UDIF anchor record operations. More...

#include "udif.h"

Data Structures
struct	udif_anchor_record
	Anchor record. More...

Macros
#define	UDIF_ANCHOR_INTERVAL_SEC 3600U
	Default anchor interval (1 hour).
#define	UDIF_ANCHOR_MAX_AGE_MAX 7200U
	Maximum anchor age for acceptance (2 hours).
#define	UDIF_ANCHOR_MAX_SIZE (512U + UDIF_SIGNED_HASH_SIZE)
	Maximum anchor encoded size estimate.
#define	UDIF_ANCHOR_MEMBERSHIP_EVENT_COUNTER 4U
	The anchor membership event counter size.
#define	UDIF_ANCHOR_REGISTRY_OBJECT_COUNTER 4U
	The anchor registry object counter size.
#define	UDIF_ANCHOR_REGISTRY_TRANSACTION_COUNTER 4U
	The anchor registry transaction counter size.
#define	UDIF_ANCHOR_SEQUENCE_SIZE 8U
	The anchor sequence number size.
#define	UDIF_ANCHOR_RECORD_SIZE
	The byte size of an anchor record.
#define	UDIF_ANCHOR_SIGNING_SIZE
	The anchor recordsigning size.

Typedefs
typedef UDIF_EXPORT_API struct udif_anchor_record	udif_anchor_record

Functions
UDIF_EXPORT_API udif_errors	udif_anchor_create (udif_anchor_record anchor, const uint8_t childser, uint64_t sequence, uint64_t timestamp, const uint8_t regroot, const uint8_t txroot, const uint8_t mroot, uint32_t regcount, uint32_t txcount, uint32_t memcount, const uint8_t childsigkey, bool(rng_generate)(uint8_t , size_t))
	Create an anchor record.
UDIF_EXPORT_API udif_errors	udif_anchor_deserialize (udif_anchor_record anchor, const uint8_t input, size_t inplen)
	Deserialize an anchor record.
UDIF_EXPORT_API udif_errors	udif_anchor_compute_digest (uint8_t digest, const udif_anchor_record anchor)
	Compute anchor digest.
UDIF_EXPORT_API udif_errors	udif_anchor_compute_signature (udif_anchor_record anchor, const uint8_t sigkey, bool(rng_generate)(uint8_t , size_t))
	Compute object digest and signature.
UDIF_EXPORT_API void	udif_anchor_clear (udif_anchor_record *anchor)
	Clear an anchor record.
UDIF_EXPORT_API bool	udif_anchor_compare (const udif_anchor_record a, const udif_anchor_record b)
	Compare two anchor records.
UDIF_EXPORT_API size_t	udif_anchor_encoded_size (const udif_anchor_record *anchor)
	Get anchor encoded size.
UDIF_EXPORT_API bool	udif_anchor_is_fresh (const udif_anchor_record *anchor, uint64_t ctime, uint64_t maxage)
	Check anchor freshness.
UDIF_EXPORT_API udif_errors	udif_anchor_serialize (uint8_t output, size_t outlen, const udif_anchor_record anchor)
	Serialize an anchor record.
UDIF_EXPORT_API bool	udif_anchor_validate_sequence (const udif_anchor_record *anchor, uint64_t prevseq)
	Validate anchor sequence.
UDIF_EXPORT_API bool	udif_anchor_verify (const udif_anchor_record anchor, const uint8_t childverkey, uint64_t expseq)
	Verify an anchor record.
UDIF_EXPORT_API bool	udif_anchor_verify_chain (const udif_anchor_record prevanchor, const udif_anchor_record nextanchor, const uint8_t *childverkey)
	Verify anchor chain continuity.

Detailed Description

UDIF anchor record operations.

This module implements anchor records for creating tamper-evident audit chains. Anchor records commit registry and log states at periodic intervals, signed by the child entity.

Anchor Records contain:

Child entity serial
Sequence number
Timestamp
Registry Merkle root
Transaction log root
Membership log root
Object/event counts
Child signature

Anchors flow from User Agents -> Group Controllers -> Branch Controllers -> Root, creating a hierarchical chain of trust and accountability.

