0x0F,                    
    mpdc_protocol_error_hash_invalid = 0x10,                        
    mpdc_protocol_error_hosts_exceeded = 0x11,                        
    mpdc_protocol_error_invalid_request = 0x12,                      
    mpdc_protocol_error_certificate_expired = 0x13,                  
    mpdc_protocol_error_key_expired = 0x14,                          
    mpdc_protocol_error_key_unrecognized = 0x15,                    
    mpdc_protocol_error_listener_fail = 0x16,                      
    mpdc_protocol_error_memory_allocation = 0x17,                  
    mpdc_protocol_error_message_time_invalid = 0x18,                
    mpdc_protocol_error_message_verification_failure = 0x19,        
    mpdc_protocol_error_no_usable_address = 0x1A,                  
    mpdc_protocol_error_node_not_available = 0x1B,                    
    mpdc_protocol_error_node_not_found = 0x1C,                        
    mpdc_protocol_error_node_was_registered = 0x1D,                  
    mpdc_protocol_error_operation_cancelled = 0x1E,                  
    mpdc_protocol_error_packet_header_invalid = 0x1F,              
    mpdc_protocol_error_packet_unsequenced = 0x20,                    
    mpdc_protocol_error_receive_failure = 0x21,                      
    mpdc_protocol_error_root_signature_invalid = 0x22,                
    mpdc_protocol_error_serialization_failure = 0x23,              
    mpdc_protocol_error_signature_failure = 0x24,                  
    mpdc_protocol_error_signing_failure = 0x25,                      
    mpdc_protocol_error_socket_binding = 0x26,                        
    mpdc_protocol_error_socket_creation = 0x27,                      
    mpdc_protocol_error_transmit_failure = 0x28,                    
    mpdc_protocol_error_topology_no_agent = 0x29,                  
    mpdc_protocol_error_unknown_protocol = 0x2A,                    
    mpdc_protocol_error_verification_failure = 0x2B,                
} mpdc_protocol_errors;

MPDC_EXPORT_API typedef enum mpdc_version_sets
{
    mpdc_version_set_none = 0x00,                                  
    mpdc_version_set_one_zero = 0x01,                              
} mpdc_version_sets;
 
/* public structures */

MPDC_EXPORT_API typedef struct mpdc_certificate_expiration
{
    uint64_t from;                                                  
    uint64_t to;                                                  
} mpdc_certificate_expiration;

MPDC_EXPORT_API typedef struct mpdc_child_certificate
{
    uint8_t csig[MPDC_CERTIFICATE_SIGNED_HASH_SIZE];               
    uint8_t verkey[MPDC_ASYMMETRIC_VERIFICATION_KEY_SIZE];           
    char issuer[MPDC_CERTIFICATE_ISSUER_SIZE];                        
    uint8_t serial[MPDC_CERTIFICATE_SERIAL_SIZE];                 
    uint8_t rootser[MPDC_CERTIFICATE_SERIAL_SIZE];                   
    mpdc_certificate_expiration expiration;                            
    mpdc_network_designations designation;                          
    mpdc_configuration_sets algorithm;                              
    uint8_t version;                                             
} mpdc_child_certificate;

#define MPDC_X509_CERTIFICATE_SIZE 4096

#define MPDC_IDG_HINT_SIZE (MPDC_CERTIFICATE_HASH_SIZE + MPDC_CERTIFICATE_SERIAL_SIZE)

MPDC_EXPORT_API typedef struct mpdc_idg_hint
{
    uint8_t chash[MPDC_CERTIFICATE_HASH_SIZE];                       
    uint8_t rootser[MPDC_CERTIFICATE_SERIAL_SIZE];                   
} mpdc_idg_hint;

MPDC_EXPORT_API typedef struct mpdc_idg_certificate
{
    uint8_t csig[MPDC_CERTIFICATE_SIGNED_HASH_SIZE];               
    uint8_t vkey[MPDC_ASYMMETRIC_VERIFICATION_KEY_SIZE];           
    uint8_t xcert[MPDC_X509_CERTIFICATE_SIZE];                       
    uint8_t serial[MPDC_CERTIFICATE_SERIAL_SIZE];                 
    uint8_t rootser[MPDC_CERTIFICATE_SERIAL_SIZE];                   
    uint8_t hint[MPDC_CERTIFICATE_HINT_SIZE];                     
    char issuer[MPDC_CERTIFICATE_ISSUER_SIZE];                        
    mpdc_certificate_expiration expiration;                            
    mpdc_network_designations designation;                          
    mpdc_configuration_sets algorithm;                              
    uint8_t version;                                             
} mpdc_idg_certificate;

