udif.h

Go to the documentation of this file.

/* 2025 Quantum Resistant Cryptographic Solutions Corporation
 * All Rights Reserved.
 *
 * NOTICE: This software and all accompanying materials are the exclusive 
 * property of Quantum Resistant Cryptographic Solutions Corporation (QRCS).
 * The intellectual and technical concepts contained within this implementation 
 * are proprietary to QRCS and its authorized licensors and are protected under 
 * applicable U.S. and international copyright, patent, and trade secret laws.
 *
 * CRYPTOGRAPHIC STANDARDS:
 * - This software includes implementations of cryptographic algorithms such as 
 *   SHA3, AES, and others. These algorithms are public domain or standardized 
 *   by organizations such as NIST and are NOT the property of QRCS.
 * - However, all source code, optimizations, and implementations in this library 
 *   are original works of QRCS and are protected under this license.
 *
 * RESTRICTIONS:
 * - Redistribution, modification, or unauthorized distribution of this software, 
 *   in whole or in part, is strictly prohibited.
 * - This software is provided for non-commercial, educational, and research 
 *   purposes only. Commercial use in any form is expressly forbidden.
 * - Licensing and authorized distribution are solely at the discretion of QRCS.
 * - Any use of this software implies acceptance of these restrictions.
 *
 * DISCLAIMER:
 * This software is provided "as is," without warranty of any kind, express or 
 * implied, including but not limited to warranties of merchantability or fitness 
 * for a particular purpose. QRCS disclaims all liability for any direct, indirect, 
 * incidental, or consequential damages resulting from the use or misuse of this software.
 *
 * FULL LICENSE:
 * This software is subject to the **Quantum Resistant Cryptographic Solutions 
 * Proprietary License (QRCS-PL)**. The complete license terms are included 
 * in the LICENSE.txt file distributed with this software.
 *
 * Written by: John G. Underhill
 * Contact: contact@qrcscorp.ca
 */

 
#ifndef UDIF_H
#define UDIF_H
 
#include "udifcommon.h"
 
#include "udifcommon.h"
#include "sha3.h"
#include "socketbase.h"
 
#if defined(UDIF_CONFIG_DILITHIUM_KYBER)
#   include "dilithium.h"
#   include "kyber.h"
#elif defined(UDIF_CONFIG_SPHINCS_MCELIECE)
#   include "mceliece.h"
#   include "sphincsplus.h"
#else
#   error Invalid parameter set!
#endif

 
 /* Function Mapping Macros */

#define UDIF_USE_RCS_ENCRYPTION
 
#if defined(UDIF_USE_RCS_ENCRYPTION)
#   include "rcs.h"
#   define udif_cipher_state qsc_rcs_state
#   define udif_cipher_dispose qsc_rcs_dispose
#   define udif_cipher_initialize qsc_rcs_initialize
#   define udif_cipher_keyparams qsc_rcs_keyparams
#   define udif_cipher_set_associated qsc_rcs_set_associated
#   define udif_cipher_transform qsc_rcs_transform
#else
#   include "aes.h"
#   define udif_cipher_state qsc_aes_gcm256_state
#   define udif_cipher_dispose qsc_aes_gcm256_dispose
#   define udif_cipher_initialize qsc_aes_gcm256_initialize
#   define udif_cipher_keyparams qsc_aes_keyparams
#   define udif_cipher_set_associated qsc_aes_gcm256_set_associated
#   define udif_cipher_transform qsc_aes_gcm256_transform
#endif

#if defined(UDIF_CONFIG_SPHINCS_MCELIECE)
#   define udif_cipher_generate_keypair qsc_mceliece_generate_keypair
#   define udif_cipher_decapsulate qsc_mceliece_decapsulate
#   define udif_cipher_encapsulate qsc_mceliece_encapsulate
#   define udif_signature_generate_keypair qsc_sphincsplus_generate_keypair
#   define udif_signature_sign qsc_sphincsplus_sign
#   define udif_signature_verify qsc_sphincsplus_verify
#elif defined(UDIF_CONFIG_DILITHIUM_KYBER)
#   define udif_cipher_generate_keypair qsc_kyber_generate_keypair
#   define udif_cipher_decapsulate qsc_kyber_decapsulate
#   define udif_cipher_encapsulate qsc_kyber_encapsulate
#   define udif_signature_generate_keypair qsc_dilithium_generate_keypair
#   define udif_signature_sign qsc_dilithium_sign
#   define udif_signature_verify qsc_dilithium_verify
#else
#   error Invalid parameter set!
#endif
 
  /* ### Modifiable Constants: These constants can be enabled to turn on protocol features ### */

  // * \def UDIF_NETWORK_CLIENT_CONNECT
  // * \brief Enable client to client encrypted tunnel.
  // */
  //#define UDIF_NETWORK_CLIENT_CONNECT

  // * \def UDIF_NETWORK_MFK_HASH_CYCLED
  // * \brief Enable mfk key cycling (default).
  // */
  //#define UDIF_NETWORK_MFK_HASH_CYCLED

   //#define UDIF_NETWORK_PROTOCOL_IPV6

   // * \def UDIF_EXTENDED_SESSION_SECURITY
   // * \brief Enable 512-bit security on session tunnels.
   // */
   //#define UDIF_EXTENDED_SESSION_SECURITY
 
   /* ### End of Modifiable Constants ### */
 
 
#if defined(UDIF_CONFIG_DILITHIUM_KYBER)

#   define UDIF_ASYMMETRIC_CIPHERTEXT_SIZE (QSC_KYBER_CIPHERTEXT_SIZE)

#   define UDIF_ASYMMETRIC_PRIVATE_KEY_SIZE (QSC_KYBER_PRIVATEKEY_SIZE)

#   define UDIF_ASYMMETRIC_PUBLIC_KEY_SIZE (QSC_KYBER_PUBLICKEY_SIZE)

#   define UDIF_ASYMMETRIC_SIGNATURE_SIZE (QSC_DILITHIUM_SIGNATURE_SIZE)

#   define UDIF_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_DILITHIUM_PRIVATEKEY_SIZE)

#   define UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE (QSC_DILITHIUM_PUBLICKEY_SIZE)
 
#   if defined(QSC_DILITHIUM_S1P44) && defined(QSC_KYBER_S1K2P512)
#       define UDIF_CHILD_CERTIFICATE_STRING_SIZE 5630U
#       define UDIF_PARAMATERS_DILITHIUM_KYBER_D1K1
#       define UDIF_ROOT_CERTIFICATE_STRING_SIZE 2188U
#       define UDIF_SIGNATURE_ENCODING_SIZE 3312U
#       define UDIF_VERIFICATION_KEY_ENCODING_SIZE 1752U
#   elif defined(QSC_DILITHIUM_S3P65) && defined(QSC_KYBER_S3K3P768)
#       define UDIF_CHILD_CERTIFICATE_STRING_SIZE 7666U
#       define UDIF_PARAMATERS_DILITHIUM_KYBER_D3K3
#       define UDIF_ROOT_CERTIFICATE_STRING_SIZE 3053U
#       define UDIF_SIGNATURE_ENCODING_SIZE 4476U
#   define UDIF_VERIFICATION_KEY_ENCODING_SIZE 2604
#   elif defined(QSC_DILITHIUM_S5P87) && defined(QSC_KYBER_S5K4P1024)
#       define UDIF_CHILD_CERTIFICATE_STRING_SIZE 10327U
#       define UDIF_PARAMATERS_DILITHIUM_KYBER_D5K5
#       define UDIF_ROOT_CERTIFICATE_STRING_SIZE 3919U
#       define UDIF_SIGNATURE_ENCODING_SIZE 6212U
#       define UDIF_VERIFICATION_KEY_ENCODING_SIZE 3456U
#   elif defined(QSC_DILITHIUM_S5P87) && defined(QSC_KYBER_S6K5P1280)
#       define UDIF_CHILD_CERTIFICATE_STRING_SIZE 10327U
#       define UDIF_PARAMATERS_DILITHIUM_KYBER_D5K6
#       define UDIF_ROOT_CERTIFICATE_STRING_SIZE 3919U
#       define UDIF_SIGNATURE_ENCODING_SIZE 6172U
#       define UDIF_VERIFICATION_KEY_ENCODING_SIZE 3456U
#   else
        /* The library signature scheme and asymmetric cipher parameter sets
        must be synchronized to a common security level; s1, s3, s5, s5+ */
#       error the library parameter sets are mismatched!
#   endif
 
