UDIF secure transport layer. More...

#include "udif.h"
#include "certificate.h"

Data Structures
struct	udif_session_state
	Secure session state. More...

Typedefs
typedef UDIF_EXPORT_API struct udif_session_state	udif_session_state

Functions
UDIF_EXPORT_API void	udif_session_initialize (udif_session_state *session)
	Initialize a session state.
UDIF_EXPORT_API udif_errors	udif_session_handshake_init (udif_session_state session, udif_network_packet packet, const udif_child_certificate local_cert, const uint8_t local_privkey[UDIF_ASYMMETRIC_SIGNING_KEY_SIZE], const uint8_t local_serial[UDIF_CERTIFICATE_SERIAL_SIZE], const uint8_t remote_serial[UDIF_CERTIFICATE_SERIAL_SIZE], bool(rng_generate)(uint8_t *, size_t))
	Initiator starts handshake.
UDIF_EXPORT_API udif_errors	udif_session_handshake_resp (udif_session_state session, udif_network_packet packet, const udif_network_packet init_packet, const udif_child_certificate local_cert, const uint8_t local_privkey[UDIF_ASYMMETRIC_SIGNING_KEY_SIZE], const uint8_t local_serial[UDIF_CERTIFICATE_SERIAL_SIZE], const udif_child_certificate remote_cert, bool(rng_generate)(uint8_t *, size_t))
	Responder handles handshake init.
UDIF_EXPORT_API udif_errors	udif_session_handshake_confirm (udif_session_state session, udif_network_packet packet, const udif_network_packet resp_packet, const udif_child_certificate remote_cert)
	Initiator confirms handshake.
UDIF_EXPORT_API udif_errors	udif_session_handshake_finish (udif_session_state session, udif_network_packet packet, const udif_network_packet *confirm_packet)
	Responder finishes handshake.
UDIF_EXPORT_API udif_errors	udif_session_encrypt (udif_session_state session, udif_network_packet packet, const uint8_t *plaintext, size_t plntextlen)
	Encrypt a data packet.
UDIF_EXPORT_API udif_errors	udif_session_decrypt (udif_session_state session, uint8_t plaintext, size_t plntextlen, const udif_network_packet packet)
	Decrypt a data packet.
UDIF_EXPORT_API udif_errors	udif_session_ratchet (udif_session_state session, udif_network_packet packetout, const udif_network_packet packetin, bool(rng_generate)(uint8_t *, size_t))
	Perform asymmetric ratchet.
UDIF_EXPORT_API bool	udif_session_needs_ratchet (const udif_session_state *session, uint64_t currtime)
	Check if ratchet is needed.
UDIF_EXPORT_API void	udif_session_dispose (udif_session_state *session)
	Dispose session resources.
UDIF_EXPORT_API void	udif_session_clear (udif_session_state *session)
	Clear session state.
UDIF_EXPORT_API bool	udif_session_is_established (const udif_session_state *session)
	Check if session is established.
UDIF_EXPORT_API udif_errors	udif_session_get_statistics (const udif_session_state session, uint64_t txseq, uint64_t rxseq, uint64_t epoch)
	Get session statistics.
UDIF_EXPORT_API udif_errors	udif_packet_serialize (uint8_t stream, size_t streamlen, const udif_network_packet *packet)
	Serialize packet to byte stream.
UDIF_EXPORT_API udif_errors	udif_packet_deserialize (udif_network_packet packet, const uint8_t stream, size_t streamlen)
	Deserialize packet from byte stream.
UDIF_EXPORT_API udif_errors	udif_packet_validate (const udif_session_state session, const udif_network_packet packet, uint8_t expected_flag)
	Validate packet.
UDIF_EXPORT_API void	udif_packet_set_time (udif_network_packet *packet, uint64_t currtime)
	Set packet timestamp.
UDIF_EXPORT_API bool	udif_packet_is_fresh (const udif_network_packet *packet, uint64_t currtime)
	Check if packet is fresh.
UDIF_EXPORT_API void	udif_packet_clear (udif_network_packet *packet)
	Clear packet state.

