AERN Certificate Handling Functions. More...

#include "aern.h"

Functions
AERN_EXPORT_API aern_configuration_sets	aern_certificate_algorithm_decode (const char *name)
	Decode the string algorithm-set number to the enumerated representation.
AERN_EXPORT_API bool	aern_certificate_algorithm_enabled (aern_configuration_sets conf)
	Test if the specified protocol-set is enabled on this system.
AERN_EXPORT_API void	aern_certificate_algorithm_encode (char *name, aern_configuration_sets conf)
	Encode the protocol-set enumerator into its string form.
AERN_EXPORT_API bool	aern_certificate_child_are_equal (const aern_child_certificate a, const aern_child_certificate b)
	Compare two child certificates for equivalence.
AERN_EXPORT_API void	aern_certificate_child_copy (aern_child_certificate output, const aern_child_certificate input)
	Copy a child certificate structure.
AERN_EXPORT_API void	aern_certificate_child_create (aern_child_certificate child, const uint8_t pubkey, const aern_certificate_expiration expiration, const char issuer, aern_network_designations designation)
	Create a child certificate.
AERN_EXPORT_API bool	aern_certificate_child_decode (aern_child_certificate *child, const char enck[AERN_CHILD_CERTIFICATE_STRING_SIZE])
	Decode a child certificate string into a certificate structure.
AERN_EXPORT_API void	aern_certificate_child_deserialize (aern_child_certificate child, const uint8_t input)
	Deserialize a child certificate from a byte array.
AERN_EXPORT_API size_t	aern_certificate_child_encode (char enck[AERN_CHILD_CERTIFICATE_STRING_SIZE], const aern_child_certificate *child)
	Encode a public child certificate into a human-readable string.
AERN_EXPORT_API void	aern_certificate_child_erase (aern_child_certificate *child)
	Delete (erase) a child certificate.
AERN_EXPORT_API bool	aern_certificate_child_file_to_struct (const char fpath, aern_child_certificate child)
	Copy a serialized certificate from a file into a child certificate structure.
AERN_EXPORT_API void	aern_certificate_child_hash (uint8_t output, const aern_child_certificate child)
	Compute the cryptographic hash of a child certificate.
AERN_EXPORT_API bool	aern_certificate_child_is_valid (const aern_child_certificate *child)
	Test a child certificate for a valid format and expiration.
AERN_EXPORT_API bool	aern_certificate_child_message_verify (uint8_t message, size_t msglen, const uint8_t signature, size_t siglen, const aern_child_certificate child)
	Verify a message signature using a child certificate.
AERN_EXPORT_API void	aern_certificate_child_serialize (uint8_t output, const aern_child_certificate child)
	Serialize a child certificate into a contiguous byte array.
AERN_EXPORT_API bool	aern_certificate_signature_hash_verify (const uint8_t signature, size_t siglen, const uint8_t message, size_t msglen, const aern_child_certificate *lcert)
	Verify that a signature hash matches a computed message hash using a child certificate.
AERN_EXPORT_API bool	aern_certificate_child_struct_to_file (const char fpath, const aern_child_certificate child)
	Write a child certificate structure to a file.
AERN_EXPORT_API aern_network_designations	aern_certificate_designation_decode (const char *sdsg)
	Decode the network-designation string to its enumerated representation.
AERN_EXPORT_API size_t	aern_certificate_designation_encode (char *sdsg, aern_network_designations designation)
	Encode the network-designation enumerator into a string.
AERN_EXPORT_API void	aern_certificate_expiration_set_days (aern_certificate_expiration *expiration, uint16_t start, uint16_t duration)
	Set the expiration days on a certificate expiration structure.
AERN_EXPORT_API void	aern_certificate_expiration_set_seconds (aern_certificate_expiration *expiration, uint64_t start, uint64_t period)
	Set the expiration seconds on a certificate expiration structure.
AERN_EXPORT_API bool	aern_certificate_expiration_time_verify (const aern_certificate_expiration *expiration)
	Verify the expiration time against the current UTC time.
AERN_EXPORT_API size_t	aern_certificate_message_hash_sign (uint8_t signature, const uint8_t sigkey, const uint8_t *message, size_t msglen)
	Hash a message and sign the hash.
AERN_EXPORT_API bool	aern_certificate_root_compare (const aern_root_certificate a, const aern_root_certificate b)
	Compare two root certificates for equivalence.
AERN_EXPORT_API void	aern_certificate_root_create (aern_root_certificate root, const uint8_t pubkey, const aern_certificate_expiration expiration, const char issuer)
	Create a root certificate.
AERN_EXPORT_API bool	aern_certificate_root_decode (aern_root_certificate root, const char enck)
	Decode a root certificate string into a certificate structure.
AERN_EXPORT_API void	aern_certificate_root_deserialize (aern_root_certificate root, const uint8_t input)
	Deserialize a root certificate from a byte array.
AERN_EXPORT_API size_t	aern_certificate_root_encode (char enck, const aern_root_certificate root)
	Encode a public root certificate into a human-readable string.
AERN_EXPORT_API void	aern_certificate_root_erase (aern_root_certificate *root)
	Delete (erase) a root certificate.
AERN_EXPORT_API bool	aern_certificate_root_file_to_struct (const char fpath, aern_root_certificate root)
	Copy a serialized root certificate from a file into a root certificate structure.
AERN_EXPORT_API void	aern_certificate_root_hash (uint8_t output, const aern_root_certificate root)
	Compute the cryptographic hash of a root certificate.
AERN_EXPORT_API void	aern_certificate_root_serialize (uint8_t output, const aern_root_certificate root)
	Serialize a root certificate into a contiguous byte array.
AERN_EXPORT_API size_t	aern_certificate_root_sign (aern_child_certificate child, const aern_root_certificate root, const uint8_t *rsigkey)
	Sign a child certificate with the root certificate.
AERN_EXPORT_API bool	aern_certificate_root_signature_verify (const aern_child_certificate child, const aern_root_certificate root)
	Verify a child certificate against a root certificate.
AERN_EXPORT_API bool	aern_certificate_root_struct_to_file (const char fpath, const aern_root_certificate root)
	Write a root certificate structure to a file.
AERN_EXPORT_API bool	aern_certificate_root_is_valid (const aern_root_certificate *root)
	Validate a root certificate.
AERN_EXPORT_API void	aern_certificate_signature_generate_keypair (aern_signature_keypair *keypair)
	Generate and encode an asymmetric signature scheme keypair.
AERN_EXPORT_API size_t	aern_certificate_signature_sign_message (uint8_t signature, const uint8_t message, size_t msglen, const uint8_t *prikey)
	Sign a message using the asymmetric signature scheme.
AERN_EXPORT_API bool	aern_certificate_signature_verify_message (const uint8_t message, size_t msglen, const uint8_t signature, size_t siglen, const uint8_t *pubkey)
	Verify a message signature using the asymmetric signature scheme.