#   elif defined(UDIF_CONFIG_SPHINCS_MCELIECE)
#       define UDIF_ASYMMETRIC_CIPHERTEXT_SIZE (QSC_MCELIECE_CIPHERTEXT_SIZE)
#       define UDIF_ASYMMETRIC_PRIVATE_KEY_SIZE (QSC_MCELIECE_PRIVATEKEY_SIZE)
#       define UDIF_ASYMMETRIC_PUBLIC_KEY_SIZE (QSC_MCELIECE_PUBLICKEY_SIZE)
#       define UDIF_ASYMMETRIC_SIGNATURE_SIZE (QSC_SPHINCSPLUS_SIGNATURE_SIZE)
#       define UDIF_ASYMMETRIC_SIGNING_KEY_SIZE (QSC_SPHINCSPLUS_PRIVATEKEY_SIZE)
#       define UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE (QSC_SPHINCSPLUS_PUBLICKEY_SIZE)
 
#   if defined(QSC_MCELIECE_S1N3488T64)
#       if defined(QSC_SPHINCSPLUS_S1S128SHAKERF)
#           define UDIF_CHILD_CERTIFICATE_STRING_SIZE 23753U
#           define UDIF_PARAMATERS_SPHINCSF_MCELIECE_SF1M1
#           define UDIF_ROOT_CERTIFICATE_STRING_SIZE 470U
#           define UDIF_SIGNATURE_ENCODING_SIZE 22828U
#           define UDIF_VERIFICATION_KEY_ENCODING_SIZE 44U
#       elif defined(QSC_SPHINCSPLUS_S1S128SHAKERS)
#           define UDIF_CHILD_CERTIFICATE_STRING_SIZE 11253U
#           define UDIF_PARAMATERS_SPHINCSS_MCELIECE_SS1M1
#           define UDIF_ROOT_CERTIFICATE_STRING_SIZE 470U
#           define UDIF_SIGNATURE_ENCODING_SIZE 10520U
#           define UDIF_VERIFICATION_KEY_ENCODING_SIZE 44U
#       endif
#   elif defined(QSC_MCELIECE_S3N4608T96)
#       if defined(QSC_SPHINCSPLUS_S3S192SHAKERF)
#           define UDIF_CHILD_CERTIFICATE_STRING_SIZE 48928U
#           define UDIF_PARAMATERS_SPHINCSF_MCELIECE_SF3M3
#           define UDIF_ROOT_CERTIFICATE_STRING_SIZE 491U
#           define UDIF_SIGNATURE_ENCODING_SIZE 47596U
#           define UDIF_VERIFICATION_KEY_ENCODING_SIZE 64U
#       elif defined(QSC_SPHINCSPLUS_S3S192SHAKERS)
#           define UDIF_CHILD_CERTIFICATE_STRING_SIZE 22606U
#           define UDIF_PARAMATERS_SPHINCSS_MCELIECE_SS3M3
#           define UDIF_ROOT_CERTIFICATE_STRING_SIZE 491U
#           define UDIF_SIGNATURE_ENCODING_SIZE 21676U
#           define UDIF_VERIFICATION_KEY_ENCODING_SIZE 64U
#       endif
#   elif defined(QSC_MCELIECE_S5N6688T128)
#       if defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
#           define UDIF_CHILD_CERTIFICATE_STRING_SIZE 68176U
#           define UDIF_PARAMATERS_SPHINCSF_MCELIECE_SF5M5
#           define UDIF_ROOT_CERTIFICATE_STRING_SIZE 516U
#           define UDIF_SIGNATURE_ENCODING_SIZE 66520U
#           define UDIF_VERIFICATION_KEY_ENCODING_SIZE 88U
#       elif defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
#           define UDIF_CHILD_CERTIFICATE_STRING_SIZE 41003U
#           define UDIF_PARAMATERS_SPHINCSS_MCELIECE_SS5M5
#           define UDIF_ROOT_CERTIFICATE_STRING_SIZE 516U
#           define UDIF_SIGNATURE_ENCODING_SIZE 39768U
#           define UDIF_VERIFICATION_KEY_ENCODING_SIZE 88U
#       endif
#   elif defined(QSC_MCELIECE_S6N6960T119)
#       if defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
#           define UDIF_CHILD_CERTIFICATE_STRING_SIZE 68173U
#           define UDIF_PARAMATERS_SPHINCSF_MCELIECE_SF5M6
#           define UDIF_ROOT_CERTIFICATE_STRING_SIZE 516U
#           define UDIF_SIGNATURE_ENCODING_SIZE 66520U
#           define UDIF_VERIFICATION_KEY_ENCODING_SIZE 88U
#       elif defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
#           define UDIF_CHILD_CERTIFICATE_STRING_SIZE 41003U
#           define UDIF_PARAMATERS_SPHINCSS_MCELIECE_SS5M6
#           define UDIF_ROOT_CERTIFICATE_STRING_SIZE 516U
#           define UDIF_SIGNATURE_ENCODING_SIZE 39768U
#           define UDIF_VERIFICATION_KEY_ENCODING_SIZE 88U
#       endif
#   elif defined(QSC_MCELIECE_S7N8192T128)
#       if defined(QSC_SPHINCSPLUS_S5S256SHAKERF)
#           define UDIF_CHILD_CERTIFICATE_STRING_SIZE 68173U
#           define UDIF_PARAMATERS_SPHINCSF_MCELIECE_SF5M7
#           define UDIF_ROOT_CERTIFICATE_STRING_SIZE 516U
#           define UDIF_SIGNATURE_ENCODING_SIZE 66520U
#           define UDIF_VERIFICATION_KEY_ENCODING_SIZE 88U
#       elif defined(QSC_SPHINCSPLUS_S5S256SHAKERS)
#           define UDIF_CHILD_CERTIFICATE_STRING_SIZE 41003U
#           define UDIF_PARAMATERS_SPHINCSS_MCELIECE_SS5M7
#           define UDIF_ROOT_CERTIFICATE_STRING_SIZE 516U
#           define UDIF_SIGNATURE_ENCODING_SIZE 39768U
#           define UDIF_VERIFICATION_KEY_ENCODING_SIZE 88U
#       else
#           error Invalid parameter sets, check the QSC library settings 
#       endif
#   else
        /* The library signature scheme and asymmetric cipher parameter sets
        must be synchronized to a common security level; s1, s3, s5 or s6.
        Check the QSC library common.h file for cipher and signature security level alignment. */
#       error Invalid parameter sets, check the QSC library settings 
#   endif
#endif
 
        /* Claims and Capabilities */

#define UDIF_CLAIM_ANCHOR_SIZE 32U

#define UDIF_POLICY_HASH_SIZE 32U

#define UDIF_PERMISSION_MASK_SIZE 8U

#define UDIF_CAPABILITY_MASK_SIZE 8U

#define UDIF_CAPABILITY_TOKEN_MAX_SIZE 2048U

#define UDIF_SUITEID_SIZE 1U

#define UDIF_ROLE_SIZE 1U

#define UDIF_MINIMUM_TRUST 1U

#define UDIF_NAME_MAX_SIZE 256U

#define UDIF_TWOWAY_TRUST 1000002U

#define UDIF_APPLICATION_CLIENT_PORT 39761U

#define UDIF_APPLICATION_IDG_PORT 39762U

#define UDIF_APPLICATION_UBC_PORT 39763U

#define UDIF_APPLICATION_UGC_PORT 39764U

#define UDIF_APPLICATION_URA_PORT 39765U

#define UDIF_APPLICATION_UUA_PORT 39766U

#define UDIF_CANONICAL_NAME_MINIMUM_SIZE 3U

#define UDIF_CERTIFICATE_ADDRESS_SIZE 22U

#define UDIF_CERTIFICATE_ALGORITHM_SIZE 1U

#define UDIF_CERTIFICATE_DEFAULT_PERIOD ((uint64_t)365U * 24U * 60U * 60U)

#define UDIF_CERTIFICATE_DESIGNATION_SIZE 1U

#define UDIF_CERTIFICATE_EXPIRATION_SIZE 16U

#define UDIF_CERTIFICATE_HASH_SIZE 32U

#define UDIF_CERTIFICATE_ISSUER_SIZE 256U

#define UDIF_CERTIFICATE_LINE_LENGTH 64U

#define UDIF_CERTIFICATE_MAXIMUM_PERIOD (UDIF_CERTIFICATE_DEFAULT_PERIOD * 2U)

#define UDIF_CERTIFICATE_MINIMUM_PERIOD ((uint64_t)1U * 24U * 60U * 60U)

#define UDIF_CERTIFICATE_SERIAL_SIZE 16U

#define UDIF_CERTIFICATE_HINT_SIZE (UDIF_CERTIFICATE_HASH_SIZE + UDIF_CERTIFICATE_SERIAL_SIZE)

#define UDIF_CERTIFICATE_SIGNED_HASH_SIZE (UDIF_ASYMMETRIC_SIGNATURE_SIZE + UDIF_CERTIFICATE_HASH_SIZE)

