UDIF: Universal Digital Identification Framework 1.0.0.0a (A1)
A quantum-secure cryptographic identification
udif.h File Reference

UDIF Common Definitions and Protocol Configuration. More...

#include "udifcommon.h"
#include "sha3.h"
#include "socketbase.h"
#include "dilithium.h"
#include "kyber.h"
#include "rcs.h"

Go to the source code of this file.

Data Structures

struct  udif_capability_mask
 Fixed-size capability bitset (issuer-/role-scoped). Capability bits; bit positions map to udif_capability_id. More...
struct  udif_claim
 A typed claim with deterministic canonical encoding. More...
struct  udif_claim_anchor
 Anchor (e.g., Merkle root) binding a claim set to an identity. Anchor/merkle root over canonical claim set. More...
struct  udif_claim_set
 A collection of claims bound to an identity by an anchor. More...
struct  udif_encoded_blob
 Generic encoded object buffer (for decode/encode APIs). More...
struct  udif_identity_id
 Subject identity identifier (opaque, canonicalized). Subject identifier bytes. More...
struct  udif_issuer_domain_code
 Issuer domain/controller identifier. Issuer domain code (ASCII or compact code) More...
struct  udif_kem_keypair
 KEM key pair. More...
struct  udif_namespace_code
 Namespace partition identifier. Namespace code (ASCII or compact code) More...
struct  udif_permission_mask
 Fixed-size permission bitset (subject-/resource-scoped). Permission bits; bit positions map to udif_permission_class. More...
struct  udif_policy_hash
 Policy identifier (hash of canonical policy). SHA3/SHAKE hash of policy document. More...
struct  udif_signature_keypair
 The UDIF asymmetric signature scheme key container. More...
struct  udif_time_window
 A validity interval expressed in UTC seconds. More...
struct  udif_token_header
 Common header for UDIF tokens (capability/attestation/session). More...
struct  udif_token
 Serialized token container with optional envelope protection. More...
struct  udif_valid_time
 The certificate expiration time structure. More...
struct  udif_identity_record
 Core identity record bound to a namespace and issuer. More...

