UDIF Certificate Handling Functions. More...

#include "udif.h"

Functions
UDIF_EXPORT_API udif_configuration_sets	udif_certificate_algorithm_decode (const char *name)
	Decode the string algorithm-set number to the enumerated representation.
UDIF_EXPORT_API bool	udif_certificate_algorithm_enabled (udif_configuration_sets conf)
	Test if the specified protocol-set is enabled on this system.
UDIF_EXPORT_API void	udif_certificate_algorithm_encode (char *name, udif_configuration_sets conf)
	Encode the protocol-set enumerator into its string form.
UDIF_EXPORT_API bool	udif_certificate_child_are_equal (const udif_child_certificate a, const udif_child_certificate b)
	Compare two child certificates for equivalence.
UDIF_EXPORT_API void	udif_certificate_child_copy (udif_child_certificate output, const udif_child_certificate input)
	Copy a child certificate structure.
UDIF_EXPORT_API void	udif_certificate_child_create (udif_child_certificate child, const uint8_t pubkey, const udif_certificate_expiration expiration, const char issuer, udif_network_designations designation, const uint8_t *capability)
	Create a child certificate.
UDIF_EXPORT_API bool	udif_certificate_child_decode (udif_child_certificate *child, const char enck[UDIF_CHILD_CERTIFICATE_STRING_SIZE])
	Decode a child certificate string into a certificate structure.
UDIF_EXPORT_API void	udif_certificate_child_deserialize (udif_child_certificate child, const uint8_t input)
	Deserialize a child certificate from a byte array.
UDIF_EXPORT_API size_t	udif_certificate_child_encode (char enck[UDIF_CHILD_CERTIFICATE_STRING_SIZE], const udif_child_certificate *child)
	Encode a public child certificate into a human-readable string.
UDIF_EXPORT_API void	udif_certificate_child_erase (udif_child_certificate *child)
	Delete (erase) a child certificate.
UDIF_EXPORT_API bool	udif_certificate_child_file_to_struct (const char fpath, udif_child_certificate child)
	Copy a serialized certificate from a file into a child certificate structure.
UDIF_EXPORT_API void	udif_certificate_child_hash (uint8_t output, const udif_child_certificate child)
	Compute the cryptographic hash of a child certificate.
UDIF_EXPORT_API bool	udif_certificate_child_is_valid (const udif_child_certificate *child)
	Test a child certificate for a valid format and expiration.
UDIF_EXPORT_API bool	udif_certificate_child_message_verify (uint8_t message, size_t msglen, const uint8_t signature, size_t siglen, const udif_child_certificate child)
	Verify a message signature using a child certificate.
UDIF_EXPORT_API void	udif_certificate_child_serialize (uint8_t output, const udif_child_certificate child)
	Serialize a child certificate into a contiguous byte array.
UDIF_EXPORT_API bool	udif_certificate_signature_hash_verify (const uint8_t signature, size_t siglen, const uint8_t message, size_t msglen, const udif_child_certificate *lcert)
	Verify that a signature hash matches a computed message hash using a child certificate.
UDIF_EXPORT_API bool	udif_certificate_child_struct_to_file (const char fpath, const udif_child_certificate child)
	Write a child certificate structure to a file.
UDIF_EXPORT_API udif_network_designations	udif_certificate_designation_decode (const char *sdsg)
	Decode the network-designation string to its enumerated representation.
UDIF_EXPORT_API size_t	udif_certificate_designation_encode (char *sdsg, udif_network_designations designation)
	Encode the network-designation enumerator into a string.
