TLS signature-scheme registry queries and capability inspection. More...

#include "tlserrors.h"
#include "tlstypes.h"
#include "x509types.h"

Data Structures
struct	qsc_tls_signature_scheme_descriptor
	Describes a TLS signature scheme supported by the registry. More...

Typedefs
typedef struct qsc_tls_signature_scheme_descriptor	qsc_tls_signature_scheme_descriptor

Functions
QSC_EXPORT_API const qsc_tls_signature_scheme_descriptor *	qsc_tls_signature_scheme_descriptor_get (qsc_tls_signature_scheme scheme)
	Get the registry descriptor for a TLS signature scheme.
QSC_EXPORT_API bool	qsc_tls_signature_scheme_is_supported (qsc_tls_signature_scheme scheme)
	Determine whether a TLS signature scheme is supported by the registry.
QSC_EXPORT_API bool	qsc_tls_signature_scheme_is_certificate_verify_capable (qsc_tls_signature_scheme scheme)
	Determine whether a TLS signature scheme may be used in CertificateVerify.
QSC_EXPORT_API bool	qsc_tls_signature_scheme_is_pq (qsc_tls_signature_scheme scheme)
	Determine whether a TLS signature scheme is post-quantum.
QSC_EXPORT_API bool	qsc_tls_signature_scheme_is_mldsa (qsc_tls_signature_scheme scheme)
	Determine whether a TLS signature scheme belongs to the ML-DSA family.
QSC_EXPORT_API size_t	qsc_tls_signature_scheme_private_key_size (qsc_tls_signature_scheme scheme)
	Get the private key size associated with a TLS signature scheme.
QSC_EXPORT_API size_t	qsc_tls_signature_scheme_public_key_size (qsc_tls_signature_scheme scheme)
	Get the public key size associated with a TLS signature scheme.
QSC_EXPORT_API size_t	qsc_tls_signature_scheme_signature_size (qsc_tls_signature_scheme scheme)
	Get the maximum encoded signature size for a TLS signature scheme.
QSC_EXPORT_API bool	qsc_tls_signature_scheme_validate_signature_length (qsc_tls_signature_scheme scheme, size_t signaturelen)
	Validate a received or generated signature length for a TLS signature scheme.
QSC_EXPORT_API qsc_x509_signature_algorithm	qsc_tls_signature_scheme_x509_algorithm (qsc_tls_signature_scheme scheme)
	Get the X.509 signature algorithm corresponding to a TLS signature scheme.
QSC_EXPORT_API bool	qsc_tls_signature_scheme_matches_x509_algorithm (qsc_tls_signature_scheme scheme, qsc_x509_signature_algorithm algorithm)
	Determine whether a TLS signature scheme matches an X.509 signature algorithm.
QSC_EXPORT_API qsc_tls_hash_algorithm	qsc_tls_signature_scheme_hash (qsc_tls_signature_scheme scheme)
	Get the transcript hash algorithm associated with a TLS signature scheme.
QSC_EXPORT_API const char *	qsc_tls_signature_scheme_name (qsc_tls_signature_scheme scheme)
	Get the human-readable name of a TLS signature scheme.

Detailed Description

TLS signature-scheme registry queries and capability inspection.

This header defines the public query interface used to inspect the TLS signature-scheme registry exposed by the QSC TLS implementation. The interface provides access to per-scheme metadata such as the TLS wire identifier, the associated transcript hash, encoded signature length, support status, CertificateVerify eligibility, and X.509 algorithm mapping.

The functions declared here do not perform signing or signature verification. They provide registry and policy information used by the handshake, certificate processing, and validation layers when selecting, negotiating, or validating TLS signature algorithms.

The registry is intended to centralize the relationship between TLS signature scheme identifiers and implementation-specific properties, including classical and post-quantum algorithm classes.

Function Documentation

◆ qsc_tls_signature_scheme_descriptor_get()

QSC_EXPORT_API const qsc_tls_signature_scheme_descriptor * qsc_tls_signature_scheme_descriptor_get ( qsc_tls_signature_scheme scheme )

Get the registry descriptor for a TLS signature scheme.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: A pointer to the constant descriptor for the selected scheme, or NULL if the scheme is unknown to the registry.

◆ qsc_tls_signature_scheme_hash()

QSC_EXPORT_API qsc_tls_hash_algorithm qsc_tls_signature_scheme_hash ( qsc_tls_signature_scheme scheme )

Get the transcript hash algorithm associated with a TLS signature scheme.

For signature schemes that bind a specific transcript hash or pre-hash mode, this function returns the corresponding TLS hash identifier. For schemes with no valid mapping, the return value may indicate an unset or null hash.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: The associated TLS hash algorithm identifier.

◆ qsc_tls_signature_scheme_is_certificate_verify_capable()

QSC_EXPORT_API bool qsc_tls_signature_scheme_is_certificate_verify_capable ( qsc_tls_signature_scheme scheme )

Determine whether a TLS signature scheme may be used in CertificateVerify.

