QSMP support header Common defined parameters and functions of the qsmp client and server implementations.
More...
|
|
#define | QSMP_CONFIG_DILITHIUM_KYBER |
| | Sets the asymmetric cryptographic primitive-set to Dilithium/Kyber.
|
| |
|
#define | QSMP_CONFIG_SIZE 48 |
| | The size of the protocol configuration string.
|
| |
|
#define | QSMP_SIMPLEX_HASH_SIZE 32 |
| | The Simplex 256-bit hash function output size.
|
| |
|
#define | QSMP_SIMPLEX_MACKEY_SIZE 32 |
| | The Simplex 256-bit mac key size.
|
| |
|
#define | QSMP_SIMPLEX_MACTAG_SIZE 32 |
| | The Simplex 256-bit mac key size.
|
| |
|
#define | QSMP_SIMPLEX_SYMMETRIC_KEY_SIZE 32 |
| | The Simplex 256-bit symmetric cipher key size.
|
| |
|
#define | QSMP_SIMPLEX_SCHASH_SIZE 32 |
| | The Simplex 256-bit session token hash size.
|
| |
|
#define | QSMP_DUPLEX_HASH_SIZE 64 |
| | The Duplex 512-bit hash function size.
|
| |
|
#define | QSMP_DUPLEX_MACKEY_SIZE 64 |
| | The Duplex 512-bit mac key size.
|
| |
|
#define | QSMP_DUPLEX_MACTAG_SIZE 64 |
| | The Duplex 512-bit mac key size.
|
| |
|
#define | QSMP_DUPLEX_SYMMETRIC_KEY_SIZE 64 |
| | TheDuplex 512-bit symmetric cipher key size.
|
| |
|
#define | QSMP_DUPLEX_SCHASH_SIZE 64 |
| | The Duplex session token 512-bit hash size.
|
| |
|
#define | QSMP_ASYMMETRIC_KEYCHAIN_COUNT 10 |
| | The key-chain asymmetric key count.
|
| |
|
#define | QSMP_CLIENT_PORT 31118 |
| | The default client port address.
|
| |
|
#define | QSMP_CONNECTIONS_INIT 1000 |
| | The intitial QSMP connections queue size.
|
| |
|
#define | QSMP_CONNECTIONS_MAX 50000 |
| | The maximum number of connections Calculated given approx 5k (3480 connection state + 1500 mtu + overhead), per connection on 256GB of DRAM. Can be scaled to a greater number provided the hardware can support it.
|
| |
|
#define | QSMP_CONNECTION_MTU 1500 |
| | The QSMP packet buffer size.
|
| |
|
#define | QSMP_ERROR_SEQUENCE 0xFF00000000000000ULL |
| | The packet error sequence number.
|
| |
|
#define | QSMP_ERROR_MESSAGE_SIZE 1 |
| | The packet error message size.
|
| |
|
#define | QSMP_FLAG_SIZE 1 |
| | The packet flag size.
|
| |
|
#define | QSMP_HEADER_SIZE 21 |
| | The QSMP packet header size.
|
| |
|
#define | QSMP_KEEPALIVE_STRING 20 |
| | The keep alive string size.
|
| |
|
#define | QSMP_KEEPALIVE_TIMEOUT (120 * 1000) |
| | The keep alive timeout in milliseconds (2 minutes)
|
| |
|
#define | QSMP_KEYID_SIZE 16 |
| | The QSMP key identity size.
|
| |
|
#define | QSMP_MSGLEN_SIZE 4 |
| | The size of the packet message length.
|
| |
|
#define | QSMP_NETWORK_MTU_SIZE 1500 |
| | The size of the packet MTU length.
|
| |
|
#define | QSMP_NONCE_SIZE 32 |
| | The size of the symmetric cipher nonce.
|
| |
|
#define | QSMP_RTOK_SIZE 32 |
| | The size of the ratchet token.
|
| |
|
#define | QSMP_SERVER_PORT 31119 |
| | The default server port address.
|
| |
|
#define | QSMP_PACKET_TIME_THRESHOLD 60 |
| | The maximum number of seconds a packet is valid Note: On interior networks with a shared (NTP) time source, this could be set at 1 second, depending on network and device traffic conditions. For exterior networks, this time needs to be adjusted to account for clock-time differences, between 30-100 seconds.
