diff options
Diffstat (limited to 'man/fido_assert_verify.3')
-rw-r--r-- | man/fido_assert_verify.3 | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/man/fido_assert_verify.3 b/man/fido_assert_verify.3 new file mode 100644 index 0000000..82e64e1 --- /dev/null +++ b/man/fido_assert_verify.3 | |||
@@ -0,0 +1,79 @@ | |||
1 | .\" Copyright (c) 2018 Yubico AB. All rights reserved. | ||
2 | .\" Use of this source code is governed by a BSD-style | ||
3 | .\" license that can be found in the LICENSE file. | ||
4 | .\" | ||
5 | .Dd $Mdocdate: May 24 2018 $ | ||
6 | .Dt FIDO_ASSERT_VERIFY 3 | ||
7 | .Os | ||
8 | .Sh NAME | ||
9 | .Nm fido_assert_verify | ||
10 | .Nd verifies the signature of a FIDO 2 assertion statement | ||
11 | .Sh SYNOPSIS | ||
12 | .In fido.h | ||
13 | .Ft int | ||
14 | .Fn fido_assert_verify "fido_assert_t *assert" "size_t idx" "int cose_alg" "const void *pk" | ||
15 | .Sh DESCRIPTION | ||
16 | The | ||
17 | .Fn fido_assert_verify | ||
18 | function verifies whether the signature contained in statement index | ||
19 | .Fa idx | ||
20 | of | ||
21 | .Fa assert | ||
22 | matches the parameters of the assertion. | ||
23 | Before using | ||
24 | .Fn fido_assert_verify | ||
25 | in a sensitive context, the reader is strongly encouraged to make | ||
26 | herself familiar with the FIDO 2 assertion statement process | ||
27 | as defined in the Web Authentication (webauthn) standard. | ||
28 | .Pp | ||
29 | A brief description follows: | ||
30 | .Pp | ||
31 | The | ||
32 | .Fn fido_assert_verify | ||
33 | function verifies whether the client data hash, relying party ID, | ||
34 | user presence and user verification attributes of | ||
35 | .Fa assert | ||
36 | have been attested by the holder of the private counterpart of | ||
37 | the public key | ||
38 | .Fa pk | ||
39 | of COSE type | ||
40 | .Fa cose_alg , | ||
41 | where | ||
42 | .Fa cose_alg | ||
43 | is | ||
44 | .Dv COSE_ES256 , | ||
45 | .Dv COSE_RS256 , | ||
46 | or | ||
47 | .Dv COSE_EDDSA , | ||
48 | and | ||
49 | .Fa pk | ||
50 | points to a | ||
51 | .Vt es256_pk_t , | ||
52 | .Vt rs256_pk_t , | ||
53 | or | ||
54 | .Vt eddsa_pk_t | ||
55 | type accordingly. | ||
56 | .Pp | ||
57 | Please note that the first statement in | ||
58 | .Fa assert | ||
59 | has an | ||
60 | .Fa idx | ||
61 | of 0. | ||
62 | .Sh RETURN VALUES | ||
63 | The error codes returned by | ||
64 | .Fn fido_assert_verify | ||
65 | are defined in | ||
66 | .In fido/err.h . | ||
67 | If | ||
68 | statement | ||
69 | .Fa idx | ||
70 | of | ||
71 | .Fa assert | ||
72 | passes verification with | ||
73 | .Fa pk , | ||
74 | then | ||
75 | .Dv FIDO_OK | ||
76 | is returned. | ||
77 | .Sh SEE ALSO | ||
78 | .Xr fido_assert_new 3 , | ||
79 | .Xr fido_assert_set_authdata 3 | ||