UDIF/transport_8h_source.html

/* 2025-2026 Quantum Resistant Cryptographic Solutions Corporation

 * All Rights Reserved.

 *

 * NOTICE:

 * This software and all accompanying materials are the exclusive property of

 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual

 * and technical concepts contained herein are proprietary to QRCS and are

 * protected under applicable Canadian, U.S., and international copyright,

 * patent, and trade secret laws.

 *

 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:

 * - This software includes implementations of cryptographic primitives and

 *   algorithms that are standardized or in the public domain, such as AES

 *   and SHA-3, which are not proprietary to QRCS.

 * - This software also includes cryptographic primitives, constructions, and

 *   algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and

 *   related components, which are proprietary to QRCS.

 * - All source code, implementations, protocol compositions, optimizations,

 *   parameter selections, and engineering work contained in this software are

 *   original works of QRCS and are protected under this license.

 *

 * LICENSE AND USE RESTRICTIONS:

 * - This software is licensed under the Quantum Resistant Cryptographic Solutions

 *   Public Research and Evaluation License (QRCS-PREL), 2025-2026.

 * - Permission is granted solely for non-commercial evaluation, academic research,

 *   cryptographic analysis, interoperability testing, and feasibility assessment.

 * - Commercial use, production deployment, commercial redistribution, or

 *   integration into products or services is strictly prohibited without a

 *   separate written license agreement executed with QRCS.

 * - Licensing and authorized distribution are solely at the discretion of QRCS.

 *

 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:

 * Portions of this software may include experimental, novel, or evolving

 * cryptographic designs. Use of this software is entirely at the user's risk.

 *

 * DISCLAIMER:

 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS

 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL

 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES

 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.

 *

 * FULL LICENSE:

 * This software is subject to the Quantum Resistant Cryptographic Solutions

 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms

 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.

 *

 * Written by: John G. Underhill

 * Contact: contact@qrcscorp.ca

 */


#ifndef UDIF_TRANSPORT_H

#define UDIF_TRANSPORT_H


#include "udif.h"

#include "certificate.h"


static const char UDIF_TRANSPORT_CUSTOM[] = "UDIF:HS-MAC:V1";


/* === Session Management === */


UDIF_EXPORT_API typedef struct udif_session_state

{

    qsc_rcs_state txcpr;

    qsc_rcs_state rxcpr;

    uint64_t txseq;

    uint64_t rxseq;

    uint64_t epoch;

    uint64_t last_ratchet;

    uint8_t local_serial[UDIF_CERTIFICATE_SERIAL_SIZE];

    uint8_t remote_serial[UDIF_CERTIFICATE_SERIAL_SIZE];

    uint8_t session_id[UDIF_CRYPTO_HASH_SIZE];

    uint8_t ratchet_state[UDIF_CRYPTO_HASH_SIZE];

    bool established;

    bool initiator;

    /* Handshake state (only used during handshake, cleared after) */

    struct {

        uint8_t local_kem_sk[UDIF_KEM_PRIVATEKEY_SIZE];

        uint8_t kem_ss[UDIF_KEM_SECRET_SIZE];

        uint8_t nonce_local[32U];

        uint8_t nonce_remote[32U];

        uint8_t transcript[4096U];

        size_t transcript_len;

        bool in_progress;

    } handshake;

} udif_session_state;


UDIF_EXPORT_API void udif_session_initialize(udif_session_state* session);


UDIF_EXPORT_API udif_errors udif_session_handshake_init(udif_session_state* session, udif_network_packet* packet, const udif_child_certificate* local_cert, const uint8_t local_privkey[UDIF_ASYMMETRIC_SIGNING_KEY_SIZE],

    const uint8_t local_serial[UDIF_CERTIFICATE_SERIAL_SIZE], const uint8_t remote_serial[UDIF_CERTIFICATE_SERIAL_SIZE], bool (*rng_generate)(uint8_t*, size_t));


UDIF_EXPORT_API udif_errors udif_session_handshake_resp(udif_session_state* session, udif_network_packet* packet, const udif_network_packet* init_packet,

    const udif_child_certificate* local_cert, const uint8_t local_privkey[UDIF_ASYMMETRIC_SIGNING_KEY_SIZE], const uint8_t local_serial[UDIF_CERTIFICATE_SERIAL_SIZE],

    const udif_child_certificate* remote_cert, bool (*rng_generate)(uint8_t*, size_t));


UDIF_EXPORT_API udif_errors udif_session_handshake_confirm(udif_session_state* session, udif_network_packet* packet,

    const udif_network_packet* resp_packet, const udif_child_certificate* remote_cert);


UDIF_EXPORT_API udif_errors udif_session_handshake_finish(udif_session_state* session, udif_network_packet* packet, const udif_network_packet* confirm_packet);