#define UDIF_CERTIFICATE_VERSION_SIZE 1U

#define UDIF_CERTIFICATE_CHILD_SIZE (UDIF_CERTIFICATE_SIGNED_HASH_SIZE + \
    UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    UDIF_CERTIFICATE_ISSUER_SIZE + \
    UDIF_CERTIFICATE_SERIAL_SIZE + \
    UDIF_CERTIFICATE_SERIAL_SIZE + \
    UDIF_CERTIFICATE_EXPIRATION_SIZE + \
    UDIF_CERTIFICATE_DESIGNATION_SIZE + \
    UDIF_CERTIFICATE_ALGORITHM_SIZE + \
    UDIF_CERTIFICATE_VERSION_SIZE + \
    UDIF_SUITEID_SIZE + \
    UDIF_ROLE_SIZE + \
    UDIF_CAPABILITY_MASK_SIZE)

#define UDIF_CERTIFICATE_IDG_SIZE (UDIF_ASYMMETRIC_SIGNATURE_SIZE + \
    UDIF_CERTIFICATE_HASH_SIZE + \
    UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    UDIF_CERTIFICATE_ISSUER_SIZE + \
    UDIF_CERTIFICATE_ADDRESS_SIZE + \
    UDIF_CERTIFICATE_SERIAL_SIZE + \
    UDIF_CERTIFICATE_SERIAL_SIZE + \
    UDIF_CERTIFICATE_EXPIRATION_SIZE + \
    UDIF_CERTIFICATE_DESIGNATION_SIZE + \
    UDIF_CERTIFICATE_ALGORITHM_SIZE + \
    UDIF_CERTIFICATE_VERSION_SIZE + \
    UDIF_SUITEID_SIZE + \
    UDIF_ROLE_SIZE + \
    UDIF_CAPABILITY_MASK_SIZE)

#define UDIF_CERTIFICATE_ROOT_SIZE (UDIF_CERTIFICATE_HASH_SIZE + \
    UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE + \
    UDIF_CERTIFICATE_ISSUER_SIZE + \
    UDIF_CERTIFICATE_SERIAL_SIZE + \
    UDIF_CERTIFICATE_EXPIRATION_SIZE + \
    UDIF_CERTIFICATE_ALGORITHM_SIZE + \
    UDIF_CERTIFICATE_VERSION_SIZE + \
    UDIF_SUITEID_SIZE + \
    UDIF_ROLE_SIZE + \
    UDIF_CAPABILITY_MASK_SIZE)

#define UDIF_CRYPTO_SYMMETRIC_KEY_SIZE 32U

#define UDIF_MESSAGE_MAX_SIZE 1400000UL

#define UDIF_MFK_EXPIRATION_PERIOD ((uint64_t)60U * 24U * 60U * 60U)

#define UDIF_MINIMUM_PATH_LENGTH 9U

#define UDIF_NETWORK_CONNECTION_MTU 1500U

#define UDIF_NETWORK_DOMAIN_NAME_MAX_SIZE 256U

#define UDIF_NETWORK_MAX_APSS 1000000UL

#define UDIF_NETWORK_NODE_ID_SIZE 16

#define UDIF_PERIOD_DAY_TO_SECONDS (24U * 60U * 60U)

#define UDIF_SOCKET_TERMINATOR_SIZE 1U

#define UDIF_PACKET_ERROR_SIZE 1U

#define UDIF_PACKET_HEADER_SIZE 22U

#define UDIF_PACKET_SUBHEADER_SIZE 16U

#define UDIF_PACKET_SEQUENCE_TERMINATOR 0xFFFFFFFFUL

#define UDIF_PACKET_TIME_SIZE 8U

#define UDIF_PACKET_TIME_THRESHOLD 60U

#define UDIF_NETWORK_TERMINATION_MESSAGE_SIZE 1U

#define UDIF_NETWORK_TERMINATION_PACKET_SIZE (UDIF_PACKET_HEADER_SIZE + UDIF_NETWORK_TERMINATION_MESSAGE_SIZE)
 
/* Versioning */

#define UDIF_ACTIVE_VERSION 1U

#define UDIF_ACTIVE_VERSION_SIZE 2U
 
/* Identity and Namespace */

#define UDIF_NAMESPACE_CODE_SIZE 8U

#define UDIF_ISSUER_DOMAIN_CODE_SIZE 8U

#define UDIF_IDENTITY_ID_SIZE 32U

#define UDIF_IDENTITY_MAX_SIZE 512U

#define UDIF_PERIOD_DAY_TO_SECONDS (24U * 60U * 60U)
 
/* Certificate Fields */

#define UDIF_CERTIFICATE_ROLE_SIZE 1U

#define UDIF_CERTIFICATE_SERIAL_SIZE 16U

#define UDIF_CERTIFICATE_VERSION_SIZE 1U

#define UDIF_CERTIFICATE_HASH_SIZE 32U

#define UDIF_CERTIFICATE_SIGNED_HASH_SIZE (UDIF_ASYMMETRIC_SIGNATURE_SIZE + UDIF_CERTIFICATE_HASH_SIZE)

#define UDIF_CERTIFICATE_DEFAULT_PERIOD ((uint64_t)365U * 24U * 60U * 60U)

#define UDIF_CERTIFICATE_MINIMUM_PERIOD ((uint64_t)1U * 24U * 60U * 60U)

#define UDIF_CERTIFICATE_MAXIMUM_PERIOD (UDIF_CERTIFICATE_DEFAULT_PERIOD * 2U)
 
/* --- Cryptographic Parameters --- */

#define UDIF_CRYPTO_SYMMETRIC_KEY_SIZE 32U

#define UDIF_CRYPTO_SYMMETRIC_MAC_SIZE 32U

#define UDIF_CRYPTO_SYMMETRIC_HASH_SIZE 32U

#if defined(UDIF_USE_RCS_ENCRYPTION)
#   define UDIF_CRYPTO_SYMMETRIC_NONCE_SIZE 32U
#else
#   define UDIF_CRYPTO_SYMMETRIC_NONCE_SIZE 16U
#endif

#define UDIF_CRYPTO_SEED_SIZE 64U

#define UDIF_CRYPTO_SYMMETRIC_TOKEN_SIZE 32U

#define UDIF_CRYPTO_SYMMETRIC_HASH_SIZE 32U

#if defined(UDIF_USE_RCS_ENCRYPTION)
#   if defined(UDIF_EXTENDED_SESSION_SECURITY)
#       define UDIF_CRYPTO_SYMMETRIC_MAC_SIZE 64U
#   else
#       define UDIF_CRYPTO_SYMMETRIC_MAC_SIZE 32U
#   endif
#else
#   define UDIF_CRYPTO_SYMMETRIC_MAC_SIZE 16U
#endif

#define UDIF_CRYPTO_SYMMETRIC_SECRET_SIZE 32U
 
/* UDIF Enumerations */

UDIF_EXPORT_API typedef enum udif_configuration_sets
{
    udif_configuration_set_none = 0x00U,                                     
    udif_configuration_set_dilithium1_kyber1_rcs256_shake256 = 0x01U,           
    udif_configuration_set_dilithium3_kyber3_rcs256_shake256 = 0x02U,           
    udif_configuration_set_dilithium5_kyber5_rcs256_shake256 = 0x03U,           
    udif_configuration_set_dilithium5_kyber6_rcs512_shake256 = 0x04U,           
    udif_configuration_set_sphincsplus1f_mceliece1_rcs256_shake256 = 0x05U,       
    udif_configuration_set_sphincsplus1s_mceliece1_rcs256_shake256 = 0x06U,       
    udif_configuration_set_sphincsplus3f_mceliece3_rcs256_shake256 = 0x07U,       
    udif_configuration_set_sphincsplus3s_mceliece3_rcs256_shake256 = 0x08U,       
    udif_configuration_set_sphincsplus5f_mceliece5_rcs256_shake256 = 0x09U,       
    udif_configuration_set_sphincsplus5s_mceliece5_rcs256_shake256 = 0x0AU,       
    udif_configuration_set_sphincsplus5f_mceliece6_rcs256_shake256 = 0x0BU,       
    udif_configuration_set_sphincsplus5s_mceliece6_rcs256_shake256 = 0x0CU,       
    udif_configuration_set_sphincsplus5f_mceliece7_rcs256_shake256 = 0x0DU,       
    udif_configuration_set_sphincsplus5s_mceliece7_rcs256_shake256 = 0x0EU,       
} udif_configuration_sets;

UDIF_EXPORT_API typedef enum udif_network_designations
{
    udif_network_designation_none = 0x00U,                         
    udif_network_designation_ubc = 0x01U,                           
    udif_network_designation_client = 0x02U,                     
    udif_network_designation_ugc = 0x03U,                           
    udif_network_designation_remote = 0x04U,                     
    udif_network_designation_ura = 0x05U,                           
    udif_network_designation_revoked = 0x06U,                       
    udif_network_designation_idg = 0x07U,                           
    udif_network_designation_uua = 0x08U,                           
    udif_network_designation_all = 0xFFU,                           
} udif_network_designations;