MPDC_EXPORT_API typedef struct mpdc_connection_state
{
    qsc_socket target;                                                
    qsc_rcs_state rxcpr;                                           
    qsc_rcs_state txcpr;                                           
    uint64_t rxseq;                                                    
    uint64_t txseq;                                                    
    uint32_t instance;                                              
    mpdc_network_flags exflag;                                      
} mpdc_connection_state;

MPDC_EXPORT_API typedef struct mpdc_keep_alive_state
{
    qsc_socket target;                                                
    uint64_t etime;                                                    
    uint64_t seqctr;                                              
    bool recd;                                                      
} mpdc_keep_alive_state;

typedef struct mpdc_mfkey_state
{
    uint8_t serial[MPDC_CERTIFICATE_SERIAL_SIZE];                 
    uint8_t mfk[MPDC_CRYPTO_SYMMETRIC_KEY_SIZE];                   
} mpdc_mfkey_state;

MPDC_EXPORT_API typedef struct mpdc_network_packet
{
    uint8_t flag;                                                   
    uint32_t msglen;                                              
    uint64_t sequence;                                              
    uint64_t utctime;                                                
    uint8_t* pmessage;                                              
} mpdc_network_packet;

MPDC_EXPORT_API typedef struct mpdc_root_certificate
{
    uint8_t verkey[MPDC_ASYMMETRIC_VERIFICATION_KEY_SIZE];           
    char issuer[MPDC_CERTIFICATE_ISSUER_SIZE];                        
    uint8_t serial[MPDC_CERTIFICATE_SERIAL_SIZE];                 
    mpdc_certificate_expiration expiration;                            
    mpdc_configuration_sets algorithm;                              
    mpdc_version_sets version;                                      
} mpdc_root_certificate;

MPDC_EXPORT_API typedef struct mpdc_serialized_symmetric_key
{
    uint64_t keyid;                                                    
    uint8_t key[MPDC_CRYPTO_SYMMETRIC_KEY_SIZE];                   
    uint8_t nonce[MPDC_CRYPTO_SYMMETRIC_NONCE_SIZE];               
} mpdc_serialized_symmetric_key;

MPDC_EXPORT_API typedef struct mpdc_signature_keypair
{
    uint8_t prikey[MPDC_ASYMMETRIC_SIGNING_KEY_SIZE];             
    uint8_t pubkey[MPDC_ASYMMETRIC_VERIFICATION_KEY_SIZE];           
} mpdc_signature_keypair;

MPDC_EXPORT_API typedef struct mpdc_cipher_keypair
{
    uint8_t prikey[MPDC_ASYMMETRIC_PRIVATE_KEY_SIZE];             
    uint8_t pubkey[MPDC_ASYMMETRIC_PUBLIC_KEY_SIZE];               
} mpdc_cipher_keypair;
 
/* public key encoding constants */

 
#define MPDC_CERTIFICATE_SEPERATOR_SIZE 1
#define MPDC_CHILD_CERTIFICATE_HEADER_SIZE 64
#define MPDC_CHILD_CERTIFICATE_ROOT_HASH_PREFIX_SIZE 30
#define MPDC_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX_SIZE 23
#define MPDC_CHILD_CERTIFICATE_ISSUER_PREFIX_SIZE 9
#define MPDC_CHILD_CERTIFICATE_NAME_PREFIX_SIZE 7
#define MPDC_CHILD_CERTIFICATE_SERIAL_PREFIX_SIZE 9
#define MPDC_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX_SIZE 14
#define MPDC_CHILD_CERTIFICATE_VALID_FROM_PREFIX_SIZE 13
#define MPDC_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE 6
#define MPDC_CHILD_CERTIFICATE_ALGORITHM_PREFIX_SIZE 12
#define MPDC_CHILD_CERTIFICATE_VERSION_PREFIX_SIZE 10
#define MPDC_CHILD_CERTIFICATE_DESIGNATION_PREFIX_SIZE 14
#define MPDC_CHILD_CERTIFICATE_ADDRESS_PREFIX_SIZE 10
#define MPDC_CHILD_CERTIFICATE_FOOTER_SIZE 64
#define MPDC_CHILD_CERTIFICATE_DEFAULT_NAME_SIZE 19
 