Detailed Description

AERN Certificate Handling Functions.

This header defines the functions for managing and processing certificates used by the Anonymous Encrypted Relay Network (AERN). The certificate module is responsible for creating, encoding, decoding, serializing, deserializing, signing, and verifying both child (device) and root (trust anchor) certificates. These certificates carry critical information such as:

The issuer identity.
Certificate validity periods.
Public verification keys.
Algorithm configuration identifiers.
Digital signatures produced by the root certificate.

The functions provided in this module allow conversion between protocol-set strings and their enumerated representations, as well as conversion of network-designation values between string and enumerated forms. They also perform cryptographic operations such as hashing and digital signing, using the underlying QSC cryptographic primitives.

Note: The certificate functions depend on the QSC library for routines including SHA3 (Keccak), base64 encoding/decoding, file I/O, and memory utilities. The active AERN configuration (protocol-set) is used to automatically populate certificate fields.

Test: When the AERN_DEBUG_TESTS_RUN macro is defined, the function aern_certificate_functions_test() executes a series of self-tests that verify:

Algorithm Conversion: That protocol-set strings are correctly decoded into enumerated values (and vice versa) via aern_certificate_algorithm_decode() and aern_certificate_algorithm_encode().
Child Certificate Operations: The creation (aern_certificate_child_create()), signing (aern_certificate_root_sign()), encoding (aern_certificate_child_encode()), serialization/deserialization (aern_certificate_child_serialize()/aern_certificate_child_deserialize()), and validity testing (aern_certificate_child_is_valid()) of child certificates.
Root Certificate Operations: The creation (aern_certificate_root_create()), encoding (aern_certificate_root_encode()), serialization/deserialization (aern_certificate_root_serialize()/aern_certificate_root_deserialize()), and verification (aern_certificate_root_signature_verify()) of root certificates.
Equality and Copy: That child certificates can be compared (aern_certificate_child_are_equal()) and copied (aern_certificate_child_copy()) correctly.
Expiration and Signature Functions: That certificate expiration is properly set and verified, and that messages can be hashed and signed/verified (aern_certificate_message_hash_sign() and aern_certificate_signature_verify_message()).

