udif.h File Reference

UDIF Common Definitions and Core Library Configuration. More...

#include "udifcommon.h"
#include "sha3.h"
#include "socketbase.h"
#include "rcs.h"

Go to the source code of this file.

Macros
#define	UDIF_USE_RCS_ENCRYPTION
	If the RCS encryption option is chosen SKDP uses the more modern RCS stream cipher with KMAC/QMAC authentication. The default symmetric cipher/authenticator is AES-256/GCM (GMAC Counter Mode) NIST standardized per SP800-38a.
#define	udif_cipher_state   qsc_rcs_state
#define	udif_cipher_dispose   qsc_rcs_dispose
#define	udif_cipher_initialize   qsc_rcs_initialize
#define	udif_cipher_keyparams   qsc_rcs_keyparams
#define	udif_cipher_set_associated   qsc_rcs_set_associated
#define	udif_cipher_transform   qsc_rcs_transform
#define	UDIF_CLAIM_ANCHOR_SIZE   32U
	The size of a claim anchor or merkle root in bytes.
#define	UDIF_POLICY_HASH_SIZE   32U
	The size of a policy identifier hash in bytes.
#define	UDIF_PERMISSION_MASK_SIZE   8U
	The size of a permission mask in bytes.
#define	UDIF_CAPABILITY_MASK_SIZE   8U
	The size of a capability mask in hex characters.
#define	UDIF_CAPABILITY_TOKEN_MAX_SIZE   2048U
	The maximum size of a serialized capability token.
#define	UDIF_SUITEID_SIZE   1U
	The UDIF suite id parameter size.
#define	UDIF_ROLE_SIZE   1U
	The UDIF role parameter size.
#define	UDIF_MINIMUM_TRUST   1U
	The minimum trust designation number.
#define	UDIF_NAME_MAX_SIZE   256U
	The maximum aps name string length in characters. The last character must be a string terminator.
#define	UDIF_TWOWAY_TRUST   1000002U
	The two-way trust designation number.
#define	UDIF_APPLICATION_CLIENT_PORT   39761U
	The default UDIF Client port number.
#define	UDIF_APPLICATION_IDG_PORT   39762U
	The default UDIF IDG port number.
#define	UDIF_APPLICATION_UBC_PORT   39763U
	The default UBC port number.
#define	UDIF_APPLICATION_UGC_PORT   39764U
	The default UGC port number.
#define	UDIF_APPLICATION_URA_PORT   39765U
	The default UUA port number.
#define	UDIF_APPLICATION_UUA_PORT   39766U
	The default UUA port number.
#define	UDIF_CANONICAL_NAME_MINIMUM_SIZE   3U
	The minimum canonical name size.
#define	UDIF_CERTIFICATE_ADDRESS_SIZE   22U
	The maximum IP address length.
#define	UDIF_CERTIFICATE_ALGORITHM_SIZE   1U
	The algorithm type.
#define	UDIF_CERTIFICATE_DEFAULT_PERIOD   ((uint64_t)365U * 24U * 60U * 60U)
	The default certificate validity period in milliseconds.
#define	UDIF_CERTIFICATE_DESIGNATION_SIZE   1U
	The size of the child certificate designation field.
#define	UDIF_CERTIFICATE_EXPIRATION_SIZE   16U
	The certificate expiration date length.
#define	UDIF_CERTIFICATE_HASH_SIZE   32U
	The size of the certificate hash in bytes.
#define	UDIF_CERTIFICATE_ISSUER_SIZE   256U
	The maximum certificate issuer string length. The last character must be a string terminator.
#define	UDIF_CERTIFICATE_LINE_LENGTH   64U
	The line length of the printed UDIF certificate.
#define	UDIF_CERTIFICATE_MAXIMUM_PERIOD   (UDIF_CERTIFICATE_DEFAULT_PERIOD * 2U)
	The maximum certificate validity period in milliseconds.
#define	UDIF_CERTIFICATE_MINIMUM_PERIOD   ((uint64_t)1U * 24U * 60U * 60U)
	The minimum certificate validity period in milliseconds.
#define	UDIF_CERTIFICATE_SERIAL_SIZE   16U
	The certificate serial number field length.
#define	UDIF_CERTIFICATE_HINT_SIZE   (UDIF_CERTIFICATE_HASH_SIZE + UDIF_CERTIFICATE_SERIAL_SIZE)
	The topological hint.
#define	UDIF_CERTIFICATE_SIGNED_HASH_SIZE   (UDIF_ASYMMETRIC_SIGNATURE_SIZE + UDIF_CERTIFICATE_HASH_SIZE)
	The size of the signature and hash field in a certificate.
#define	UDIF_CERTIFICATE_VERSION_SIZE   1U
	The version id.
#define	UDIF_CERTIFICATE_CHILD_SIZE
	The length of a child certificate.
#define	UDIF_CERTIFICATE_IDG_SIZE
	The length of an IDG certificate.
#define	UDIF_CERTIFICATE_ROOT_SIZE
	The length of the root certificate.
#define	UDIF_CRYPTO_SYMMETRIC_KEY_SIZE   32U
	The byte length of the symmetric cipher key.
#define	UDIF_MESSAGE_MAX_SIZE   1400000UL
	The maximum message size (max signature + max certificate sizes).
#define	UDIF_MFK_EXPIRATION_PERIOD   ((uint64_t)60U * 24U * 60U * 60U)
	The MFK validity period in milliseconds.
#define	UDIF_MINIMUM_PATH_LENGTH   9U
	The minimum file path length.
#define	UDIF_NETWORK_CONNECTION_MTU   1500U
	The UDIF packet buffer size.
#define	UDIF_NETWORK_DOMAIN_NAME_MAX_SIZE   256U
	The maximum domain name length in characters. The last character must be a string terminator.
#define	UDIF_NETWORK_MAX_APSS   1000000UL
	The maximum number of aps connections in a network.
#define	UDIF_NETWORK_NODE_ID_SIZE   16
	The node identification string length.
#define	UDIF_PERIOD_DAY_TO_SECONDS   (24U * 60U * 60U)
	A period of one day in seconds.
#define	UDIF_SOCKET_TERMINATOR_SIZE   1U
	The packet delimiter byte size.
#define	UDIF_PACKET_ERROR_SIZE   1U
	The packet error message byte size.
#define	UDIF_PACKET_HEADER_SIZE   22U
	The UDIF packet header size.
#define	UDIF_PACKET_SUBHEADER_SIZE   16U
	The UDIF packet sub-header size.
#define	UDIF_PACKET_SEQUENCE_TERMINATOR   0xFFFFFFFFUL
	The sequence number of a packet that closes a connection.
#define	UDIF_PACKET_TIME_SIZE   8U
	The byte size of the serialized packet time parameter.
#define	UDIF_PACKET_TIME_THRESHOLD   60U
	The maximum number of seconds a packet is valid.
#define	UDIF_NETWORK_TERMINATION_MESSAGE_SIZE   1U
	The network termination message size.
#define	UDIF_NETWORK_TERMINATION_PACKET_SIZE   (UDIF_PACKET_HEADER_SIZE + UDIF_NETWORK_TERMINATION_MESSAGE_SIZE)
	The network termination packet size.
#define	UDIF_ACTIVE_VERSION   1U
	The UDIF active version identifier.
#define	UDIF_ACTIVE_VERSION_SIZE   2U
	The UDIF version field size in bytes.
#define	UDIF_NAMESPACE_CODE_SIZE   8U
	The size of a namespace code (short string or numeric).
#define	UDIF_ISSUER_DOMAIN_CODE_SIZE   8U
	The size of an issuer domain code (unique identifier).
#define	UDIF_IDENTITY_ID_SIZE   32U
	The size of a subject identity identifier in bytes.
#define	UDIF_IDENTITY_MAX_SIZE   512U
	Maximum encoded identity blob size.
#define	UDIF_PERIOD_DAY_TO_SECONDS   (24U * 60U * 60U)
	A period of one day in seconds.
#define	UDIF_CERTIFICATE_ROLE_SIZE   1U
	The certificate role field size.
#define	UDIF_CERTIFICATE_SERIAL_SIZE   16U
	The certificate serial number field length.
#define	UDIF_CERTIFICATE_VERSION_SIZE   1U
	The version id.
#define	UDIF_CERTIFICATE_HASH_SIZE   32U
	The size of the certificate hash in bytes.
#define	UDIF_CERTIFICATE_SIGNED_HASH_SIZE   (UDIF_ASYMMETRIC_SIGNATURE_SIZE + UDIF_CERTIFICATE_HASH_SIZE)
	The size of the signature and hash field in a certificate.
#define	UDIF_CERTIFICATE_DEFAULT_PERIOD   ((uint64_t)365U * 24U * 60U * 60U)
	The default certificate validity period in milliseconds.
#define	UDIF_CERTIFICATE_MINIMUM_PERIOD   ((uint64_t)1U * 24U * 60U * 60U)
	The minimum certificate validity period in milliseconds.
#define	UDIF_CERTIFICATE_MAXIMUM_PERIOD   (UDIF_CERTIFICATE_DEFAULT_PERIOD * 2U)
	The maximum certificate validity period in milliseconds.
#define	UDIF_CRYPTO_SYMMETRIC_KEY_SIZE   32U
	The byte length of the symmetric cipher key.
#define	UDIF_CRYPTO_SYMMETRIC_MAC_SIZE   32U
	Symmetric cipher authentication tag size in bytes.
#define	UDIF_CRYPTO_SYMMETRIC_HASH_SIZE   32U
	Hash output size in bytes (SHA3-256).
#define	UDIF_CRYPTO_SYMMETRIC_NONCE_SIZE   32U
	The byte length of the symmetric cipher nonce.
#define	UDIF_CRYPTO_SEED_SIZE   64U
	The seed array byte size.
#define	UDIF_CRYPTO_SYMMETRIC_TOKEN_SIZE   32U
	The byte length of the symmetric token.
#define	UDIF_CRYPTO_SYMMETRIC_HASH_SIZE   32U
	Hash output size in bytes (SHA3-256).
#define	UDIF_CRYPTO_SYMMETRIC_MAC_SIZE   32U
	Symmetric cipher authentication tag size in bytes.
#define	UDIF_CRYPTO_SYMMETRIC_SECRET_SIZE   32U
	The shared secret byte size.
#define	UDIF_CERTIFICATE_HEADER_SIZE   64U
	The UDIF certificate header string length.
#define	UDIF_CERTIFICATE_FOOTER_SIZE   64U
	The UDIF certificate footer string length.
#define	UDIF_CERTIFICATE_ISSUER_PREFIX_SIZE   9U
	The certificate issuer prefix length.
#define	UDIF_CERTIFICATE_SERIAL_PREFIX_SIZE   9U
	The certificate serial prefix length.
#define	UDIF_CERTIFICATE_VALID_FROM_PREFIX_SIZE   13U
	The "valid from" field prefix length.
#define	UDIF_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE   6U
	The "valid to" field prefix length.
#define	UDIF_CERTIFICATE_ALGORITHM_PREFIX_SIZE   12U
	The algorithm field prefix length.
#define	UDIF_CERTIFICATE_VERSION_PREFIX_SIZE   10U
	The version field prefix length.
#define	UDIF_CERTIFICATE_ROLE_PREFIX_SIZE   6U
	The role field prefix length.
#define	UDIF_ROOT_CERTIFICATE_HEADER_SIZE   64U
#define	UDIF_ROOT_CERTIFICATE_HASH_PREFIX_SIZE   19U
#define	UDIF_ROOT_CERTIFICATE_PUBLICKEY_PREFIX_SIZE   13U
#define	UDIF_ROOT_CERTIFICATE_ISSUER_PREFIX_SIZE   9U
#define	UDIF_ROOT_CERTIFICATE_NAME_PREFIX_SIZE   7U
#define	UDIF_ROOT_CERTIFICATE_SERIAL_PREFIX_SIZE   9U
#define	UDIF_ROOT_CERTIFICATE_FOOTER_SIZE   64U
#define	UDIF_ROOT_CERTIFICATE_VALID_FROM_PREFIX_SIZE   13U
#define	UDIF_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE   6U
#define	UDIF_ROOT_CERTIFICATE_ALGORITHM_PREFIX_SIZE   12U
#define	UDIF_ROOT_CERTIFICATE_VERSION_PREFIX_SIZE   10U
#define	UDIF_ROOT_CERTIFICATE_CAPABILITY_MASK_PREFIX_SIZE   18U
#define	UDIF_ROOT_CERTIFICATE_DEFAULT_NAME_SIZE   18U
#define	UDIF_ACTIVE_VERSION_STRING_SIZE   5U