Macros

#define UDIF_CONFIG_DILITHIUM_KYBER
#define UDIF_USE_RCS_ENCRYPTION
 If the RCS encryption option is chosen SKDP uses the more modern RCS stream cipher with KMAC/QMAC authentication. The default symmetric cipher/authenticator is AES-256/GCM (GMAC Counter Mode) NIST standardized per SP800-38a.
#define udif_cipher_state   qsc_rcs_state
#define udif_cipher_dispose   qsc_rcs_dispose
#define udif_cipher_initialize   qsc_rcs_initialize
#define udif_cipher_keyparams   qsc_rcs_keyparams
#define udif_cipher_set_associated   qsc_rcs_set_associated
#define udif_cipher_transform   qsc_rcs_transform
#define udif_cipher_generate_keypair   qsc_kyber_generate_keypair
 UDIF function mapping macros.
#define udif_cipher_decapsulate   qsc_kyber_decapsulate
 Decapsulate a shared-secret with the asymmetric cipher.
#define udif_cipher_encapsulate   qsc_kyber_encapsulate
 Encapsulate a shared-secret with the asymmetric cipher.
#define udif_signature_generate_keypair   qsc_dilithium_generate_keypair
 Generate an asymmetric signature key-pair.
#define udif_signature_sign   qsc_dilithium_sign
 Sign a message with the asymmetric signature scheme.
#define udif_signature_verify   qsc_dilithium_verify
 Verify a message with the asymmetric signature scheme.
#define UDIF_ASYMMETRIC_CIPHERTEXT_SIZE   (QSC_KYBER_CIPHERTEXT_SIZE)
 The byte size of the asymmetric cipher-text array.
#define UDIF_ASYMMETRIC_PRIVATE_KEY_SIZE   (QSC_KYBER_PRIVATEKEY_SIZE)
 The byte size of the asymmetric cipher private-key array.
#define UDIF_ASYMMETRIC_PUBLIC_KEY_SIZE   (QSC_KYBER_PUBLICKEY_SIZE)
 The byte size of the asymmetric cipher public-key array.
#define UDIF_ASYMMETRIC_SIGNATURE_SIZE   (QSC_DILITHIUM_SIGNATURE_SIZE)
 The byte size of the asymmetric signature array.
#define UDIF_ASYMMETRIC_SIGNING_KEY_SIZE   (QSC_DILITHIUM_PRIVATEKEY_SIZE)
 The byte size of the asymmetric signature signing-key array.
#define UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE   (QSC_DILITHIUM_PUBLICKEY_SIZE)
 The byte size of the asymmetric signature verification-key array.
#define UDIF_CAPABILITY_BITMAP_SIZE   8U
 Capability bitmap size in bytes (64-bit)
#define UDIF_CAPABILITY_MASK_SIZE   8U
 The size of a capability mask in hex characters.
#define UDIF_CAPABILITY_TOKEN_MAX_SIZE   2048U
 The maximum size of a serialized capability token.
#define UDIF_CLAIM_ANCHOR_SIZE   32U
 The size of a claim anchor or merkle root in bytes.
#define UDIF_CRYPTO_HASH_SIZE   32U
 The size of the certificate hash in bytes.
#define UDIF_CRYPTO_KEY_SIZE   32U
 The byte length of the symmetric cipher key.
#define UDIF_CRYPTO_MAC_SIZE   32U
 The MAC function output byte size.
#define UDIF_CRYPTO_NONCE_SIZE   32U
 The byte length of the symmetric cipher nonce.
#define UDIF_IDENTITY_ID_SIZE   32U
 The size of a subject identity identifier in bytes.
#define UDIF_ISSUER_DOMAIN_CODE_SIZE   8U
 The size of an issuer domain code (unique identifier).
#define UDIF_NAMESPACE_CODE_SIZE   8U
 The size of a namespace code (short string or numeric).
#define UDIF_PERMISSION_MASK_SIZE   8U