These tests help ensure that the certificate operations function as expected in real-world use.

Function Documentation

◆ aern_certificate_algorithm_decode()

AERN_EXPORT_API aern_configuration_sets aern_certificate_algorithm_decode ( const char * name )

Decode the string algorithm-set number to the enumerated representation.

Parameters

name	[in, const] The protocol-set string (for example, "dilithium-s1_kyber-s1_rcs-256_sha3-256").

Returns: Returns the corresponding protocol-set enumerator.

◆ aern_certificate_algorithm_enabled()

AERN_EXPORT_API bool aern_certificate_algorithm_enabled ( aern_configuration_sets conf )

Test if the specified protocol-set is enabled on this system.

Parameters

conf	The protocol-set enumerator to test.

Returns: Returns true if the given protocol-set is enabled; otherwise, false.

◆ aern_certificate_algorithm_encode()

AERN_EXPORT_API void aern_certificate_algorithm_encode	(	char *	name,
		aern_configuration_sets	conf )

Encode the protocol-set enumerator into its string form.

Parameters

name	[out] The output buffer that will receive the protocol-set string.
conf	The protocol-set enumerator to encode.

◆ aern_certificate_child_are_equal()

AERN_EXPORT_API bool aern_certificate_child_are_equal	(	const aern_child_certificate *	a,
		const aern_child_certificate *	b )

Compare two child certificates for equivalence.

This function compares all the significant fields of two child certificate structures (including algorithm, version, designation, expiration, issuer, serial, signature, and public key).

Parameters

a	[in, const] The first certificate.
b	[in, const] The second certificate.

Returns: Returns true if the two certificates are equal.

◆ aern_certificate_child_copy()

AERN_EXPORT_API void aern_certificate_child_copy	(	aern_child_certificate *	output,
		const aern_child_certificate *	input )

Copy a child certificate structure.

This function performs a deep copy of the child certificate from the input structure to the output structure.

Parameters

output	[out] The destination child certificate.
input	[in, const] The source child certificate.

◆ aern_certificate_child_create()

AERN_EXPORT_API void aern_certificate_child_create	(	aern_child_certificate *	child,
		const uint8_t *	pubkey,
		const aern_certificate_expiration *	expiration,
		const char *	issuer,
		aern_network_designations	designation )

Create a child certificate.

This function initializes and populates a child certificate structure with the provided public key, expiration information, issuer string, and designation.

Parameters

child	[out] A pointer to the empty child certificate to populate.
pubkey	[in] A pointer to the public signature key.
expiration	[in, const] The certificate expiration time structure.
issuer	[in, const] The certificate issuer string.
designation	The certificate designation type (e.g. aps, client, etc.).

◆ aern_certificate_child_decode()

AERN_EXPORT_API bool aern_certificate_child_decode	(	aern_child_certificate *	child,
		const char	enck[AERN_CHILD_CERTIFICATE_STRING_SIZE] )

Decode a child certificate string into a certificate structure.

This function decodes an encoded child certificate string (with a fixed maximum size) into its corresponding certificate structure.

Parameters

child	[out] The pointer to the child certificate structure to populate.
enck	[in] The encoded certificate string.

Returns: Returns true if the certificate was successfully decoded.

◆ aern_certificate_child_deserialize()

AERN_EXPORT_API void aern_certificate_child_deserialize	(	aern_child_certificate *	child,
		const uint8_t *	input )

Deserialize a child certificate from a byte array.

This function converts a serialized child certificate (stored as a byte stream) into a certificate structure.

Parameters

child	[out] The pointer to the child certificate structure to populate.
input	[in, const] The input byte array containing the serialized certificate.

◆ aern_certificate_child_encode()

AERN_EXPORT_API size_t aern_certificate_child_encode	(	char	enck[AERN_CHILD_CERTIFICATE_STRING_SIZE],
		const aern_child_certificate *	child )

Encode a public child certificate into a human-readable string.

This function encodes the given child certificate into a formatted string representation.

Parameters

enck	[out] The output buffer that will receive the encoded certificate string.
child	[in, const] The child certificate to encode.

Returns: Returns the size of the encoded certificate string.

◆ aern_certificate_child_erase()

AERN_EXPORT_API void aern_certificate_child_erase ( aern_child_certificate * child )

Delete (erase) a child certificate.

