certificate.h File Reference

MPDC Certificate Handling Functions. More...

#include "mpdc.h"

Go to the source code of this file.

Functions
MPDC_EXPORT_API mpdc_configuration_sets	mpdc_certificate_algorithm_decode (const char *name)
	Decode the string algorithm-set number to the enumerated representation.
MPDC_EXPORT_API bool	mpdc_certificate_algorithm_enabled (mpdc_configuration_sets conf)
	Test if the specified protocol-set is enabled on this system.
MPDC_EXPORT_API void	mpdc_certificate_algorithm_encode (char *name, mpdc_configuration_sets conf)
	Encode the protocol-set enumerator into its string form.
MPDC_EXPORT_API bool	mpdc_certificate_child_are_equal (const mpdc_child_certificate *a, const mpdc_child_certificate *b)
	Compare two child certificates for equivalence.
MPDC_EXPORT_API void	mpdc_certificate_child_copy (mpdc_child_certificate *output, const mpdc_child_certificate *input)
	Copy a child certificate structure.
MPDC_EXPORT_API void	mpdc_certificate_child_create (mpdc_child_certificate *child, const uint8_t *pubkey, const mpdc_certificate_expiration *expiration, const char *issuer, mpdc_network_designations designation)
	Create a child certificate.
MPDC_EXPORT_API bool	mpdc_certificate_child_decode (mpdc_child_certificate *child, const char enck[MPDC_CHILD_CERTIFICATE_STRING_SIZE])
	Decode a child certificate string into a certificate structure.
MPDC_EXPORT_API void	mpdc_certificate_child_deserialize (mpdc_child_certificate *child, const uint8_t *input)
	Deserialize a child certificate from a byte array.
MPDC_EXPORT_API size_t	mpdc_certificate_child_encode (char enck[MPDC_CHILD_CERTIFICATE_STRING_SIZE], const mpdc_child_certificate *child)
	Encode a public child certificate into a human-readable string.
MPDC_EXPORT_API void	mpdc_certificate_child_erase (mpdc_child_certificate *child)
	Delete (erase) a child certificate.
MPDC_EXPORT_API bool	mpdc_certificate_child_file_to_struct (const char *fpath, mpdc_child_certificate *child)
	Copy a serialized certificate from a file into a child certificate structure.
MPDC_EXPORT_API void	mpdc_certificate_child_hash (uint8_t *output, const mpdc_child_certificate *child)
	Compute the cryptographic hash of a child certificate.
MPDC_EXPORT_API bool	mpdc_certificate_child_is_valid (const mpdc_child_certificate *child)
	Test a child certificate for a valid format and expiration.
MPDC_EXPORT_API bool	mpdc_certificate_child_message_verify (uint8_t *message, size_t *msglen, const uint8_t *signature, size_t siglen, const mpdc_child_certificate *child)
	Verify a message signature using a child certificate.
MPDC_EXPORT_API void	mpdc_certificate_child_serialize (uint8_t *output, const mpdc_child_certificate *child)
	Serialize a child certificate into a contiguous byte array.
MPDC_EXPORT_API bool	mpdc_certificate_signature_hash_verify (const uint8_t *signature, size_t siglen, const uint8_t *message, size_t msglen, const mpdc_child_certificate *lcert)
	Verify that a signature hash matches a computed message hash using a child certificate.
MPDC_EXPORT_API bool	mpdc_certificate_child_struct_to_file (const char *fpath, const mpdc_child_certificate *child)
	Write a child certificate structure to a file.
MPDC_EXPORT_API mpdc_network_designations	mpdc_certificate_designation_decode (const char *sdsg)
	Decode the network-designation string to its enumerated representation.
MPDC_EXPORT_API size_t	mpdc_certificate_designation_encode (char *sdsg, mpdc_network_designations designation)
