UDIF: Universal Digital Identification Framework 1.1.0.0a (A1)
A quantum-secure cryptographic identification
entity.h
Go to the documentation of this file.
1/* 2025-2026 Quantum Resistant Cryptographic Solutions Corporation
2 * All Rights Reserved.
3 *
4 * NOTICE:
5 * This software and all accompanying materials are the exclusive property of
6 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual
7 * and technical concepts contained herein are proprietary to QRCS and are
8 * protected under applicable Canadian, U.S., and international copyright,
9 * patent, and trade secret laws.
10 *
11 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:
12 * - This software includes implementations of cryptographic primitives and
13 * algorithms that are standardized or in the public domain, such as AES
14 * and SHA-3, which are not proprietary to QRCS.
15 * - This software also includes cryptographic primitives, constructions, and
16 * algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and
17 * related components, which are proprietary to QRCS.
18 * - All source code, implementations, protocol compositions, optimizations,
19 * parameter selections, and engineering work contained in this software are
20 * original works of QRCS and are protected under this license.
21 *
22 * LICENSE AND USE RESTRICTIONS:
23 * - This software is licensed under the Quantum Resistant Cryptographic Solutions
24 * Public Research and Evaluation License (QRCS-PREL), 2025-2026.
25 * - Permission is granted solely for non-commercial evaluation, academic research,
26 * cryptographic analysis, interoperability testing, and feasibility assessment.
27 * - Commercial use, production deployment, commercial redistribution, or
28 * integration into products or services is strictly prohibited without a
29 * separate written license agreement executed with QRCS.
30 * - Licensing and authorized distribution are solely at the discretion of QRCS.
31 *
32 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:
33 * Portions of this software may include experimental, novel, or evolving
34 * cryptographic designs. Use of this software is entirely at the user's risk.
35 *
36 * DISCLAIMER:
37 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
38 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS
39 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL
40 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
41 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.
42 *
43 * FULL LICENSE:
44 * This software is subject to the Quantum Resistant Cryptographic Solutions
45 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms
46 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.
47 *
48 * Written by: John G. Underhill
49 * Contact: contact@qrcscorp.ca
50 */
51
52#ifndef UDIF_ENTITY_H
53#define UDIF_ENTITY_H
54
55#include "udif.h"
56#include "certificate.h"
57#include "certstore.h"
58#include "capstore.h"
59#include "treatystore.h"
60#include "mcelmanager.h"
61#include "registry.h"
62#include "tunnel.h"
63#include "qstp.h"
64
93
98#define UDIF_ENTITY_MAX_TUNNELS 64U
99
104#define UDIF_ENTITY_MAX_ANCHOR_STATES 64U
105
110#define UDIF_ENTITY_MAX_REGISTRIES 64U
111
112/* Tunnel table */
113
127
128
139
140
151
152/* Entity context */
153
189
211
212/* Anchor sequence state */
213
226UDIF_EXPORT_API udif_errors udif_entity_anchor_expected_sequence(const udif_entity_context* ctx, const uint8_t* childser, uint64_t* expseq);
227
239UDIF_EXPORT_API udif_errors udif_entity_anchor_commit_sequence(udif_entity_context* ctx, const uint8_t* childser, uint64_t acceptedseq);
240
241/* Lifecycle */
242
257UDIF_EXPORT_API udif_errors udif_entity_init(udif_entity_context* ctx, const udif_entity_config* cfg);
258
267UDIF_EXPORT_API void udif_entity_dispose(udif_entity_context* ctx);
268
269/* Runtime registry state */
270
279UDIF_EXPORT_API udif_registry_state* udif_entity_registry_find(udif_entity_context* ctx, const uint8_t* ownerser);
280
289UDIF_EXPORT_API const udif_registry_state* udif_entity_registry_find_const(const udif_entity_context* ctx, const uint8_t* ownerser);
290
300UDIF_EXPORT_API udif_registry_state* udif_entity_registry_get_or_create(udif_entity_context* ctx, const uint8_t* ownerser, size_t capacity);
301
307UDIF_EXPORT_API void udif_entity_registry_clear_all(udif_entity_context* ctx);
308
309/* Tunnel table operations */
310
321UDIF_EXPORT_API udif_tunnel* udif_entity_add_tunnel(udif_entity_context* ctx, const udif_tunnel* tun);
322
336UDIF_EXPORT_API udif_tunnel* udif_entity_find_tunnel(udif_entity_context* ctx, const uint8_t* peerserial, const uint8_t* treatyid);
337
349UDIF_EXPORT_API udif_tunnel* udif_entity_find_tunnel_by_qstp(udif_entity_context* ctx, const qstp_connection_state* qstpcns);
350
358UDIF_EXPORT_API void udif_entity_remove_tunnel(udif_entity_context* ctx, udif_tunnel* tun, bool notify);
359
370UDIF_EXPORT_API void udif_entity_tick_tunnels(udif_entity_context* ctx, uint64_t nowsecs);
371
372/* Tunnel-table convenience wrappers
373 * The following functions accept a bare udif_tunnel_table* instead of
374 * udif_entity_context*. They are used by the role modules (bc.c, gc.c,
375 * root.c, ua.c) which maintain tunnel state directly inside
376 * udif_server_application_state::tunnels. Each wrapper builds a
377 * minimal temporary entity_context containing only the tunnel table,
378 * then delegates to the corresponding full-context function.