UDIF_EXPORT_API typedef enum udif_network_errors
{
    udif_network_error_none = 0x00U,                             
    udif_network_error_accept_fail = 0x01U,                           
    udif_network_error_auth_failure = 0x02U,                     
    udif_network_error_bad_keep_alive = 0x03U,                     
    udif_network_error_channel_down = 0x04U,                     
    udif_network_error_connection_failure = 0x05U,                 
    udif_network_error_decryption_failure = 0x06U,                 
    udif_network_error_establish_failure = 0x07U,                   
    udif_network_error_general_failure = 0x08U,                       
    udif_network_error_hosts_exceeded = 0x09U,                     
    udif_network_error_identity_unknown = 0x10U,                 
    udif_network_error_invalid_input = 0x1AU,                       
    udif_network_error_invalid_request = 0x1BU,                       
    udif_network_error_keep_alive_expired = 0x1CU,                 
    udif_network_error_keep_alive_timeout = 0x1DU,                 
    udif_network_error_kex_auth_failure = 0x1EU,                 
    udif_network_error_key_not_recognized = 0x1FU,                 
    udif_network_error_key_has_expired = 0x20U,                       
    udif_network_error_listener_fail = 0x21U,                       
    udif_network_error_memory_allocation = 0x22U,                   
    udif_network_error_packet_unsequenced = 0x23U,                 
    udif_network_error_random_failure = 0x24U,                     
    udif_network_error_ratchet_fail = 0x25U,                     
    udif_network_error_receive_failure = 0x26U,                       
    udif_network_error_transmit_failure = 0x27U,                 
    udif_network_error_unknown_protocol = 0x28U,                 
    udif_network_error_unsequenced = 0x29U,                           
    udif_network_error_verify_failure = 0x2AU,                     
} udif_network_errors;

UDIF_EXPORT_API typedef enum udif_network_flags
{
    udif_network_flag_none = 0x00U,                                   
    udif_network_flag_connection_terminate_request = 0x01U,           
    udif_network_flag_error_condition = 0x02U,                     
    udif_network_flag_incremental_update_request = 0x09U,           
    udif_network_flag_incremental_update_response = 0x0AU,         
    udif_network_flag_register_request = 0x0BU,                       
    udif_network_flag_register_response = 0x0CU,                 
    udif_network_flag_register_update_request = 0x0DU,             
    udif_network_flag_register_update_response = 0x0EU,               
    udif_network_flag_keep_alive_request = 0x0FU,                   
    udif_network_flag_keep_alive_response = 0x10U,                 
    udif_network_flag_network_announce_broadcast = 0x15U,           
    udif_network_flag_network_converge_request = 0x16U,               
    udif_network_flag_network_converge_response = 0x17U,         
    udif_network_flag_network_converge_update = 0x18U,             
    udif_network_flag_network_resign_request = 0x19U,               
    udif_network_flag_network_resign_response = 0x1AU,             
    udif_network_flag_network_revocation_broadcast = 0x1BU,           
    udif_network_flag_network_signature_request = 0x1CU,         
    udif_network_flag_system_error_condition = 0x1DU,               
    udif_network_flag_tunnel_connection_terminate = 0x1EU,         
    udif_network_flag_tunnel_encrypted_message = 0x1FU,               
    udif_network_flag_tunnel_session_established = 0x20U,           
    udif_network_flag_tunnel_transfer_request = 0x21U,             
    udif_network_flag_topology_query_request = 0x22U,               
    udif_network_flag_topology_query_response = 0x23U,             
    udif_network_flag_topology_status_request = 0x24U,             
    udif_network_flag_topology_status_response = 0x25U,               
    udif_network_flag_topology_status_available = 0x26U,         
    udif_network_flag_topology_status_synchronized = 0x27U,           
    udif_network_flag_topology_status_unavailable = 0x28U,         
    udif_network_flag_network_remote_signing_request = 0x29U,       
    udif_network_flag_network_remote_signing_response = 0x2AU,     
} udif_network_flags;

UDIF_EXPORT_API typedef enum udif_protocol_errors
{
    udif_protocol_error_none = 0x00U,                               
    udif_protocol_error_authentication_failure = 0x01U,               
    udif_protocol_error_certificate_not_found = 0x02U,             
    udif_protocol_error_channel_down = 0x03U,                       
    udif_protocol_error_connection_failure = 0x04U,                   
    udif_protocol_error_connect_failure = 0x05U,                 
    udif_protocol_error_convergence_failure = 0x06U,             
    udif_protocol_error_convergence_synchronized = 0x07U,           
    udif_protocol_error_decapsulation_failure = 0x08U,             
    udif_protocol_error_decoding_failure = 0x09U,                   
    udif_protocol_error_decryption_failure = 0x0AU,                   
    udif_protocol_error_establish_failure = 0x0BU,                 
    udif_protocol_error_exchange_failure = 0x0CU,                   
    udif_protocol_error_file_not_deleted = 0x0DU,                   
    udif_protocol_error_file_not_found = 0x0EU,                       
    udif_protocol_error_file_not_written = 0x0FU,                   
    udif_protocol_error_hash_invalid = 0x10U,                       
    udif_protocol_error_hosts_exceeded = 0x11U,                       
    udif_protocol_error_invalid_request = 0x12U,                 
    udif_protocol_error_certificate_expired = 0x13U,             
    udif_protocol_error_key_expired = 0x14U,                     
    udif_protocol_error_key_unrecognized = 0x15U,                   
    udif_protocol_error_listener_fail = 0x16U,                     
    udif_protocol_error_memory_allocation = 0x17U,                 
    udif_protocol_error_message_time_invalid = 0x18U,               
    udif_protocol_error_message_verification_failure = 0x19U,       
    udif_protocol_error_no_usable_address = 0x1AU,                 
    udif_protocol_error_node_not_available = 0x1BU,                   
    udif_protocol_error_node_not_found = 0x1CU,                       
    udif_protocol_error_node_was_registered = 0x1DU,             
    udif_protocol_error_operation_cancelled = 0x1EU,             
    udif_protocol_error_packet_header_invalid = 0x1FU,             
    udif_protocol_error_packet_unsequenced = 0x20U,                   
    udif_protocol_error_receive_failure = 0x21U,                 
    udif_protocol_error_root_signature_invalid = 0x22U,               
    udif_protocol_error_serialization_failure = 0x23U,             
    udif_protocol_error_signature_failure = 0x24U,                 
    udif_protocol_error_signing_failure = 0x25U,                 
    udif_protocol_error_socket_binding = 0x26U,                       
    udif_protocol_error_socket_creation = 0x27U,                 
    udif_protocol_error_transmit_failure = 0x28U,                   
    udif_protocol_error_topology_no_aps = 0x29U,                 
    udif_protocol_error_unknown_protocol = 0x2AU,                   
    udif_protocol_error_verification_failure = 0x2BU,               
} udif_protocol_errors;

UDIF_EXPORT_API typedef enum udif_claim_type
{
    udif_claim_unknown = 0x00U,           
    udif_claim_commodity_id = 0x10U, 
    udif_claim_biometric_hash = 0x11U, 
    udif_claim_institution_id = 0x12U, 
    udif_claim_public_key = 0x13U,     
    udif_claim_age_over = 0x14U,     
    udif_claim_citizenship = 0x15U,       
    udif_claim_residency = 0x16U,       
    udif_claim_membership_id = 0x17U,   
    udif_claim_contact_email = 0x18U,   
    udif_claim_contact_phone = 0x19U,   
    udif_claim_address = 0x1AU,           
    udif_claim_custom = 0x7FU          
} udif_claim_type;

UDIF_EXPORT_API typedef enum udif_token_type
{
    udif_token_none = 0x00U,         
    udif_token_capability = 0x01U,     
    udif_token_attestation = 0x02U,       
    udif_token_session = 0x03U            
} udif_token_type;

UDIF_EXPORT_API typedef enum udif_capability_id
{
    udif_cap_issue_certificate = 0x00U, 
    udif_cap_revoke_certificate = 0x01U,
    udif_cap_issue_token = 0x02U,       
    udif_cap_validate_token = 0x03U, 
    udif_cap_register_issuer = 0x04U,   
    udif_cap_rotate_keys = 0x05U,       
    udif_cap_directory_query = 0x06U,   
    udif_cap_audit_log_access = 0x07U, 
    udif_cap_admin = 0x08U                
} udif_capability_id;

