pub fn verify_signed_mldsa(
env: &SignedRoomMessage,
pinned_mldsa_pubkey: &[u8],
) -> Result<bool>Expand description
huddle 2.0.6 (WS2-a): verify an envelope’s composite ML-DSA-65 signature
against a pinned ML-DSA public key (the caller’s durable record of this
signer’s PQ-auth key, learned from a prior signed announce). The Ed25519
layer is checked separately by verify_signed; this is the additional
post-quantum check, gated on having pinned the signer’s key.
Ok(true)— a valid ML-DSA signature by the pinned key (PQ-auth confirmed).Ok(false)— no ML-DSA signature present (a classical-only envelope).Err(..)— the envelope claims a different ML-DSA key than pinned, or carries a malformed/invalid ML-DSA signature: a downgrade/forgery the caller MUST reject. (A caller that has pinned this signer should also treatOk(false)— a stripped signature — as a downgrade and reject it.)