UDIF_EXPORT_API void	udif_certificate_expiration_set_days (udif_certificate_expiration *expiration, uint16_t start, uint16_t duration)
	Set the expiration days on a certificate expiration structure.
UDIF_EXPORT_API void	udif_certificate_expiration_set_seconds (udif_certificate_expiration *expiration, uint64_t start, uint64_t period)
	Set the expiration seconds on a certificate expiration structure.
UDIF_EXPORT_API bool	udif_certificate_expiration_time_verify (const udif_certificate_expiration *expiration)
	Verify the expiration time against the current UTC time.
UDIF_EXPORT_API size_t	udif_certificate_message_hash_sign (uint8_t signature, const uint8_t sigkey, const uint8_t *message, size_t msglen)
	Hash a message and sign the hash.
UDIF_EXPORT_API bool	udif_certificate_root_compare (const udif_root_certificate a, const udif_root_certificate b)
	Compare two root certificates for equivalence.
UDIF_EXPORT_API void	udif_certificate_root_create (udif_root_certificate root, const uint8_t pubkey, const udif_certificate_expiration expiration, const char issuer)
	Create a root certificate.
UDIF_EXPORT_API bool	udif_certificate_root_decode (udif_root_certificate root, const char enck)
	Decode a root certificate string into a certificate structure.
UDIF_EXPORT_API void	udif_certificate_root_deserialize (udif_root_certificate root, const uint8_t input)
	Deserialize a root certificate from a byte array.
UDIF_EXPORT_API size_t	udif_certificate_root_encode (char enck, const udif_root_certificate root)
	Encode a public root certificate into a human-readable string.
UDIF_EXPORT_API void	udif_certificate_root_erase (udif_root_certificate *root)
	Delete (erase) a root certificate.
UDIF_EXPORT_API bool	udif_certificate_root_file_to_struct (const char fpath, udif_root_certificate root)
	Copy a serialized root certificate from a file into a root certificate structure.
UDIF_EXPORT_API void	udif_certificate_root_hash (uint8_t output, const udif_root_certificate root)
	Compute the cryptographic hash of a root certificate.
UDIF_EXPORT_API void	udif_certificate_root_serialize (uint8_t output, const udif_root_certificate root)
	Serialize a root certificate into a contiguous byte array.
UDIF_EXPORT_API size_t	udif_certificate_root_sign (udif_child_certificate child, const udif_root_certificate root, const uint8_t *rsigkey)
	Sign a child certificate with the root certificate.
UDIF_EXPORT_API bool	udif_certificate_root_signature_verify (const udif_child_certificate child, const udif_root_certificate root)
	Verify a child certificate against a root certificate.
UDIF_EXPORT_API bool	udif_certificate_root_struct_to_file (const char fpath, const udif_root_certificate root)
	Write a root certificate structure to a file.
UDIF_EXPORT_API bool	udif_certificate_root_is_valid (const udif_root_certificate *root)
	Validate a root certificate.
UDIF_EXPORT_API void	udif_certificate_signature_generate_keypair (udif_signature_keypair *keypair)
	Generate and encode an asymmetric signature scheme keypair.
UDIF_EXPORT_API size_t	udif_certificate_signature_sign_message (uint8_t signature, const uint8_t message, size_t msglen, const uint8_t *prikey)
	Sign a message using the asymmetric signature scheme.
UDIF_EXPORT_API bool	udif_certificate_signature_verify_message (const uint8_t message, size_t msglen, const uint8_t signature, size_t siglen, const uint8_t *pubkey)
	Verify a message signature using the asymmetric signature scheme.

