QSC-backed X.509 certificate, CSR, CRL, and raw signed-data signature verification interface. More...

#include "qsccommon.h"
#include "x509csr.h"
#include "x509crl.h"
#include "x509types.h"

Data Structures
struct	qsc_x509_verify_state_t

Typedefs
typedef struct qsc_x509_verify_state_t	qsc_x509_verify_state

Functions
QSC_EXPORT_API void	qsc_x509_qsc_verify_state_initialize (qsc_x509_verify_state state, uint8_t buffer, size_t buflen)
	Initialize a QSC X.509 verification state object.
QSC_EXPORT_API bool	qsc_x509_qsc_signature_verify (const qsc_x509_certificate certificate, const qsc_x509_certificate issuer, void *state)
	Verify a certificate signature using the issuer certificate and QSC back-end.
QSC_EXPORT_API bool	qsc_x509_qsc_crl_signature_verify (const qsc_x509_crl crl, const qsc_x509_certificate issuer, void *state)
	Verify a CRL signature using the issuer certificate and QSC back-end.
QSC_EXPORT_API bool	qsc_x509_qsc_csr_signature_verify (const qsc_x509_csr csr, void state)
	Verify a CSR signature using the CSR subject key and QSC back-end.
QSC_EXPORT_API bool	qsc_x509_qsc_verify_signed_data (const uint8_t data, size_t datalen, const uint8_t signature, size_t signaturelen, uint8_t unusedbits, qsc_x509_signature_algorithm signaturealgorithm, const qsc_x509_subject_public_key_info spki, void state)
	Verify a generic signed-data object using explicit signature metadata.

Detailed Description

QSC-backed X.509 certificate, CSR, CRL, and raw signed-data signature verification interface.

This header defines the verification state container and helper functions used to verify signatures over X.509 certificates, certificate revocation lists, certificate signing requests, and generic signed-data buffers using the QSC cryptographic back-end. The interface binds the X.509 object model to the underlying signature implementations selected by the decoded signature algorithm and subject public key information.

The verification routines use a caller-supplied working buffer encapsulated by qsc_x509_verify_state so that signature verification can reconstruct or stage the signed message representation without requiring internal dynamic allocation. This is particularly important for DER-encoded TBS certificate, CRL, and CSR verification flows, and for large post-quantum signature schemes.

Function Documentation

◆ qsc_x509_qsc_crl_signature_verify()

QSC_EXPORT_API bool qsc_x509_qsc_crl_signature_verify	(	const qsc_x509_crl *	crl,
		const qsc_x509_certificate *	issuer,
		void *	state )

Verify a CRL signature using the issuer certificate and QSC back-end.

Verifies the signature on the supplied certificate revocation list using the issuer certificate subject public key information and the CRL signature algorithm metadata. Verification uses the preserved TBSCertList DER bytes carried by the decoded CRL object and rejects inconsistent algorithm pairings before invoking the cryptographic back-end.

Parameters

crl	[const][struct] The certificate revocation list whose signature is to be verified.
issuer	[const][struct] The issuer certificate providing the verification public key.
state	Caller-supplied verification state, typically a qsc_x509_verify_state object.

Returns: Returns true if the CRL signature is valid; otherwise returns false.

◆ qsc_x509_qsc_csr_signature_verify()

QSC_EXPORT_API bool qsc_x509_qsc_csr_signature_verify	(	const qsc_x509_csr *	csr,
		void *	state )

Verify a CSR signature using the CSR subject key and QSC back-end.

Verifies the signature on the supplied certificate signing request using the subject public key information carried inside the CSR and the declared CSR signature algorithm. Verification uses the preserved CertificationRequestInfo DER bytes carried by the decoded CSR object and does not reconstruct the signed region from normalized fields.

Parameters

csr	[const][struct] The certificate signing request whose signature is to be verified.
state	Caller-supplied verification state, typically a qsc_x509_verify_state object.

Returns: Returns true if the CSR signature is valid; otherwise returns false.

◆ qsc_x509_qsc_signature_verify()

QSC_EXPORT_API bool qsc_x509_qsc_signature_verify	(	const qsc_x509_certificate *	certificate,
		const qsc_x509_certificate *	issuer,
		void *	state )

Verify a certificate signature using the issuer certificate and QSC back-end.

Verifies the signature on the supplied certificate using the issuer certificate subject public key information and the signature algorithm declared by the certificate. Verification uses the preserved TBSCertificate DER bytes carried by the decoded certificate object and rejects inconsistent algorithm pairings before invoking the cryptographic back-end.

Parameters

certificate	[const][struct] The certificate whose signature is to be verified.
issuer	[const][struct] The issuer certificate providing the verification public key.
state	Caller-supplied verification state, typically a qsc_x509_verify_state object.

Returns: Returns true if the certificate signature is valid; otherwise returns false.

◆ qsc_x509_qsc_verify_signed_data()

QSC_EXPORT_API bool qsc_x509_qsc_verify_signed_data	(	const uint8_t *	data,
		size_t	datalen,
		const uint8_t *	signature,
		size_t	signaturelen,
		uint8_t	unusedbits,
		qsc_x509_signature_algorithm	signaturealgorithm,
		const qsc_x509_subject_public_key_info *	spki,
		void *	state )

Verify a generic signed-data object using explicit signature metadata.

Verifies a raw signed-data buffer using the supplied signature bytes, signature algorithm selector, and signer subject public key information. This helper provides the algorithm-dispatch core used by the higher-level certificate, CRL, and CSR verification wrappers. The object-specific wrappers enforce signed-region preservation and AlgorithmIdentifier consistency before delegating to this routine.

Parameters

data	[const] The signed-data message buffer.
datalen	The length of the signed-data buffer in bytes.
signature	[const] The signature bytes to verify.
signaturelen	The length of the signature in bytes.
unusedbits	The number of unused bits in the final signature octet when the signature originated from an ASN.1 BIT STRING.
signaturealgorithm	[enum] The normalized signature algorithm identifier.
spki	[const][struct] The signer subject public key information used for verification.
state	Caller-supplied verification state, typically a qsc_x509_verify_state object.

Returns: Returns true if the signature is valid for the supplied data and public key; otherwise returns false.

◆ qsc_x509_qsc_verify_state_initialize()

QSC_EXPORT_API void qsc_x509_qsc_verify_state_initialize	(	qsc_x509_verify_state *	state,
		uint8_t *	buffer,
		size_t	buflen )

Initialize a QSC X.509 verification state object.

Associates the verification state with a caller-managed scratch buffer and records the available buffer capacity. This function shall be called before using the state object with the QSC-backed verification helpers.

Parameters

state	[struct] The verification state object to initialize.
buffer	The caller-supplied scratch buffer.
buflen	The capacity of the scratch buffer in bytes.

Returns: [void] This function does not return a value.

Data Structures

Typedefs

Functions

Detailed Description

Function Documentation

◆ qsc_x509_qsc_crl_signature_verify()

◆ qsc_x509_qsc_csr_signature_verify()

◆ qsc_x509_qsc_signature_verify()

◆ qsc_x509_qsc_verify_signed_data()

◆ qsc_x509_qsc_verify_state_initialize()