 The size of a permission mask in bytes.
#define UDIF_POLICY_HASH_SIZE   32U
 The size of a policy identifier hash in bytes.
#define UDIF_POLICY_VERB_SIZE   4U
 The size of a policy verb in bytes.
#define UDIF_PROTOCOL_SET_SIZE   41U
 The size of the protocol configuration string.
#define UDIF_ROLE_SIZE   1U
 The UDIF role parameter size.
#define UDIF_SERIAL_NUMBER_SIZE   16U
 The serial number field length.
#define UDIF_SIGNED_HASH_SIZE   (UDIF_ASYMMETRIC_SIGNATURE_SIZE + UDIF_CRYPTO_HASH_SIZE)
 The combined size of a signature and hash.
#define UDIF_SUITEID_SIZE   1U
 The UDIF suite id parameter size.
#define UDIF_TIME_WINDOW_SECONDS   60U
 The query time window seconds.
#define UDIF_VALID_TIME_SIZE   8U
#define UDIF_VALID_TIME_STRUCTURE_SIZE   16U
 The certificate expiration date length.

Typedefs

typedef UDIF_EXPORT_API enum udif_claim_type udif_claim_type
typedef UDIF_EXPORT_API enum udif_configuration_sets udif_configuration_sets
typedef UDIF_EXPORT_API enum udif_errors udif_errors
typedef UDIF_EXPORT_API enum udif_error_capability udif_error_capability
typedef UDIF_EXPORT_API enum udif_error_claims udif_error_claims
typedef UDIF_EXPORT_API enum udif_error_encoding udif_error_encoding
typedef UDIF_EXPORT_API enum udif_error_identity udif_error_identity
typedef UDIF_EXPORT_API enum udif_error_policy udif_error_policy
typedef UDIF_EXPORT_API enum udif_logging_event_codes udif_logging_event_codes
typedef UDIF_EXPORT_API enum udif_permission_class udif_permission_class
typedef UDIF_EXPORT_API enum udif_policy_decision udif_policy_decision
typedef UDIF_EXPORT_API enum udif_roles udif_roles
typedef UDIF_EXPORT_API enum udif_time_validation udif_time_validation
typedef UDIF_EXPORT_API enum udif_token_type udif_token_type
typedef UDIF_EXPORT_API enum udif_status udif_status
typedef UDIF_EXPORT_API enum udif_verify_policy udif_verify_policy
typedef UDIF_EXPORT_API enum udif_version_sets udif_version_sets
typedef UDIF_EXPORT_API struct udif_capability_mask udif_capability_mask
typedef UDIF_EXPORT_API struct udif_claim udif_claim
typedef UDIF_EXPORT_API struct udif_claim_anchor udif_claim_anchor
typedef UDIF_EXPORT_API struct udif_claim_set udif_claim_set
typedef UDIF_EXPORT_API struct udif_encoded_blob udif_encoded_blob
typedef UDIF_EXPORT_API struct udif_identity_id udif_identity_id
typedef UDIF_EXPORT_API struct udif_issuer_domain_code udif_issuer_domain_code
typedef UDIF_EXPORT_API struct udif_kem_keypair udif_kem_keypair
typedef UDIF_EXPORT_API struct udif_namespace_code udif_namespace_code
typedef UDIF_EXPORT_API struct udif_permission_mask udif_permission_mask
typedef UDIF_EXPORT_API struct udif_policy_hash udif_policy_hash
typedef UDIF_EXPORT_API struct udif_signature_keypair udif_signature_keypair
typedef UDIF_EXPORT_API struct udif_time_window udif_time_window
typedef UDIF_EXPORT_API struct udif_token_header udif_token_header
typedef UDIF_EXPORT_API struct udif_token udif_token
typedef UDIF_EXPORT_API struct udif_valid_time udif_valid_time
typedef UDIF_EXPORT_API struct udif_identity_record udif_identity_record