This function securely erases all fields of a child certificate structure.

Parameters

child [in,out] A pointer to the child certificate to erase.

◆ aern_certificate_child_file_to_struct()

AERN_EXPORT_API bool aern_certificate_child_file_to_struct	(	const char *	fpath,
		aern_child_certificate *	child )

Copy a serialized certificate from a file into a child certificate structure.

This function reads a file containing a serialized child certificate, deserializes it, and populates the provided certificate structure.

Parameters

fpath	[in, const] The file path from which to load the certificate.
child	[out] A pointer to the child certificate structure.

Returns: Returns true on success.

◆ aern_certificate_child_hash()

AERN_EXPORT_API void aern_certificate_child_hash	(	uint8_t *	output,
		const aern_child_certificate *	child )

Compute the cryptographic hash of a child certificate.

The hash is computed over key fields such as algorithm, designation, version, expiration, issuer, serial, and public verification key.

Parameters

output	[out] The output hash array (size: AERN_CERTIFICATE_HASH_SIZE).
child	[in, const] A pointer to the child certificate.

◆ aern_certificate_child_is_valid()

AERN_EXPORT_API bool aern_certificate_child_is_valid ( const aern_child_certificate * child )

Test a child certificate for a valid format and expiration.

This function checks that the certificate fields (including algorithm, designation, version, signature, serial, and public key) are nonzero and that the current time is within the expiration period.

Parameters

child [in, const] A pointer to the child certificate.

Returns: Returns true if the certificate is valid.

◆ aern_certificate_child_message_verify()

AERN_EXPORT_API bool aern_certificate_child_message_verify	(	uint8_t *	message,
		size_t *	msglen,
		const uint8_t *	signature,
		size_t	siglen,
		const aern_child_certificate *	child )

Verify a message signature using a child certificate.

This function uses the public verification key from the child certificate to verify that a given signature correctly authenticates a message.

Parameters

message	[out] The output buffer for the recovered message (if applicable).
msglen	[in,out] A pointer to the length of the recovered message.
signature	[in, const] A pointer to the signature.
siglen	The length of the signature.
child	[in, const] A pointer to the child certificate.

Returns: Returns true if the message signature is verified.

◆ aern_certificate_child_serialize()

AERN_EXPORT_API void aern_certificate_child_serialize	(	uint8_t *	output,
		const aern_child_certificate *	child )

Serialize a child certificate into a contiguous byte array.

Parameters

output	[out] A pointer to the array receiving the serialized certificate (size: AERN_CERTIFICATE_CHILD_SIZE).
child	[in, const] The child certificate to serialize.

◆ aern_certificate_child_struct_to_file()

AERN_EXPORT_API bool aern_certificate_child_struct_to_file	(	const char *	fpath,
		const aern_child_certificate *	child )

Write a child certificate structure to a file.

Parameters

fpath	[in, const] The file path where the certificate will be stored.
child	[in, const] A pointer to the child certificate structure.

Returns: Returns true on success.

◆ aern_certificate_designation_decode()

AERN_EXPORT_API aern_network_designations aern_certificate_designation_decode ( const char * sdsg )

Decode the network-designation string to its enumerated representation.

Parameters

sdsg	[in, const] The network-designation string.

Returns: Returns the corresponding network-designation enumerator.

◆ aern_certificate_designation_encode()

AERN_EXPORT_API size_t aern_certificate_designation_encode	(	char *	sdsg,
		aern_network_designations	designation )

Encode the network-designation enumerator into a string.

Parameters

sdsg	[out] The output buffer that will receive the encoded network-designation string.
designation	The certificate designation type.

Returns: Returns the size of the encoded string.

◆ aern_certificate_expiration_set_days()

AERN_EXPORT_API void aern_certificate_expiration_set_days	(	aern_certificate_expiration *	expiration,
		uint16_t	start,
		uint16_t	duration )

Set the expiration days on a certificate expiration structure.

This function sets the from and to fields of the expiration structure using day intervals.

Parameters

expiration	[in,out] A pointer to the expiration structure.
start	The number of days until the certificate becomes valid.
duration	The number of days the certificate remains valid.

◆ aern_certificate_expiration_set_seconds()

AERN_EXPORT_API void aern_certificate_expiration_set_seconds	(	aern_certificate_expiration *	expiration,
		uint64_t	start,
		uint64_t	period )

Set the expiration seconds on a certificate expiration structure.