379 */
380
385UDIF_EXPORT_API udif_tunnel* udif_tunneltable_add(udif_tunnel_table* table, const udif_tunnel* tun);
386
391UDIF_EXPORT_API udif_tunnel* udif_tunneltable_find(udif_tunnel_table* table, const uint8_t* peerserial, const uint8_t* treatyid);
392
397UDIF_EXPORT_API udif_tunnel* udif_tunneltable_find_by_qstp(udif_tunnel_table* table, const qstp_connection_state* qstpcns);
398
403UDIF_EXPORT_API void udif_tunneltable_remove(udif_tunnel_table* table, udif_tunnel* tun, bool notify);
404
409UDIF_EXPORT_API void udif_tunneltable_tick(udif_tunnel_table* table, uint64_t nowsecs);
410
411#endif
certificate.h
UDIF certificate operations.
capstore.h
Runtime capability-token store.
certstore.h
UDIF certificate status store.
udif_entity_find_tunnel_by_qstp
UDIF_EXPORT_API udif_tunnel * udif_entity_find_tunnel_by_qstp(udif_entity_context *ctx, const qstp_connection_state *qstpcns)
Look up the tunnel associated with a QSTP connection.
Definition entity.c:441
udif_entity_anchor_expected_sequence
UDIF_EXPORT_API udif_errors udif_entity_anchor_expected_sequence(const udif_entity_context *ctx, const uint8_t *childser, uint64_t *expseq)
Resolve the expected anchor sequence for a child.
Definition entity.c:56
UDIF_ENTITY_MAX_ANCHOR_STATES
#define UDIF_ENTITY_MAX_ANCHOR_STATES
Maximum number of tracked child anchor sequence states.
Definition entity.h:104
udif_entity_anchor_commit_sequence
UDIF_EXPORT_API udif_errors udif_entity_anchor_commit_sequence(udif_entity_context *ctx, const uint8_t *childser, uint64_t acceptedseq)
Commit an accepted anchor sequence for a child.
Definition entity.c:85
udif_tunneltable_remove
UDIF_EXPORT_API void udif_tunneltable_remove(udif_tunnel_table *table, udif_tunnel *tun, bool notify)
Remove a tunnel — tunnel-table variant.
Definition entity.c:603
udif_tunneltable_tick
UDIF_EXPORT_API void udif_tunneltable_tick(udif_tunnel_table *table, uint64_t nowsecs)
Tick all tunnels — tunnel-table variant.
Definition entity.c:623
udif_tunneltable_find
UDIF_EXPORT_API udif_tunnel * udif_tunneltable_find(udif_tunnel_table *table, const uint8_t *peerserial, const uint8_t *treatyid)
Find a tunnel by peer serial — tunnel-table variant.
Definition entity.c:545
udif_entity_registry_get_or_create
UDIF_EXPORT_API udif_registry_state * udif_entity_registry_get_or_create(udif_entity_context *ctx, const uint8_t *ownerser, size_t capacity)
Resolve or create a runtime registry by owner serial.
Definition entity.c:184
udif_entity_dispose
UDIF_EXPORT_API void udif_entity_dispose(udif_entity_context *ctx)
Tear down an entity context.
