UDIF: Universal Digital Identification Framework 1.1.0.0a (A1)
A quantum-secure cryptographic identification
registry.h File Reference

UDIF object registry management. More...

#include "udif.h"
#include "object.h"

Go to the source code of this file.

Data Structures

struct  udif_registry_commit
 Signed canonical registry root commitment. More...
struct  udif_merkle_node
 Merkle proof node structure. More...
struct  udif_registry_leaf
 Canonical UDIF registry leaf. More...
struct  udif_registry_state
 User Agent object registry. More...

Macros

#define UDIF_REGISTRY_DEFAULT_CAPACITY   1024U
 Default registry capacity.
#define UDIF_REGISTRY_MAX_CAPACITY   1048576U
 Maximum registry capacity.
#define UDIF_REGISTRY_COMMIT_STRUCTURE_SIZE
 Serialized size of a signed registry commitment record.
#define UDIF_REGISTRY_FLAG_ACTIVE   0x00000001UL
 Registry leaf active-state flag.
#define UDIF_REGISTRY_FLAG_DESTROYED   0x00000002UL
 Registry leaf destroyed-state flag.
#define UDIF_REGISTRY_FLAG_TRANSFERRED   0x00000004UL
 Registry leaf transferred-state flag.

Typedefs

typedef UDIF_EXPORT_API struct udif_registry_commit udif_registry_commit
typedef UDIF_EXPORT_API struct udif_merkle_node udif_merkle_node
typedef UDIF_EXPORT_API struct udif_registry_leaf udif_registry_leaf
typedef UDIF_EXPORT_API struct udif_registry_state udif_registry_state

Functions

UDIF_EXPORT_API udif_errors udif_registry_leaf_encode (uint8_t *output, const udif_registry_leaf *leaf)
 Encode a registry leaf in canonical UDIF order.
UDIF_EXPORT_API udif_errors udif_registry_leaf_digest (uint8_t *digest, const udif_registry_leaf *leaf)
 Compute a registry leaf digest.
UDIF_EXPORT_API udif_errors udif_registry_add_object (udif_registry_state *reg, const udif_object *obj)
 Add an object to the registry.
UDIF_EXPORT_API udif_errors udif_registry_add_leaf (udif_registry_state *reg, const udif_registry_leaf *leaf)
 Add or update a canonical registry leaf.
UDIF_EXPORT_API udif_errors udif_registry_get_leaf (udif_registry_leaf *leaf, const udif_registry_state *reg, const uint8_t *serial)
 Copy a registry leaf by object serial.
UDIF_EXPORT_API bool udif_registry_object_is_active (const udif_registry_state *reg, const uint8_t *serial)
 Test whether a registry leaf is active.
UDIF_EXPORT_API udif_errors udif_registry_transfer_object (udif_registry_state *origin, udif_registry_state *dest, const udif_transfer_record *transfer)
 Move an object leaf from one owner registry to another.
UDIF_EXPORT_API size_t udif_registry_get_capacity (const udif_registry_state *reg)
 Get registry capacity.
UDIF_EXPORT_API void udif_registry_clear (udif_registry_state *reg)
 Clear registry.
UDIF_EXPORT_API udif_errors udif_registry_compute_root (uint8_t *root, const udif_registry_state *reg)
 Compute registry Merkle root.
UDIF_EXPORT_API void udif_registry_dispose (udif_registry_state *reg)
 Dispose registry.
UDIF_EXPORT_API bool udif_registry_find_object (const udif_registry_state *reg, const uint8_t *serial, size_t *index)
 Find object in registry.
UDIF_EXPORT_API udif_errors udif_registry_generate_proof (uint8_t *proof, size_t *prooflen, const udif_registry_state *reg, const uint8_t *serial)
 Generate membership proof.
UDIF_EXPORT_API size_t udif_registry_get_count (const udif_registry_state *reg)
 Get object count.
UDIF_EXPORT_API udif_errors udif_registry_get_digest_at (uint8_t *digest, const udif_registry_state *reg, size_t index)
 Get registry leaf digest at index.
UDIF_EXPORT_API udif_errors udif_registry_initialize (udif_registry_state *reg, const uint8_t *ownerser, size_t capacity)
 Initialize a registry.
UDIF_EXPORT_API bool udif_registry_is_full (const udif_registry_state *reg)
 Check if registry is full.
UDIF_EXPORT_API udif_errors udif_registry_remove_object (udif_registry_state *reg, const uint8_t *serial)
 Remove an object from the registry.
UDIF_EXPORT_API udif_errors udif_registry_resize (udif_registry_state *reg, size_t newcapacity)
 Resize registry.
UDIF_EXPORT_API udif_errors udif_registry_update_object (udif_registry_state *reg, const udif_object *obj)
 Update an object in the registry.
UDIF_EXPORT_API bool udif_registry_verify_proof (const uint8_t *proof, size_t prooflen, const uint8_t *root, const uint8_t *objdigest)
 Verify membership proof.
UDIF_EXPORT_API void udif_registry_commit_clear (udif_registry_commit *commit)
 Clear a registry commitment record.
UDIF_EXPORT_API udif_errors udif_registry_commit_digest (uint8_t *digest, const udif_registry_commit *commit)
 Compute the canonical digest of a registry commitment.
UDIF_EXPORT_API udif_errors udif_registry_commit_deserialize (udif_registry_commit *commit, const uint8_t *input, size_t inlen)
 Deserialize a signed registry commitment.
UDIF_EXPORT_API udif_errors udif_registry_commit_serialize (uint8_t *output, size_t outlen, const udif_registry_commit *commit)
 Serialize a signed registry commitment.
UDIF_EXPORT_API udif_errors udif_registry_commit_sign (udif_registry_commit *commit, const uint8_t *sigkey, bool(*rng_generate)(uint8_t *, size_t))
 Sign a registry commitment.
UDIF_EXPORT_API bool udif_registry_commit_verify (const udif_registry_commit *commit, const uint8_t *verkey)
 Verify a registry commitment signature.