/* === Data Encryption === */


UDIF_EXPORT_API udif_errors udif_session_encrypt(udif_session_state* session, udif_network_packet* packet, const uint8_t* plaintext, size_t plntextlen);


UDIF_EXPORT_API udif_errors udif_session_decrypt(udif_session_state* session, uint8_t* plaintext, size_t* plntextlen, const udif_network_packet* packet);


/* === Forward Secrecy === */


UDIF_EXPORT_API udif_errors udif_session_ratchet(udif_session_state* session, udif_network_packet* packetout, const udif_network_packet* packetin, bool (*rng_generate)(uint8_t*, size_t));


UDIF_EXPORT_API bool udif_session_needs_ratchet(const udif_session_state* session, uint64_t currtime);


/* === Session State === */


UDIF_EXPORT_API void udif_session_dispose(udif_session_state* session);


UDIF_EXPORT_API void udif_session_clear(udif_session_state* session);


UDIF_EXPORT_API bool udif_session_is_established(const udif_session_state* session);


UDIF_EXPORT_API udif_errors udif_session_get_statistics(const udif_session_state* session, uint64_t* txseq, uint64_t* rxseq, uint64_t* epoch);


/* === Packet Operations === */


UDIF_EXPORT_API udif_errors udif_packet_serialize(uint8_t* stream, size_t* streamlen, const udif_network_packet* packet);


UDIF_EXPORT_API udif_errors udif_packet_deserialize(udif_network_packet* packet, const uint8_t* stream, size_t streamlen);


UDIF_EXPORT_API udif_errors udif_packet_validate(const udif_session_state* session, const udif_network_packet* packet, uint8_t expected_flag);


UDIF_EXPORT_API void udif_packet_set_time(udif_network_packet* packet, uint64_t currtime);


UDIF_EXPORT_API bool udif_packet_is_fresh(const udif_network_packet* packet, uint64_t currtime);


UDIF_EXPORT_API void udif_packet_clear(udif_network_packet* packet);


#endif

udif_session_state
Secure session state.
Definition transport.h:79

udif_session_state::txseq
uint64_t txseq
Definition transport.h:82

udif_session_state::session_id
uint8_t session_id[UDIF_CRYPTO_HASH_SIZE]
Definition transport.h:88

udif_session_state::established
bool established
Definition transport.h:90

udif_session_state::nonce_remote
uint8_t nonce_remote[32U]
Definition transport.h:97

udif_session_state::remote_serial
uint8_t remote_serial[UDIF_CERTIFICATE_SERIAL_SIZE]
Definition transport.h:87

udif_session_state::local_kem_sk
uint8_t local_kem_sk[UDIF_KEM_PRIVATEKEY_SIZE]
Definition transport.h:94

udif_session_state::nonce_local
uint8_t nonce_local[32U]
Definition transport.h:96

udif_session_state::ratchet_state
uint8_t ratchet_state[UDIF_CRYPTO_HASH_SIZE]
Definition transport.h:89

udif_session_state::epoch
uint64_t epoch
Definition transport.h:84

udif_session_state::txcpr
qsc_rcs_state txcpr
Definition transport.h:80

udif_session_state::transcript_len
size_t transcript_len
Definition transport.h:99

udif_session_state::rxseq
uint64_t rxseq
Definition transport.h:83

udif_session_state::local_serial
uint8_t local_serial[UDIF_CERTIFICATE_SERIAL_SIZE]
Definition transport.h:86

udif_session_state::last_ratchet
uint64_t last_ratchet
Definition transport.h:85

udif_session_state::initiator
bool initiator
Definition transport.h:91

udif_session_state::transcript
uint8_t transcript[4096U]
Definition transport.h:98

udif_session_state::kem_ss
uint8_t kem_ss[UDIF_KEM_SECRET_SIZE]
Definition transport.h:95

udif_session_state::rxcpr
qsc_rcs_state rxcpr
Definition transport.h:81

udif_session_state::in_progress
bool in_progress
Definition transport.h:100

udif_packet_is_fresh
UDIF_EXPORT_API bool udif_packet_is_fresh(const udif_network_packet *packet, uint64_t currtime)
Check if packet is fresh.
Definition transport.c:1009

udif_session_handshake_confirm
UDIF_EXPORT_API udif_errors udif_session_handshake_confirm(udif_session_state *session, udif_network_packet *packet, const udif_network_packet *resp_packet, const udif_child_certificate *remote_cert)
Initiator confirms handshake.
Definition transport.c:280

udif_packet_validate
UDIF_EXPORT_API udif_errors udif_packet_validate(const udif_session_state *session, const udif_network_packet *packet, uint8_t expected_flag)
Validate packet.
Definition transport.c:970