Typedefs
typedef UDIF_EXPORT_API enum udif_configuration_sets	udif_configuration_sets
typedef UDIF_EXPORT_API enum udif_network_designations	udif_network_designations
typedef UDIF_EXPORT_API enum udif_network_errors	udif_network_errors
typedef UDIF_EXPORT_API enum udif_network_flags	udif_network_flags
typedef UDIF_EXPORT_API enum udif_protocol_errors	udif_protocol_errors
typedef UDIF_EXPORT_API enum udif_claim_type	udif_claim_type
typedef UDIF_EXPORT_API enum udif_token_type	udif_token_type
typedef UDIF_EXPORT_API enum udif_capability_id	udif_capability_id
typedef UDIF_EXPORT_API enum udif_permission_class	udif_permission_class
typedef UDIF_EXPORT_API enum udif_policy_decision	udif_policy_decision
typedef UDIF_EXPORT_API enum udif_verify_policy	udif_verify_policy
typedef UDIF_EXPORT_API enum udif_time_validation	udif_time_validation
typedef UDIF_EXPORT_API enum udif_status	udif_status
typedef UDIF_EXPORT_API enum udif_error_identity	udif_error_identity
typedef UDIF_EXPORT_API enum udif_error_certificate	udif_error_certificate
typedef UDIF_EXPORT_API enum udif_error_claims	udif_error_claims
typedef UDIF_EXPORT_API enum udif_error_capability	udif_error_capability
typedef UDIF_EXPORT_API enum udif_error_policy	udif_error_policy
typedef UDIF_EXPORT_API enum udif_error_encoding	udif_error_encoding