Detailed Description

UDIF Certificate Handling Functions.

This header defines the functions for managing and processing certificates used by the Anonymous Encrypted Relay Network (UDIF). The certificate module is responsible for creating, encoding, decoding, serializing, deserializing, signing, and verifying both child (device) and root (trust anchor) certificates. These certificates carry critical information such as:

The issuer identity.
Certificate validity periods.
Public verification keys.
Algorithm configuration identifiers.
Digital signatures produced by the root certificate.

The functions provided in this module allow conversion between protocol-set strings and their enumerated representations, as well as conversion of network-designation values between string and enumerated forms. They also perform cryptographic operations such as hashing and digital signing, using the underlying QSC cryptographic primitives.

Note: The certificate functions depend on the QSC library for routines including SHA3 (Keccak), base64 encoding/decoding, file I/O, and memory utilities. The active UDIF configuration (protocol-set) is used to automatically populate certificate fields.

Test: When the UDIF_DEBUG_TESTS_RUN macro is defined, the function udif_certificate_functions_test() executes a series of self-tests that verify:

Algorithm Conversion: That protocol-set strings are correctly decoded into enumerated values (and vice versa) via udif_certificate_algorithm_decode() and udif_certificate_algorithm_encode().
Child Certificate Operations: The creation (udif_certificate_child_create()), signing (udif_certificate_root_sign()), encoding (udif_certificate_child_encode()), serialization/deserialization (udif_certificate_child_serialize()/udif_certificate_child_deserialize()), and validity testing (udif_certificate_child_is_valid()) of child certificates.
Root Certificate Operations: The creation (udif_certificate_root_create()), encoding (udif_certificate_root_encode()), serialization/deserialization (udif_certificate_root_serialize()/udif_certificate_root_deserialize()), and verification (udif_certificate_root_signature_verify()) of root certificates.
Equality and Copy: That child certificates can be compared (udif_certificate_child_are_equal()) and copied (udif_certificate_child_copy()) correctly.
Expiration and Signature Functions: That certificate expiration is properly set and verified, and that messages can be hashed and signed/verified (udif_certificate_message_hash_sign() and udif_certificate_signature_verify_message()).

These tests help ensure that the certificate operations function as expected in real-world use.

Function Documentation

◆ udif_certificate_algorithm_decode()

UDIF_EXPORT_API udif_configuration_sets udif_certificate_algorithm_decode ( const char * name )

Decode the string algorithm-set number to the enumerated representation.

Parameters

name	[in, const] The protocol-set string (for example, "dilithium-s1_kyber-s1_rcs-256_sha3-256").

Returns: Returns the corresponding protocol-set enumerator.

◆ udif_certificate_algorithm_enabled()

UDIF_EXPORT_API bool udif_certificate_algorithm_enabled ( udif_configuration_sets conf )

Test if the specified protocol-set is enabled on this system.

Parameters

conf	The protocol-set enumerator to test.

Returns: Returns true if the given protocol-set is enabled; otherwise, false.

◆ udif_certificate_algorithm_encode()

UDIF_EXPORT_API void udif_certificate_algorithm_encode	(	char *	name,
		udif_configuration_sets	conf )

Encode the protocol-set enumerator into its string form.

Parameters

name	[out] The output buffer that will receive the protocol-set string.
conf	The protocol-set enumerator to encode.

◆ udif_certificate_child_are_equal()

UDIF_EXPORT_API bool udif_certificate_child_are_equal	(	const udif_child_certificate *	a,
		const udif_child_certificate *	b )

Compare two child certificates for equivalence.

This function compares all the significant fields of two child certificate structures (including algorithm, version, designation, expiration, issuer, serial, signature, and public key).

Parameters

a	[in, const] The first certificate.
b	[in, const] The second certificate.

Returns: Returns true if the two certificates are equal.

◆ udif_certificate_child_copy()

UDIF_EXPORT_API void udif_certificate_child_copy	(	udif_child_certificate *	output,
		const udif_child_certificate *	input )

Copy a child certificate structure.

This function performs a deep copy of the child certificate from the input structure to the output structure.

Parameters

output	[out] The destination child certificate.
input	[in, const] The source child certificate.

◆ udif_certificate_child_create()

UDIF_EXPORT_API void udif_certificate_child_create	(	udif_child_certificate *	child,
		const uint8_t *	pubkey,
		const udif_certificate_expiration *	expiration,
		const char *	issuer,
		udif_network_designations	designation,
		const uint8_t *	capability )

Create a child certificate.