Detailed Description

UDIF secure transport layer.

Provides authenticated encryption for UDIF network communications using ML-KEM key exchange, RCS-256 AEAD, and forward secrecy via asymmetric ratcheting.

Function Documentation

◆ udif_packet_clear()

UDIF_EXPORT_API void udif_packet_clear ( udif_network_packet * packet )

Clear packet state.

Parameters

packet The packet

◆ udif_packet_deserialize()

UDIF_EXPORT_API udif_errors udif_packet_deserialize	(	udif_network_packet *	packet,
		const uint8_t *	stream,
		size_t	streamlen )

Deserialize packet from byte stream.

Parameters

packet	Output packet
stream	Input byte stream
streamlen	Stream length

Returns: Error code

◆ udif_packet_is_fresh()

UDIF_EXPORT_API bool udif_packet_is_fresh	(	const udif_network_packet *	packet,
		uint64_t	currtime )

Check if packet is fresh.

Parameters

packet	The packet
current_time	Current UTC time

Returns: True if within time window

◆ udif_packet_serialize()

UDIF_EXPORT_API udif_errors udif_packet_serialize	(	uint8_t *	stream,
		size_t *	streamlen,
		const udif_network_packet *	packet )

Serialize packet to byte stream.

Parameters

stream	Output byte stream
streamlen	Output stream length
packet	Packet to serialize

Returns: Error code

◆ udif_packet_set_time()

UDIF_EXPORT_API void udif_packet_set_time	(	udif_network_packet *	packet,
		uint64_t	currtime )

Set packet timestamp.

Parameters

packet	The packet
currtime	Current UTC time

◆ udif_packet_validate()

UDIF_EXPORT_API udif_errors udif_packet_validate	(	const udif_session_state *	session,
		const udif_network_packet *	packet,
		uint8_t	expected_flag )

Validate packet.

Parameters

session	The session state
packet	Packet to validate
expected_flag	Expected packet flag

Returns: Error code

◆ udif_session_clear()

UDIF_EXPORT_API void udif_session_clear ( udif_session_state * session )

Clear session state.

Parameters

session The session state

◆ udif_session_decrypt()

UDIF_EXPORT_API udif_errors udif_session_decrypt	(	udif_session_state *	session,
		uint8_t *	plaintext,
		size_t *	plntextlen,
		const udif_network_packet *	packet )

Decrypt a data packet.

Parameters

session	The session state
plaintext	Output plaintext buffer
plaintext_len	Output plaintext length
packet	Encrypted packet

Returns: Error code

◆ udif_session_dispose()

UDIF_EXPORT_API void udif_session_dispose ( udif_session_state * session )

Dispose session resources.

Parameters

session The session state

◆ udif_session_encrypt()

UDIF_EXPORT_API udif_errors udif_session_encrypt	(	udif_session_state *	session,
		udif_network_packet *	packet,
		const uint8_t *	plaintext,
		size_t	plntextlen )

Encrypt a data packet.

Parameters

session	The session state
packet	Output encrypted packet
plaintext	Plaintext data
plaintext_len	Length of plaintext

Returns: Error code

◆ udif_session_get_statistics()

UDIF_EXPORT_API udif_errors udif_session_get_statistics	(	const udif_session_state *	session,
		uint64_t *	txseq,
		uint64_t *	rxseq,
		uint64_t *	epoch )

Get session statistics.

Parameters

session	The session state
txseq	Output TX sequence number
rxseq	Output RX sequence number
epoch	Output ratchet epoch

Returns: Error code

◆ udif_session_handshake_confirm()

UDIF_EXPORT_API udif_errors udif_session_handshake_confirm	(	udif_session_state *	session,
		udif_network_packet *	packet,
		const udif_network_packet *	resp_packet,
		const udif_child_certificate *	remote_cert )

Initiator confirms handshake.