Parameters

expiration	[in,out] A pointer to the expiration structure.
start	The number of seconds to delay before the certificate becomes valid.
period	The number of seconds the certificate remains valid.

◆ aern_certificate_expiration_time_verify()

AERN_EXPORT_API bool aern_certificate_expiration_time_verify ( const aern_certificate_expiration * expiration )

Verify the expiration time against the current UTC time.

Parameters

expiration [in, const] A pointer to the expiration time structure.

Returns: Returns true if the current time is within the certificate's validity period.

◆ aern_certificate_message_hash_sign()

AERN_EXPORT_API size_t aern_certificate_message_hash_sign	(	uint8_t *	signature,
		const uint8_t *	sigkey,
		const uint8_t *	message,
		size_t	msglen )

Hash a message and sign the hash.

This function computes the SHA3-256 hash of the provided message and then signs that hash using the given private signature key.

Parameters

signature	[out] The array receiving the signature (size: AERN_ASYMMETRIC_SIGNATURE_SIZE).
sigkey	[in, const] The private signature key.
message	[in, const] The message to sign.
msglen	The length of the message.

Returns: Returns the size of the generated signature.

◆ aern_certificate_root_compare()

AERN_EXPORT_API bool aern_certificate_root_compare	(	const aern_root_certificate *	a,
		const aern_root_certificate *	b )

Compare two root certificates for equivalence.

This function compares the key fields of two root certificates to determine if they are equal.

Parameters

a	[in, const] The first root certificate.
b	[in, const] The second root certificate.

Returns: Returns true if the certificates are equivalent.

◆ aern_certificate_root_create()

AERN_EXPORT_API void aern_certificate_root_create	(	aern_root_certificate *	root,
		const uint8_t *	pubkey,
		const aern_certificate_expiration *	expiration,
		const char *	issuer )

Create a root certificate.

This function creates a root certificate by populating its fields with the provided public key, expiration structure, and issuer name. The generated certificate serves as the trust anchor.

Parameters

root	[out] A pointer to the empty root certificate to populate.
pubkey	[in] A pointer to the public signature key.
expiration	[in, const] The certificate expiration time structure.
issuer	[in, const] The issuer name string.

◆ aern_certificate_root_decode()

AERN_EXPORT_API bool aern_certificate_root_decode	(	aern_root_certificate *	root,
		const char *	enck )

Decode a root certificate string into a certificate structure.

This function decodes an encoded root certificate string into its corresponding root certificate structure.

Parameters

root	[out] The pointer to the root certificate structure to populate.
enck	[in, const] The encoded certificate string.

Returns: Returns true if the certificate was successfully decoded.

◆ aern_certificate_root_deserialize()

AERN_EXPORT_API void aern_certificate_root_deserialize	(	aern_root_certificate *	root,
		const uint8_t *	input )

Deserialize a root certificate from a byte array.

Parameters

root	[out] A pointer to the root certificate structure to populate.
input	[in, const] A pointer to the input byte array (size: AERN_CERTIFICATE_ROOT_SIZE).

◆ aern_certificate_root_encode()

AERN_EXPORT_API size_t aern_certificate_root_encode	(	char *	enck,
		const aern_root_certificate *	root )

Encode a public root certificate into a human-readable string.

This function encodes the given root certificate into a formatted string.

Parameters

enck	[out] The output buffer that will receive the encoded certificate string.
root	[in, const] The root certificate to encode.

Returns: Returns the size of the encoded certificate string.

◆ aern_certificate_root_erase()

AERN_EXPORT_API void aern_certificate_root_erase ( aern_root_certificate * root )

Delete (erase) a root certificate.

This function securely erases all fields of a root certificate structure.

Parameters

root	[in,out] A pointer to the root certificate to erase.

◆ aern_certificate_root_file_to_struct()

AERN_EXPORT_API bool aern_certificate_root_file_to_struct	(	const char *	fpath,
		aern_root_certificate *	root )

Copy a serialized root certificate from a file into a root certificate structure.

Parameters

fpath	[in, const] The file path from which to read the certificate.
root	[out] A pointer to the root certificate structure to populate.

Returns: Returns true on success.

◆ aern_certificate_root_hash()

AERN_EXPORT_API void aern_certificate_root_hash	(	uint8_t *	output,
		const aern_root_certificate *	root )

Compute the cryptographic hash of a root certificate.

The hash is computed over key fields such as algorithm, version, expiration times, issuer, serial, and public key.

Parameters

output	[out] The output hash array.
root	[in, const] A pointer to the root certificate.