|
| |
|
#define | QSMP_POLLING_INTERVAL (120 * 1000) |
| | The polling interval in milliseconds (2 minutes)
|
| |
|
#define | QSMP_PUBKEY_DURATION_DAYS 365 |
| | The number of days a public key remains valid.
|
| |
|
#define | QSMP_PUBKEY_DURATION_SECONDS (QSMP_PUBKEY_DURATION_DAYS * 24 * 60 * 60) |
| | The number of seconds a public key remains valid.
|
| |
|
#define | QSMP_PUBKEY_LINE_LENGTH 64 |
| | The line length of the printed QSMP public key.
|
| |
|
#define | QSMP_SECRET_SIZE 32 |
| | The size of the shared secret for each channel.
|
| |
|
#define | QSMP_SEQUENCE_SIZE 8 |
| | The size of the packet sequence number.
|
| |
|
#define | QSMP_SEQUENCE_TERMINATOR 0xFFFFFFFFUL |
| | The sequence number of a packet that closes a connection.
|
| |
|
#define | QSMP_SRVID_SIZE 8 |
| | The QSMP server identity size.
|
| |
|
#define | QSMP_STOKEN_SIZE 64 |
| | The session token size.
|
| |
|
#define | QSMP_TIMESTAMP_SIZE 8 |
| | The key expiration timestamp size.
|
| |
|
#define | QSMP_TIMESTAMP_STRING_SIZE 20 |
| | The key expiration timestamp string size.
|
| |
|
#define | QSMP_MESSAGE_MAX 0x3D090000 |
| | The maximum message size used during the key exchange (1 GB)
|
| |
|
#define | qsmp_cipher_generate_keypair qsc_kyber_generate_keypair |
| | Generate an asymmetric cipher key-pair.
|
| |
|
#define | qsmp_cipher_decapsulate qsc_kyber_decapsulate |
| | Decapsulate a shared-secret with the asymmetric cipher.
|
| |
|
#define | qsmp_cipher_encapsulate qsc_kyber_encapsulate |
| | Encapsulate a shared-secret with the asymmetric cipher.
|
| |
|
#define | qsmp_signature_generate_keypair qsc_dilithium_generate_keypair |
| | Generate an asymmetric signature key-pair.
|
| |
|
#define | qsmp_signature_sign qsc_dilithium_sign |
| | Sign a message with the asymmetric signature scheme.
|
| |
|
#define | qsmp_signature_verify qsc_dilithium_verify |
| | Verify a message with the asymmetric signature scheme.
|
| |
|
#define | QSMP_ASYMMETRIC_CIPHER_TEXT_SIZE (QSC_KYBER_CIPHERTEXT_SIZE) |
| | The byte size of the asymmetric cipher-text array.
|
| |
|
#define | QSMP_ASYMMETRIC_PRIVATE_KEY_SIZE (QSC_KYBER_PRIVATEKEY_SIZE) |
| | The byte size of the asymmetric cipher private-key array.
|
| |
|
#define | QSMP_ASYMMETRIC_PUBLIC_KEY_SIZE (QSC_KYBER_PUBLICKEY_SIZE) |
| | The byte size of the asymmetric cipher public-key array.
|
| |
|
#define | QSMP_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_DILITHIUM_PRIVATEKEY_SIZE) |
| | The byte size of the asymmetric signature signing-key array.
|
| |
|
#define | QSMP_ASYMMETRIC_VERIFY_KEY_SIZE (QSC_DILITHIUM_PUBLICKEY_SIZE) |
| | The byte size of the asymmetric signature verification-key array.
|
| |
|
#define | QSMP_ASYMMETRIC_SIGNATURE_SIZE (QSC_DILITHIUM_SIGNATURE_SIZE) |
| | The byte size of the asymmetric signature array.
|
| |
|
#define | QSMP_SIGKEY_ENCODED_SIZE (QSMP_KEYID_SIZE + QSMP_TIMESTAMP_SIZE + QSMP_CONFIG_SIZE + QSMP_ASYMMETRIC_SIGNING_KEY_SIZE + QSMP_ASYMMETRIC_VERIFY_KEY_SIZE) |
| | The secret signature key size.
|
| |
|
#define | QSMP_PUBKEY_HEADER_SIZE 40 |
| | The size of the QSMP public key header.
|
| |
|
#define | QSMP_PUBKEY_VERSION_SIZE 19 |
| | The size of the QSMP public key version string.