Parameters

session	The session state
packet	Output packet with handshake confirm
resp_packet	Received response packet
remote_cert	Remote certificate (verified)

Returns: Error code

◆ udif_session_handshake_finish()

UDIF_EXPORT_API udif_errors udif_session_handshake_finish	(	udif_session_state *	session,
		udif_network_packet *	packet,
		const udif_network_packet *	confirm_packet )

Responder finishes handshake.

Parameters

session	The session state
packet	Output packet with handshake finish
confirm_packet	Received confirm packet

Returns: Error code

◆ udif_session_handshake_init()

UDIF_EXPORT_API udif_errors udif_session_handshake_init	(	udif_session_state *	session,
		udif_network_packet *	packet,
		const udif_child_certificate *	local_cert,
		const uint8_t	local_privkey[UDIF_ASYMMETRIC_SIGNING_KEY_SIZE],
		const uint8_t	local_serial[UDIF_CERTIFICATE_SERIAL_SIZE],
		const uint8_t	remote_serial[UDIF_CERTIFICATE_SERIAL_SIZE],
		bool(*	rng_generate )(uint8_t *, size_t) )

Initiator starts handshake.

Parameters

session	The session state
packet	Output packet with handshake init message
local_cert	Local certificate
local_privkey	Local private key
local_serial	Local entity serial
remote_serial	Remote entity serial
rng_generate	Random number generator

Returns: Error code

◆ udif_session_handshake_resp()

UDIF_EXPORT_API udif_errors udif_session_handshake_resp	(	udif_session_state *	session,
		udif_network_packet *	packet,
		const udif_network_packet *	init_packet,
		const udif_child_certificate *	local_cert,
		const uint8_t	local_privkey[UDIF_ASYMMETRIC_SIGNING_KEY_SIZE],
		const uint8_t	local_serial[UDIF_CERTIFICATE_SERIAL_SIZE],
		const udif_child_certificate *	remote_cert,
		bool(*	rng_generate )(uint8_t *, size_t) )

Responder handles handshake init.

Parameters

session	The session state
packet	Output packet with handshake response
init_packet	Received init packet
local_cert	Local certificate
local_privkey	Local private key
local_serial	Local entity serial
remote_cert	Remote certificate (verified)
rng_generate	Random number generator

Returns: Error code

◆ udif_session_initialize()

UDIF_EXPORT_API void udif_session_initialize ( udif_session_state * session )

Initialize a session state.

Parameters

session The session state to initialize

◆ udif_session_is_established()

UDIF_EXPORT_API bool udif_session_is_established ( const udif_session_state * session )

Check if session is established.

Parameters

session The session state

Returns: True if session is established

◆ udif_session_needs_ratchet()

UDIF_EXPORT_API bool udif_session_needs_ratchet	(	const udif_session_state *	session,
		uint64_t	currtime )

Check if ratchet is needed.

Parameters

session	The session state
current_time	Current UTC time

Returns: True if ratchet interval elapsed

◆ udif_session_ratchet()

UDIF_EXPORT_API udif_errors udif_session_ratchet	(	udif_session_state *	session,
		udif_network_packet *	packetout,
		const udif_network_packet *	packetin,
		bool(*	rng_generate )(uint8_t *, size_t) )

Perform asymmetric ratchet.

Parameters

session	The session state
packetout	Output packet with ratchet message
packetin	Input packet with ratchet request
rng_generate	Random number generator

Returns: Error code

Data Structures

Typedefs

Functions

Detailed Description

Function Documentation

◆ udif_packet_clear()

◆ udif_packet_deserialize()

◆ udif_packet_is_fresh()

◆ udif_packet_serialize()

◆ udif_packet_set_time()

◆ udif_packet_validate()

◆ udif_session_clear()

◆ udif_session_decrypt()

◆ udif_session_dispose()

◆ udif_session_encrypt()

◆ udif_session_get_statistics()

◆ udif_session_handshake_confirm()

◆ udif_session_handshake_finish()

◆ udif_session_handshake_init()

◆ udif_session_handshake_resp()

◆ udif_session_initialize()

◆ udif_session_is_established()

◆ udif_session_needs_ratchet()

◆ udif_session_ratchet()