Enumerations
enum	udif_configuration_sets {   udif_configuration_set_none = 0x00U , udif_configuration_set_dilithium1_kyber1_rcs256_shake256 = 0x01U , udif_configuration_set_dilithium3_kyber3_rcs256_shake256 = 0x02U , udif_configuration_set_dilithium5_kyber5_rcs256_shake256 = 0x03U ,   udif_configuration_set_dilithium5_kyber6_rcs512_shake256 = 0x04U , udif_configuration_set_sphincsplus1f_mceliece1_rcs256_shake256 = 0x05U , udif_configuration_set_sphincsplus1s_mceliece1_rcs256_shake256 = 0x06U , udif_configuration_set_sphincsplus3f_mceliece3_rcs256_shake256 = 0x07U ,   udif_configuration_set_sphincsplus3s_mceliece3_rcs256_shake256 = 0x08U , udif_configuration_set_sphincsplus5f_mceliece5_rcs256_shake256 = 0x09U , udif_configuration_set_sphincsplus5s_mceliece5_rcs256_shake256 = 0x0AU , udif_configuration_set_sphincsplus5f_mceliece6_rcs256_shake256 = 0x0BU ,   udif_configuration_set_sphincsplus5s_mceliece6_rcs256_shake256 = 0x0CU , udif_configuration_set_sphincsplus5f_mceliece7_rcs256_shake256 = 0x0DU , udif_configuration_set_sphincsplus5s_mceliece7_rcs256_shake256 = 0x0EU }
	The UDIF algorithm configuration sets. More...
enum	udif_network_designations {   udif_network_designation_none = 0x00U , udif_network_designation_ubc = 0x01U , udif_network_designation_client = 0x02U , udif_network_designation_ugc = 0x03U ,   udif_network_designation_remote = 0x04U , udif_network_designation_ura = 0x05U , udif_network_designation_revoked = 0x06U , udif_network_designation_idg = 0x07U ,   udif_network_designation_uua = 0x08U , udif_network_designation_all = 0xFFU }
	The UDIF device designation. More...
enum	udif_network_errors {   udif_network_error_none = 0x00U , udif_network_error_accept_fail = 0x01U , udif_network_error_auth_failure = 0x02U , udif_network_error_bad_keep_alive = 0x03U ,   udif_network_error_channel_down = 0x04U , udif_network_error_connection_failure = 0x05U , udif_network_error_decryption_failure = 0x06U , udif_network_error_establish_failure = 0x07U ,   udif_network_error_general_failure = 0x08U , udif_network_error_hosts_exceeded = 0x09U , udif_network_error_identity_unknown = 0x10U , udif_network_error_invalid_input = 0x1AU ,   udif_network_error_invalid_request = 0x1BU , udif_network_error_keep_alive_expired = 0x1CU , udif_network_error_keep_alive_timeout = 0x1DU , udif_network_error_kex_auth_failure = 0x1EU ,   udif_network_error_key_not_recognized = 0x1FU , udif_network_error_key_has_expired = 0x20U , udif_network_error_listener_fail = 0x21U , udif_network_error_memory_allocation = 0x22U ,   udif_network_error_packet_unsequenced = 0x23U , udif_network_error_random_failure = 0x24U , udif_network_error_ratchet_fail = 0x25U , udif_network_error_receive_failure = 0x26U ,   udif_network_error_transmit_failure = 0x27U , udif_network_error_unknown_protocol = 0x28U , udif_network_error_unsequenced = 0x29U , udif_network_error_verify_failure = 0x2AU }
	The UDIF network error values. More...
enum	udif_network_flags {   udif_network_flag_none = 0x00U , udif_network_flag_connection_terminate_request = 0x01U , udif_network_flag_error_condition = 0x02U , udif_network_flag_incremental_update_request = 0x09U ,   udif_network_flag_incremental_update_response = 0x0AU , udif_network_flag_register_request = 0x0BU , udif_network_flag_register_response = 0x0CU , udif_network_flag_register_update_request = 0x0DU ,   udif_network_flag_register_update_response = 0x0EU , udif_network_flag_keep_alive_request = 0x0FU , udif_network_flag_keep_alive_response = 0x10U , udif_network_flag_network_announce_broadcast = 0x15U ,   udif_network_flag_network_converge_request = 0x16U , udif_network_flag_network_converge_response = 0x17U , udif_network_flag_network_converge_update = 0x18U , udif_network_flag_network_resign_request = 0x19U ,   udif_network_flag_network_resign_response = 0x1AU , udif_network_flag_network_revocation_broadcast = 0x1BU , udif_network_flag_network_signature_request = 0x1CU , udif_network_flag_system_error_condition = 0x1DU ,   udif_network_flag_tunnel_connection_terminate = 0x1EU , udif_network_flag_tunnel_encrypted_message = 0x1FU , udif_network_flag_tunnel_session_established = 0x20U , udif_network_flag_tunnel_transfer_request = 0x21U ,   udif_network_flag_topology_query_request = 0x22U , udif_network_flag_topology_query_response = 0x23U , udif_network_flag_topology_status_request = 0x24U , udif_network_flag_topology_status_response = 0x25U ,   udif_network_flag_topology_status_available = 0x26U , udif_network_flag_topology_status_synchronized = 0x27U , udif_network_flag_topology_status_unavailable = 0x28U , udif_network_flag_network_remote_signing_request = 0x29U ,   udif_network_flag_network_remote_signing_response = 0x2AU }
	The UDIF network flags. More...