static const char MPDC_CHILD_CERTIFICATE_HEADER[MPDC_CHILD_CERTIFICATE_HEADER_SIZE] = "-----------BEGIN MPDC CHILD PUBLIC CERTIFICATE BLOCK-----------";
static const char MPDC_CHILD_CERTIFICATE_ROOT_HASH_PREFIX[MPDC_CHILD_CERTIFICATE_ROOT_HASH_PREFIX_SIZE] = "Root Signed Public Key Hash: ";
static const char MPDC_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX[MPDC_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX_SIZE] = "Public Signature Key: ";
static const char MPDC_CHILD_CERTIFICATE_ISSUER_PREFIX[MPDC_CHILD_CERTIFICATE_ISSUER_PREFIX_SIZE] = "Issuer: ";
static const char MPDC_CHILD_CERTIFICATE_NAME_PREFIX[MPDC_CHILD_CERTIFICATE_NAME_PREFIX_SIZE] = "Name: ";
static const char MPDC_CHILD_CERTIFICATE_SERIAL_PREFIX[MPDC_CHILD_CERTIFICATE_SERIAL_PREFIX_SIZE] = "Serial: ";
static const char MPDC_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX[MPDC_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX_SIZE] = "Root Serial: ";
static const char MPDC_CHILD_CERTIFICATE_VALID_FROM_PREFIX[MPDC_CHILD_CERTIFICATE_VALID_FROM_PREFIX_SIZE] = "Valid From: ";
static const char MPDC_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX[MPDC_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE] = " To: ";
static const char MPDC_CHILD_CERTIFICATE_ALGORITHM_PREFIX[MPDC_CHILD_CERTIFICATE_ALGORITHM_PREFIX_SIZE] = "Algorithm: ";
static const char MPDC_CHILD_CERTIFICATE_VERSION_PREFIX[MPDC_CHILD_CERTIFICATE_VERSION_PREFIX_SIZE] = "Version: ";
static const char MPDC_CHILD_CERTIFICATE_DESIGNATION_PREFIX[MPDC_CHILD_CERTIFICATE_DESIGNATION_PREFIX_SIZE] = "Designation: ";
static const char MPDC_CHILD_CERTIFICATE_ADDRESS_PREFIX[MPDC_CHILD_CERTIFICATE_ADDRESS_PREFIX_SIZE] = "Address: ";
static const char MPDC_CHILD_CERTIFICATE_FOOTER[MPDC_CHILD_CERTIFICATE_FOOTER_SIZE] = "------------END MPDC CHILD PUBLIC CERTIFICATE BLOCK------------";
static const char MPDC_CHILD_CERTIFICATE_DEFAULT_NAME[MPDC_CHILD_CERTIFICATE_DEFAULT_NAME_SIZE] = " Child Certificate";
 
#define MPDC_NETWORK_DESIGNATION_SIZE 33
static const char MPDC_NETWORK_DESIGNATION_NONE[MPDC_NETWORK_DESIGNATION_SIZE] = "mpdc_network_designation_none";
static const char MPDC_NETWORK_DESIGNATION_AGENT[MPDC_NETWORK_DESIGNATION_SIZE] = "mpdc_network_designation_agent";
static const char MPDC_NETWORK_DESIGNATION_CLIENT[MPDC_NETWORK_DESIGNATION_SIZE] = "mpdc_network_designation_client";
static const char MPDC_NETWORK_DESIGNATION_DLA[MPDC_NETWORK_DESIGNATION_SIZE] = "mpdc_network_designation_dla";
static const char MPDC_NETWORK_DESIGNATION_IDG[MPDC_NETWORK_DESIGNATION_SIZE] = "mpdc_network_designation_idg";
static const char MPDC_NETWORK_DESIGNATION_REMOTE[MPDC_NETWORK_DESIGNATION_SIZE] = "mpdc_network_designation_remote";
static const char MPDC_NETWORK_DESIGNATION_ROOT[MPDC_NETWORK_DESIGNATION_SIZE] = "mpdc_network_designation_rds";
static const char MPDC_NETWORK_DESIGNATION_SERVER[MPDC_NETWORK_DESIGNATION_SIZE] = "mpdc_network_designation_mas";
static const char MPDC_NETWORK_DESIGNATION_ALL[MPDC_NETWORK_DESIGNATION_SIZE] = "mpdc_network_designation_all";