UDIF_EXPORT_API typedef enum udif_permission_class
{
    udif_perm_read_claims = 0x00U,     
    udif_perm_write_claims = 0x01U,       
    udif_perm_read_certs = 0x02U,       
    udif_perm_write_certs = 0x03U,     
    udif_perm_manage_policy = 0x04U, 
    udif_perm_manage_caps = 0x05U,     
    udif_perm_delegate = 0x06U,           
    udif_perm_export_identity = 0x07U, 
    udif_perm_import_identity = 0x08U  
} udif_permission_class;

UDIF_EXPORT_API typedef enum udif_policy_decision
{
    udif_policy_permit = 0x00U,           
    udif_policy_deny = 0x01U,           
    udif_policy_indeterminate = 0x02U, 
    udif_policy_not_applicable= 0x03U 
} udif_policy_decision;

UDIF_EXPORT_API typedef enum udif_verify_policy
{
    udif_verify_strict = 0x00U,           
    udif_verify_lenient = 0x01U          
} udif_verify_policy;

UDIF_EXPORT_API typedef enum udif_time_validation
{
    udif_time_valid = 0x00U,         
    udif_time_future = 0x01U,           
    udif_time_expired = 0x02U,         
    udif_time_skew_exceeds = 0x03U        
} udif_time_validation;

UDIF_EXPORT_API typedef enum udif_status
{
    udif_status_success = 0x00U,     
    udif_status_invalid_argument = 0x01U, 
    udif_status_not_found = 0x02U,     
    udif_status_already_exists = 0x03U, 
    udif_status_out_of_memory = 0x04U, 
    udif_status_buffer_too_small = 0x05U, 
    udif_status_not_supported = 0x06U, 
    udif_status_internal_error = 0x07U  
} udif_status;

UDIF_EXPORT_API typedef enum udif_error_identity
{
    udif_eid_none = 0x00U,             
    udif_eid_namespace_bad = 0x01U,       
    udif_eid_issuer_bad = 0x02U,     
    udif_eid_subject_bad = 0x03U,       
    udif_eid_mask_invalid = 0x04U,     
    udif_eid_anchor_mismatch = 0x05U,   
    udif_eid_sig_invalid = 0x06U,       
    udif_eid_expired = 0x07U,           
    udif_eid_future = 0x08U              
} udif_error_identity;

UDIF_EXPORT_API typedef enum udif_error_certificate
{
    udif_ecert_none = 0x00U,         
    udif_ecert_type_unknown = 0x01U, 
    udif_ecert_serial_bad = 0x02U,     
    udif_ecert_chain_invalid = 0x03U,   
    udif_ecert_sig_invalid = 0x04U,       
    udif_ecert_expired = 0x05U,           
    udif_ecert_future = 0x06U,         
    udif_ecert_policy_mismatch = 0x07U, 
    udif_ecert_revoked = 0x08U            
} udif_error_certificate;

UDIF_EXPORT_API typedef enum udif_error_claims
{
    udif_ecl_none = 0x00U,             
    udif_ecl_type_unknown = 0x01U,     
    udif_ecl_encoding_bad = 0x02U,     
    udif_ecl_canonical_fail = 0x03U, 
    udif_ecl_anchor_bad = 0x04U,     
    udif_ecl_value_invalid = 0x05U        
} udif_error_claims;

UDIF_EXPORT_API typedef enum udif_error_capability
{
    udif_ecap_none = 0x00U,               
    udif_ecap_denied = 0x01U,           
    udif_ecap_mask_empty = 0x02U,       
    udif_ecap_mask_conflict = 0x03U      
} udif_error_capability;

UDIF_EXPORT_API typedef enum udif_error_policy
{
    udif_epol_none = 0x00U,               
    udif_epol_not_found = 0x01U,     
    udif_epol_hash_mismatch= 0x02U,      
    udif_epol_indeterminate= 0x03U       
} udif_error_policy;

UDIF_EXPORT_API typedef enum udif_error_encoding
{
    udif_eenc_none = 0x00U,               
    udif_eenc_overflow = 0x01U,           
    udif_eenc_underflow = 0x02U,     
    udif_eenc_format = 0x03U,           
    udif_eenc_unsupported = 0x04U      
} udif_error_encoding;
 
/* Certificate block banners */

#define UDIF_CERTIFICATE_HEADER_SIZE 64U

#define UDIF_CERTIFICATE_FOOTER_SIZE 64U
 
/* Certificate field prefixes */

#define UDIF_CERTIFICATE_ISSUER_PREFIX_SIZE 9U

#define UDIF_CERTIFICATE_SERIAL_PREFIX_SIZE 9U

#define UDIF_CERTIFICATE_VALID_FROM_PREFIX_SIZE 13U

#define UDIF_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE 6U

#define UDIF_CERTIFICATE_ALGORITHM_PREFIX_SIZE 12U

#define UDIF_CERTIFICATE_VERSION_PREFIX_SIZE 10U

#define UDIF_CERTIFICATE_ROLE_PREFIX_SIZE 6U
#define UDIF_ROOT_CERTIFICATE_HEADER_SIZE 64U
#define UDIF_ROOT_CERTIFICATE_HASH_PREFIX_SIZE 19U
#define UDIF_ROOT_CERTIFICATE_PUBLICKEY_PREFIX_SIZE 13U
#define UDIF_ROOT_CERTIFICATE_ISSUER_PREFIX_SIZE 9U
#define UDIF_ROOT_CERTIFICATE_NAME_PREFIX_SIZE 7U
#define UDIF_ROOT_CERTIFICATE_SERIAL_PREFIX_SIZE 9U
#define UDIF_ROOT_CERTIFICATE_FOOTER_SIZE 64U
#define UDIF_ROOT_CERTIFICATE_VALID_FROM_PREFIX_SIZE 13U
#define UDIF_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE 6U
#define UDIF_ROOT_CERTIFICATE_ALGORITHM_PREFIX_SIZE 12U
#define UDIF_ROOT_CERTIFICATE_VERSION_PREFIX_SIZE 10U
#define UDIF_ROOT_CERTIFICATE_CAPABILITY_MASK_PREFIX_SIZE 18U
#define UDIF_ROOT_CERTIFICATE_DEFAULT_NAME_SIZE 18U
#define UDIF_ACTIVE_VERSION_STRING_SIZE 5U


 
static const char UDIF_ROOT_CERTIFICATE_HEADER[UDIF_ROOT_CERTIFICATE_HEADER_SIZE] = "------------BEGIN UDIF ROOT PUBLIC CERTIFICATE BLOCK-----------";
static const char UDIF_ROOT_CERTIFICATE_ISSUER_PREFIX[UDIF_ROOT_CERTIFICATE_ISSUER_PREFIX_SIZE] = "Issuer: ";
static const char UDIF_ROOT_CERTIFICATE_NAME_PREFIX[UDIF_ROOT_CERTIFICATE_NAME_PREFIX_SIZE] = "Name: ";
static const char UDIF_ROOT_CERTIFICATE_SERIAL_PREFIX[UDIF_ROOT_CERTIFICATE_SERIAL_PREFIX_SIZE] = "Serial: ";
static const char UDIF_ROOT_CERTIFICATE_VALID_FROM_PREFIX[UDIF_ROOT_CERTIFICATE_VALID_FROM_PREFIX_SIZE] = "Valid From: ";
static const char UDIF_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX[UDIF_ROOT_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE] = " To: ";
static const char UDIF_ROOT_CERTIFICATE_ALGORITHM_PREFIX[UDIF_ROOT_CERTIFICATE_ALGORITHM_PREFIX_SIZE] = "Algorithm: ";
static const char UDIF_ROOT_CERTIFICATE_VERSION_PREFIX[UDIF_ROOT_CERTIFICATE_VERSION_PREFIX_SIZE] = "Version: ";
static const char UDIF_ROOT_CERTIFICATE_CAPABILITY_MASK_PREFIX[UDIF_ROOT_CERTIFICATE_CAPABILITY_MASK_PREFIX_SIZE] = "Capability Mask: ";
static const char UDIF_ROOT_CERTIFICATE_HASH_PREFIX[UDIF_ROOT_CERTIFICATE_HASH_PREFIX_SIZE] = "Certificate Hash: ";
static const char UDIF_ROOT_CERTIFICATE_PUBLICKEY_PREFIX[UDIF_ROOT_CERTIFICATE_PUBLICKEY_PREFIX_SIZE] = "Public Key: ";
static const char UDIF_ROOT_CERTIFICATE_FOOTER[UDIF_ROOT_CERTIFICATE_FOOTER_SIZE] = "------------END UDIF ROOT PUBLIC CERTIFICATE BLOCK-------------";
static const char UDIF_ROOT_CERTIFICATE_DEFAULT_NAME[UDIF_ROOT_CERTIFICATE_DEFAULT_NAME_SIZE] = " Root Certificate";
 
static const char UDIF_ACTIVE_VERSION_STRING[UDIF_ACTIVE_VERSION_STRING_SIZE] = "0x01";
static const char UDIF_CERTIFICATE_CHILD_EXTENSION[] = ".ccert";
static const char UDIF_CERTIFICATE_MFCOL_EXTENSION[] = ".mfcol";
static const char UDIF_CERTIFICATE_ROOT_EXTENSION[] = ".rcert";
static const char UDIF_CERTIFICATE_TOPOLOGY_EXTENSION[] = ".dtop";
static const char UDIF_APPLICATION_ROOT_PATH[] = "\\UDIF";
static const char UDIF_CERTIFICATE_BACKUP_PATH[] = "\\Backup";
static const char UDIF_CERTIFICATE_STORE_PATH[] = "\\Certificates";
static const char UDIF_ROOT_CERTIFICATE_PATH[] = "\\Root";
static const char UDIF_CERTIFICATE_TOPOLOGY_PATH[] = "\\Topology";