enum	udif_protocol_errors {   udif_protocol_error_none = 0x00U , udif_protocol_error_authentication_failure = 0x01U , udif_protocol_error_certificate_not_found = 0x02U , udif_protocol_error_channel_down = 0x03U ,   udif_protocol_error_connection_failure = 0x04U , udif_protocol_error_connect_failure = 0x05U , udif_protocol_error_convergence_failure = 0x06U , udif_protocol_error_convergence_synchronized = 0x07U ,   udif_protocol_error_decapsulation_failure = 0x08U , udif_protocol_error_decoding_failure = 0x09U , udif_protocol_error_decryption_failure = 0x0AU , udif_protocol_error_establish_failure = 0x0BU ,   udif_protocol_error_exchange_failure = 0x0CU , udif_protocol_error_file_not_deleted = 0x0DU , udif_protocol_error_file_not_found = 0x0EU , udif_protocol_error_file_not_written = 0x0FU ,   udif_protocol_error_hash_invalid = 0x10U , udif_protocol_error_hosts_exceeded = 0x11U , udif_protocol_error_invalid_request = 0x12U , udif_protocol_error_certificate_expired = 0x13U ,   udif_protocol_error_key_expired = 0x14U , udif_protocol_error_key_unrecognized = 0x15U , udif_protocol_error_listener_fail = 0x16U , udif_protocol_error_memory_allocation = 0x17U ,   udif_protocol_error_message_time_invalid = 0x18U , udif_protocol_error_message_verification_failure = 0x19U , udif_protocol_error_no_usable_address = 0x1AU , udif_protocol_error_node_not_available = 0x1BU ,   udif_protocol_error_node_not_found = 0x1CU , udif_protocol_error_node_was_registered = 0x1DU , udif_protocol_error_operation_cancelled = 0x1EU , udif_protocol_error_packet_header_invalid = 0x1FU ,   udif_protocol_error_packet_unsequenced = 0x20U , udif_protocol_error_receive_failure = 0x21U , udif_protocol_error_root_signature_invalid = 0x22U , udif_protocol_error_serialization_failure = 0x23U ,   udif_protocol_error_signature_failure = 0x24U , udif_protocol_error_signing_failure = 0x25U , udif_protocol_error_socket_binding = 0x26U , udif_protocol_error_socket_creation = 0x27U ,   udif_protocol_error_transmit_failure = 0x28U , udif_protocol_error_topology_no_aps = 0x29U , udif_protocol_error_unknown_protocol = 0x2AU , udif_protocol_error_verification_failure = 0x2BU }
	The UDIF protocol error values. More...
enum	udif_claim_type {   udif_claim_unknown = 0x00U , udif_claim_commodity_id = 0x10U , udif_claim_biometric_hash = 0x11U , udif_claim_institution_id = 0x12U ,   udif_claim_public_key = 0x13U , udif_claim_age_over = 0x14U , udif_claim_citizenship = 0x15U , udif_claim_residency = 0x16U ,   udif_claim_membership_id = 0x17U , udif_claim_contact_email = 0x18U , udif_claim_contact_phone = 0x19U , udif_claim_address = 0x1AU ,   udif_claim_custom = 0x7FU }
	Claim type identifiers (deterministic canonicalization required). More...
enum	udif_token_type { udif_token_none = 0x00U , udif_token_capability = 0x01U , udif_token_attestation = 0x02U , udif_token_session = 0x03U }
	Token families issued/validated within UDIF. More...
enum	udif_capability_id {   udif_cap_issue_certificate = 0x00U , udif_cap_revoke_certificate = 0x01U , udif_cap_issue_token = 0x02U , udif_cap_validate_token = 0x03U ,   udif_cap_register_issuer = 0x04U , udif_cap_rotate_keys = 0x05U , udif_cap_directory_query = 0x06U , udif_cap_audit_log_access = 0x07U ,   udif_cap_admin = 0x08U }
	Canonical capability identifiers (bit positions map to the mask). More...
enum	udif_permission_class {   udif_perm_read_claims = 0x00U , udif_perm_write_claims = 0x01U , udif_perm_read_certs = 0x02U , udif_perm_write_certs = 0x03U ,   udif_perm_manage_policy = 0x04U , udif_perm_manage_caps = 0x05U , udif_perm_delegate = 0x06U , udif_perm_export_identity = 0x07U ,   udif_perm_import_identity = 0x08U }
	Permission classes whose bits populate the permission mask. More...
enum	udif_policy_decision { udif_policy_permit = 0x00U , udif_policy_deny = 0x01U , udif_policy_indeterminate = 0x02U , udif_policy_not_applicable = 0x03U }
	Policy evaluation outcome. More...
enum	udif_verify_policy { udif_verify_strict = 0x00U , udif_verify_lenient = 0x01U }
	Verification strictness for identity/cert/claim checks. More...
enum	udif_time_validation { udif_time_valid = 0x00U , udif_time_future = 0x01U , udif_time_expired = 0x02U , udif_time_skew_exceeds = 0x03U }
	Results of time/validity-window checks. More...
enum	udif_status {   udif_status_success = 0x00U , udif_status_invalid_argument = 0x01U , udif_status_not_found = 0x02U , udif_status_already_exists = 0x03U ,   udif_status_out_of_memory = 0x04U , udif_status_buffer_too_small = 0x05U , udif_status_not_supported = 0x06U , udif_status_internal_error = 0x07U }
	Generic status codes for UDIF operations. More...
enum	udif_error_identity {   udif_eid_none = 0x00U , udif_eid_namespace_bad = 0x01U , udif_eid_issuer_bad = 0x02U , udif_eid_subject_bad = 0x03U ,   udif_eid_mask_invalid = 0x04U , udif_eid_anchor_mismatch = 0x05U , udif_eid_sig_invalid = 0x06U , udif_eid_expired = 0x07U ,   udif_eid_future = 0x08U }
	Identity-specific error codes. More...
enum	udif_error_certificate {   udif_ecert_none = 0x00U , udif_ecert_type_unknown = 0x01U , udif_ecert_serial_bad = 0x02U , udif_ecert_chain_invalid = 0x03U ,   udif_ecert_sig_invalid = 0x04U , udif_ecert_expired = 0x05U , udif_ecert_future = 0x06U , udif_ecert_policy_mismatch = 0x07U ,   udif_ecert_revoked = 0x08U }
	Certificate-specific error codes. More...
enum	udif_error_claims {   udif_ecl_none = 0x00U , udif_ecl_type_unknown = 0x01U , udif_ecl_encoding_bad = 0x02U , udif_ecl_canonical_fail = 0x03U ,   udif_ecl_anchor_bad = 0x04U , udif_ecl_value_invalid = 0x05U }
	Claim/claim-set error codes. More...
enum	udif_error_capability { udif_ecap_none = 0x00U , udif_ecap_denied = 0x01U , udif_ecap_mask_empty = 0x02U , udif_ecap_mask_conflict = 0x03U }
	Capability/permission evaluation errors. More...
enum	udif_error_policy { udif_epol_none = 0x00U , udif_epol_not_found = 0x01U , udif_epol_hash_mismatch = 0x02U , udif_epol_indeterminate = 0x03U }
	Policy evaluation/lookup errors. More...
enum	udif_error_encoding {   udif_eenc_none = 0x00U , udif_eenc_overflow = 0x01U , udif_eenc_underflow = 0x02U , udif_eenc_format = 0x03U ,   udif_eenc_unsupported = 0x04U }
	Encoding/decoding errors for UDIF objects. More...