Enumerations

enum  udif_claim_type {
  udif_claim_unknown = 0U , udif_claim_commodity_id = 1U , udif_claim_biometric_hash = 2U , udif_claim_institution_id = 3U ,
  udif_claim_public_key = 4U , udif_claim_age_over = 5U , udif_claim_citizenship = 6U , udif_claim_residency = 7U ,
  udif_claim_membership_id = 8U , udif_claim_contact_email = 9U , udif_claim_contact_phone = 10U , udif_claim_address = 11U ,
  udif_claim_custom = 12U
}
 Claim type identifiers (deterministic canonicalization required). More...
enum  udif_configuration_sets {
  udif_configuration_set_none = 0x00U , udif_configuration_set_dilithium1_kyber1_rcs256_shake256 = 0x01U , udif_configuration_set_dilithium3_kyber3_rcs256_shake256 = 0x02U , udif_configuration_set_dilithium5_kyber5_rcs256_shake256 = 0x03U ,
  udif_configuration_set_dilithium5_kyber6_rcs512_shake256 = 0x04U , udif_configuration_set_sphincsplus1_mceliece1_rcs256_shake256 = 0x05U , udif_configuration_set_sphincsplus3_mceliece3_rcs256_shake256 = 0x06U , udif_configuration_set_sphincsplus5_mceliece5_rcs256_shake256 = 0x07U ,
  udif_configuration_set_sphincsplus5_mceliece6_rcs256_shake256 = 0x08U , udif_configuration_set_sphincsplus5_mceliece7_rcs256_shake256 = 0x09U
}
 The UDIF algorithm configuration sets. More...
enum  udif_errors {
  udif_error_none = 0U , udif_error_invalid_input = 1U , udif_error_invalid_state = 2U , udif_error_auth_failure = 3U ,
  udif_error_certificate_expired = 4U , udif_error_certificate_revoked = 5U , udif_error_capability_revoked = 6U , udif_error_invalid_sequence = 7U ,
  udif_error_time_window = 8U , udif_error_epoch_mismatch = 9U , udif_error_suite_mismatch = 10U , udif_error_decode_failure = 11U ,
  udif_error_encode_failure = 12U , udif_error_signature_invalid = 13U , udif_error_mac_invalid = 14U , udif_error_not_authorized = 15U ,
  udif_error_object_not_found = 16U , udif_error_registry_full = 17U , udif_error_logging_failure = 18U , udif_error_anchor_invalid = 19U ,
  udif_error_treaty_invalid = 20U , udif_error_invalid_request = 21U , udif_error_internal = 22U , udif_error_file_create_failed = 23U ,
  udif_error_file_not_found = 24U , udif_error_invalid_parameter = 25U
}
 UDIF error codes. More...
enum  udif_error_capability { udif_ecap_none = 0U , udif_ecap_denied = 1U , udif_ecap_mask_empty = 2U , udif_ecap_mask_conflict = 3U }
 Capability/permission evaluation errors. More...
enum  udif_error_claims {
  udif_ecl_none = 0U , udif_ecl_type_unknown = 1U , udif_ecl_encoding_bad = 2U , udif_ecl_canonical_fail = 3U ,
  udif_ecl_anchor_bad = 4U , udif_ecl_value_invalid = 5U
}
 Claim/claim-set error codes. More...
enum  udif_error_encoding {
  udif_eenc_none = 0U , udif_eenc_overflow = 1U , udif_eenc_underflow = 2U , udif_eenc_format = 3U ,
  udif_eenc_unsupported = 4U
}
 Encoding/decoding errors for UDIF objects. More...
enum  udif_error_identity {
  udif_eid_none = 0U , udif_eid_namespace_bad = 1U , udif_eid_issuer_bad = 2U , udif_eid_subject_bad = 3U ,
  udif_eid_mask_invalid = 4U , udif_eid_anchor_mismatch = 5U , udif_eid_sig_invalid = 6U , udif_eid_expired = 7U ,
  udif_eid_future = 8U
}
 Identity-specific error codes. More...
enum  udif_error_policy { udif_epol_none = 0U , udif_epol_not_found = 1U , udif_epol_hash_mismatch = 2U , udif_epol_indeterminate = 3U }
 Policy evaluation/lookup errors. More...
enum  udif_logging_event_codes {
  udif_event_enroll = 1U , udif_event_suspend = 2U , udif_event_resume = 3U , udif_event_revoke = 4U ,
  udif_event_capability_grant = 5U , udif_event_capability_revoke = 6U , udif_event_registry_commit = 7U , udif_event_branch_create = 8U ,
  udif_event_branch_suspend = 9U , udif_event_branch_revoke = 10U , udif_event_object_create = 11U , udif_event_object_transfer = 12U ,
  udif_event_object_update = 13U , udif_event_object_destroy = 14U
}
 Membership and transaction log event codes. More...
enum  udif_permission_class {
  udif_perm_read_claims = 0U , udif_perm_write_claims = 1U , udif_perm_read_certs = 2U , udif_perm_write_certs = 3U ,
  udif_perm_manage_policy = 4U , udif_perm_manage_caps = 5U , udif_perm_delegate = 6U , udif_perm_export_identity = 7U ,
  udif_perm_import_identity = 8U
}
 Permission classes whose bits populate the permission mask. More...
enum  udif_policy_decision { udif_policy_permit = 0U , udif_policy_deny = 1U , udif_policy_indeterminate = 2U , udif_policy_not_applicable = 3U }
 Policy evaluation outcome. More...
enum  udif_roles {
  udif_role_none = 0U , udif_role_root = 1U , udif_role_udc = 2U , udif_role_uip = 3U ,
  udif_role_uis = 4U , udif_role_client = 5U , udif_role_audit = 6U , udif_role_revoked = 7U ,
  udif_role_any = 8U
}
 UDIF entity roles. More...
enum  udif_time_validation { udif_time_valid = 0U , udif_time_future = 1U , udif_time_expired = 2U , udif_time_skew_exceeds = 3U }
 Results of time/validity-window checks. More...
enum  udif_token_type { udif_token_none = 0U , udif_token_capability = 1U , udif_token_attestation = 2U , udif_token_session = 3U }
 Token families issued/validated within UDIF. More...
enum  udif_status {
  udif_status_success = 0U , udif_status_invalid_argument = 1U , udif_status_not_found = 2U , udif_status_already_exists = 3U ,
  udif_status_out_of_memory = 4U , udif_status_buffer_too_small = 5U , udif_status_not_supported = 6U , udif_status_internal_error = 7U
}
 Generic status codes for UDIF operations. More...
enum  udif_verify_policy { udif_verify_strict = 0U , udif_verify_lenient = 1U }
 Verification strictness for identity/cert/claim checks. More...
enum  udif_version_sets { udif_version_set_none = 0x00U , udif_version_set_one_zero = 0x01U }
 The UDIF version sets. More...

Functions

UDIF_EXPORT_API bool udif_suite_is_valid (uint8_t suiteid)
 Check if the suite id valid.
UDIF_EXPORT_API const char * udif_error_to_string (udif_errors error)
 Convert an error to a string.

Detailed Description

UDIF Common Definitions and Protocol Configuration.

This header defines the common constants, macros, enumerations, structures, and function prototypes for the Anonymous Encrypted Relay Network (UDIF). It provides configuration for the cryptographic parameter sets, certificate handling, network protocol operations, and socket communication required to implement the UDIF protocol.