Detailed Description

UDIF object registry management.

This module implements Merkle tree-based registries for User Agents. Each User Agent maintains a registry of owned objects as a Merkle tree, allowing efficient membership proofs and tamper-evident commits.

Registry Operations:

  • Initialize: Create empty registry
  • Add: Add object to registry
  • Remove: Remove object from registry
  • Update: Update object in registry
  • Commit: Compute Merkle root
  • Prove: Generate membership proof
  • Verify: Verify membership proof

The registry uses SHA3-256 for Merkle tree hashing with domain separation to prevent cross-context attacks.

Macro Definition Documentation

◆ UDIF_REGISTRY_COMMIT_STRUCTURE_SIZE

#define UDIF_REGISTRY_COMMIT_STRUCTURE_SIZE
Value:
(UDIF_SIGNED_HASH_SIZE + \
UDIF_SERIAL_NUMBER_SIZE + \
UDIF_CRYPTO_HASH_SIZE + \
sizeof(uint64_t) + \
sizeof(uint64_t))
UDIF_SERIAL_NUMBER_SIZE
#define UDIF_SERIAL_NUMBER_SIZE
The certificate serial number field length.
Definition udif.h:546
UDIF_SIGNED_HASH_SIZE
#define UDIF_SIGNED_HASH_SIZE
The combined size of a signature and hash.
Definition udif.h:568
UDIF_CRYPTO_HASH_SIZE
#define UDIF_CRYPTO_HASH_SIZE
The size of the certificate hash in bytes.
Definition udif.h:439

Serialized size of a signed registry commitment record.

Function Documentation

◆ udif_registry_add_leaf()

UDIF_EXPORT_API udif_errors udif_registry_add_leaf ( udif_registry_state * reg,
const udif_registry_leaf * leaf )

Add or update a canonical registry leaf.

Adds a canonical leaf to the registry or updates the existing leaf with the same object serial. The registry remains sorted by object digest.

Parameters
regThe registry state structure.
leaf[const] The canonical leaf to store.
Returns
Returns udif_error_none on success.

◆ udif_registry_add_object()

UDIF_EXPORT_API udif_errors udif_registry_add_object ( udif_registry_state * reg,
const udif_object * obj )

Add an object to the registry.

Adds an object's digest to the registry Merkle tree.

Parameters
regThe registry state structure
obj[const] The object to add
Returns
Returns udif_error_none on success

◆ udif_registry_clear()

UDIF_EXPORT_API void udif_registry_clear ( udif_registry_state * reg)

Clear registry.

Removes all objects from the registry without freeing resources.