Definition entity.c:335
udif_entity_add_tunnel
UDIF_EXPORT_API udif_tunnel * udif_entity_add_tunnel(udif_entity_context *ctx, const udif_tunnel *tun)
Insert a tunnel into the entity's tunnel table.
Definition entity.c:370
udif_entity_registry_find
UDIF_EXPORT_API udif_registry_state * udif_entity_registry_find(udif_entity_context *ctx, const uint8_t *ownerser)
Find a runtime registry by owner serial.
Definition entity.c:132
UDIF_ENTITY_MAX_REGISTRIES
#define UDIF_ENTITY_MAX_REGISTRIES
Maximum number of runtime UA registries tracked by one entity.
Definition entity.h:110
UDIF_ENTITY_MAX_TUNNELS
#define UDIF_ENTITY_MAX_TUNNELS
Maximum number of simultaneous tunnels per entity in the prototype.
Definition entity.h:98
udif_entity_remove_tunnel
UDIF_EXPORT_API void udif_entity_remove_tunnel(udif_entity_context *ctx, udif_tunnel *tun, bool notify)
Remove a tunnel from the table, closing it if still open.
Definition entity.c:466
udif_tunneltable_find_by_qstp
UDIF_EXPORT_API udif_tunnel * udif_tunneltable_find_by_qstp(udif_tunnel_table *table, const qstp_connection_state *qstpcns)
Find a tunnel by QSTP connection — tunnel-table variant.
Definition entity.c:578
udif_entity_registry_find_const
UDIF_EXPORT_API const udif_registry_state * udif_entity_registry_find_const(const udif_entity_context *ctx, const uint8_t *ownerser)
Find a runtime registry by owner serial.
Definition entity.c:158
udif_entity_tick_tunnels
UDIF_EXPORT_API void udif_entity_tick_tunnels(udif_entity_context *ctx, uint64_t nowsecs)
Drive timers for every tunnel in the table.
Definition entity.c:486
udif_entity_init
UDIF_EXPORT_API udif_errors udif_entity_init(udif_entity_context *ctx, const udif_entity_config *cfg)
Initialize an entity context from configuration.
Definition entity.c:239
udif_entity_find_tunnel
UDIF_EXPORT_API udif_tunnel * udif_entity_find_tunnel(udif_entity_context *ctx, const uint8_t *peerserial, const uint8_t *treatyid)
Find a tunnel by peer serial and optional treaty id.
Definition entity.c:397
udif_entity_registry_clear_all
UDIF_EXPORT_API void udif_entity_registry_clear_all(udif_entity_context *ctx)
Clear and dispose all runtime registries.
Definition entity.c:220
udif_tunneltable_add
UDIF_EXPORT_API udif_tunnel * udif_tunneltable_add(udif_tunnel_table *table, const udif_tunnel *tun)
Add a tunnel — tunnel-table variant.
Definition entity.c:518
registry.h
UDIF object registry management.
udif_anchor_sequence_state
Expected anchor sequence for a child entity.
Definition entity.h:134
udif_anchor_sequence_state::nextseq
uint64_t nextseq
Definition entity.h:136
udif_anchor_sequence_state::childser
uint8_t childser[UDIF_SERIAL_NUMBER_SIZE]
Definition entity.h:135
udif_anchor_sequence_state::used
bool used
Definition entity.h:137
udif_capstore
Fixed-capacity capability-token table.
Definition capstore.h:98
udif_certificate
UDIF entity certificate.
Definition certificate.h:341
udif_certstore
Fixed-capacity certificate status table.
Definition certstore.h:104
udif_checkpoint_config
Configuration for automatic checkpoint creation.
Definition mcelmanager.h:84
udif_entity_config
Initialization parameters for a UDIF entity process.
Definition entity.h:198
udif_entity_config::mcelbasepath
const char * mcelbasepath
Definition entity.h:206
udif_entity_config::qstprootcert
const qstp_root_certificate * qstprootcert
Definition entity.h:204
udif_entity_config::selfkeypair
const udif_signature_keypair * selfkeypair
Definition entity.h:202
udif_entity_config::rootcert
const udif_certificate * rootcert
Definition entity.h:201
udif_entity_config::haslistener
bool haslistener
Definition entity.h:209
udif_entity_config::checkconfig
const udif_checkpoint_config * checkconfig
Definition entity.h:207
udif_entity_config::selfcert
const udif_certificate * selfcert
Definition entity.h:199
udif_entity_config::parentcert
const udif_certificate * parentcert
Definition entity.h:200
udif_entity_config::role
udif_roles role
Definition entity.h:208
udif_entity_config::capabilitykey
const uint8_t * capabilitykey
Definition entity.h:203
udif_entity_config::qstpserverkey
const qstp_server_signature_key * qstpserverkey
Definition entity.h:205
udif_entity_context
Aggregate runtime state for a single UDIF entity process.