 
#define UDIF_CERTIFICATE_SEPERATOR_SIZE 1U
#define UDIF_CHILD_CERTIFICATE_HEADER_SIZE 64U
#define UDIF_CHILD_CERTIFICATE_ROOT_HASH_PREFIX_SIZE 30U
#define UDIF_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX_SIZE 23U
#define UDIF_CHILD_CERTIFICATE_ISSUER_PREFIX_SIZE 9U
#define UDIF_CHILD_CERTIFICATE_NAME_PREFIX_SIZE 7U
#define UDIF_CHILD_CERTIFICATE_SERIAL_PREFIX_SIZE 9U
#define UDIF_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX_SIZE 14U
#define UDIF_CHILD_CERTIFICATE_VALID_FROM_PREFIX_SIZE 13U
#define UDIF_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE 6U
#define UDIF_CHILD_CERTIFICATE_ALGORITHM_PREFIX_SIZE 12U
#define UDIF_CHILD_CERTIFICATE_VERSION_PREFIX_SIZE 10U
#define UDIF_CHILD_CERTIFICATE_DESIGNATION_PREFIX_SIZE 14U
#define UDIF_CHILD_CERTIFICATE_CAPABILITY_MASK_PREFIX_SIZE 18U
#define UDIF_CHILD_CERTIFICATE_ADDRESS_PREFIX_SIZE 10U
#define UDIF_CHILD_CERTIFICATE_FOOTER_SIZE 64U
#define UDIF_CHILD_CERTIFICATE_DEFAULT_NAME_SIZE 19U
 
static const char UDIF_CHILD_CERTIFICATE_HEADER[UDIF_CHILD_CERTIFICATE_HEADER_SIZE] = "-----------BEGIN UDIF CHILD PUBLIC CERTIFICATE BLOCK-----------";
static const char UDIF_CHILD_CERTIFICATE_ROOT_HASH_PREFIX[UDIF_CHILD_CERTIFICATE_ROOT_HASH_PREFIX_SIZE] = "Root Signed Public Key Hash: ";
static const char UDIF_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX[UDIF_CHILD_CERTIFICATE_SIGNATURE_KEY_PREFIX_SIZE] = "Public Signature Key: ";
static const char UDIF_CHILD_CERTIFICATE_ISSUER_PREFIX[UDIF_CHILD_CERTIFICATE_ISSUER_PREFIX_SIZE] = "Issuer: ";
static const char UDIF_CHILD_CERTIFICATE_NAME_PREFIX[UDIF_CHILD_CERTIFICATE_NAME_PREFIX_SIZE] = "Name: ";
static const char UDIF_CHILD_CERTIFICATE_SERIAL_PREFIX[UDIF_CHILD_CERTIFICATE_SERIAL_PREFIX_SIZE] = "Serial: ";
static const char UDIF_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX[UDIF_CHILD_CERTIFICATE_ROOT_SERIAL_PREFIX_SIZE] = "Root Serial: ";
static const char UDIF_CHILD_CERTIFICATE_VALID_FROM_PREFIX[UDIF_CHILD_CERTIFICATE_VALID_FROM_PREFIX_SIZE] = "Valid From: ";
static const char UDIF_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX[UDIF_CHILD_CERTIFICATE_EXPIRATION_TO_PREFIX_SIZE] = " To: ";
static const char UDIF_CHILD_CERTIFICATE_ALGORITHM_PREFIX[UDIF_CHILD_CERTIFICATE_ALGORITHM_PREFIX_SIZE] = "Algorithm: ";
static const char UDIF_CHILD_CERTIFICATE_VERSION_PREFIX[UDIF_CHILD_CERTIFICATE_VERSION_PREFIX_SIZE] = "Version: ";
static const char UDIF_CHILD_CERTIFICATE_DESIGNATION_PREFIX[UDIF_CHILD_CERTIFICATE_DESIGNATION_PREFIX_SIZE] = "Designation: ";
static const char UDIF_CHILD_CERTIFICATE_CAPABILITY_MASK_PREFIX[UDIF_CHILD_CERTIFICATE_CAPABILITY_MASK_PREFIX_SIZE] = "Capability Mask: ";
static const char UDIF_CHILD_CERTIFICATE_ADDRESS_PREFIX[UDIF_CHILD_CERTIFICATE_ADDRESS_PREFIX_SIZE] = "Address: ";
static const char UDIF_CHILD_CERTIFICATE_FOOTER[UDIF_CHILD_CERTIFICATE_FOOTER_SIZE] = "------------END UDIF CHILD PUBLIC CERTIFICATE BLOCK------------";
static const char UDIF_CHILD_CERTIFICATE_DEFAULT_NAME[UDIF_CHILD_CERTIFICATE_DEFAULT_NAME_SIZE] = " Child Certificate";
 
#define UDIF_NETWORK_DESIGNATION_SIZE 33
static const char UDIF_NETWORK_DESIGNATION_NONE[UDIF_NETWORK_DESIGNATION_SIZE] = "udif_network_designation_none";
static const char UDIF_NETWORK_DESIGNATION_URA[UDIF_NETWORK_DESIGNATION_SIZE] = "udif_network_designation_ura";
static const char UDIF_NETWORK_DESIGNATION_CLIENT[UDIF_NETWORK_DESIGNATION_SIZE] = "udif_network_designation_client";
static const char UDIF_NETWORK_DESIGNATION_UBC[UDIF_NETWORK_DESIGNATION_SIZE] = "udif_network_designation_ubc";
static const char UDIF_NETWORK_DESIGNATION_IDG[UDIF_NETWORK_DESIGNATION_SIZE] = "udif_network_designation_idg";
static const char UDIF_NETWORK_DESIGNATION_UUA[UDIF_NETWORK_DESIGNATION_SIZE] = "udif_network_designation_uua";
static const char UDIF_NETWORK_DESIGNATION_UGC[UDIF_NETWORK_DESIGNATION_SIZE] = "udif_network_designation_ugc";
static const char UDIF_NETWORK_DESIGNATION_ALL[UDIF_NETWORK_DESIGNATION_SIZE] = "udif_network_designation_all";

#define UDIF_PROTOCOL_SET_SIZE 41U
 
 /* Valid parameter sets:
 Kyber-S1, Dilithium-S1
 Kyber-S3, Dilithium-S3
 Kyber-S5, Dilithium-S5
 Kyber-S6, Dilithium-S5
 McEliece-S1, Sphincs-S1(f,s)
 McEliece-S3, Sphincs-S3(f,s)
 McEliece-S5, Sphincs-S5(f,s)
 McEliece-S6, Sphincs-S5(f,s)
 McEliece-S7, Sphincs-S6(f,s) */