Detailed Description

UDIF Common Definitions and Core Library Configuration.

UDIF Common Definitions and Protocol Configuration.

This header defines the common constants, macros, enumerations, structures, and public API prototypes for the Universal Digital Identity Framework (UDIF). It provides the core library configuration used by UDIF components (controllers, proxies, institutional servers, and clients), including certificate and claim handling, capability tokens, identity encoding, permission masks, and secure transport primitives sourced from the QSC library.

UDIF composes standardized post-quantum asymmetric schemes with SHAKE-based hashing/KDF and an AEAD stream cipher for confidentiality and integrity. Algorithm families are selected through build-time configuration, mapping UDIF high-level operations (key generation, encapsulation/decapsulation, signing, verification, hashing, KDF, AEAD) to corresponding QSC library implementations. This style follows the MPDC design pattern (function-mapping macros, configurable parameter sets, and protocol-wide constants) to ensure portability across deployments and security levels.

Key elements defined in this header include: Function-Mapping Macros: Aliases that bind UDIF cryptographic operations (KEM, signature, hash/KDF, AEAD) to QSC implementations selected via compile-time parameter sets. Modifiable Constants: Preprocessor options to enable/disable library features (e.g., certificate extensions, epoch/valid-time enforcement, extended MAC length, strict claim validation, IPv6). Parameter Macros: Canonical byte lengths and field sizes for identities, serials, certificate fields, capability tokens, claim encodings, network packet framing, timing windows, and maximum message sizes. Enumerations: Configuration sets, entity designations (UDC, UIP, UIS, Client), error/status codes for library and protocol operations, certificate and claim types, capability and permission classes, and versioning. Structures: Root, domain, and entity certificates; identity descriptors; capability/permission masks; claim sets; encoded identity blobs; network packet headers; and cipher/key parameter aggregates. Static Constants: Canonical strings (PEM-like headers/footers), OID/label tags, human-readable error text, and curve/parameter labels aligned to the active configuration set.

Public API Prototypes: Core routines for certificate/claim encode-decode, identity/capability validation, token issue/verify, packet header (de)serialization and time-window checks, AEAD context management, and error-to-string conversion.

Note

UDIF builds on a shared “common” header for export macros, debug asserts, and compiler/visibility control. Include udifcommon.h prior to using this header in all translation units.

Design Rationale and Parity with MPDC

UDIF adopts the MPDC header organization to maximize reuse and consistency across projects: function-mapping macros for cryptographic agility; tightly scoped, centrally defined size constants; strict packet header format with time-validity windows; and compact error enums with string tables. Implementations SHOULD mirror MPDC’s packet-associated-data practice (adding serialized headers as AEAD associated data) and sequence/time checks when applicable to UDIF transport wrappers.

Test

Although this header does not implement tests, it underpins modules that validate: Correct mapping of UDIF high-level calls to QSC routines and parameter sets. Consistency of field/size constants for identities, certificates, claims, and tokens. Deterministic (de)serialization of headers, certificates, capabilities, and claims. Enforcement of sequence and UTC valid-time windows in packet prechecks. Accurate conversion of error/status codes to diagnostic strings. These tests collectively ensure correctness, robustness, and cryptographic soundness of the UDIF core library.

This header defines the common constants, macros, enumerations, structures, and function prototypes for the Anonymous Encrypted Relay Network (UDIF). It provides configuration for the cryptographic parameter sets, certificate handling, network protocol operations, and socket communication required to implement the UDIF protocol.

The UDIF protocol leverages a combination of asymmetric cipher and signature schemes from the QSC library. The parameter sets can be configured in the QSC library's common.h file. For maximum security, the McEliece/SPHINCS+ parameter set is recommended; for a balance of performance and security, the Dilithium/Kyber parameter set is advised.

Key components defined in this header include:

• Function Mapping Macros: Aliases that map UDIF high-level cryptographic operations (key generation, encapsulation/decapsulation, signing, and verification) to the corresponding functions in the QSC library, based on the selected configuration.
• Modifiable Constants: Preprocessor definitions that enable or disable protocol features (e.g., client-to-client encrypted tunneling, master fragment key cycling, IPv6 networking, and extended session security).
• Parameter Macros: Definitions for key sizes, certificate field sizes, network settings, and timing values that ensure consistency across the UDIF protocol implementation.
• Enumerations: Enumerated types for UDIF configuration sets, network designations, network and protocol error codes, and version sets.
• Structures: Data structures representing various certificates (ADC, APS, ROOT), connection and keep alive states, network packets, and cryptographic key pairs. These structures are central to protocol operations such as certificate management and secure message exchange.
• Static Constants: Predefined strings for certificate header/footer information and network designation labels.
• Public API Functions: Prototypes for functions handling connection management, packet encryption/decryption, packet serialization/deserialization, and error string conversion.

Note

When using the McEliece/SPHINCS+ configuration in Visual Studio, it is recommended to increase the maximum stack size (for example, to 200KB) to accommodate the larger key sizes.

Test

Although this header does not directly implement test routines, it underpins multiple test modules that validate:

• The correct mapping of UDIF high-level function calls to the underlying QSC library routines.
• The consistency and accuracy of defined constants (e.g., key sizes, certificate sizes, network parameters).
• The proper serialization/deserialization of packet headers and full packets (via udif_packet_header_serialize and udif_stream_to_packet).
• The correct conversion of error codes to descriptive strings (using udif_network_error_to_string and udif_protocol_error_to_string).

These tests collectively ensure the robustness, consistency, and security of the UDIF protocol configuration.

Macro Definition Documentation

UDIF_CERTIFICATE_CHILD_SIZE

#define UDIF_CERTIFICATE_CHILD_SIZE

Value:

    (UDIF_CERTIFICATE_SIGNED_HASH_SIZE + \
    UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    UDIF_CERTIFICATE_ISSUER_SIZE + \
    UDIF_CERTIFICATE_SERIAL_SIZE + \
    UDIF_CERTIFICATE_SERIAL_SIZE + \
    UDIF_CERTIFICATE_EXPIRATION_SIZE + \
    UDIF_CERTIFICATE_DESIGNATION_SIZE + \
    UDIF_CERTIFICATE_ALGORITHM_SIZE + \
    UDIF_CERTIFICATE_VERSION_SIZE + \
    UDIF_SUITEID_SIZE + \
    UDIF_ROLE_SIZE + \
    UDIF_CAPABILITY_MASK_SIZE)

The length of a child certificate.

UDIF_CERTIFICATE_DEFAULT_PERIOD [1/2]

#define UDIF_CERTIFICATE_DEFAULT_PERIOD   ((uint64_t)365U * 24U * 60U * 60U)

The default certificate validity period in milliseconds.

Default certificate validity period in seconds (1 year).

UDIF_CERTIFICATE_DEFAULT_PERIOD [2/2]

#define UDIF_CERTIFICATE_DEFAULT_PERIOD   ((uint64_t)365U * 24U * 60U * 60U)

The default certificate validity period in milliseconds.

Default certificate validity period in seconds (1 year).

UDIF_CERTIFICATE_HASH_SIZE [1/2]

#define UDIF_CERTIFICATE_HASH_SIZE   32U

The size of the certificate hash in bytes.

The size of the certificate hash in bytes (SHA3-256).

UDIF_CERTIFICATE_HASH_SIZE [2/2]

#define UDIF_CERTIFICATE_HASH_SIZE   32U

The size of the certificate hash in bytes.

The size of the certificate hash in bytes (SHA3-256).