#define MPDC_PROTOCOL_SET_SIZE 41
 
/* Valid parameter sets: 
Kyber-S1, Dilithium-S1
Kyber-S3, Dilithium-S3
Kyber-S5, Dilithium-S5
Kyber-S6, Dilithium-S5
McEliece-S1, Sphincs-S1(f,s)
McEliece-S3, Sphincs-S3(f,s)
McEliece-S5, Sphincs-S5(f,s)
McEliece-S6, Sphincs-S5(f,s)
McEliece-S7, Sphincs-S6(f,s) */

 
#if defined(MPDC_PARAMATERS_DILITHIUM_KYBER_D1K1)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "dilithium-s1_kyber-s1_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_dilithium1_kyber1_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_DILITHIUM_KYBER_D3K3)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "dilithium-s3_kyber-s3_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_dilithium3_kyber3_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_DILITHIUM_KYBER_D5K5)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "dilithium-s5_kyber-s5_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_dilithium5_kyber5_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_DILITHIUM_KYBER_D5K6)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "dilithium-s5_kyber-s6_rcs-512_sha3-512";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_dilithium5_kyber6_rcs512_shake512;
#elif defined(MPDC_PARAMATERS_SPHINCSF_MCELIECE_SF1M1) 
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "sphincs-1f_mceliece-s1_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_sphincsplus1f_mceliece1_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_SPHINCSPLUS_S1S128SHAKERS)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "sphincs-1s_mceliece-s1_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_sphincsplus1s_mceliece1_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_SPHINCSF_MCELIECE_SF3M3)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "sphincs-3f_mceliece-s3_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_sphincsplus3f_mceliece3_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_SPHINCSPLUS_S3S192SHAKERS)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "sphincs-3s_mceliece-s3_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_sphincsplus3s_mceliece3_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_SPHINCSF_MCELIECE_SF5M5)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "sphincs-5f_mceliece-s5_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_sphincsplus5f_mceliece5_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_SPHINCSPLUS_S5S256SHAKERS)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "sphincs-5s_mceliece-s5_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_sphincsplus5s_mceliece5_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_SPHINCSF_MCELIECE_SF5M6)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "sphincs-5f_mceliece-s6_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_sphincsplus5f_mceliece6_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_SPHINCSPLUS_S5S256SHAKERS)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "sphincs-5s_mceliece-s6_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_sphincsplus5s_mceliece6_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_SPHINCSF_MCELIECE_SF5M7)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "sphincs-5f_mceliece-s7_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_sphincsplus5f_mceliece7_rcs256_shake256;
#elif defined(MPDC_PARAMATERS_SPHINCSPLUS_S5S256SHAKERS)
static const char MPDC_CONFIG_STRING[MPDC_PROTOCOL_SET_SIZE] = "sphincs-5s_mceliece-s7_rcs-256_sha3-256";
static const mpdc_configuration_sets MPDC_CONFIGURATION_SET = mpdc_configuration_set_sphincsplus5s_mceliece7_rcs256_shake256;
#else
#   error Invalid parameter set!
#endif


 
#define MPDC_ROOT_CERTIFICATE_HEADER_SIZE 64
#define MPDC_ROOT_CERTIFICATE_HASH_PREFIX_SIZE 19
#define MPDC_ROOT_CERTIFICATE_PUBLICKEY_PREFIX_SIZE 13
#define MPDC_ROOT_CERTIFICATE_ISSUER_PREFIX_SIZE 9
#define MPDC_ROOT_CERTIFICATE_NAME_PREFIX_SIZE 7
#define MPDC_ROOT_CERTIFICATE_SERIAL_PREFIX_SIZE 9
#define MPDC_ROOT_CERTIFICATE_FOOTER_SIZE 64
#define MPDC_ROOT_CERTIFICATE_VALID_FROM_PREFIX_SIZE 13
#define MPDC_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE 6
#define MPDC_ROOT_CERTIFICATE_ALGORITHM_PREFIX_SIZE 12
#define MPDC_ROOT_CERTIFICATE_VERSION_PREFIX_SIZE 10
#define MPDC_ROOT_CERTIFICATE_DEFAULT_NAME_SIZE 18
#define MPDC_ACTIVE_VERSION_STRING_SIZE 5


