- Generated by
1.14.0
Default TLS CertificateVerify signer/verifier backed by QSC signature primitives. More...
Go to the source code of this file.
Data Structures | |
| struct | qsc_tls_signer_default_context |
| State bound to qsc_tls_certificate_sign_callback when using the default signer. More... | |
Typedefs | |
| typedef struct qsc_tls_signer_default_context | qsc_tls_signer_default_context |
Functions | |
| QSC_EXPORT_API bool | qsc_tls_signer_default_sign (qsc_tls_signature_scheme scheme, const uint8_t *input, size_t inputlen, uint8_t *signature, size_t *signaturelen, void *state) |
| Produce a TLS CertificateVerify signature. | |
| QSC_EXPORT_API bool | qsc_tls_signer_default_verify (qsc_tls_signature_scheme scheme, const uint8_t *input, size_t inputlen, const uint8_t *signature, size_t signaturelen, const qsc_tls_certificate_view *signer, void *state) |
| Verify a TLS CertificateVerify signature against the supplied public-key view. | |
Default TLS CertificateVerify signer/verifier backed by QSC signature primitives.
This module plugs into the qsc_tls_certificate_interface callback set. It maps TLS signature schemes to QSC primitives as follows:
qsc_tls_sig_ed25519 -> qsc_eddsa_* (64-byte signature) qsc_tls_sig_ecdsa_secp256r1_sha256 -> qsc_ecdsa_* (DER-wrapped r||s per RFC 8446 4.2.3) qsc_tls_sig_ecdsa_secp384r1_sha384 -> qsc_ecdsa_* (DER-wrapped r||s per RFC 8446 4.2.3) qsc_tls_sig_mldsa44/65/87 -> qsc_dilithium_* (parameter set selected at compile time)
QSC sign primitives produce the combined signed_message = signature || message form; the TLS detached-signature form is extracted on sign and reassembled on verify with a constant-time message-recovery equality check to reject tampering.
| QSC_EXPORT_API bool qsc_tls_signer_default_sign | ( | qsc_tls_signature_scheme | scheme, |
| const uint8_t * | input, | ||
| size_t | inputlen, | ||
| uint8_t * | signature, | ||
| size_t * | signaturelen, | ||
| void * | state ) |
Produce a TLS CertificateVerify signature.
Matches the qsc_tls_certificate_sign_callback contract so this function can be installed directly as qsc_tls_local_certificate_config::signcallback.
| scheme | [enum] The TLS signature scheme to use. |
| input | [const uint8_t*] The formatted TLS 1.3 CertificateVerify input bytes. |
| inputlen | [size_t] Length of input in bytes. |
| signature | [uint8_t*] Destination buffer for the signature. |
| signaturelen | [size_t*] On input, the available buffer size; on success, the encoded length. |
| state | [void*] Must point to a qsc_tls_signer_default_context. |
| QSC_EXPORT_API bool qsc_tls_signer_default_verify | ( | qsc_tls_signature_scheme | scheme, |
| const uint8_t * | input, | ||
| size_t | inputlen, | ||
| const uint8_t * | signature, | ||
| size_t | signaturelen, | ||
| const qsc_tls_certificate_view * | signer, | ||
| void * | state ) |
Verify a TLS CertificateVerify signature against the supplied public-key view.
Matches the qsc_tls_certificate_verify_callback contract so this function can be installed directly as qsc_tls_certificate_interface::verifycertificateverify. The signer view is expected to expose the raw public-key bytes (not an X.509 DER blob); for SPKI-aware verification wrap this signer through tlscert_x509 which decodes the certificate and extracts the public key before dispatching here.
| scheme | [enum] The negotiated TLS signature scheme. |
| input | [const uint8_t*] The formatted TLS 1.3 CertificateVerify input bytes covered by the signature. |
| inputlen | [size_t] Length of input in bytes. |
| signature | [const uint8_t*] The encoded signature bytes (DER for ECDSA, raw for Ed25519 / ML-DSA). |
| signaturelen | [size_t] Length of the signature in bytes. |
| signer | [const struct*] View exposing the peer's raw public-key bytes. |
| state | [void*] Unused; pass NULL. |
1.14.0