This function initializes and populates a child certificate structure with the provided public key, expiration information, issuer string, and designation.

Parameters

child	[out] A pointer to the empty child certificate to populate.
pubkey	[in] A pointer to the public signature key.
expiration	[in, const] The certificate expiration time structure.
issuer	[in, const] The certificate issuer string.
designation	The certificate designation type (e.g. aps, client, etc.).

◆ udif_certificate_child_decode()

UDIF_EXPORT_API bool udif_certificate_child_decode	(	udif_child_certificate *	child,
		const char	enck[UDIF_CHILD_CERTIFICATE_STRING_SIZE] )

Decode a child certificate string into a certificate structure.

This function decodes an encoded child certificate string (with a fixed maximum size) into its corresponding certificate structure.

Parameters

child	[out] The pointer to the child certificate structure to populate.
enck	[in] The encoded certificate string.

Returns: Returns true if the certificate was successfully decoded.

◆ udif_certificate_child_deserialize()

UDIF_EXPORT_API void udif_certificate_child_deserialize	(	udif_child_certificate *	child,
		const uint8_t *	input )

Deserialize a child certificate from a byte array.

This function converts a serialized child certificate (stored as a byte stream) into a certificate structure.

Parameters

child	[out] The pointer to the child certificate structure to populate.
input	[in, const] The input byte array containing the serialized certificate.

◆ udif_certificate_child_encode()

UDIF_EXPORT_API size_t udif_certificate_child_encode	(	char	enck[UDIF_CHILD_CERTIFICATE_STRING_SIZE],
		const udif_child_certificate *	child )

Encode a public child certificate into a human-readable string.

This function encodes the given child certificate into a formatted string representation.

Parameters

enck	[out] The output buffer that will receive the encoded certificate string.
child	[in, const] The child certificate to encode.

Returns: Returns the size of the encoded certificate string.

◆ udif_certificate_child_erase()

UDIF_EXPORT_API void udif_certificate_child_erase ( udif_child_certificate * child )

Delete (erase) a child certificate.

This function securely erases all fields of a child certificate structure.

Parameters

child [in,out] A pointer to the child certificate to erase.

◆ udif_certificate_child_file_to_struct()

UDIF_EXPORT_API bool udif_certificate_child_file_to_struct	(	const char *	fpath,
		udif_child_certificate *	child )

Copy a serialized certificate from a file into a child certificate structure.

This function reads a file containing a serialized child certificate, deserializes it, and populates the provided certificate structure.

Parameters

fpath	[in, const] The file path from which to load the certificate.
child	[out] A pointer to the child certificate structure.

Returns: Returns true on success.

◆ udif_certificate_child_hash()

UDIF_EXPORT_API void udif_certificate_child_hash	(	uint8_t *	output,
		const udif_child_certificate *	child )

Compute the cryptographic hash of a child certificate.

The hash is computed over key fields such as algorithm, designation, version, expiration, issuer, serial, and public verification key.

Parameters

output	[out] The output hash array (size: UDIF_CERTIFICATE_HASH_SIZE).
child	[in, const] A pointer to the child certificate.

◆ udif_certificate_child_is_valid()

UDIF_EXPORT_API bool udif_certificate_child_is_valid ( const udif_child_certificate * child )

Test a child certificate for a valid format and expiration.

This function checks that the certificate fields (including algorithm, designation, version, signature, serial, and public key) are nonzero and that the current time is within the expiration period.

Parameters

child [in, const] A pointer to the child certificate.

Returns: Returns true if the certificate is valid.

◆ udif_certificate_child_message_verify()

UDIF_EXPORT_API bool udif_certificate_child_message_verify	(	uint8_t *	message,
		size_t *	msglen,
		const uint8_t *	signature,
		size_t	siglen,
		const udif_child_certificate *	child )

Verify a message signature using a child certificate.

This function uses the public verification key from the child certificate to verify that a given signature correctly authenticates a message.