Parameters
regThe registry state structure

◆ udif_registry_commit_clear()

UDIF_EXPORT_API void udif_registry_commit_clear ( udif_registry_commit * commit)

Clear a registry commitment record.

Parameters
commitThe registry commitment record.

◆ udif_registry_commit_deserialize()

UDIF_EXPORT_API udif_errors udif_registry_commit_deserialize ( udif_registry_commit * commit,
const uint8_t * input,
size_t inlen )

Deserialize a signed registry commitment.

Parameters
commitThe output commitment.
input[const] The encoded commitment.
inlenThe encoded commitment length.
Returns
Returns udif_error_none on success.

◆ udif_registry_commit_digest()

UDIF_EXPORT_API udif_errors udif_registry_commit_digest ( uint8_t * digest,
const udif_registry_commit * commit )

Compute the canonical digest of a registry commitment.

Parameters
digestThe output digest.
commit[const] The registry commitment.
Returns
Returns udif_error_none on success.

◆ udif_registry_commit_serialize()

UDIF_EXPORT_API udif_errors udif_registry_commit_serialize ( uint8_t * output,
size_t outlen,
const udif_registry_commit * commit )

Serialize a signed registry commitment.

Parameters
outputThe output buffer.
outlenThe output buffer size.
commit[const] The commitment to serialize.
Returns
Returns udif_error_none on success.

◆ udif_registry_commit_sign()

UDIF_EXPORT_API udif_errors udif_registry_commit_sign ( udif_registry_commit * commit,
const uint8_t * sigkey,
bool(* rng_generate )(uint8_t *, size_t) )

Sign a registry commitment.

Parameters
commitThe registry commitment.
sigkey[const] The signing key.
rng_generateThe random generator.
Returns
Returns udif_error_none on success.

◆ udif_registry_commit_verify()

UDIF_EXPORT_API bool udif_registry_commit_verify ( const udif_registry_commit * commit,
const uint8_t * verkey )

Verify a registry commitment signature.

Parameters
commit[const] The registry commitment.
verkey[const] The signer verification key.
Returns
Returns true if the signature is valid.

◆ udif_registry_compute_root()

UDIF_EXPORT_API udif_errors udif_registry_compute_root ( uint8_t * root,
const udif_registry_state * reg )

Compute registry Merkle root.

Computes the Merkle root of all objects in the registry.

Parameters
rootThe output Merkle root (32 bytes)
reg[const] The registry state structure
Returns
Returns udif_error_none on success

◆ udif_registry_dispose()

UDIF_EXPORT_API void udif_registry_dispose ( udif_registry_state * reg)

Dispose registry.

Frees all resources and clears the registry.

Parameters
regThe registry state structure

◆ udif_registry_find_object()

UDIF_EXPORT_API bool udif_registry_find_object ( const udif_registry_state * reg,
const uint8_t * serial,
size_t * index )

Find object in registry.

Searches for an object by serial number.

Parameters
reg[const] The registry state structure
serial[const] The object serial (32 bytes)
indexPointer to receive the object index
Returns
Returns true if found

◆ udif_registry_generate_proof()

UDIF_EXPORT_API udif_errors udif_registry_generate_proof ( uint8_t * proof,
size_t * prooflen,
const udif_registry_state * reg,
const uint8_t * serial )

Generate membership proof.

Generates a Merkle inclusion proof for an object in the registry.

Parameters
proofThe output proof buffer
prooflenPointer to proof length (in: buffer size, out: bytes written)
reg[const] The registry state structure
serial[const] The object serial (32 bytes)
Returns
Returns udif_error_none on success

◆ udif_registry_get_capacity()

UDIF_EXPORT_API size_t udif_registry_get_capacity ( const udif_registry_state * reg)

Get registry capacity.

Returns the current capacity of the registry.

Parameters
reg[const] The registry state structure
Returns
The registry capacity

◆ udif_registry_get_count()

UDIF_EXPORT_API size_t udif_registry_get_count ( const udif_registry_state * reg)

Get object count.

Returns the number of objects in the registry.

Parameters
reg[const] The registry state structure
Returns
The object count

◆ udif_registry_get_digest_at()

UDIF_EXPORT_API udif_errors udif_registry_get_digest_at ( uint8_t * digest,
const udif_registry_state * reg,
size_t index )

Get registry leaf digest at index.

Retrieves the canonical registry leaf digest at a specific index.