	Encode the network-designation enumerator into a string.
MPDC_EXPORT_API void	mpdc_certificate_expiration_set_days (mpdc_certificate_expiration *expiration, uint16_t start, uint16_t duration)
	Set the expiration days on a certificate expiration structure.
MPDC_EXPORT_API void	mpdc_certificate_expiration_set_seconds (mpdc_certificate_expiration *expiration, uint64_t start, uint64_t period)
	Set the expiration seconds on a certificate expiration structure.
MPDC_EXPORT_API bool	mpdc_certificate_expiration_time_verify (const mpdc_certificate_expiration *expiration)
	Verify the expiration time against the current UTC time.
MPDC_EXPORT_API size_t	mpdc_certificate_message_hash_sign (uint8_t *signature, const uint8_t *sigkey, const uint8_t *message, size_t msglen)
	Hash a message and sign the hash.
MPDC_EXPORT_API bool	mpdc_certificate_root_compare (const mpdc_root_certificate *a, const mpdc_root_certificate *b)
	Compare two root certificates for equivalence.
MPDC_EXPORT_API void	mpdc_certificate_root_create (mpdc_root_certificate *root, const uint8_t *pubkey, const mpdc_certificate_expiration *expiration, const char *issuer)
	Create a root certificate.
MPDC_EXPORT_API bool	mpdc_certificate_root_decode (mpdc_root_certificate *root, const char *enck)
	Decode a root certificate string into a certificate structure.
MPDC_EXPORT_API void	mpdc_certificate_root_deserialize (mpdc_root_certificate *root, const uint8_t *input)
	Deserialize a root certificate from a byte array.
MPDC_EXPORT_API size_t	mpdc_certificate_root_encode (char *enck, const mpdc_root_certificate *root)
	Encode a public root certificate into a human-readable string.
MPDC_EXPORT_API void	mpdc_certificate_root_erase (mpdc_root_certificate *root)
	Delete (erase) a root certificate.
MPDC_EXPORT_API bool	mpdc_certificate_root_file_to_struct (const char *fpath, mpdc_root_certificate *root)
	Copy a serialized root certificate from a file into a root certificate structure.
MPDC_EXPORT_API void	mpdc_certificate_root_hash (uint8_t *output, const mpdc_root_certificate *root)
	Compute the cryptographic hash of a root certificate.
MPDC_EXPORT_API void	mpdc_certificate_root_serialize (uint8_t *output, const mpdc_root_certificate *root)
	Serialize a root certificate into a contiguous byte array.
MPDC_EXPORT_API size_t	mpdc_certificate_root_sign (mpdc_child_certificate *child, const mpdc_root_certificate *root, const uint8_t *rsigkey)
	Sign a child certificate with the root certificate.
MPDC_EXPORT_API bool	mpdc_certificate_root_signature_verify (const mpdc_child_certificate *child, const mpdc_root_certificate *root)
	Verify a child certificate against a root certificate.
MPDC_EXPORT_API bool	mpdc_certificate_root_struct_to_file (const char *fpath, const mpdc_root_certificate *root)
	Write a root certificate structure to a file.
MPDC_EXPORT_API bool	mpdc_certificate_root_is_valid (const mpdc_root_certificate *root)
	Validate a root certificate.
MPDC_EXPORT_API void	mpdc_certificate_signature_generate_keypair (mpdc_signature_keypair *keypair)
	Generate and encode an asymmetric signature scheme keypair.
MPDC_EXPORT_API size_t	mpdc_certificate_signature_sign_message (uint8_t *signature, const uint8_t *message, size_t msglen, const uint8_t *prikey)
	Sign a message using the asymmetric signature scheme.
MPDC_EXPORT_API bool	mpdc_certificate_signature_verify_message (const uint8_t *message, size_t msglen, const uint8_t *signature, size_t siglen, const uint8_t *pubkey)
	Verify a message signature using the asymmetric signature scheme.