Parameters

message	[out] The output buffer for the recovered message (if applicable).
msglen	[in,out] A pointer to the length of the recovered message.
signature	[in, const] A pointer to the signature.
siglen	The length of the signature.
child	[in, const] A pointer to the child certificate.

Returns: Returns true if the message signature is verified.

◆ udif_certificate_child_serialize()

UDIF_EXPORT_API void udif_certificate_child_serialize	(	uint8_t *	output,
		const udif_child_certificate *	child )

Serialize a child certificate into a contiguous byte array.

Parameters

output	[out] A pointer to the array receiving the serialized certificate (size: UDIF_CERTIFICATE_CHILD_SIZE).
child	[in, const] The child certificate to serialize.

◆ udif_certificate_child_struct_to_file()

UDIF_EXPORT_API bool udif_certificate_child_struct_to_file	(	const char *	fpath,
		const udif_child_certificate *	child )

Write a child certificate structure to a file.

Parameters

fpath	[in, const] The file path where the certificate will be stored.
child	[in, const] A pointer to the child certificate structure.

Returns: Returns true on success.

◆ udif_certificate_designation_decode()

UDIF_EXPORT_API udif_network_designations udif_certificate_designation_decode ( const char * sdsg )

Decode the network-designation string to its enumerated representation.

Parameters

sdsg	[in, const] The network-designation string.

Returns: Returns the corresponding network-designation enumerator.

◆ udif_certificate_designation_encode()

UDIF_EXPORT_API size_t udif_certificate_designation_encode	(	char *	sdsg,
		udif_network_designations	designation )

Encode the network-designation enumerator into a string.

Parameters

sdsg	[out] The output buffer that will receive the encoded network-designation string.
designation	The certificate designation type.

Returns: Returns the size of the encoded string.

◆ udif_certificate_expiration_set_days()

UDIF_EXPORT_API void udif_certificate_expiration_set_days	(	udif_certificate_expiration *	expiration,
		uint16_t	start,
		uint16_t	duration )

Set the expiration days on a certificate expiration structure.

This function sets the from and to fields of the expiration structure using day intervals.

Parameters

expiration	[in,out] A pointer to the expiration structure.
start	The number of days until the certificate becomes valid.
duration	The number of days the certificate remains valid.

◆ udif_certificate_expiration_set_seconds()

UDIF_EXPORT_API void udif_certificate_expiration_set_seconds	(	udif_certificate_expiration *	expiration,
		uint64_t	start,
		uint64_t	period )

Set the expiration seconds on a certificate expiration structure.

Parameters

expiration	[in,out] A pointer to the expiration structure.
start	The number of seconds to delay before the certificate becomes valid.
period	The number of seconds the certificate remains valid.

◆ udif_certificate_expiration_time_verify()

UDIF_EXPORT_API bool udif_certificate_expiration_time_verify ( const udif_certificate_expiration * expiration )

Verify the expiration time against the current UTC time.

Parameters

expiration [in, const] A pointer to the expiration time structure.

Returns: Returns true if the current time is within the certificate's validity period.

◆ udif_certificate_message_hash_sign()

UDIF_EXPORT_API size_t udif_certificate_message_hash_sign	(	uint8_t *	signature,
		const uint8_t *	sigkey,
		const uint8_t *	message,
		size_t	msglen )

Hash a message and sign the hash.

This function computes the SHA3-256 hash of the provided message and then signs that hash using the given private signature key.

Parameters

signature	[out] The array receiving the signature (size: UDIF_ASYMMETRIC_SIGNATURE_SIZE).
sigkey	[in, const] The private signature key.
message	[in, const] The message to sign.
msglen	The length of the message.

Returns: Returns the size of the generated signature.

◆ udif_certificate_root_compare()

UDIF_EXPORT_API bool udif_certificate_root_compare	(	const udif_root_certificate *	a,
		const udif_root_certificate *	b )

Compare two root certificates for equivalence.