◆ aern_certificate_root_is_valid()

AERN_EXPORT_API bool aern_certificate_root_is_valid ( const aern_root_certificate * root )

Validate a root certificate.

This function checks that the root certificate fields are nonzero and that the current time is within its expiration period.

Parameters

root	[in, const] A pointer to the root certificate.

Returns: Returns true if the root certificate is valid.

◆ aern_certificate_root_serialize()

AERN_EXPORT_API void aern_certificate_root_serialize	(	uint8_t *	output,
		const aern_root_certificate *	root )

Serialize a root certificate into a contiguous byte array.

Parameters

output	[out] A pointer to the array receiving the serialized certificate (size: AERN_CERTIFICATE_ROOT_SIZE).
root	[in, const] The root certificate to serialize.

◆ aern_certificate_root_sign()

AERN_EXPORT_API size_t aern_certificate_root_sign	(	aern_child_certificate *	child,
		const aern_root_certificate *	root,
		const uint8_t *	rsigkey )

Sign a child certificate with the root certificate.

This function hashes the child certificate, copies the root certificate serial number into the child, and then produces a digital signature over the child certificate hash using the provided root signing key.

Parameters

child	[in,out] A pointer to the child certificate to sign.
root	[in, const] A pointer to the root certificate.
rsigkey	[in, const] A pointer to the root private signing key.

Returns: Returns the size of the generated signature.

◆ aern_certificate_root_signature_verify()

AERN_EXPORT_API bool aern_certificate_root_signature_verify	(	const aern_child_certificate *	child,
		const aern_root_certificate *	root )

Verify a child certificate against a root certificate.

This function verifies that the digital signature on the child certificate (stored in its signed hash) was produced by the given root certificate.

Parameters

child	[in, const] A pointer to the child certificate.
root	[in, const] A pointer to the root certificate.

Returns: Returns true if the child certificate signature is valid.

◆ aern_certificate_root_struct_to_file()

AERN_EXPORT_API bool aern_certificate_root_struct_to_file	(	const char *	fpath,
		const aern_root_certificate *	root )

Write a root certificate structure to a file.

Parameters

fpath	[in, const] The file path where the certificate will be written.
root	[in, const] A pointer to the root certificate structure.

Returns: Returns true on success.

◆ aern_certificate_signature_generate_keypair()

AERN_EXPORT_API void aern_certificate_signature_generate_keypair ( aern_signature_keypair * keypair )

Generate and encode an asymmetric signature scheme keypair.

This function generates a new keypair for the AERN asymmetric signature scheme and populates the provided keypair container.

Parameters

keypair [out] A pointer to the keypair container.

◆ aern_certificate_signature_hash_verify()

AERN_EXPORT_API bool aern_certificate_signature_hash_verify	(	const uint8_t *	signature,
		size_t	siglen,
		const uint8_t *	message,
		size_t	msglen,
		const aern_child_certificate *	lcert )

Verify that a signature hash matches a computed message hash using a child certificate.

This function first verifies the signature using the child certificate's public key and then compares the resulting hash to an independently computed hash of the message.

Parameters

signature	[in, const] A pointer to the signed hash.
siglen	The length of the signed hash.
message	[in, const] A pointer to the message.
msglen	The length of the message.
lcert	[in, const] A pointer to the child certificate used for verification.

Returns: Returns true if the signature hash verifies correctly.

◆ aern_certificate_signature_sign_message()

AERN_EXPORT_API size_t aern_certificate_signature_sign_message	(	uint8_t *	signature,
		const uint8_t *	message,
		size_t	msglen,
		const uint8_t *	prikey )

Sign a message using the asymmetric signature scheme.

Parameters

signature	[out] The array that will receive the signature (size: AERN_ASYMMETRIC_SIGNATURE_SIZE).
message	[in, const] The message to sign.
msglen	The length of the message.
prikey	[in] The private signature key.

Returns: Returns the length of the generated signature.

◆ aern_certificate_signature_verify_message()

AERN_EXPORT_API bool aern_certificate_signature_verify_message	(	const uint8_t *	message,
		size_t	msglen,
		const uint8_t *	signature,
		size_t	siglen,
		const uint8_t *	pubkey )

Verify a message signature using the asymmetric signature scheme.

Parameters

message	[in, const] The original message.
msglen	The length of the message.
signature	[in, const] The signature to verify.
siglen	The length of the signature.
pubkey	[in] The public signature verification key.

Returns: Returns true if the signature is verified.