Detailed Description

MPDC Certificate Handling Functions.

This header defines the functions for managing and processing certificates used by the Multi-Party Domain Cryptosystem (MPDC). The certificate module is responsible for creating, encoding, decoding, serializing, deserializing, signing, and verifying both child (device) and root (trust anchor) certificates. These certificates carry critical information such as:

• The issuer identity.
• Certificate validity periods.
• Public verification keys.
• Algorithm configuration identifiers.
• Digital signatures produced by the root certificate.

The functions provided in this module allow conversion between protocol-set strings and their enumerated representations, as well as conversion of network-designation values between string and enumerated forms. They also perform cryptographic operations such as hashing and digital signing, using the underlying QSC cryptographic primitives.

Note

The certificate functions depend on the QSC library for routines including SHA3 (Keccak), base64 encoding/decoding, file I/O, and memory utilities. The active MPDC configuration (protocol-set) is used to automatically populate certificate fields.

Test

When the MPDC_DEBUG_TESTS_RUN macro is defined, the function mpdc_certificate_functions_test() executes a series of self-tests that verify:

• Algorithm Conversion: That protocol-set strings are correctly decoded into enumerated values (and vice versa) via mpdc_certificate_algorithm_decode() and mpdc_certificate_algorithm_encode().
• Child Certificate Operations: The creation (mpdc_certificate_child_create()), signing (mpdc_certificate_root_sign()), encoding (mpdc_certificate_child_encode()), serialization/deserialization (mpdc_certificate_child_serialize()/mpdc_certificate_child_deserialize()), and validity testing (mpdc_certificate_child_is_valid()) of child certificates.
• Root Certificate Operations: The creation (mpdc_certificate_root_create()), encoding (mpdc_certificate_root_encode()), serialization/deserialization (mpdc_certificate_root_serialize()/mpdc_certificate_root_deserialize()), and verification (mpdc_certificate_root_signature_verify()) of root certificates.
• Equality and Copy: That child certificates can be compared (mpdc_certificate_child_are_equal()) and copied (mpdc_certificate_child_copy()) correctly.
• Expiration and Signature Functions: That certificate expiration is properly set and verified, and that messages can be hashed and signed/verified (mpdc_certificate_message_hash_sign() and mpdc_certificate_signature_verify_message()).

These tests help ensure that the certificate operations function as expected in real-world use.

Function Documentation

mpdc_certificate_algorithm_decode()

MPDC_EXPORT_API mpdc_configuration_sets mpdc_certificate_algorithm_decode

(

const char *

name

)

Decode the string algorithm-set number to the enumerated representation.

Parameters

name	[in, const] The protocol-set string (for example, "dilithium-s1_kyber-s1_rcs-256_sha3-256").

Returns

Returns the corresponding protocol-set enumerator.

mpdc_certificate_algorithm_enabled()

MPDC_EXPORT_API bool mpdc_certificate_algorithm_enabled

(

mpdc_configuration_sets

conf

)

Test if the specified protocol-set is enabled on this system.

Parameters

conf	The protocol-set enumerator to test.

Returns

Returns true if the given protocol-set is enabled; otherwise, false.

mpdc_certificate_algorithm_encode()

MPDC_EXPORT_API void mpdc_certificate_algorithm_encode	(	char *	name,
		mpdc_configuration_sets	conf )

Encode the protocol-set enumerator into its string form.

Parameters

name	[out] The output buffer that will receive the protocol-set string.
conf	The protocol-set enumerator to encode.

mpdc_certificate_child_are_equal()

MPDC_EXPORT_API bool mpdc_certificate_child_are_equal	(	const mpdc_child_certificate *	a,
		const mpdc_child_certificate *	b )

Compare two child certificates for equivalence.

This function compares all the significant fields of two child certificate structures (including algorithm, version, designation, expiration, issuer, serial, signature, and public key).

Parameters

a	[in, const] The first certificate.
b	[in, const] The second certificate.

Returns

Returns true if the two certificates are equal.

mpdc_certificate_child_copy()

MPDC_EXPORT_API void mpdc_certificate_child_copy	(	mpdc_child_certificate *	output,
		const mpdc_child_certificate *	input )

Copy a child certificate structure.

This function performs a deep copy of the child certificate from the input structure to the output structure.