|
| |
|
#define | QSMP_PUBKEY_CONFIG_SIZE 16 |
| | The size of the QSMP public key configuration prefix.
|
| |
|
#define | QSMP_PUBKEY_KEYID_SIZE 10 |
| | The size of the QSMP public key identifier prefix.
|
| |
|
#define | QSMP_PUBKEY_EXPIRATION_SIZE 13 |
| | The size of the QSMP public key expiration prefix.
|
| |
|
#define | QSMP_PUBKEY_FOOTER_SIZE 38 |
| | The size of the QSMP public key footer.
|
| |
|
#define | QSMP_ERROR_STRING_DEPTH 29 |
| | The depth of the QSMP error string array.
|
| |
|
#define | QSMP_ERROR_STRING_WIDTH 128 |
| | The width of each QSMP error string.
|
| |
|
#define | QSMP_MESSAGE_STRING_DEPTH 22 |
| | The depth of the QSMP message string array.
|
| |
|
#define | QSMP_MESSAGE_STRING_WIDTH 128 |
| | The width of each QSMP message string.
|
| |
|
| QSMP_EXPORT_API void | qsmp_asymmetric_cipher_keypair_dispose (qsmp_asymmetric_cipher_keypair *keypair) |
| | Dispose of an asymmetric cipher keypair.
|
| |
| QSMP_EXPORT_API qsmp_asymmetric_cipher_keypair * | qsmp_asymmetric_cipher_keypair_initialize () |
| | Initialize an asymmetric cipher keypair.
|
| |
| QSMP_EXPORT_API void | qsmp_asymmetric_signature_keypair_dispose (qsmp_asymmetric_signature_keypair *keypair) |
| | Dispose of an asymmetric signature keypair.
|
| |
| QSMP_EXPORT_API qsmp_asymmetric_signature_keypair * | qsmp_asymmetric_signature_keypair_initialize () |
| | Initialize an asymmetric signature keypair.
|
| |
| QSMP_EXPORT_API void | qsmp_connection_close (qsmp_connection_state *cns, qsmp_errors err, bool notify) |
| | Close the network connection between hosts.
|
| |
| QSMP_EXPORT_API void | qsmp_connection_state_dispose (qsmp_connection_state *cns) |
| | Reset the connection state.
|
| |
| QSMP_EXPORT_API const char * | qsmp_error_to_string (qsmp_errors error) |
| | Return a pointer to a string description of an error code.
|
| |
| QSMP_EXPORT_API void | qsmp_header_create (qsmp_network_packet *packetout, qsmp_flags flag, uint64_t sequence, uint32_t msglen) |
| | Populate a packet header and set the creation time.
|
| |
| QSMP_EXPORT_API qsmp_errors | qsmp_header_validate (qsmp_connection_state *cns, const qsmp_network_packet *packetin, qsmp_flags kexflag, qsmp_flags pktflag, uint64_t sequence, uint32_t msglen) |
| | Validate a packet header and timestamp.
|
| |
| QSMP_EXPORT_API void | qsmp_generate_keypair (qsmp_client_verification_key *pubkey, qsmp_server_signature_key *prikey, const uint8_t keyid[QSMP_KEYID_SIZE]) |
| | Generate a QSMP key-pair; generates the public and private asymmetric signature keys.
|
| |
| QSMP_EXPORT_API const char * | qsmp_get_error_description (qsmp_messages emsg) |
| | Get the error string description.
|
| |
| QSMP_EXPORT_API void | qsmp_log_error (qsmp_messages emsg, qsc_socket_exceptions err, const char *msg) |
| | Log the message, socket error, and string description.
|
| |
| QSMP_EXPORT_API void | qsmp_log_message (qsmp_messages emsg) |
| | Log a message.
|
| |
| QSMP_EXPORT_API void | qsmp_log_write (qsmp_messages emsg, const char *msg) |
| | Log a message and description.
|
| |
| QSMP_EXPORT_API void | qsmp_packet_clear (qsmp_network_packet *packet) |
| | Clear a packet's state.
|
| |
| QSMP_EXPORT_API qsmp_errors | qsmp_packet_decrypt (qsmp_connection_state *cns, uint8_t *message, size_t *msglen, const qsmp_network_packet *packetin) |
| | Decrypt a message and copy it to the message output.
|
| |
| QSMP_EXPORT_API qsmp_errors | qsmp_packet_encrypt (qsmp_connection_state *cns, qsmp_network_packet *packetout, const uint8_t *message, size_t msglen) |
| | Encrypt a message and build an output packet.