This function compares the key fields of two root certificates to determine if they are equal.

Parameters

a	[in, const] The first root certificate.
b	[in, const] The second root certificate.

Returns: Returns true if the certificates are equivalent.

◆ udif_certificate_root_create()

UDIF_EXPORT_API void udif_certificate_root_create	(	udif_root_certificate *	root,
		const uint8_t *	pubkey,
		const udif_certificate_expiration *	expiration,
		const char *	issuer )

Create a root certificate.

This function creates a root certificate by populating its fields with the provided public key, expiration structure, and issuer name. The generated certificate serves as the trust anchor.

Parameters

root	[out] A pointer to the empty root certificate to populate.
pubkey	[in] A pointer to the public signature key.
expiration	[in, const] The certificate expiration time structure.
issuer	[in, const] The issuer name string.

◆ udif_certificate_root_decode()

UDIF_EXPORT_API bool udif_certificate_root_decode	(	udif_root_certificate *	root,
		const char *	enck )

Decode a root certificate string into a certificate structure.

This function decodes an encoded root certificate string into its corresponding root certificate structure.

Parameters

root	[out] The pointer to the root certificate structure to populate.
enck	[in, const] The encoded certificate string.

Returns: Returns true if the certificate was successfully decoded.

◆ udif_certificate_root_deserialize()

UDIF_EXPORT_API void udif_certificate_root_deserialize	(	udif_root_certificate *	root,
		const uint8_t *	input )

Deserialize a root certificate from a byte array.

Parameters

root	[out] A pointer to the root certificate structure to populate.
input	[in, const] A pointer to the input byte array (size: UDIF_CERTIFICATE_ROOT_SIZE).

◆ udif_certificate_root_encode()

UDIF_EXPORT_API size_t udif_certificate_root_encode	(	char *	enck,
		const udif_root_certificate *	root )

Encode a public root certificate into a human-readable string.

This function encodes the given root certificate into a formatted string.

Parameters

enck	[out] The output buffer that will receive the encoded certificate string.
root	[in, const] The root certificate to encode.

Returns: Returns the size of the encoded certificate string.

◆ udif_certificate_root_erase()

UDIF_EXPORT_API void udif_certificate_root_erase ( udif_root_certificate * root )

Delete (erase) a root certificate.

This function securely erases all fields of a root certificate structure.

Parameters

root	[in,out] A pointer to the root certificate to erase.

◆ udif_certificate_root_file_to_struct()

UDIF_EXPORT_API bool udif_certificate_root_file_to_struct	(	const char *	fpath,
		udif_root_certificate *	root )

Copy a serialized root certificate from a file into a root certificate structure.

Parameters

fpath	[in, const] The file path from which to read the certificate.
root	[out] A pointer to the root certificate structure to populate.

Returns: Returns true on success.

◆ udif_certificate_root_hash()

UDIF_EXPORT_API void udif_certificate_root_hash	(	uint8_t *	output,
		const udif_root_certificate *	root )

Compute the cryptographic hash of a root certificate.

The hash is computed over key fields such as algorithm, version, expiration times, issuer, serial, and public key.

Parameters

output	[out] The output hash array.
root	[in, const] A pointer to the root certificate.

◆ udif_certificate_root_is_valid()

UDIF_EXPORT_API bool udif_certificate_root_is_valid ( const udif_root_certificate * root )

Validate a root certificate.

This function checks that the root certificate fields are nonzero and that the current time is within its expiration period.

Parameters

root	[in, const] A pointer to the root certificate.

Returns: Returns true if the root certificate is valid.

◆ udif_certificate_root_serialize()

UDIF_EXPORT_API void udif_certificate_root_serialize	(	uint8_t *	output,
		const udif_root_certificate *	root )

Serialize a root certificate into a contiguous byte array.