Parameters

output	[out] The destination child certificate.
input	[in, const] The source child certificate.

mpdc_certificate_child_create()

MPDC_EXPORT_API void mpdc_certificate_child_create	(	mpdc_child_certificate *	child,
		const uint8_t *	pubkey,
		const mpdc_certificate_expiration *	expiration,
		const char *	issuer,
		mpdc_network_designations	designation )

Create a child certificate.

This function initializes and populates a child certificate structure with the provided public key, expiration information, issuer string, and designation.

Parameters

child	[out] A pointer to the empty child certificate to populate.
pubkey	[in] A pointer to the public signature key.
expiration	[in, const] The certificate expiration time structure.
issuer	[in, const] The certificate issuer string.
designation	The certificate designation type (e.g. agent, client, etc.).

mpdc_certificate_child_decode()

MPDC_EXPORT_API bool mpdc_certificate_child_decode	(	mpdc_child_certificate *	child,
		const char	enck[MPDC_CHILD_CERTIFICATE_STRING_SIZE] )

Decode a child certificate string into a certificate structure.

This function decodes an encoded child certificate string (with a fixed maximum size) into its corresponding certificate structure.

Parameters

child	[out] The pointer to the child certificate structure to populate.
enck	[in] The encoded certificate string.

Returns

Returns true if the certificate was successfully decoded.

mpdc_certificate_child_deserialize()

MPDC_EXPORT_API void mpdc_certificate_child_deserialize	(	mpdc_child_certificate *	child,
		const uint8_t *	input )

Deserialize a child certificate from a byte array.

This function converts a serialized child certificate (stored as a byte stream) into a certificate structure.

Parameters

child	[out] The pointer to the child certificate structure to populate.
input	[in, const] The input byte array containing the serialized certificate.

mpdc_certificate_child_encode()

MPDC_EXPORT_API size_t mpdc_certificate_child_encode	(	char	enck[MPDC_CHILD_CERTIFICATE_STRING_SIZE],
		const mpdc_child_certificate *	child )

Encode a public child certificate into a human-readable string.

This function encodes the given child certificate into a formatted string representation.

Parameters

enck	[out] The output buffer that will receive the encoded certificate string.
child	[in, const] The child certificate to encode.

Returns

Returns the size of the encoded certificate string.

mpdc_certificate_child_erase()

MPDC_EXPORT_API void mpdc_certificate_child_erase

(

mpdc_child_certificate *

child

)

Delete (erase) a child certificate.

This function securely erases all fields of a child certificate structure.

Parameters

child

[in,out] A pointer to the child certificate to erase.

mpdc_certificate_child_file_to_struct()

MPDC_EXPORT_API bool mpdc_certificate_child_file_to_struct	(	const char *	fpath,
		mpdc_child_certificate *	child )

Copy a serialized certificate from a file into a child certificate structure.

This function reads a file containing a serialized child certificate, deserializes it, and populates the provided certificate structure.

Parameters

fpath	[in, const] The file path from which to load the certificate.
child	[out] A pointer to the child certificate structure.

Returns

Returns true on success.

mpdc_certificate_child_hash()

MPDC_EXPORT_API void mpdc_certificate_child_hash	(	uint8_t *	output,
		const mpdc_child_certificate *	child )

Compute the cryptographic hash of a child certificate.

The hash is computed over key fields such as algorithm, designation, version, expiration, issuer, serial, and public verification key.

Parameters

output	[out] The output hash array (size: MPDC_CERTIFICATE_HASH_SIZE).
child	[in, const] A pointer to the child certificate.

mpdc_certificate_child_is_valid()

MPDC_EXPORT_API bool mpdc_certificate_child_is_valid

(

const mpdc_child_certificate *

child

)

Test a child certificate for a valid format and expiration.

This function checks that the certificate fields (including algorithm, designation, version, signature, serial, and public key) are nonzero and that the current time is within the expiration period.

Parameters

child

[in, const] A pointer to the child certificate.

Returns

Returns true if the certificate is valid.

mpdc_certificate_child_message_verify()

MPDC_EXPORT_API bool mpdc_certificate_child_message_verify	(	uint8_t *	message,
		size_t *	msglen,
		const uint8_t *	signature,
		size_t	siglen,
		const mpdc_child_certificate *	child )

Verify a message signature using a child certificate.