 
static const char MPDC_ROOT_CERTIFICATE_HEADER[MPDC_ROOT_CERTIFICATE_HEADER_SIZE] = "------------BEGIN MPDC ROOT PUBLIC CERTIFICATE BLOCK-----------";
static const char MPDC_ROOT_CERTIFICATE_ISSUER_PREFIX[MPDC_ROOT_CERTIFICATE_ISSUER_PREFIX_SIZE] = "Issuer: ";
static const char MPDC_ROOT_CERTIFICATE_NAME_PREFIX[MPDC_ROOT_CERTIFICATE_NAME_PREFIX_SIZE] = "Name: ";
static const char MPDC_ROOT_CERTIFICATE_SERIAL_PREFIX[MPDC_ROOT_CERTIFICATE_SERIAL_PREFIX_SIZE] = "Serial: ";
static const char MPDC_ROOT_CERTIFICATE_VALID_FROM_PREFIX[MPDC_ROOT_CERTIFICATE_VALID_FROM_PREFIX_SIZE] = "Valid From: ";
static const char MPDC_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX[MPDC_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE] = " To: ";
static const char MPDC_ROOT_CERTIFICATE_ALGORITHM_PREFIX[MPDC_ROOT_CERTIFICATE_ALGORITHM_PREFIX_SIZE] = "Algorithm: ";
static const char MPDC_ROOT_CERTIFICATE_VERSION_PREFIX[MPDC_ROOT_CERTIFICATE_VERSION_PREFIX_SIZE] = "Version: ";
static const char MPDC_ROOT_CERTIFICATE_HASH_PREFIX[MPDC_ROOT_CERTIFICATE_HASH_PREFIX_SIZE] = "Certificate Hash: ";
static const char MPDC_ROOT_CERTIFICATE_PUBLICKEY_PREFIX[MPDC_ROOT_CERTIFICATE_PUBLICKEY_PREFIX_SIZE] = "Public Key: ";
static const char MPDC_ROOT_CERTIFICATE_FOOTER[MPDC_ROOT_CERTIFICATE_FOOTER_SIZE] = "------------END MPDC ROOT PUBLIC CERTIFICATE BLOCK-------------";
static const char MPDC_ROOT_CERTIFICATE_DEFAULT_NAME[MPDC_ROOT_CERTIFICATE_DEFAULT_NAME_SIZE] = " Root Certificate";
 
static const char MPDC_ACTIVE_VERSION_STRING[MPDC_ACTIVE_VERSION_STRING_SIZE] = "0x01";
static const char MPDC_CERTIFICATE_CHILD_EXTENSION[] = ".ccert";
static const char MPDC_CERTIFICATE_MFCOL_EXTENSION[] = ".mfcol";
static const char MPDC_CERTIFICATE_ROOT_EXTENSION[] = ".rcert";
static const char MPDC_CERTIFICATE_TOPOLOGY_EXTENSION[] = ".dtop";
static const char MPDC_APPLICATION_ROOT_PATH[] = "\\MPDC";
static const char MPDC_CERTIFICATE_BACKUP_PATH[] = "\\Backup";
static const char MPDC_CERTIFICATE_STORE_PATH[] = "\\Certificates";
static const char MPDC_ROOT_CERTIFICATE_PATH[] = "\\Root";
static const char MPDC_CERTIFICATE_TOPOLOGY_PATH[] = "\\Topology";

 
#define MPDC_NETWORK_ERROR_STRING_DEPTH 28
#define MPDC_NETWORK_ERROR_STRING_SIZE 128

 
static const char MPDC_NETWORK_ERROR_STRINGS[MPDC_NETWORK_ERROR_STRING_DEPTH][MPDC_NETWORK_ERROR_STRING_SIZE] =
{
    "No error was detected",
    "The socket accept function returned an error",
    "The cipher authentication has failed",
    "The keep alive check failed",
    "The communications channel has failed",
    "The device could not make a connnection to the remote host",
    "The decryption authentication has failed",
    "The transmission failed at the kex establish phase",
    "The connection experienced an unexpected error",
    "The server has run out of socket connections",
    "The random generator experienced a failure",
    "The input is invalid",
    "The request is invalid",
    "The keep alive has expired with no response",
    "The keepalive failure counter has exceeded maximum ",
    "The kex authentication has failed",
    "The key-id is not recognized",
    "The certificate has expired",
    "The listener function failed to initialize",
    "The server has run out of memory",
    "The random generator experienced a failure",
    "The random generator experienced a failure",
    "The ratchet operation has failed",
    "The receiver failed at the network layer",
    "The transmitter failed at the network layer",
    "The protocol version is unknown",
    "The packet was received out of sequence",
    "The expected data could not be verified"
};
 