Macro Definition Documentation

◆ UDIF_ANCHOR_RECORD_SIZE

#define UDIF_ANCHOR_RECORD_SIZE

Value:

    (UDIF_SIGNED_HASH_SIZE + \
    UDIF_CRYPTO_HASH_SIZE +\
    UDIF_CRYPTO_HASH_SIZE + \
    UDIF_CRYPTO_HASH_SIZE + \
    UDIF_SERIAL_NUMBER_SIZE + \
    UDIF_ANCHOR_SEQUENCE_SIZE + \
    UDIF_VALID_TIME_SIZE + \
    UDIF_ANCHOR_MEMBERSHIP_EVENT_COUNTER + \
    UDIF_ANCHOR_REGISTRY_OBJECT_COUNTER + \
    UDIF_ANCHOR_REGISTRY_TRANSACTION_COUNTER)

The byte size of an anchor record.

◆ UDIF_ANCHOR_SIGNING_SIZE

#define UDIF_ANCHOR_SIGNING_SIZE

Value:

    (UDIF_CRYPTO_HASH_SIZE + \
    UDIF_CRYPTO_HASH_SIZE + \
    UDIF_CRYPTO_HASH_SIZE + \
    UDIF_SERIAL_NUMBER_SIZE + \
    UDIF_VALID_TIME_SIZE + \
    UDIF_ANCHOR_MEMBERSHIP_EVENT_COUNTER + \
    UDIF_ANCHOR_REGISTRY_OBJECT_COUNTER + \
    UDIF_ANCHOR_SEQUENCE_SIZE + \
    UDIF_ANCHOR_REGISTRY_TRANSACTION_COUNTER)

The anchor recordsigning size.

Function Documentation

◆ udif_anchor_clear()

UDIF_EXPORT_API void udif_anchor_clear ( udif_anchor_record * anchor )

Clear an anchor record.

Zeros out an anchor record structure.

Parameters

anchor The anchor record to clear

◆ udif_anchor_compare()

UDIF_EXPORT_API bool udif_anchor_compare	(	const udif_anchor_record *	a,
		const udif_anchor_record *	b )

Compare two anchor records.

Checks if two anchor records are identical.

Parameters

a	[const] The first anchor record
b	[const] The second anchor record

Returns: Returns true if identical

◆ udif_anchor_compute_digest()

UDIF_EXPORT_API udif_errors udif_anchor_compute_digest	(	uint8_t *	digest,
		const udif_anchor_record *	anchor )

Compute anchor digest.

Calculates the canonical digest of an anchor record.

Parameters

digest	The output digest (32 bytes)
anchor	[const] The anchor record

Returns: Returns udif_error_none on success

◆ udif_anchor_compute_signature()

UDIF_EXPORT_API udif_errors udif_anchor_compute_signature	(	udif_anchor_record *	anchor,
		const uint8_t *	sigkey,
		bool(*	rng_generate )(uint8_t *, size_t) )

Compute object digest and signature.

Computes the canonical digest for an object, and signs the object.

Parameters

anchor	The anchor
sigkey	[const] The owner's private key
rng_generate	Random number generator function

Returns: Returns udif_error_none on success

◆ udif_anchor_create()

UDIF_EXPORT_API udif_errors udif_anchor_create	(	udif_anchor_record *	anchor,
		const uint8_t *	childser,
		uint64_t	sequence,
		uint64_t	timestamp,
		const uint8_t *	regroot,
		const uint8_t *	txroot,
		const uint8_t *	mroot,
		uint32_t	regcount,
		uint32_t	txcount,
		uint32_t	memcount,
		const uint8_t *	childsigkey,
		bool(*	rng_generate )(uint8_t *, size_t) )

Create an anchor record.

Generates an anchor record for a child entity's current state.