Definition entity.h:168
udif_entity_context::mcelmgr
udif_mcel_manager * mcelmgr
Definition entity.h:180
udif_entity_context::anchorseq
udif_anchor_sequence_state anchorseq[UDIF_ENTITY_MAX_ANCHOR_STATES]
Definition entity.h:182
udif_entity_context::registries
udif_entity_registry_entry registries[UDIF_ENTITY_MAX_REGISTRIES]
Definition entity.h:183
udif_entity_context::selfcert
udif_certificate selfcert
Definition entity.h:169
udif_entity_context::tunnels
udif_tunnel_table tunnels
Definition entity.h:181
udif_entity_context::capstore
udif_capstore capstore
Definition entity.h:173
udif_entity_context::treatystore
udif_treatystore treatystore
Definition entity.h:174
udif_entity_context::parentcert
udif_certificate parentcert
Definition entity.h:170
udif_entity_context::certstore
udif_certstore certstore
Definition entity.h:172
udif_entity_context::capabilitykey
uint8_t capabilitykey[UDIF_CRYPTO_KEY_SIZE]
Definition entity.h:176
udif_entity_context::hascapabilitykey
bool hascapabilitykey
Definition entity.h:177
udif_entity_context::nextanchorsecs
uint64_t nextanchorsecs
Definition entity.h:184
udif_entity_context::haslistener
bool haslistener
Definition entity.h:186
udif_entity_context::selfkeypair
udif_signature_keypair selfkeypair
Definition entity.h:175
udif_entity_context::rootcert
udif_certificate rootcert
Definition entity.h:171
udif_entity_context::qstpserverkey
qstp_server_signature_key qstpserverkey
Definition entity.h:179
udif_entity_context::role
udif_roles role
Definition entity.h:185
udif_entity_context::initialized
bool initialized
Definition entity.h:187
udif_entity_context::qstprootcert
qstp_root_certificate qstprootcert
Definition entity.h:178
udif_entity_registry_entry
Runtime registry slot keyed by owner certificate serial.
Definition entity.h:146
udif_entity_registry_entry::registry
udif_registry_state registry
Definition entity.h:148
udif_entity_registry_entry::ownerser
uint8_t ownerser[UDIF_SERIAL_NUMBER_SIZE]
Definition entity.h:147
udif_entity_registry_entry::used
bool used
Definition entity.h:149
udif_mcel_manager
MCEL manager implementation.
Definition mcelmanager.h:138
udif_registry_state
User Agent object registry.
Definition registry.h:169
udif_signature_keypair
The UDIF asymmetric signature scheme key container.
Definition udif.h:1712
udif_treatystore
Fixed-capacity treaty table.
Definition treatystore.h:118
udif_tunnel_table
Flat fixed-capacity table of active tunnels.
Definition entity.h:123
udif_tunnel_table::entries
udif_tunnel entries[UDIF_ENTITY_MAX_TUNNELS]
Definition entity.h:124
udif_tunnel_table::count
size_t count
Definition entity.h:125
udif_tunnel
Per-connection UDIF state layered atop a QSTP channel.
Definition tunnel.h:267
treatystore.h
Runtime treaty store.
tunnel.h
UDIF tunnel abstraction over a QSTP secure channel.
udif.h
UDIF Common Definitions and Protocol Configuration.
udif_roles
udif_roles
UDIF entity roles.
Definition udif.h:1363
UDIF_SERIAL_NUMBER_SIZE
#define UDIF_SERIAL_NUMBER_SIZE
The certificate serial number field length.
Definition udif.h:546
UDIF_CRYPTO_KEY_SIZE
#define UDIF_CRYPTO_KEY_SIZE
The byte length of the symmetric cipher key.
Definition udif.h:445
udif_errors
udif_errors
UDIF error codes.
Definition udif.h:1210
UDIF_EXPORT_API
#define UDIF_EXPORT_API
The api export prefix.
Definition udifcommon.h:101