UDIF_CERTIFICATE_IDG_SIZE

#define UDIF_CERTIFICATE_IDG_SIZE

Value:

    (UDIF_ASYMMETRIC_SIGNATURE_SIZE + \
    UDIF_CERTIFICATE_HASH_SIZE + \
    UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    UDIF_CERTIFICATE_ISSUER_SIZE + \
    UDIF_CERTIFICATE_ADDRESS_SIZE + \
    UDIF_CERTIFICATE_SERIAL_SIZE + \
    UDIF_CERTIFICATE_SERIAL_SIZE + \
    UDIF_CERTIFICATE_EXPIRATION_SIZE + \
    UDIF_CERTIFICATE_DESIGNATION_SIZE + \
    UDIF_CERTIFICATE_ALGORITHM_SIZE + \
    UDIF_CERTIFICATE_VERSION_SIZE + \
    UDIF_SUITEID_SIZE + \
    UDIF_ROLE_SIZE + \
    UDIF_CAPABILITY_MASK_SIZE)

The length of an IDG certificate.

UDIF_CERTIFICATE_MAXIMUM_PERIOD [1/2]

#define UDIF_CERTIFICATE_MAXIMUM_PERIOD   (UDIF_CERTIFICATE_DEFAULT_PERIOD * 2U)

The maximum certificate validity period in milliseconds.

Maximum certificate validity period in seconds (2 years).

UDIF_CERTIFICATE_MAXIMUM_PERIOD [2/2]

#define UDIF_CERTIFICATE_MAXIMUM_PERIOD   (UDIF_CERTIFICATE_DEFAULT_PERIOD * 2U)

The maximum certificate validity period in milliseconds.

Maximum certificate validity period in seconds (2 years).

UDIF_CERTIFICATE_MINIMUM_PERIOD [1/2]

#define UDIF_CERTIFICATE_MINIMUM_PERIOD   ((uint64_t)1U * 24U * 60U * 60U)

The minimum certificate validity period in milliseconds.

Minimum certificate validity period in seconds (1 day).

UDIF_CERTIFICATE_MINIMUM_PERIOD [2/2]

#define UDIF_CERTIFICATE_MINIMUM_PERIOD   ((uint64_t)1U * 24U * 60U * 60U)

The minimum certificate validity period in milliseconds.

Minimum certificate validity period in seconds (1 day).

UDIF_CERTIFICATE_ROOT_SIZE

#define UDIF_CERTIFICATE_ROOT_SIZE

Value:

    (UDIF_CERTIFICATE_HASH_SIZE + \
    UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    UDIF_CERTIFICATE_ISSUER_SIZE + \
    UDIF_CERTIFICATE_SERIAL_SIZE + \
    UDIF_CERTIFICATE_EXPIRATION_SIZE + \
    UDIF_CERTIFICATE_ALGORITHM_SIZE + \
    UDIF_CERTIFICATE_VERSION_SIZE + \
    UDIF_SUITEID_SIZE + \
    UDIF_ROLE_SIZE + \
    UDIF_CAPABILITY_MASK_SIZE)

The length of the root certificate.

UDIF_CERTIFICATE_SIGNED_HASH_SIZE [1/2]

#define UDIF_CERTIFICATE_SIGNED_HASH_SIZE   (UDIF_ASYMMETRIC_SIGNATURE_SIZE + UDIF_CERTIFICATE_HASH_SIZE)

The size of the signature and hash field in a certificate.

The combined size of a signature and certificate hash.

UDIF_CERTIFICATE_SIGNED_HASH_SIZE [2/2]

#define UDIF_CERTIFICATE_SIGNED_HASH_SIZE   (UDIF_ASYMMETRIC_SIGNATURE_SIZE + UDIF_CERTIFICATE_HASH_SIZE)

The size of the signature and hash field in a certificate.

The combined size of a signature and certificate hash.

UDIF_CERTIFICATE_VERSION_SIZE [1/2]

#define UDIF_CERTIFICATE_VERSION_SIZE   1U

The version id.

The certificate version field size.

UDIF_CERTIFICATE_VERSION_SIZE [2/2]

#define UDIF_CERTIFICATE_VERSION_SIZE   1U

The version id.

The certificate version field size.

UDIF_CRYPTO_SYMMETRIC_HASH_SIZE [1/2]

#define UDIF_CRYPTO_SYMMETRIC_HASH_SIZE   32U

Hash output size in bytes (SHA3-256).

The hash function output byte size.

UDIF_CRYPTO_SYMMETRIC_HASH_SIZE [2/2]

#define UDIF_CRYPTO_SYMMETRIC_HASH_SIZE   32U

Hash output size in bytes (SHA3-256).

The hash function output byte size.

UDIF_CRYPTO_SYMMETRIC_KEY_SIZE [1/2]

#define UDIF_CRYPTO_SYMMETRIC_KEY_SIZE   32U

The byte length of the symmetric cipher key.

Symmetric cipher key length in bytes.

UDIF_CRYPTO_SYMMETRIC_KEY_SIZE [2/2]

#define UDIF_CRYPTO_SYMMETRIC_KEY_SIZE   32U

The byte length of the symmetric cipher key.

Symmetric cipher key length in bytes.

UDIF_CRYPTO_SYMMETRIC_MAC_SIZE [1/2]

#define UDIF_CRYPTO_SYMMETRIC_MAC_SIZE   32U

Symmetric cipher authentication tag size in bytes.

The MAC function output byte size.

UDIF_CRYPTO_SYMMETRIC_MAC_SIZE [2/2]

#define UDIF_CRYPTO_SYMMETRIC_MAC_SIZE   32U

Symmetric cipher authentication tag size in bytes.

The MAC function output byte size.

Enumeration Type Documentation

udif_capability_id

enum udif_capability_id

Canonical capability identifiers (bit positions map to the mask).

Enumerator
udif_cap_issue_certificate	Issue subordinate certificates
udif_cap_revoke_certificate	Revoke certificates
udif_cap_issue_token	Issue capability/attestation tokens
udif_cap_validate_token	Validate tokens and claims
udif_cap_register_issuer	Register issuer domain codes
udif_cap_rotate_keys	Rotate root/issuer keys
udif_cap_directory_query	Query directory / discovery
udif_cap_audit_log_access	Access audit logs
udif_cap_admin	Administrative override

udif_claim_type

enum udif_claim_type

Claim type identifiers (deterministic canonicalization required).

Enumerator
udif_claim_unknown	Unspecified claim type
udif_claim_commodity_id	Commodity/asset identifier
udif_claim_biometric_hash	Biometric template hash
udif_claim_institution_id	Institutional ID / account
udif_claim_public_key	Subject’s public key / fingerprint
udif_claim_age_over	Age threshold proof (boolean)
udif_claim_citizenship	Country citizenship assertion
udif_claim_residency	Residency assertion
udif_claim_membership_id	Membership/affiliation identifier
udif_claim_contact_email	Email address (validated form)
udif_claim_contact_phone	Phone (E.164 normalized)
udif_claim_address	Postal/civic address (normalized)
udif_claim_custom	Implementation-specific/custom

udif_configuration_sets

enum udif_configuration_sets

The UDIF algorithm configuration sets.