Parameters

anchor	The output anchor record
childser	[const] The child entity serial (16 bytes)
sequence	The sequence number (monotonically increasing)
timestamp	The current time (UTC seconds)
regroot	[const] The registry Merkle root (32 bytes)
txroot	[const] The transaction log root (32 bytes)
mroot	[const] The membership log root (32 bytes)
regcount	The number of objects in registry
txcount	The number of transactions
memcount	The number of membership events
childsigkey	[const] The child's private key
rng_generate	Random number generator function

Returns: Returns udif_error_none on success

◆ udif_anchor_deserialize()

UDIF_EXPORT_API udif_errors udif_anchor_deserialize	(	udif_anchor_record *	anchor,
		const uint8_t *	input,
		size_t	inplen )

Deserialize an anchor record.

Decodes an anchor record from canonical TLV format.

Parameters

anchor	The output anchor record
input	[const] The input buffer
inplen	The input buffer length

Returns: Returns udif_error_none on success

◆ udif_anchor_encoded_size()

UDIF_EXPORT_API size_t udif_anchor_encoded_size ( const udif_anchor_record * anchor )

Get anchor encoded size.

Calculates the serialized size of an anchor record.

Parameters

anchor [const] The anchor record

Returns: The encoded size in bytes

◆ udif_anchor_is_fresh()

UDIF_EXPORT_API bool udif_anchor_is_fresh	(	const udif_anchor_record *	anchor,
		uint64_t	ctime,
		uint64_t	maxage )

Check anchor freshness.

Verifies that an anchor is recent (within time window).

Parameters

anchor	[const] The anchor record
ctime	The current time (UTC seconds)
maxage	Maximum age in seconds

Returns: Returns true if fresh

◆ udif_anchor_serialize()

UDIF_EXPORT_API udif_errors udif_anchor_serialize	(	uint8_t *	output,
		size_t	outlen,
		const udif_anchor_record *	anchor )

Serialize an anchor record.

Encodes an anchor record to canonical TLV format.

Parameters

output	The output buffer
outlen	The output buffer length
anchor	[const] The anchor record to serialize

Returns: Returns udif_error_none on success

◆ udif_anchor_validate_sequence()

UDIF_EXPORT_API bool udif_anchor_validate_sequence	(	const udif_anchor_record *	anchor,
		uint64_t	prevseq )

Validate anchor sequence.

Checks that sequence number is valid (non-zero, monotonic).

Parameters

anchor	[const] The anchor record
prevseq	The previous sequence number (0 = first anchor)

Returns: Returns true if valid

◆ udif_anchor_verify()

UDIF_EXPORT_API bool udif_anchor_verify	(	const udif_anchor_record *	anchor,
		const uint8_t *	childverkey,
		uint64_t	expseq )

Verify an anchor record.

Verifies the signature and sequence on an anchor record.

Parameters

anchor	[const] The anchor record
pubkey	[const] The child's public key
expseq	The expected sequence number (0 = don't check)

Returns: Returns true if valid

◆ udif_anchor_verify_chain()

UDIF_EXPORT_API bool udif_anchor_verify_chain	(	const udif_anchor_record *	prevanchor,
		const udif_anchor_record *	nextanchor,
		const uint8_t *	childverkey )

Verify anchor chain continuity.

Verifies that two sequential anchors form a valid chain.

Parameters

prevanchor	[const] The previous anchor
nextanchor	[const] The next anchor
childverkey	[const] The child's public key

Returns: Returns true if chain is valid

Data Structures

Macros

Typedefs

Functions

Detailed Description

Macro Definition Documentation

◆ UDIF_ANCHOR_RECORD_SIZE

◆ UDIF_ANCHOR_SIGNING_SIZE

Function Documentation

◆ udif_anchor_clear()

◆ udif_anchor_compare()

◆ udif_anchor_compute_digest()

◆ udif_anchor_compute_signature()

◆ udif_anchor_create()

◆ udif_anchor_deserialize()

◆ udif_anchor_encoded_size()

◆ udif_anchor_is_fresh()

◆ udif_anchor_serialize()

◆ udif_anchor_validate_sequence()

◆ udif_anchor_verify()

◆ udif_anchor_verify_chain()