 
#if defined(UDIF_PARAMATERS_DILITHIUM_KYBER_D1K1)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "dilithium-s1_kyber-s1_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_dilithium1_kyber1_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_DILITHIUM_KYBER_D3K3)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "dilithium-s3_kyber-s3_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_dilithium3_kyber3_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_DILITHIUM_KYBER_D5K5)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "dilithium-s5_kyber-s5_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_dilithium5_kyber5_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_DILITHIUM_KYBER_D5K6)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "dilithium-s5_kyber-s6_rcs-512_sha3-512";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_dilithium5_kyber6_rcs512_shake256;
#elif defined(UDIF_PARAMATERS_SPHINCSF_MCELIECE_SF1M1) 
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "sphincs-1f_mceliece-s1_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_sphincsplus1f_mceliece1_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_SPHINCSPLUS_S1S128SHAKERS)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "sphincs-1s_mceliece-s1_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_sphincsplus1s_mceliece1_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_SPHINCSF_MCELIECE_SF3M3)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "sphincs-3f_mceliece-s3_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_sphincsplus3f_mceliece3_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_SPHINCSPLUS_S3S192SHAKERS)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "sphincs-3s_mceliece-s3_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_sphincsplus3s_mceliece3_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_SPHINCSF_MCELIECE_SF5M5)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "sphincs-5f_mceliece-s5_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_sphincsplus5f_mceliece5_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_SPHINCSPLUS_S5S256SHAKERS)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "sphincs-5s_mceliece-s5_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_sphincsplus5s_mceliece5_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_SPHINCSF_MCELIECE_SF5M6)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "sphincs-5f_mceliece-s6_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_sphincsplus5f_mceliece6_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_SPHINCSPLUS_S5S256SHAKERS)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "sphincs-5s_mceliece-s6_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_sphincsplus5s_mceliece6_rcs256_shake256;
#elif defined(UDIF_PARAMATERS_SPHINCSF_MCELIECE_SF5M7)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "sphincs-5f_mceliece-s7_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_sphincsplus5f_mceliece7_rcs256_shake256;
#define UDIF_SUITE_ID 13U
#elif defined(UDIF_PARAMATERS_SPHINCSPLUS_S5S256SHAKERS)
static const char UDIF_CONFIG_STRING[UDIF_PROTOCOL_SET_SIZE] = "sphincs-5s_mceliece-s7_rcs-256_sha3-256";
static const udif_configuration_sets UDIF_CONFIGURATION_SET = udif_configuration_set_sphincsplus5s_mceliece7_rcs256_shake256;
#else
#   error Invalid parameter set!
#endif

 
/* Role/Designation Strings */
 
#define UDIF_ROLE_STRING_SIZE 32U

static const char UDIF_ROLE_STRINGS[][UDIF_ROLE_STRING_SIZE] =
{
    "udif_role_none",
    "udif_role_udc",
    "udif_role_uip",
    "udif_role_uis",
    "udif_role_client",
    "udif_role_audit",
    "udif_role_revoked",
    "udif_role_any"
};
 
 
/* Error String Tables */

#define UDIF_ERROR_STRING_DEPTH 16U

#define UDIF_ERROR_STRING_SIZE 128U

 
/* Identity errors */
static const char UDIF_IDENTITY_ERROR_STRINGS[][UDIF_ERROR_STRING_SIZE] =
{
    "No error",
    "Invalid namespace code",
    "Invalid issuer domain code",
    "Invalid subject identifier",
    "Capability/permission mask invalid",
    "Claim anchor mismatch",
    "Signature verification failed",
    "Identity expired",
    "Identity not yet valid"
};
 
/* Certificate errors */
static const char UDIF_CERTIFICATE_ERROR_STRINGS[][UDIF_ERROR_STRING_SIZE] =
{
    "No error",
    "Unknown certificate type",
    "Bad or unknown serial number",
    "Invalid certificate chain",
    "Signature invalid",
    "Certificate expired",
    "Certificate not yet valid",
    "Policy hash mismatch",
    "Certificate revoked"
};
 
/* Claims errors */
static const char UDIF_CLAIMS_ERROR_STRINGS[][UDIF_ERROR_STRING_SIZE] =
{
    "No error",
    "Unknown claim type",
    "Invalid encoding",
    "Canonicalization failed",
    "Anchor mismatch",
    "Invalid claim value"
};
 
/* Capability errors */
static const char UDIF_CAPABILITY_ERROR_STRINGS[][UDIF_ERROR_STRING_SIZE] =
{
    "No error",
    "Capability denied by policy",
    "Empty capability mask",
    "Conflicting capability bits"
};
 
/* Policy errors */
static const char UDIF_POLICY_ERROR_STRINGS[][UDIF_ERROR_STRING_SIZE] =
{
    "No error",
    "Policy not found",
    "Policy hash mismatch",
    "Policy evaluation indeterminate"
};
 
/* Encoding errors */
static const char UDIF_ENCODING_ERROR_STRINGS[][UDIF_ERROR_STRING_SIZE] =
{
    "No error",
    "Buffer overflow",
    "Buffer underflow",
    "Bad format/version",
    "Unsupported encoding"
};

 
/* UDIF Structures */

UDIF_EXPORT_API typedef struct udif_time_window
{
    uint64_t not_before;            
    uint64_t not_after;             
} udif_time_window;

UDIF_EXPORT_API typedef struct udif_capability_mask
{
    uint8_t bits[UDIF_CAPABILITY_MASK_SIZE];
} udif_capability_mask;

UDIF_EXPORT_API typedef struct udif_permission_mask
{
    uint8_t bits[UDIF_PERMISSION_MASK_SIZE];
} udif_permission_mask;

UDIF_EXPORT_API typedef struct udif_identity_id
{
    uint8_t bytes[UDIF_IDENTITY_ID_SIZE];
} udif_identity_id;

UDIF_EXPORT_API typedef struct udif_namespace_code
{
    uint8_t bytes[UDIF_NAMESPACE_CODE_SIZE];
} udif_namespace_code;

UDIF_EXPORT_API typedef struct udif_issuer_domain_code
{
    uint8_t bytes[UDIF_ISSUER_DOMAIN_CODE_SIZE];
} udif_issuer_domain_code;

UDIF_EXPORT_API typedef struct udif_policy_hash
{
    uint8_t bytes[UDIF_POLICY_HASH_SIZE];
} udif_policy_hash;

UDIF_EXPORT_API typedef struct udif_claim_anchor
{
    uint8_t bytes[UDIF_CLAIM_ANCHOR_SIZE];
} udif_claim_anchor;
 
 
/* Certificates */

UDIF_EXPORT_API typedef enum udif_version_sets
{
    udif_version_set_none = 0x00U,                                  
    udif_version_set_one_zero = 0x01U,                              
} udif_version_sets;
 
/* public structures */

UDIF_EXPORT_API typedef struct udif_certificate_expiration
{
    uint64_t from;                                                  
    uint64_t to;                                                    
} udif_certificate_expiration;

UDIF_EXPORT_API typedef struct udif_child_certificate
{
    uint8_t csig[UDIF_CERTIFICATE_SIGNED_HASH_SIZE];               
    uint8_t verkey[UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE];          
    char issuer[UDIF_CERTIFICATE_ISSUER_SIZE];                      
    uint8_t serial[UDIF_CERTIFICATE_SERIAL_SIZE];                   
    uint8_t rootser[UDIF_CERTIFICATE_SERIAL_SIZE];                  
    udif_certificate_expiration expiration;                         
    udif_network_designations designation;                         
    udif_configuration_sets algorithm;                               
    uint8_t version;                                                
    uint8_t capability[UDIF_CAPABILITY_MASK_SIZE];                 
} udif_child_certificate;

#define UDIF_X509_CERTIFICATE_SIZE 4096U

#define UDIF_IDG_HINT_SIZE (UDIF_CERTIFICATE_HASH_SIZE + UDIF_CERTIFICATE_SERIAL_SIZE)

UDIF_EXPORT_API typedef struct udif_idg_hint
{
    uint8_t chash[UDIF_CERTIFICATE_HASH_SIZE];                        
    uint8_t rootser[UDIF_CERTIFICATE_SERIAL_SIZE];                  
} udif_idg_hint;

UDIF_EXPORT_API typedef struct udif_idg_certificate
{
    uint8_t csig[UDIF_CERTIFICATE_SIGNED_HASH_SIZE];               
    uint8_t vkey[UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE];            
    uint8_t xcert[UDIF_X509_CERTIFICATE_SIZE];                      
    uint8_t serial[UDIF_CERTIFICATE_SERIAL_SIZE];                   
    uint8_t rootser[UDIF_CERTIFICATE_SERIAL_SIZE];                  
    uint8_t hint[UDIF_IDG_HINT_SIZE];                               
    char issuer[UDIF_CERTIFICATE_ISSUER_SIZE];                      
    udif_certificate_expiration expiration;                         
    udif_network_designations designation;                         
    udif_configuration_sets algorithm;                               
    uint8_t version;                                                
    uint8_t capability[UDIF_CAPABILITY_MASK_SIZE];                 
} udif_idg_certificate;

UDIF_EXPORT_API typedef struct udif_connection_state
{
    qsc_socket target;                                              
    udif_cipher_state rxcpr;                                        
    udif_cipher_state txcpr;                                        
    uint64_t rxseq;                                                 
    uint64_t txseq;                                                 
    uint32_t instance;                                              
    udif_network_flags exflag;                                        
} udif_connection_state;

UDIF_EXPORT_API typedef struct udif_keep_alive_state
{
    qsc_socket target;                                              
    uint64_t etime;                                                 
    uint64_t seqctr;                                                
    bool recd;                                                      
} udif_keep_alive_state;