The UDIF protocol leverages a combination of asymmetric cipher and signature schemes from the QSC library. The parameter sets can be configured in the QSC library's common.h file. For maximum security, the McEliece/SPHINCS+ parameter set is recommended; for a balance of performance and security, the Dilithium/Kyber parameter set is advised.

Key components defined in this header include:

  • Function Mapping Macros: Aliases that map UDIF high-level cryptographic operations (key generation, encapsulation/decapsulation, signing, and verification) to the corresponding functions in the QSC library, based on the selected configuration.
  • Modifiable Constants: Preprocessor definitions that enable or disable protocol features (e.g., client-to-client encrypted tunneling, master fragment key cycling, IPv6 networking, and extended session security).
  • Parameter Macros: Definitions for key sizes, certificate field sizes, network settings, and timing values that ensure consistency across the UDIF protocol implementation.
  • Enumerations: Enumerated types for UDIF configuration sets, network designations, network and protocol error codes, and version sets.
  • Structures: Data structures representing various certificates (ADC, APS, ROOT), connection and keep alive states, network packets, and cryptographic key pairs. These structures are central to protocol operations such as certificate management and secure message exchange.
  • Static Constants: Predefined strings for certificate header/footer information and network designation labels.
  • Public API Functions: Prototypes for functions handling connection management, packet encryption/decryption, packet serialization/deserialization, and error string conversion.
Note
When using the McEliece/SPHINCS+ configuration in Visual Studio, it is recommended to increase the maximum stack size (for example, to 200KB) to accommodate the larger key sizes.
Test
Although this header does not directly implement test routines, it underpins multiple test modules that validate:
  • The correct mapping of UDIF high-level function calls to the underlying QSC library routines.
  • The consistency and accuracy of defined constants (e.g., key sizes, certificate sizes, network parameters).
  • The proper serialization/deserialization of packet headers and full packets (via udif_packet_header_serialize and udif_stream_to_packet).
  • The correct conversion of error codes to descriptive strings (using udif_network_error_to_string and udif_protocol_error_to_string).

These tests collectively ensure the robustness, consistency, and security of the UDIF protocol configuration.

Macro Definition Documentation

◆ udif_cipher_generate_keypair

#define udif_cipher_generate_keypair   qsc_kyber_generate_keypair

UDIF function mapping macros.

These macros alias the high-level UDIF cryptographic operations to the corresponding QSC library functions. The mapping depends on the selected parameter set. For instance, if UDIF_CONFIG_SPHINCS_MCELIECE is defined, then the UDIF cipher and signature functions map to the McEliece/SPHINCS+ routines. Alternatively, if UDIF_CONFIG_DILITHIUM_KYBER is defined, the corresponding Dilithium/Kyber routines are used.

Generate an asymmetric cipher key-pair

Enumeration Type Documentation

◆ udif_claim_type

enum udif_claim_type

Claim type identifiers (deterministic canonicalization required).

Enumerator
udif_claim_unknown 

Unspecified claim type

udif_claim_commodity_id 

Commodity/asset identifier

udif_claim_biometric_hash 

Biometric template hash

udif_claim_institution_id 

Institutional ID / account

udif_claim_public_key 

Subjects public key / fingerprint

udif_claim_age_over 

Age threshold proof (boolean)

udif_claim_citizenship 

Country citizenship assertion

udif_claim_residency 

Residency assertion

udif_claim_membership_id 

Membership/affiliation identifier

udif_claim_contact_email 

Email address (validated form)

udif_claim_contact_phone 

Phone (E.164 normalized)

udif_claim_address 

Postal/civic address (normalized)

udif_claim_custom 

Implementation-specific/custom

◆ udif_configuration_sets

enum udif_configuration_sets

The UDIF algorithm configuration sets.