This query reports whether the scheme is valid for use in the TLS CertificateVerify message under the local registry policy. A scheme may be recognized by the registry but still not be eligible for CertificateVerify.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: Returns true if the scheme is CertificateVerify-capable.

◆ qsc_tls_signature_scheme_is_mldsa()

QSC_EXPORT_API bool qsc_tls_signature_scheme_is_mldsa ( qsc_tls_signature_scheme scheme )

Determine whether a TLS signature scheme belongs to the ML-DSA family.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: Returns true if the scheme is an ML-DSA variant.

◆ qsc_tls_signature_scheme_is_pq()

QSC_EXPORT_API bool qsc_tls_signature_scheme_is_pq ( qsc_tls_signature_scheme scheme )

Determine whether a TLS signature scheme is post-quantum.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: Returns true if the scheme is classified as post-quantum.

◆ qsc_tls_signature_scheme_is_supported()

QSC_EXPORT_API bool qsc_tls_signature_scheme_is_supported ( qsc_tls_signature_scheme scheme )

Determine whether a TLS signature scheme is supported by the registry.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: Returns true if the scheme is implemented and available for use.

◆ qsc_tls_signature_scheme_matches_x509_algorithm()

QSC_EXPORT_API bool qsc_tls_signature_scheme_matches_x509_algorithm	(	qsc_tls_signature_scheme	scheme,
		qsc_x509_signature_algorithm	algorithm )

Determine whether a TLS signature scheme matches an X.509 signature algorithm.

Parameters

scheme	[enum] The TLS signature scheme identifier.
algorithm	[enum] The X.509 signature algorithm identifier.

Returns: Returns true if the TLS scheme and X.509 algorithm correspond.

◆ qsc_tls_signature_scheme_name()

QSC_EXPORT_API const char * qsc_tls_signature_scheme_name ( qsc_tls_signature_scheme scheme )

Get the human-readable name of a TLS signature scheme.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: A constant string naming the scheme, or NULL if the scheme is not known.

◆ qsc_tls_signature_scheme_private_key_size()

QSC_EXPORT_API size_t qsc_tls_signature_scheme_private_key_size ( qsc_tls_signature_scheme scheme )

Get the private key size associated with a TLS signature scheme.

The returned value is the implementation-defined private key size in bytes for the selected scheme. For schemes that are unknown or unsupported, the function may return zero.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: The private key size in bytes.

◆ qsc_tls_signature_scheme_public_key_size()

QSC_EXPORT_API size_t qsc_tls_signature_scheme_public_key_size ( qsc_tls_signature_scheme scheme )

Get the public key size associated with a TLS signature scheme.

The returned value is the implementation-defined public key size in bytes for the selected scheme. For schemes that are unknown or unsupported, the function may return zero.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: The public key size in bytes.

◆ qsc_tls_signature_scheme_signature_size()

QSC_EXPORT_API size_t qsc_tls_signature_scheme_signature_size ( qsc_tls_signature_scheme scheme )

Get the maximum encoded signature size for a TLS signature scheme.

This value represents the maximum encoded signature size expected by the TLS implementation for the specified scheme. It may be used to size working buffers or to validate received signature lengths.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: The maximum signature size in bytes.

◆ qsc_tls_signature_scheme_validate_signature_length()

QSC_EXPORT_API bool qsc_tls_signature_scheme_validate_signature_length	(	qsc_tls_signature_scheme	scheme,
		size_t	signaturelen )

Validate a received or generated signature length for a TLS signature scheme.

Parameters

scheme	[enum] The TLS signature scheme identifier.
signaturelen	[size_t] The signature length in bytes to validate.

Returns: Returns true if the length is valid for the selected scheme.

◆ qsc_tls_signature_scheme_x509_algorithm()

QSC_EXPORT_API qsc_x509_signature_algorithm qsc_tls_signature_scheme_x509_algorithm ( qsc_tls_signature_scheme scheme )

Get the X.509 signature algorithm corresponding to a TLS signature scheme.

This function maps a TLS signature-scheme identifier to the corresponding X.509 signature algorithm identifier used by the certificate subsystem.

Parameters

scheme [enum] The TLS signature scheme identifier.

Returns: The mapped X.509 signature algorithm identifier.

Data Structures

Typedefs

Functions

Detailed Description

Function Documentation

◆ qsc_tls_signature_scheme_descriptor_get()

◆ qsc_tls_signature_scheme_hash()

◆ qsc_tls_signature_scheme_is_certificate_verify_capable()

◆ qsc_tls_signature_scheme_is_mldsa()

◆ qsc_tls_signature_scheme_is_pq()

◆ qsc_tls_signature_scheme_is_supported()

◆ qsc_tls_signature_scheme_matches_x509_algorithm()

◆ qsc_tls_signature_scheme_name()

◆ qsc_tls_signature_scheme_private_key_size()

◆ qsc_tls_signature_scheme_public_key_size()

◆ qsc_tls_signature_scheme_signature_size()

◆ qsc_tls_signature_scheme_validate_signature_length()

◆ qsc_tls_signature_scheme_x509_algorithm()