This function uses the public verification key from the child certificate to verify that a given signature correctly authenticates a message.

Parameters

message	[out] The output buffer for the recovered message (if applicable).
msglen	[in,out] A pointer to the length of the recovered message.
signature	[in, const] A pointer to the signature.
siglen	The length of the signature.
child	[in, const] A pointer to the child certificate.

Returns

Returns true if the message signature is verified.

mpdc_certificate_child_serialize()

MPDC_EXPORT_API void mpdc_certificate_child_serialize	(	uint8_t *	output,
		const mpdc_child_certificate *	child )

Serialize a child certificate into a contiguous byte array.

Parameters

output	[out] A pointer to the array receiving the serialized certificate (size: MPDC_CERTIFICATE_CHILD_SIZE).
child	[in, const] The child certificate to serialize.

mpdc_certificate_child_struct_to_file()

MPDC_EXPORT_API bool mpdc_certificate_child_struct_to_file	(	const char *	fpath,
		const mpdc_child_certificate *	child )

Write a child certificate structure to a file.

Parameters

fpath	[in, const] The file path where the certificate will be stored.
child	[in, const] A pointer to the child certificate structure.

Returns

Returns true on success.

mpdc_certificate_designation_decode()

MPDC_EXPORT_API mpdc_network_designations mpdc_certificate_designation_decode

(

const char *

sdsg

)

Decode the network-designation string to its enumerated representation.

Parameters

sdsg	[in, const] The network-designation string.

Returns

Returns the corresponding network-designation enumerator.

mpdc_certificate_designation_encode()

MPDC_EXPORT_API size_t mpdc_certificate_designation_encode	(	char *	sdsg,
		mpdc_network_designations	designation )

Encode the network-designation enumerator into a string.

Parameters

sdsg	[out] The output buffer that will receive the encoded network-designation string.
designation	The certificate designation type.

Returns

Returns the size of the encoded string.

mpdc_certificate_expiration_set_days()

MPDC_EXPORT_API void mpdc_certificate_expiration_set_days	(	mpdc_certificate_expiration *	expiration,
		uint16_t	start,
		uint16_t	duration )

Set the expiration days on a certificate expiration structure.

This function sets the from and to fields of the expiration structure using day intervals.

Parameters

expiration	[in,out] A pointer to the expiration structure.
start	The number of days until the certificate becomes valid.
duration	The number of days the certificate remains valid.

mpdc_certificate_expiration_set_seconds()

MPDC_EXPORT_API void mpdc_certificate_expiration_set_seconds	(	mpdc_certificate_expiration *	expiration,
		uint64_t	start,
		uint64_t	period )

Set the expiration seconds on a certificate expiration structure.

Parameters

expiration	[in,out] A pointer to the expiration structure.
start	The number of seconds to delay before the certificate becomes valid.
period	The number of seconds the certificate remains valid.

mpdc_certificate_expiration_time_verify()

MPDC_EXPORT_API bool mpdc_certificate_expiration_time_verify

(

const mpdc_certificate_expiration *

expiration

)

Verify the expiration time against the current UTC time.

Parameters

expiration

[in, const] A pointer to the expiration time structure.

Returns

Returns true if the current time is within the certificate's validity period.

mpdc_certificate_message_hash_sign()

MPDC_EXPORT_API size_t mpdc_certificate_message_hash_sign	(	uint8_t *	signature,
		const uint8_t *	sigkey,
		const uint8_t *	message,
		size_t	msglen )

Hash a message and sign the hash.

This function computes the SHA3-256 hash of the provided message and then signs that hash using the given private signature key.

Parameters

signature	[out] The array receiving the signature (size: MPDC_ASYMMETRIC_SIGNATURE_SIZE).
sigkey	[in, const] The private signature key.
message	[in, const] The message to sign.
msglen	The length of the message.