#define MPDC_PROTOCOL_ERROR_STRING_DEPTH 44
#define MPDC_PROTOCOL_ERROR_STRING_SIZE 128
 
static const char MPDC_PROTOCOL_ERROR_STRINGS[MPDC_PROTOCOL_ERROR_STRING_DEPTH][MPDC_PROTOCOL_ERROR_STRING_SIZE] =
{
    "No error was detected",
    "The symmetric cipher had an authentication failure",
    "The node certificate could not be found",
    "The communications channel has failed",
    "The device could not make a connection to the remote host",
    "The transmission failed at the KEX connection phase",
    "The convergence call has returned an error",
    "The database is already synchronized",
    "The asymmetric cipher failed to decapsulate the shared secret",
    "The node or certificate decoding failed",
    "The decryption authentication has failed",
    "The transmission failed at the KEX establish phase",
    "The transmission failed at the KEX exchange phase",
    "The application could not delete a local file",
    "The file could not be found",
    "The file could not be written to storage",
    "The public-key hash is invalid",
    "The server has run out of socket connections",
    "The packet flag was unexpected",
    "The certificate has expired and is invalid",
    "The MPDC public key has expired ",
    "The key identity is unrecognized",
    "The listener function failed to initialize",
    "The server has run out of memory",
    "The network time is invalid or has substantial delay",
    "The expected data could not be verified",
    "The server has no usable IP address, assign in configuration",
    "The node is offline or not available for connection",
    "The node could not be found in the database",
    "The node was previously registered in the database",
    "The operation was cancelled by the user",
    "The packet header received was invalid",
    "The packet was received out of sequence",
    "The receiver failed at the network layer",
    "The root signature failed authentication",
    "The certificate could not be serialized",
    "The signature scheme could not sign a message",
    "The transmission failed to sign the data",
    "The socket could not be bound to an IP address",
    "The socket could not be created",
    "The transmitter failed at the network layer",
    "The topological database has no agent entries",
    "The protocol string was not recognized",
    "The transmission failed at the KEX verify phase"
};

 
/* API */

MPDC_EXPORT_API void mpdc_connection_close(qsc_socket* rsock, mpdc_network_errors err, bool notify);

MPDC_EXPORT_API mpdc_network_errors mpdc_decrypt_packet(mpdc_connection_state* cns, uint8_t* message, size_t* msglen, const mpdc_network_packet* packetin);

MPDC_EXPORT_API mpdc_network_errors mpdc_encrypt_packet(mpdc_connection_state* cns, mpdc_network_packet* packetout, const uint8_t* message, size_t msglen);

MPDC_EXPORT_API void mpdc_connection_state_dispose(mpdc_connection_state* cns);

MPDC_EXPORT_API const char* mpdc_network_error_to_string(mpdc_network_errors error);

MPDC_EXPORT_API const char* mpdc_protocol_error_to_string(mpdc_protocol_errors error);

MPDC_EXPORT_API void mpdc_packet_clear(mpdc_network_packet* packet);

MPDC_EXPORT_API void mpdc_packet_error_message(mpdc_network_packet* packet, mpdc_protocol_errors error);

MPDC_EXPORT_API void mpdc_packet_header_deserialize(const uint8_t* header, mpdc_network_packet* packet);

MPDC_EXPORT_API void mpdc_packet_header_serialize(const mpdc_network_packet* packet, uint8_t* header);

MPDC_EXPORT_API void mpdc_packet_set_utc_time(mpdc_network_packet* packet);

MPDC_EXPORT_API bool mpdc_packet_time_valid(const mpdc_network_packet* packet);

MPDC_EXPORT_API size_t mpdc_packet_to_stream(const mpdc_network_packet* packet, uint8_t* pstream);

MPDC_EXPORT_API void mpdc_stream_to_packet(const uint8_t* pstream, mpdc_network_packet* packet);
 
#endif