|
| |
| QSMP_EXPORT_API void | qsmp_packet_error_message (qsmp_network_packet *packet, qsmp_errors error) |
| | Populate a packet structure with an error message.
|
| |
| QSMP_EXPORT_API void | qsmp_packet_header_deserialize (const uint8_t *header, qsmp_network_packet *packet) |
| | Deserialize a byte array to a packet header.
|
| |
| QSMP_EXPORT_API void | qsmp_packet_header_serialize (const qsmp_network_packet *packet, uint8_t *header) |
| | Serialize a packet header to a byte array.
|
| |
| QSMP_EXPORT_API void | qsmp_packet_set_utc_time (qsmp_network_packet *packet) |
| | Sets the local UTC seconds time in the packet header.
|
| |
| QSMP_EXPORT_API bool | qsmp_packet_time_valid (const qsmp_network_packet *packet) |
| | Checks the local UTC seconds time against the packet sent time for validity within the packet time threshold.
|
| |
| QSMP_EXPORT_API size_t | qsmp_packet_to_stream (const qsmp_network_packet *packet, uint8_t *pstream) |
| | Serialize a packet to a byte array.
|
| |
| QSMP_EXPORT_API bool | qsmp_public_key_compare (const qsmp_client_verification_key *a, const qsmp_client_verification_key *b) |
| | Compares two public keys for equality.
|
| |
| QSMP_EXPORT_API bool | qsmp_public_key_decode (qsmp_client_verification_key *pubk, const char *enck, size_t enclen) |
| | Decode a public key string and populate a client key structure.
|
| |
| QSMP_EXPORT_API size_t | qsmp_public_key_encode (char *enck, size_t enclen, const qsmp_client_verification_key *pubk) |
| | Encode a public key structure and copy to a string.
|
| |
| QSMP_EXPORT_API size_t | qsmp_public_key_encoding_size () |
| | Get the key encoding string size.
|
| |
| QSMP_EXPORT_API void | qsmp_signature_key_deserialize (qsmp_server_signature_key *kset, const uint8_t serk[QSMP_SIGKEY_ENCODED_SIZE]) |
| | Decode a secret signature key structure and copy to an array.
|
| |
| QSMP_EXPORT_API void | qsmp_signature_key_serialize (uint8_t serk[QSMP_SIGKEY_ENCODED_SIZE], const qsmp_server_signature_key *kset) |
| | Encode a secret key structure and copy to a string.
|
| |
| QSMP_EXPORT_API void | qsmp_stream_to_packet (const uint8_t *pstream, qsmp_network_packet *packet) |
| | Deserialize a byte array to a packet.
|
| |
| QSMP_EXPORT_API bool | qsmp_certificate_encoding_test () |
| | Test the certificate encoding and decoding functions.
|
| |
QSMP support header Common defined parameters and functions of the qsmp client and server implementations.
Note: These definitions determine the asymmetric protocol set used by QSMP. The individual parameter sets for each cipher and signature scheme, can be configured in the QSC libraries common.h file. For maximum security, I recommend the McElice/SPHINCS+ set. For a balance of performance and security, the Dilithium/Kyber, or Dilithium/McEliece sets are recommended.
Parameter Sets: Kyber-S1, Dilithium-S1 Kyber-S3, Dilithium-S3 Kyber-S5, Dilithium-S5 Kyber-S6, Dilithium-S5 McEliece-S1, Dilithium-S1 McEliece-S3, Dilithium-S3 McEliece-S5, Dilithium-S5 McEliece-S6, Dilithium-S5 McEliece-S7, Dilithium-S5 McEliece-S1, Sphincs-S1(f,s) McEliece-S3, Sphincs-S3(f,s) McEliece-S5, Sphincs-S5(f,s) McEliece-S6, Sphincs-S5(f,s) McEliece-S7, Sphincs-S6(f,s)
Recommended: Kyber-S5, Dilithium-S5 Kyber-S6, Dilithium-S5 McEliece-S5, Dilithium-S5 McEliece-S5, Sphincs-S5(f,s)
The parameter sets used by QSMP are selected in the QSC library in the libraries common.h file. Settings are at library defaults, however, a true 512-bit security system can be acheived by selecting the McEliece/SPHINCS+ parameter in QSMP and setting SPHINCS+ to one of the 512-bit options in the QSC library.
1.13.2