Returns

Returns the size of the generated signature.

mpdc_certificate_root_compare()

MPDC_EXPORT_API bool mpdc_certificate_root_compare	(	const mpdc_root_certificate *	a,
		const mpdc_root_certificate *	b )

Compare two root certificates for equivalence.

This function compares the key fields of two root certificates to determine if they are equal.

Parameters

a	[in, const] The first root certificate.
b	[in, const] The second root certificate.

Returns

Returns true if the certificates are equivalent.

mpdc_certificate_root_create()

MPDC_EXPORT_API void mpdc_certificate_root_create	(	mpdc_root_certificate *	root,
		const uint8_t *	pubkey,
		const mpdc_certificate_expiration *	expiration,
		const char *	issuer )

Create a root certificate.

This function creates a root certificate by populating its fields with the provided public key, expiration structure, and issuer name. The generated certificate serves as the trust anchor.

Parameters

root	[out] A pointer to the empty root certificate to populate.
pubkey	[in] A pointer to the public signature key.
expiration	[in, const] The certificate expiration time structure.
issuer	[in, const] The issuer name string.

mpdc_certificate_root_decode()

MPDC_EXPORT_API bool mpdc_certificate_root_decode	(	mpdc_root_certificate *	root,
		const char *	enck )

Decode a root certificate string into a certificate structure.

This function decodes an encoded root certificate string into its corresponding root certificate structure.

Parameters

root	[out] The pointer to the root certificate structure to populate.
enck	[in, const] The encoded certificate string.

Returns

Returns true if the certificate was successfully decoded.

mpdc_certificate_root_deserialize()

MPDC_EXPORT_API void mpdc_certificate_root_deserialize	(	mpdc_root_certificate *	root,
		const uint8_t *	input )

Deserialize a root certificate from a byte array.

Parameters

root	[out] A pointer to the root certificate structure to populate.
input	[in, const] A pointer to the input byte array (size: MPDC_CERTIFICATE_ROOT_SIZE).

mpdc_certificate_root_encode()

MPDC_EXPORT_API size_t mpdc_certificate_root_encode	(	char *	enck,
		const mpdc_root_certificate *	root )

Encode a public root certificate into a human-readable string.

This function encodes the given root certificate into a formatted string.

Parameters

enck	[out] The output buffer that will receive the encoded certificate string.
root	[in, const] The root certificate to encode.

Returns

Returns the size of the encoded certificate string.

mpdc_certificate_root_erase()

MPDC_EXPORT_API void mpdc_certificate_root_erase

(

mpdc_root_certificate *

root

)

Delete (erase) a root certificate.

This function securely erases all fields of a root certificate structure.

Parameters

root	[in,out] A pointer to the root certificate to erase.

mpdc_certificate_root_file_to_struct()

MPDC_EXPORT_API bool mpdc_certificate_root_file_to_struct	(	const char *	fpath,
		mpdc_root_certificate *	root )

Copy a serialized root certificate from a file into a root certificate structure.

Parameters

fpath	[in, const] The file path from which to read the certificate.
root	[out] A pointer to the root certificate structure to populate.

Returns

Returns true on success.

mpdc_certificate_root_hash()

MPDC_EXPORT_API void mpdc_certificate_root_hash	(	uint8_t *	output,
		const mpdc_root_certificate *	root )

Compute the cryptographic hash of a root certificate.

The hash is computed over key fields such as algorithm, version, expiration times, issuer, serial, and public key.

Parameters

output	[out] The output hash array.
root	[in, const] A pointer to the root certificate.

mpdc_certificate_root_is_valid()

MPDC_EXPORT_API bool mpdc_certificate_root_is_valid

(

const mpdc_root_certificate *

root

)

Validate a root certificate.

This function checks that the root certificate fields are nonzero and that the current time is within its expiration period.

Parameters

root	[in, const] A pointer to the root certificate.

Returns

Returns true if the root certificate is valid.

mpdc_certificate_root_serialize()

MPDC_EXPORT_API void mpdc_certificate_root_serialize	(	uint8_t *	output,
		const mpdc_root_certificate *	root )

Serialize a root certificate into a contiguous byte array.