Parameters
digestThe output leaf digest (32 bytes)
reg[const] The registry state structure
indexThe object index
Returns
Returns udif_error_none on success

◆ udif_registry_get_leaf()

UDIF_EXPORT_API udif_errors udif_registry_get_leaf ( udif_registry_leaf * leaf,
const udif_registry_state * reg,
const uint8_t * serial )

Copy a registry leaf by object serial.

Parameters
leafThe output leaf.
reg[const] The registry state structure.
serial[const] The object serial (32 bytes).
Returns
Returns udif_error_none on success.

◆ udif_registry_initialize()

UDIF_EXPORT_API udif_errors udif_registry_initialize ( udif_registry_state * reg,
const uint8_t * ownerser,
size_t capacity )

Initialize a registry.

Creates an empty registry for a User Agent.

Parameters
regThe registry state structure
ownerser[const] The owner's serial number (16 bytes)
incapacityThe initial capacity (number of objects)
Returns
Returns udif_error_none on success

◆ udif_registry_is_full()

UDIF_EXPORT_API bool udif_registry_is_full ( const udif_registry_state * reg)

Check if registry is full.

Tests if the registry has reached capacity.

Parameters
reg[const] The registry state structure
Returns
Returns true if full

◆ udif_registry_leaf_digest()

UDIF_EXPORT_API udif_errors udif_registry_leaf_digest ( uint8_t * digest,
const udif_registry_leaf * leaf )

Compute a registry leaf digest.

Parameters
digestThe output leaf digest.
leaf[const] The registry leaf.

eturn Returns udif_error_none on success.

◆ udif_registry_leaf_encode()

UDIF_EXPORT_API udif_errors udif_registry_leaf_encode ( uint8_t * output,
const udif_registry_leaf * leaf )

Encode a registry leaf in canonical UDIF order.

Parameters
outputThe output buffer.
leaf[const] The registry leaf.

eturn Returns udif_error_none on success.

◆ udif_registry_object_is_active()

UDIF_EXPORT_API bool udif_registry_object_is_active ( const udif_registry_state * reg,
const uint8_t * serial )

Test whether a registry leaf is active.

Parameters
reg[const] The registry state structure.
serial[const] The object serial (32 bytes).
Returns
Returns true if the object is present and active.

◆ udif_registry_remove_object()

UDIF_EXPORT_API udif_errors udif_registry_remove_object ( udif_registry_state * reg,
const uint8_t * serial )

Remove an object from the registry.

Marks an object leaf as destroyed without removing the audit leaf.

Parameters
regThe registry state structure
serial[const] The object serial (32 bytes)
Returns
Returns udif_error_none on success

◆ udif_registry_resize()

UDIF_EXPORT_API udif_errors udif_registry_resize ( udif_registry_state * reg,
size_t newcapacity )

Resize registry.

Increases the registry capacity.

Parameters
regThe registry state structure
newcapacityThe new capacity
Returns
Returns udif_error_none on success

◆ udif_registry_transfer_object()

UDIF_EXPORT_API udif_errors udif_registry_transfer_object ( udif_registry_state * origin,
udif_registry_state * dest,
const udif_transfer_record * transfer )

Move an object leaf from one owner registry to another.

Marks the origin registry leaf as transferred and inactive, then creates or updates the destination registry leaf as active under the destination owner digest.

Parameters
originThe origin owner registry.
destThe destination owner registry.
transfer[const] The verified transfer record.
Returns
Returns udif_error_none on success.

◆ udif_registry_update_object()

UDIF_EXPORT_API udif_errors udif_registry_update_object ( udif_registry_state * reg,
const udif_object * obj )

Update an object in the registry.

Updates an object's digest in the registry.

Parameters
regThe registry state structure
obj[const] The updated object
Returns
Returns udif_error_none on success

◆ udif_registry_verify_proof()

UDIF_EXPORT_API bool udif_registry_verify_proof ( const uint8_t * proof,
size_t prooflen,
const uint8_t * root,
const uint8_t * objdigest )

Verify membership proof.

Verifies a Merkle inclusion proof against a registry root using the canonical left/right proof orientation emitted by udif_registry_get_proof.

Parameters
proof[const] The proof data
prooflenThe proof length
root[const] The registry Merkle root (32 bytes)
objdigest[const] The object digest (32 bytes)
Returns
Returns true if proof is valid