Enumerator
udif_configuration_set_none 

No algorithm identifier is set

udif_configuration_set_dilithium1_kyber1_rcs256_shake256 

The Dilithium-S1/Kyber-S1/RCS-256/SHAKE-256 algorithm set

udif_configuration_set_dilithium3_kyber3_rcs256_shake256 

The Dilithium-S3/Kyber-S3/RCS-256/SHAKE-256 algorithm set

udif_configuration_set_dilithium5_kyber5_rcs256_shake256 

The Dilithium-S5/Kyber-S5/RCS-256/SHAKE-256 algorithm set

udif_configuration_set_dilithium5_kyber6_rcs512_shake256 

The Dilithium-S5/Kyber-S6/RCS-256/SHAKE-256 algorithm set

udif_configuration_set_sphincsplus1_mceliece1_rcs256_shake256 

The SPHINCS+-S1/McEliece-S1/RCS-256/SHAKE-256 algorithm set

udif_configuration_set_sphincsplus3_mceliece3_rcs256_shake256 

The SPHINCS+-S3/McEliece-S3/RCS-256/SHAKE-256 algorithm set

udif_configuration_set_sphincsplus5_mceliece5_rcs256_shake256 

The SPHINCS+-S5/McEliece-S5/RCS-256/SHAKE-256 algorithm set

udif_configuration_set_sphincsplus5_mceliece6_rcs256_shake256 

The SPHINCS+-S6/McEliece-S6/RCS-256/SHAKE-256 algorithm set

udif_configuration_set_sphincsplus5_mceliece7_rcs256_shake256 

The SPHINCS+-S7/McEliece-S7/RCS-256/SHAKE-256 algorithm set

◆ udif_error_capability

enum udif_error_capability

Capability/permission evaluation errors.

Enumerator
udif_ecap_none 

No error

udif_ecap_denied 

Capability denied by policy

udif_ecap_mask_empty 

Empty/zero capability mask

udif_ecap_mask_conflict 

Conflicting capability bits

◆ udif_error_claims

enum udif_error_claims

Claim/claim-set error codes.

Enumerator
udif_ecl_none 

No error

udif_ecl_type_unknown 

Unknown claim type

udif_ecl_encoding_bad 

Bad/unsupported encoding

udif_ecl_canonical_fail 

Canonicalization failed

udif_ecl_anchor_bad 

Anchor/merkle root mismatch

udif_ecl_value_invalid 

Claim value invalid/out of range

◆ udif_error_encoding

enum udif_error_encoding

Encoding/decoding errors for UDIF objects.

Enumerator
udif_eenc_none 

No error

udif_eenc_overflow 

Buffer overflow/size mismatch

udif_eenc_underflow 

Buffer underflow/truncation

udif_eenc_format 

Bad format/version

udif_eenc_unsupported 

Unsupported encoding

◆ udif_error_identity

enum udif_error_identity

Identity-specific error codes.

Enumerator
udif_eid_none 

No error

udif_eid_namespace_bad 

Invalid namespace code

udif_eid_issuer_bad 

Invalid issuer domain code

udif_eid_subject_bad 

Invalid subject identifier

udif_eid_mask_invalid 

Capability/permission mask invalid

udif_eid_anchor_mismatch 

Claim anchor does not match claims

udif_eid_sig_invalid 

Signature verification failed

udif_eid_expired 

Identity validity expired

udif_eid_future 

Identity not yet valid

◆ udif_error_policy

enum udif_error_policy

Policy evaluation/lookup errors.

Enumerator
udif_epol_none 

No error

udif_epol_not_found 

Policy not found

udif_epol_hash_mismatch 

Policy hash mismatch

udif_epol_indeterminate 

Evaluation indeterminate

◆ udif_errors

enum udif_errors

UDIF error codes.

Enumerator
udif_error_none 

No error

udif_error_invalid_input 

Invalid input parameter

udif_error_invalid_state 

Invalid state

udif_error_auth_failure 

Authentication failed

udif_error_certificate_expired 

Certificate expired

udif_error_certificate_revoked 

Certificate revoked

udif_error_capability_revoked 

Capability revoked

udif_error_invalid_sequence 

Invalid sequence number

udif_error_time_window 

Time window exceeded

udif_error_epoch_mismatch 

Epoch mismatch

udif_error_suite_mismatch 

Suite mismatch

udif_error_decode_failure 

Decode failure

udif_error_encode_failure 

Encode failure

udif_error_signature_invalid 

Invalid signature

udif_error_mac_invalid 

Invalid MAC

udif_error_not_authorized 

Not authorized

udif_error_object_not_found 

Object not found

udif_error_registry_full 

Registry full

udif_error_logging_failure 

Log operation failed

udif_error_anchor_invalid 

Invalid anchor record

udif_error_treaty_invalid 

Invalid treaty

udif_error_invalid_request 

Invalid request

udif_error_internal 

Internal error

udif_error_file_create_failed 

File creation failed

udif_error_file_not_found 

File not found

udif_error_invalid_parameter 

Invalid parameter

◆ udif_logging_event_codes

enum udif_logging_event_codes

Membership and transaction log event codes.