Parameters

output	[out] A pointer to the array receiving the serialized certificate (size: MPDC_CERTIFICATE_ROOT_SIZE).
root	[in, const] The root certificate to serialize.

mpdc_certificate_root_sign()

MPDC_EXPORT_API size_t mpdc_certificate_root_sign	(	mpdc_child_certificate *	child,
		const mpdc_root_certificate *	root,
		const uint8_t *	rsigkey )

Sign a child certificate with the root certificate.

This function hashes the child certificate, copies the root certificate serial number into the child, and then produces a digital signature over the child certificate hash using the provided root signing key.

Parameters

child	[in,out] A pointer to the child certificate to sign.
root	[in, const] A pointer to the root certificate.
rsigkey	[in, const] A pointer to the root private signing key.

Returns

Returns the size of the generated signature.

mpdc_certificate_root_signature_verify()

MPDC_EXPORT_API bool mpdc_certificate_root_signature_verify	(	const mpdc_child_certificate *	child,
		const mpdc_root_certificate *	root )

Verify a child certificate against a root certificate.

This function verifies that the digital signature on the child certificate (stored in its signed hash) was produced by the given root certificate.

Parameters

child	[in, const] A pointer to the child certificate.
root	[in, const] A pointer to the root certificate.

Returns

Returns true if the child certificate signature is valid.

mpdc_certificate_root_struct_to_file()

MPDC_EXPORT_API bool mpdc_certificate_root_struct_to_file	(	const char *	fpath,
		const mpdc_root_certificate *	root )

Write a root certificate structure to a file.

Parameters

fpath	[in, const] The file path where the certificate will be written.
root	[in, const] A pointer to the root certificate structure.

Returns

Returns true on success.

mpdc_certificate_signature_generate_keypair()

MPDC_EXPORT_API void mpdc_certificate_signature_generate_keypair

(

mpdc_signature_keypair *

keypair

)

Generate and encode an asymmetric signature scheme keypair.

This function generates a new keypair for the MPDC asymmetric signature scheme and populates the provided keypair container.

Parameters

keypair

[out] A pointer to the keypair container.

mpdc_certificate_signature_hash_verify()

MPDC_EXPORT_API bool mpdc_certificate_signature_hash_verify	(	const uint8_t *	signature,
		size_t	siglen,
		const uint8_t *	message,
		size_t	msglen,
		const mpdc_child_certificate *	lcert )

Verify that a signature hash matches a computed message hash using a child certificate.

This function first verifies the signature using the child certificate's public key and then compares the resulting hash to an independently computed hash of the message.

Parameters

signature	[in, const] A pointer to the signed hash.
siglen	The length of the signed hash.
message	[in, const] A pointer to the message.
msglen	The length of the message.
lcert	[in, const] A pointer to the child certificate used for verification.

Returns

Returns true if the signature hash verifies correctly.

mpdc_certificate_signature_sign_message()

MPDC_EXPORT_API size_t mpdc_certificate_signature_sign_message	(	uint8_t *	signature,
		const uint8_t *	message,
		size_t	msglen,
		const uint8_t *	prikey )

Sign a message using the asymmetric signature scheme.

Parameters

signature	[out] The array that will receive the signature (size: MPDC_ASYMMETRIC_SIGNATURE_SIZE).
message	[in, const] The message to sign.
msglen	The length of the message.
prikey	[in] The private signature key.

Returns

Returns the length of the generated signature.

mpdc_certificate_signature_verify_message()

MPDC_EXPORT_API bool mpdc_certificate_signature_verify_message	(	const uint8_t *	message,
		size_t	msglen,
		const uint8_t *	signature,
		size_t	siglen,
		const uint8_t *	pubkey )

Verify a message signature using the asymmetric signature scheme.

Parameters

message	[in, const] The original message.
msglen	The length of the message.
signature	[in, const] The signature to verify.
siglen	The length of the signature.
pubkey	[in] The public signature verification key.

Returns

Returns true if the signature is verified.