udif_session_clear
UDIF_EXPORT_API void udif_session_clear(udif_session_state *session)
Clear session state.
Definition transport.c:870

udif_packet_deserialize
UDIF_EXPORT_API udif_errors udif_packet_deserialize(udif_network_packet *packet, const uint8_t *stream, size_t streamlen)
Deserialize packet from byte stream.
Definition transport.c:919

udif_session_dispose
UDIF_EXPORT_API void udif_session_dispose(udif_session_state *session)
Dispose session resources.
Definition transport.c:856

udif_session_is_established
UDIF_EXPORT_API bool udif_session_is_established(const udif_session_state *session)
Check if session is established.
Definition transport.c:1047

udif_packet_serialize
UDIF_EXPORT_API udif_errors udif_packet_serialize(uint8_t *stream, size_t *streamlen, const udif_network_packet *packet)
Serialize packet to byte stream.
Definition transport.c:878

udif_packet_clear
UDIF_EXPORT_API void udif_packet_clear(udif_network_packet *packet)
Clear packet state.
Definition transport.c:1032

udif_session_encrypt
UDIF_EXPORT_API udif_errors udif_session_encrypt(udif_session_state *session, udif_network_packet *packet, const uint8_t *plaintext, size_t plntextlen)
Encrypt a data packet.
Definition transport.c:543

udif_session_needs_ratchet
UDIF_EXPORT_API bool udif_session_needs_ratchet(const udif_session_state *session, uint64_t currtime)
Check if ratchet is needed.
Definition transport.c:835

udif_packet_set_time
UDIF_EXPORT_API void udif_packet_set_time(udif_network_packet *packet, uint64_t currtime)
Set packet timestamp.
Definition transport.c:1001

udif_session_initialize
UDIF_EXPORT_API void udif_session_initialize(udif_session_state *session)
Initialize a session state.
Definition transport.c:22

udif_session_handshake_resp
UDIF_EXPORT_API udif_errors udif_session_handshake_resp(udif_session_state *session, udif_network_packet *packet, const udif_network_packet *init_packet, const udif_child_certificate *local_cert, const uint8_t local_privkey[UDIF_ASYMMETRIC_SIGNING_KEY_SIZE], const uint8_t local_serial[UDIF_CERTIFICATE_SERIAL_SIZE], const udif_child_certificate *remote_cert, bool(*rng_generate)(uint8_t *, size_t))
Responder handles handshake init.
Definition transport.c:126

udif_session_handshake_init
UDIF_EXPORT_API udif_errors udif_session_handshake_init(udif_session_state *session, udif_network_packet *packet, const udif_child_certificate *local_cert, const uint8_t local_privkey[UDIF_ASYMMETRIC_SIGNING_KEY_SIZE], const uint8_t local_serial[UDIF_CERTIFICATE_SERIAL_SIZE], const uint8_t remote_serial[UDIF_CERTIFICATE_SERIAL_SIZE], bool(*rng_generate)(uint8_t *, size_t))
Initiator starts handshake.
Definition transport.c:39

udif_session_ratchet
UDIF_EXPORT_API udif_errors udif_session_ratchet(udif_session_state *session, udif_network_packet *packetout, const udif_network_packet *packetin, bool(*rng_generate)(uint8_t *, size_t))
Perform asymmetric ratchet.
Definition transport.c:665

udif_session_get_statistics
UDIF_EXPORT_API udif_errors udif_session_get_statistics(const udif_session_state *session, uint64_t *txseq, uint64_t *rxseq, uint64_t *epoch)
Get session statistics.
Definition transport.c:1063

udif_session_handshake_finish
UDIF_EXPORT_API udif_errors udif_session_handshake_finish(udif_session_state *session, udif_network_packet *packet, const udif_network_packet *confirm_packet)
Responder finishes handshake.
Definition transport.c:434

udif_session_decrypt
UDIF_EXPORT_API udif_errors udif_session_decrypt(udif_session_state *session, uint8_t *plaintext, size_t *plntextlen, const udif_network_packet *packet)
Decrypt a data packet.
Definition transport.c:589

udif.h
UDIF Common Definitions and Protocol Configuration.

UDIF_ASYMMETRIC_SIGNING_KEY_SIZE
#define UDIF_ASYMMETRIC_SIGNING_KEY_SIZE
The byte size of the asymmetric signature signing-key array.
Definition udif.h:258

UDIF_CRYPTO_HASH_SIZE
#define UDIF_CRYPTO_HASH_SIZE
The size of the certificate hash in bytes.
Definition udif.h:439

udif_errors
udif_errors
UDIF error codes.
Definition udif.h:628

UDIF_EXPORT_API
#define UDIF_EXPORT_API
The api export prefix.
Definition udifcommon.h:103