Enumerator
udif_event_enroll 

Entity enrollment

udif_event_suspend 

Entity suspension

udif_event_resume 

Entity resumption

udif_event_revoke 

Entity revocation

udif_event_capability_grant 

Capability grant

udif_event_capability_revoke 

Capability revocation

udif_event_registry_commit 

Registry commit

udif_event_branch_create 

Branch creation

udif_event_branch_suspend 

Branch suspension

udif_event_branch_revoke 

Branch revocation

udif_event_object_create 

Object creation

udif_event_object_transfer 

Object transfer

udif_event_object_update 

Object update

udif_event_object_destroy 

Object destruction

◆ udif_permission_class

enum udif_permission_class

Permission classes whose bits populate the permission mask.

Enumerator
udif_perm_read_claims 

Read subject claims

udif_perm_write_claims 

Write/update subject claims

udif_perm_read_certs 

Read certificates/CRLs

udif_perm_write_certs 

Create/update certificates/CRLs

udif_perm_manage_policy 

Manage policy/validation parameters

udif_perm_manage_caps 

Grant/revoke capabilities

udif_perm_delegate 

Delegate permission subsets

udif_perm_export_identity 

Export identities/tokens

udif_perm_import_identity 

Import identities/tokens

◆ udif_policy_decision

enum udif_policy_decision

Policy evaluation outcome.

Enumerator
udif_policy_permit 

Permit

udif_policy_deny 

Deny

udif_policy_indeterminate 

Evaluation failed (error)

udif_policy_not_applicable 

No matching rule

◆ udif_roles

enum udif_roles

UDIF entity roles.

Enumerator
udif_role_none 

No role specified

udif_role_root 

Root authority

udif_role_udc 

Domain controller

udif_role_uip 

Identity provider role

udif_role_uis 

Identity server role

udif_role_client 

Client role

udif_role_audit 

Auditor role

udif_role_revoked 

Authority revoked for this entity

udif_role_any 

Entity has any priveledge

◆ udif_status

enum udif_status

Generic status codes for UDIF operations.

Enumerator
udif_status_success 

Operation succeeded

udif_status_invalid_argument 

Bad input parameter(s)

udif_status_not_found 

Object not found

udif_status_already_exists 

Duplicate object

udif_status_out_of_memory 

Allocation failed

udif_status_buffer_too_small 

Output buffer too small

udif_status_not_supported 

Feature not supported

udif_status_internal_error 

Internal/unknown error

◆ udif_time_validation

enum udif_time_validation

Results of time/validity-window checks.

Enumerator
udif_time_valid 

Within window

udif_time_future 

Not yet valid

udif_time_expired 

Expired

udif_time_skew_exceeds 

Exceeds allowed clock skew

◆ udif_token_type

enum udif_token_type

Token families issued/validated within UDIF.

Enumerator
udif_token_none 

Not a token

udif_token_capability 

Capability token (authZ)

udif_token_attestation 

Attestation token (statement + signature)

udif_token_session 

Session/resumption ticket (envelope optional)

◆ udif_verify_policy

enum udif_verify_policy

Verification strictness for identity/cert/claim checks.

Enumerator
udif_verify_strict 

All checks required (fail-closed)

udif_verify_lenient 

Allow missing non-critical fields (fail-open subset)

◆ udif_version_sets

enum udif_version_sets

The UDIF version sets.

Enumerator
udif_version_set_none 

No version identifier is set

udif_version_set_one_zero 

The 1.0 version identifier

Function Documentation

◆ udif_error_to_string()

UDIF_EXPORT_API const char * udif_error_to_string ( udif_errors error)

Convert an error to a string.

Parameters
errorThe error enumerator.
Returns
Returns the errors string representation.

◆ udif_suite_is_valid()

UDIF_EXPORT_API bool udif_suite_is_valid ( uint8_t suiteid)

Check if the suite id valid.

Parameters
suiteidThe suite id.
Returns
Returns true if the suite id is valid.