UDIF_EXPORT_API typedef struct udif_network_packet
{
    uint8_t flag;                                                   
    uint32_t msglen;                                                
    uint64_t sequence;                                              
    uint64_t utctime;                                               
    uint8_t* pmessage;                                              
} udif_network_packet;

UDIF_EXPORT_API typedef struct udif_root_certificate
{
    uint8_t verkey[UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE];          
    char issuer[UDIF_CERTIFICATE_ISSUER_SIZE];                      
    uint8_t serial[UDIF_CERTIFICATE_SERIAL_SIZE];                   
    udif_certificate_expiration expiration;                         
    udif_configuration_sets algorithm;                               
    udif_version_sets version;                                      
    uint8_t capability[UDIF_CAPABILITY_MASK_SIZE];                 
} udif_root_certificate;

UDIF_EXPORT_API typedef struct udif_serialized_symmetric_key
{
    uint64_t keyid;                                                 
    uint8_t key[UDIF_CRYPTO_SYMMETRIC_KEY_SIZE];                  
    uint8_t nonce[UDIF_CRYPTO_SYMMETRIC_NONCE_SIZE];                
} udif_serialized_symmetric_key;

UDIF_EXPORT_API typedef struct udif_signature_keypair
{
    uint8_t prikey[UDIF_ASYMMETRIC_SIGNING_KEY_SIZE];               
    uint8_t pubkey[UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE];          
} udif_signature_keypair;

UDIF_EXPORT_API typedef struct udif_cipher_keypair
{
    uint8_t prikey[UDIF_ASYMMETRIC_PRIVATE_KEY_SIZE];               
    uint8_t pubkey[UDIF_ASYMMETRIC_PUBLIC_KEY_SIZE];                
} udif_cipher_keypair;
 
 
/* Identity & Claims */

UDIF_EXPORT_API typedef struct udif_claim
{
    udif_claim_type type;                                    
    const uint8_t* value;                                   
    uint32_t length;                                        
} udif_claim;

UDIF_EXPORT_API typedef struct udif_claim_set
{
    const udif_claim* items;                                
    uint32_t count;                                         
    udif_claim_anchor anchor;                               
} udif_claim_set;

UDIF_EXPORT_API typedef struct udif_identity_record
{
    udif_namespace_code nspace;                             
    udif_issuer_domain_code issuer;                         
    udif_identity_id subject;                               
    udif_time_window validity;                              
    udif_permission_mask perms;                             
    udif_capability_mask caps;                              
    udif_policy_hash policy;                                
    udif_claim_anchor anchor;                               
    uint8_t verkey[UDIF_ASYMMETRIC_VERIFICATION_KEY_SIZE];      
    uint8_t chash[UDIF_CERTIFICATE_HASH_SIZE];                
    uint8_t signature[UDIF_ASYMMETRIC_SIGNATURE_SIZE];          
} udif_identity_record;
 
 
/* Tokens */

UDIF_EXPORT_API typedef struct udif_token_header
{
    udif_token_type ttype;                                   
    udif_namespace_code nspace;                             
    udif_issuer_domain_code issuer;                         
    udif_time_window validity;                              
} udif_token_header;

UDIF_EXPORT_API typedef struct udif_token
{
    udif_token_header head;                                 
    udif_identity_id subject;                               
    udif_capability_mask caps;                              
    udif_permission_mask perms;                             
    uint8_t payload[UDIF_CAPABILITY_TOKEN_MAX_SIZE];      
    uint32_t payload_len;                                   
    uint8_t chash[UDIF_CERTIFICATE_HASH_SIZE];                
    uint8_t signature[UDIF_ASYMMETRIC_SIGNATURE_SIZE];          
} udif_token;
 
 
/* Encoded Blobs & Helpers */

UDIF_EXPORT_API typedef struct udif_encoded_blob
{
    uint8_t* bytes;                                            
    uint32_t size;                                             
    uint32_t length;                                           
} udif_encoded_blob;
 
#define UDIF_NETWORK_ERROR_STRING_DEPTH 28U
#define UDIF_NETWORK_ERROR_STRING_SIZE 128U

 
static const char UDIF_NETWORK_ERROR_STRINGS[UDIF_NETWORK_ERROR_STRING_DEPTH][UDIF_NETWORK_ERROR_STRING_SIZE] =
{
    "No error was detected",
    "The socket accept function returned an error",
    "The cipher authentication has failed",
    "The keep alive check failed",
    "The communications channel has failed",
    "The device could not make a connnection to the remote host",
    "The decryption authentication has failed",
    "The transmission failed at the kex establish phase",
    "The connection experienced an unexpected error",
    "The server has run out of socket connections",
    "The random generator experienced a failure",
    "The input is invalid",
    "The request is invalid",
    "The keep alive has expired with no response",
    "The keepalive failure counter has exceeded maximum ",
    "The kex authentication has failed",
    "The key-id is not recognized",
    "The certificate has expired",
    "The listener function failed to initialize",
    "The server has run out of memory",
    "The random generator experienced a failure",
    "The random generator experienced a failure",
    "The ratchet operation has failed",
    "The receiver failed at the network layer",
    "The transmitter failed at the network layer",
    "The protocol version is unknown",
    "The packet was received out of sequence",
    "The expected data could not be verified"
};
 
#define UDIF_PROTOCOL_ERROR_STRING_DEPTH 44U
#define UDIF_PROTOCOL_ERROR_STRING_SIZE 128U
 
static const char UDIF_PROTOCOL_ERROR_STRINGS[UDIF_PROTOCOL_ERROR_STRING_DEPTH][UDIF_PROTOCOL_ERROR_STRING_SIZE] =
{
    "No error was detected",
    "The symmetric cipher had an authentication failure",
    "The node certificate could not be found",
    "The communications channel has failed",
    "The device could not make a connection to the remote host",
    "The transmission failed at the KEX connection phase",
    "The convergence call has returned an error",
    "The database is already synchronized",
    "The asymmetric cipher failed to decapsulate the shared secret",
    "The node or certificate decoding failed",
    "The decryption authentication has failed",
    "The transmission failed at the KEX establish phase",
    "The transmission failed at the KEX exchange phase",
    "The application could not delete a local file",
    "The file could not be found",
    "The file could not be written to storage",
    "The public-key hash is invalid",
    "The server has run out of socket connections",
    "The packet flag was unexpected",
    "The certificate has expired and is invalid",
    "The UDIF public key has expired ",
    "The key identity is unrecognized",
    "The listener function failed to initialize",
    "The server has run out of memory",
    "The network time is invalid or has substantial delay",
    "The expected data could not be verified",
    "The server has no usable IP address, assign in configuration",
    "The node is offline or not available for connection",
    "The node could not be found in the database",
    "The node was previously registered in the database",
    "The operation was cancelled by the user",
    "The packet header received was invalid",
    "The packet was received out of sequence",
    "The receiver failed at the network layer",
    "The root signature failed authentication",
    "The certificate could not be serialized",
    "The signature scheme could not sign a message",
    "The transmission failed to sign the data",
    "The socket could not be bound to an IP address",
    "The socket could not be created",
    "The transmitter failed at the network layer",
    "The topological database has no aps entries",
    "The protocol string was not recognized",
    "The transmission failed at the KEX verify phase"
};

 
 
/* API */

UDIF_EXPORT_API void udif_connection_close(qsc_socket* rsock, udif_network_errors err, bool notify);

UDIF_EXPORT_API udif_protocol_errors udif_decrypt_packet(udif_connection_state* cns, uint8_t* message, size_t* msglen, const udif_network_packet* packetin);

UDIF_EXPORT_API udif_protocol_errors udif_encrypt_packet(udif_connection_state* cns, udif_network_packet* packetout, const uint8_t* message, size_t msglen);

UDIF_EXPORT_API void udif_connection_state_dispose(udif_connection_state* cns);

UDIF_EXPORT_API const char* udif_network_error_to_string(udif_network_errors error);

UDIF_EXPORT_API const char* udif_protocol_error_to_string(udif_protocol_errors error);

UDIF_EXPORT_API void udif_packet_clear(udif_network_packet* packet);

UDIF_EXPORT_API void udif_packet_error_message(udif_network_packet* packet, udif_protocol_errors error);

UDIF_EXPORT_API void udif_packet_header_deserialize(const uint8_t* header, udif_network_packet* packet);

UDIF_EXPORT_API void udif_packet_header_serialize(const udif_network_packet* packet, uint8_t* header);

UDIF_EXPORT_API void udif_packet_set_utc_time(udif_network_packet* packet);

UDIF_EXPORT_API bool udif_packet_time_valid(const udif_network_packet* packet);

UDIF_EXPORT_API size_t udif_packet_to_stream(const udif_network_packet* packet, uint8_t* pstream);

UDIF_EXPORT_API void udif_stream_to_packet(const uint8_t* pstream, udif_network_packet* packet);
 
#endif