Enumerator
udif_configuration_set_none	No algorithm identifier is set
udif_configuration_set_dilithium1_kyber1_rcs256_shake256	The Dilithium-S1/Kyber-S1/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_dilithium3_kyber3_rcs256_shake256	The Dilithium-S3/Kyber-S3/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_dilithium5_kyber5_rcs256_shake256	The Dilithium-S5/Kyber-S5/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_dilithium5_kyber6_rcs512_shake256	The Dilithium-S5/Kyber-S6/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_sphincsplus1f_mceliece1_rcs256_shake256	The SPHINCS+-S1F/McEliece-S1/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_sphincsplus1s_mceliece1_rcs256_shake256	The SPHINCS+-S1S/McEliece-S1/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_sphincsplus3f_mceliece3_rcs256_shake256	The SPHINCS+-S3F/McEliece-S3/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_sphincsplus3s_mceliece3_rcs256_shake256	The SPHINCS+-S3S/McEliece-S3/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_sphincsplus5f_mceliece5_rcs256_shake256	The SPHINCS+-S5F/McEliece-S5a/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_sphincsplus5s_mceliece5_rcs256_shake256	The SPHINCS+-S5S/McEliece-S5a/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_sphincsplus5f_mceliece6_rcs256_shake256	The SPHINCS+-S5F/McEliece-S5b/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_sphincsplus5s_mceliece6_rcs256_shake256	The SPHINCS+-S5S/McEliece-S5b/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_sphincsplus5f_mceliece7_rcs256_shake256	The SPHINCS+-S5F/McEliece-S5c/RCS-256/SHAKE-256 algorithm set
udif_configuration_set_sphincsplus5s_mceliece7_rcs256_shake256	The SPHINCS+-S5S/McEliece-S5c/RCS-256/SHAKE-256 algorithm set

udif_error_capability

enum udif_error_capability

Capability/permission evaluation errors.

Enumerator
udif_ecap_none	No error
udif_ecap_denied	Capability denied by policy
udif_ecap_mask_empty	Empty/zero capability mask
udif_ecap_mask_conflict	Conflicting capability bits

udif_error_certificate

enum udif_error_certificate

Certificate-specific error codes.

Enumerator
udif_ecert_none	No error
udif_ecert_type_unknown	Unknown certificate type
udif_ecert_serial_bad	Serial malformed/unknown
udif_ecert_chain_invalid	Chain does not validate to UDC
udif_ecert_sig_invalid	Signature invalid
udif_ecert_expired	Certificate expired
udif_ecert_future	Not yet valid
udif_ecert_policy_mismatch	Policy hash mismatch
udif_ecert_revoked	Certificate revoked

udif_error_claims

enum udif_error_claims

Claim/claim-set error codes.

Enumerator
udif_ecl_none	No error
udif_ecl_type_unknown	Unknown claim type
udif_ecl_encoding_bad	Bad/unsupported encoding
udif_ecl_canonical_fail	Canonicalization failed
udif_ecl_anchor_bad	Anchor/merkle root mismatch
udif_ecl_value_invalid	Claim value invalid/out of range

udif_error_encoding

enum udif_error_encoding

Encoding/decoding errors for UDIF objects.

Enumerator
udif_eenc_none	No error
udif_eenc_overflow	Buffer overflow/size mismatch
udif_eenc_underflow	Buffer underflow/truncation
udif_eenc_format	Bad format/version
udif_eenc_unsupported	Unsupported encoding

udif_error_identity

enum udif_error_identity

Identity-specific error codes.

Enumerator
udif_eid_none	No error
udif_eid_namespace_bad	Invalid namespace code
udif_eid_issuer_bad	Invalid issuer domain code
udif_eid_subject_bad	Invalid subject identifier
udif_eid_mask_invalid	Capability/permission mask invalid
udif_eid_anchor_mismatch	Claim anchor does not match claims
udif_eid_sig_invalid	Signature verification failed
udif_eid_expired	Identity validity expired
udif_eid_future	Identity not yet valid

udif_error_policy

enum udif_error_policy

Policy evaluation/lookup errors.

Enumerator
udif_epol_none	No error
udif_epol_not_found	Policy not found
udif_epol_hash_mismatch	Policy hash mismatch
udif_epol_indeterminate	Evaluation indeterminate

udif_network_designations

enum udif_network_designations

The UDIF device designation.

Enumerator
udif_network_designation_none	No designation was selected
udif_network_designation_ubc	The device is an UBC
udif_network_designation_client	The device is a client
udif_network_designation_ugc	The device is the UGC
udif_network_designation_remote	The device is a remote aps
udif_network_designation_ura	The device is an URA security server
udif_network_designation_revoked	The device has been revoked
udif_network_designation_idg	The device is the IDG
udif_network_designation_uua	The device is the UUA
udif_network_designation_all	Every server and client device on the network

udif_network_errors

enum udif_network_errors

The UDIF network error values.

Enumerator
udif_network_error_none	No error was detected
udif_network_error_accept_fail	The socket accept function returned an error
udif_network_error_auth_failure	The cipher authentication has failed
udif_network_error_bad_keep_alive	The keep alive check failed
udif_network_error_channel_down	The communications channel has failed
udif_network_error_connection_failure	The device could not make a connection to the remote host
udif_network_error_decryption_failure	The decryption authentication has failed
udif_network_error_establish_failure	The transmission failed at the kex establish phase
udif_network_error_general_failure	The connection experienced an unexpected error
udif_network_error_hosts_exceeded	The server has run out of socket connections
udif_network_error_identity_unknown	The random generator experienced a failure
udif_network_error_invalid_input	The input is invalid
udif_network_error_invalid_request	The request is invalid
udif_network_error_keep_alive_expired	The keep alive has expired with no response
udif_network_error_keep_alive_timeout	The keepalive failure counter has exceeded maximum
udif_network_error_kex_auth_failure	The kex authentication has failed
udif_network_error_key_not_recognized	The key-id is not recognized
udif_network_error_key_has_expired	The certificate has expired
udif_network_error_listener_fail	The listener function failed to initialize
udif_network_error_memory_allocation	The server has run out of memory
udif_network_error_packet_unsequenced	The random generator experienced a failure
udif_network_error_random_failure	The random generator experienced a failure
udif_network_error_ratchet_fail	The ratchet operation has failed
udif_network_error_receive_failure	The receiver failed at the network layer
udif_network_error_transmit_failure	The transmitter failed at the network layer
udif_network_error_unknown_protocol	The protocol version is unknown
udif_network_error_unsequenced	The packet was received out of sequence
udif_network_error_verify_failure	The expected data could not be verified

udif_network_flags

enum udif_network_flags

The UDIF network flags.

