tunnel.h

Go to the documentation of this file.

/* 2025-2026 Quantum Resistant Cryptographic Solutions Corporation
 * All Rights Reserved.
 *
 * NOTICE:
 * This software and all accompanying materials are the exclusive property of
 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual
 * and technical concepts contained herein are proprietary to QRCS and are
 * protected under applicable Canadian, U.S., and international copyright,
 * patent, and trade secret laws.
 *
 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:
 * - This software includes implementations of cryptographic primitives and
 *   algorithms that are standardized or in the public domain, such as AES
 *   and SHA-3, which are not proprietary to QRCS.
 * - This software also includes cryptographic primitives, constructions, and
 *   algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and
 *   related components, which are proprietary to QRCS.
 * - All source code, implementations, protocol compositions, optimizations,
 *   parameter selections, and engineering work contained in this software are
 *   original works of QRCS and are protected under this license.
 *
 * LICENSE AND USE RESTRICTIONS:
 * - This software is licensed under the Quantum Resistant Cryptographic Solutions
 *   Public Research and Evaluation License (QRCS-PREL), 2025-2026.
 * - Permission is granted solely for non-commercial evaluation, academic research,
 *   cryptographic analysis, interoperability testing, and feasibility assessment.
 * - Commercial use, production deployment, commercial redistribution, or
 *   integration into products or services is strictly prohibited without a
 *   separate written license agreement executed with QRCS.
 * - Licensing and authorized distribution are solely at the discretion of QRCS.
 *
 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:
 * Portions of this software may include experimental, novel, or evolving
 * cryptographic designs. Use of this software is entirely at the user's risk.
 *
 * DISCLAIMER:
 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS
 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL
 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.
 *
 * FULL LICENSE:
 * This software is subject to the Quantum Resistant Cryptographic Solutions
 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms
 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.
 *
 * Written by: John G. Underhill
 * Contact: contact@qrcscorp.ca
 */
 
#ifndef UDIF_TUNNEL_H
#define UDIF_TUNNEL_H
 
#include "udif.h"
#include "message.h"
#include "qstp.h"

 
/* UDIF-over-QSTP transport profile */

#define UDIF_TRANSPORT_PROFILE_QSTP_INNER_HEADER 1U

#define UDIF_TRANSPORT_HEADER_EXTERNAL_AAD 0U

#define UDIF_TRANSPORT_RATCHET_DELEGATED_TO_QSTP 1U
 
/* UDIF record header */

#define UDIF_TUNNEL_RECORD_HEADER_SIZE 26U

#define UDIF_TUNNEL_TIME_WINDOW_SECONDS 60U

#define UDIF_TUNNEL_FLAG_DATA 0x01U

#define UDIF_TUNNEL_FLAG_KEEPALIVE 0x02U

#define UDIF_TUNNEL_FLAG_CLOSE 0x04U

#define UDIF_TUNNEL_FLAG_CONTROL 0x08U

UDIF_EXPORT_API typedef struct udif_tunnel_record_header
{
    uint64_t sequence;      
    uint64_t utctime;        
    uint64_t epoch;            
    uint8_t flags;         
    uint8_t suiteid;     
} udif_tunnel_record_header;
 
/* Cadence macros */

#define UDIF_KEEPALIVE_INTERVAL_A_SECONDS 300U

#define UDIF_KEEPALIVE_INTERVAL_E_SECONDS 120U

#define UDIF_KEEPALIVE_INTERVAL_U_SECONDS 120U

#if !defined(UDIF_KEEPALIVE_INTERVAL_SECONDS)
#   define UDIF_KEEPALIVE_INTERVAL_SECONDS UDIF_KEEPALIVE_INTERVAL_E_SECONDS
#endif

#define UDIF_IDLE_TEARDOWN_MULTIPLIER 2U

#define UDIF_IDLE_TEARDOWN_SECONDS (UDIF_KEEPALIVE_INTERVAL_SECONDS * UDIF_IDLE_TEARDOWN_MULTIPLIER)

#define UDIF_RATCHET_INTERVAL_SECONDS 3600U

#define UDIF_RATCHET_JITTER_SECONDS 300U
 
/* Role-pair and side enums */

typedef enum udif_rolepair
{
    udif_rolepair_none = 0U,                  
    udif_rolepair_ua_gc = 1U,                    
    udif_rolepair_gc_bc = 2U,                    
    udif_rolepair_bc_bc = 3U,                    
    udif_rolepair_bc_root = 4U,                    
    udif_rolepair_treaty = 5U                   
} udif_rolepair;

typedef enum udif_tunnel_side
{
    udif_tunnel_side_client = 0U,                
    udif_tunnel_side_server = 1U             
} udif_tunnel_side;
 
/* Tunnel state */

UDIF_EXPORT_API typedef struct udif_tunnel
{
    uint8_t peerserial[UDIF_SERIAL_NUMBER_SIZE];
    uint8_t treatyid[UDIF_SERIAL_NUMBER_SIZE];   
    qstp_connection_state* qstpcns;              
    uint64_t txsequence;                      
    uint64_t rxsequence;                      
    uint64_t epoch;                                
    uint64_t lastrxsecs;                      
    uint64_t lasttxsecs;                      
    uint64_t keepalivedeadline;                    
    uint64_t idledeadline;                      
    uint64_t ratchetdeadline;                    
    udif_rolepair rolepair;                        
    udif_tunnel_side side;                      
    bool closing;                                
} udif_tunnel;
 
/* Record header helpers */

UDIF_EXPORT_API udif_errors udif_tunnel_record_header_serialize(uint8_t* output, size_t outlen, const udif_tunnel_record_header* header);

UDIF_EXPORT_API udif_errors udif_tunnel_record_header_deserialize(udif_tunnel_record_header* header, const uint8_t* input, size_t inlen);

UDIF_EXPORT_API udif_errors udif_tunnel_record_header_validate(const udif_tunnel* tun, const udif_tunnel_record_header* header, uint64_t nowsecs);

UDIF_EXPORT_API uint8_t udif_tunnel_record_flag(udif_message_type msgtype);
 
/* Tunnel lifecycle */

UDIF_EXPORT_API udif_errors udif_tunnel_init(udif_tunnel* tun, qstp_connection_state* qstpcns, const uint8_t* peerserial,
    udif_rolepair rolepair, udif_tunnel_side side, const uint8_t* treatyid, uint64_t nowsecs);

UDIF_EXPORT_API void udif_tunnel_close(udif_tunnel* tun, bool notify);
 
/* Send and receive */

UDIF_EXPORT_API udif_errors udif_tunnel_send(udif_tunnel* tun, const udif_message* msg, uint64_t nowsecs);

UDIF_EXPORT_API udif_errors udif_tunnel_on_receive(udif_tunnel* tun, const uint8_t* input, size_t inplen, udif_message* outmsg, uint64_t nowsecs);
 
/* Timer tick: keepalive, idle teardown, QSTP rekey */

UDIF_EXPORT_API udif_errors udif_tunnel_tick(udif_tunnel* tun, uint64_t nowsecs);

UDIF_EXPORT_API udif_errors udif_tunnel_send_keepalive(udif_tunnel* tun, uint64_t nowsecs);

UDIF_EXPORT_API udif_errors udif_tunnel_trigger_ratchet(udif_tunnel* tun, uint64_t nowsecs);
 
/* Introspection */

UDIF_EXPORT_API bool udif_tunnel_is_open(const udif_tunnel* tun, uint64_t nowsecs);
 
#endif