Parameters

output	[out] A pointer to the array receiving the serialized certificate (size: UDIF_CERTIFICATE_ROOT_SIZE).
root	[in, const] The root certificate to serialize.

◆ udif_certificate_root_sign()

UDIF_EXPORT_API size_t udif_certificate_root_sign	(	udif_child_certificate *	child,
		const udif_root_certificate *	root,
		const uint8_t *	rsigkey )

Sign a child certificate with the root certificate.

This function hashes the child certificate, copies the root certificate serial number into the child, and then produces a digital signature over the child certificate hash using the provided root signing key.

Parameters

child	[in,out] A pointer to the child certificate to sign.
root	[in, const] A pointer to the root certificate.
rsigkey	[in, const] A pointer to the root private signing key.

Returns: Returns the size of the generated signature.

◆ udif_certificate_root_signature_verify()

UDIF_EXPORT_API bool udif_certificate_root_signature_verify	(	const udif_child_certificate *	child,
		const udif_root_certificate *	root )

Verify a child certificate against a root certificate.

This function verifies that the digital signature on the child certificate (stored in its signed hash) was produced by the given root certificate.

Parameters

child	[in, const] A pointer to the child certificate.
root	[in, const] A pointer to the root certificate.

Returns: Returns true if the child certificate signature is valid.

◆ udif_certificate_root_struct_to_file()

UDIF_EXPORT_API bool udif_certificate_root_struct_to_file	(	const char *	fpath,
		const udif_root_certificate *	root )

Write a root certificate structure to a file.

Parameters

fpath	[in, const] The file path where the certificate will be written.
root	[in, const] A pointer to the root certificate structure.

Returns: Returns true on success.

◆ udif_certificate_signature_generate_keypair()

UDIF_EXPORT_API void udif_certificate_signature_generate_keypair ( udif_signature_keypair * keypair )

Generate and encode an asymmetric signature scheme keypair.

This function generates a new keypair for the UDIF asymmetric signature scheme and populates the provided keypair container.

Parameters

keypair [out] A pointer to the keypair container.

◆ udif_certificate_signature_hash_verify()

UDIF_EXPORT_API bool udif_certificate_signature_hash_verify	(	const uint8_t *	signature,
		size_t	siglen,
		const uint8_t *	message,
		size_t	msglen,
		const udif_child_certificate *	lcert )

Verify that a signature hash matches a computed message hash using a child certificate.

This function first verifies the signature using the child certificate's public key and then compares the resulting hash to an independently computed hash of the message.

Parameters

signature	[in, const] A pointer to the signed hash.
siglen	The length of the signed hash.
message	[in, const] A pointer to the message.
msglen	The length of the message.
lcert	[in, const] A pointer to the child certificate used for verification.

Returns: Returns true if the signature hash verifies correctly.

◆ udif_certificate_signature_sign_message()

UDIF_EXPORT_API size_t udif_certificate_signature_sign_message	(	uint8_t *	signature,
		const uint8_t *	message,
		size_t	msglen,
		const uint8_t *	prikey )

Sign a message using the asymmetric signature scheme.

Parameters

signature	[out] The array that will receive the signature (size: UDIF_ASYMMETRIC_SIGNATURE_SIZE).
message	[in, const] The message to sign.
msglen	The length of the message.
prikey	[in] The private signature key.

Returns: Returns the length of the generated signature.

◆ udif_certificate_signature_verify_message()

UDIF_EXPORT_API bool udif_certificate_signature_verify_message	(	const uint8_t *	message,
		size_t	msglen,
		const uint8_t *	signature,
		size_t	siglen,
		const uint8_t *	pubkey )

Verify a message signature using the asymmetric signature scheme.

Parameters

message	[in, const] The original message.
msglen	The length of the message.
signature	[in, const] The signature to verify.
siglen	The length of the signature.
pubkey	[in] The public signature verification key.

Returns: Returns true if the signature is verified.