Enumerator
udif_network_flag_none	No flag was selected
udif_network_flag_connection_terminate_request	The packet contains a connection termination message
udif_network_flag_error_condition	The connection experienced an error message
udif_network_flag_incremental_update_request	The packet contains an incremental update request message
udif_network_flag_incremental_update_response	The packet contains an incremental update response message
udif_network_flag_register_request	The packet contains a join request message
udif_network_flag_register_response	The packet contains a join response message
udif_network_flag_register_update_request	The packet contains a join update request message
udif_network_flag_register_update_response	The packet contains a join update response message
udif_network_flag_keep_alive_request	The packet contains a keep alive request
udif_network_flag_keep_alive_response	The packet contains a keep alive response
udif_network_flag_network_announce_broadcast	The packet contains a topology announce broadcast
udif_network_flag_network_converge_request	The packet contains a network converge request message
udif_network_flag_network_converge_response	The packet contains a network converge response message
udif_network_flag_network_converge_update	The packet contains a network converge update message
udif_network_flag_network_resign_request	The packet contains a network resignation request message
udif_network_flag_network_resign_response	The packet contains a network resignation response message
udif_network_flag_network_revocation_broadcast	The packet contains a certificate revocation broadcast
udif_network_flag_network_signature_request	The packet contains a certificate signing request
udif_network_flag_system_error_condition	The packet contains an error condition message
udif_network_flag_tunnel_connection_terminate	The packet contains a socket close message
udif_network_flag_tunnel_encrypted_message	The packet contains an encrypted message
udif_network_flag_tunnel_session_established	The exchange is in the established state
udif_network_flag_tunnel_transfer_request	Reserved - The host has received a transfer request
udif_network_flag_topology_query_request	The packet contains a topology query request message
udif_network_flag_topology_query_response	The packet contains a topology query response message
udif_network_flag_topology_status_request	The packet contains a topology status request message
udif_network_flag_topology_status_response	The packet contains a topology status response message
udif_network_flag_topology_status_available	The packet contains a topology status available message
udif_network_flag_topology_status_synchronized	The packet contains a topology status synchronized message
udif_network_flag_topology_status_unavailable	The packet contains a topology status unavailable message
udif_network_flag_network_remote_signing_request	The packet contains a remote signing request message
udif_network_flag_network_remote_signing_response	The packet contains a remote signing response message

udif_permission_class

enum udif_permission_class

Permission classes whose bits populate the permission mask.

Enumerator
udif_perm_read_claims	Read subject claims
udif_perm_write_claims	Write/update subject claims
udif_perm_read_certs	Read certificates/CRLs
udif_perm_write_certs	Create/update certificates/CRLs
udif_perm_manage_policy	Manage policy/validation parameters
udif_perm_manage_caps	Grant/revoke capabilities
udif_perm_delegate	Delegate permission subsets
udif_perm_export_identity	Export identities/tokens
udif_perm_import_identity	Import identities/tokens

udif_policy_decision

enum udif_policy_decision

Policy evaluation outcome.

Enumerator
udif_policy_permit	Permit
udif_policy_deny	Deny
udif_policy_indeterminate	Evaluation failed (error)
udif_policy_not_applicable	No matching rule

udif_protocol_errors

enum udif_protocol_errors

The UDIF protocol error values.

Enumerator
udif_protocol_error_none	No error was detected
udif_protocol_error_authentication_failure	The symmetric cipher had an authentication failure
udif_protocol_error_certificate_not_found	The node certificate could not be found
udif_protocol_error_channel_down	The communications channel has failed
udif_protocol_error_connection_failure	The device could not make a connection to the remote host
udif_protocol_error_connect_failure	The transmission failed at the KEX connection phase
udif_protocol_error_convergence_failure	The convergence call has returned an error
udif_protocol_error_convergence_synchronized	The database is already synchronized
udif_protocol_error_decapsulation_failure	The asymmetric cipher failed to decapsulate the shared secret
udif_protocol_error_decoding_failure	The node or certificate decoding failed
udif_protocol_error_decryption_failure	The decryption authentication has failed
udif_protocol_error_establish_failure	The transmission failed at the KEX establish phase
udif_protocol_error_exchange_failure	The transmission failed at the KEX exchange phase
udif_protocol_error_file_not_deleted	The application could not delete a local file
udif_protocol_error_file_not_found	The file could not be found
udif_protocol_error_file_not_written	The file could not be written to storage
udif_protocol_error_hash_invalid	The public-key hash is invalid
udif_protocol_error_hosts_exceeded	The server has run out of socket connections
udif_protocol_error_invalid_request	The packet flag was unexpected
udif_protocol_error_certificate_expired	The certificate has expired
udif_protocol_error_key_expired	The UDIF public key has expired
udif_protocol_error_key_unrecognized	The key identity is unrecognized
udif_protocol_error_listener_fail	The listener function failed to initialize
udif_protocol_error_memory_allocation	The server has run out of memory
udif_protocol_error_message_time_invalid	The network time is invalid or has substantial delay
udif_protocol_error_message_verification_failure	The expected data could not be verified
udif_protocol_error_no_usable_address	The server has no usable IP address, assign in configuration
udif_protocol_error_node_not_available	The node is not available for a session
udif_protocol_error_node_not_found	The node could not be found in the database
udif_protocol_error_node_was_registered	The node was previously registered in the database
udif_protocol_error_operation_cancelled	The operation was cancelled by the user
udif_protocol_error_packet_header_invalid	The packet header received was invalid
udif_protocol_error_packet_unsequenced	The packet was received out of sequence
udif_protocol_error_receive_failure	The receiver failed at the network layer
udif_protocol_error_root_signature_invalid	The root signature failed authentication
udif_protocol_error_serialization_failure	The certificate could not be serialized
udif_protocol_error_signature_failure	The signature scheme could not sign a message
udif_protocol_error_signing_failure	The transmission failed to sign the data
udif_protocol_error_socket_binding	The socket could not be bound to an IP address
udif_protocol_error_socket_creation	The socket could not be created
udif_protocol_error_transmit_failure	The transmitter failed at the network layer
udif_protocol_error_topology_no_aps	The topological database has no aps entries
udif_protocol_error_unknown_protocol	The protocol string was not recognized
udif_protocol_error_verification_failure	The transmission failed at the KEX verify phase

udif_status

enum udif_status

Generic status codes for UDIF operations.

Enumerator
udif_status_success	Operation succeeded
udif_status_invalid_argument	Bad input parameter(s)
udif_status_not_found	Object not found
udif_status_already_exists	Duplicate object
udif_status_out_of_memory	Allocation failed
udif_status_buffer_too_small	Output buffer too small
udif_status_not_supported	Feature not supported
udif_status_internal_error	Internal/unknown error

udif_time_validation

enum udif_time_validation

Results of time/validity-window checks.

Enumerator
udif_time_valid	Within window
udif_time_future	Not yet valid
udif_time_expired	Expired
udif_time_skew_exceeds	Exceeds allowed clock skew

udif_token_type

enum udif_token_type

Token families issued/validated within UDIF.

Enumerator
udif_token_none	Not a token
udif_token_capability	Capability token (authZ)
udif_token_attestation	Attestation token (statement + signature)
udif_token_session	Session/resumption ticket (envelope optional)

udif_verify_policy

enum udif_verify_policy

Verification strictness for identity/cert/claim checks.

Enumerator
udif_verify_strict	All checks required (fail-closed)
udif_verify_lenient	Allow missing non-critical fields (fail-open subset)