1 files changed, 79 insertions, 0 deletions
diff --git a/man/fido_assert_verify.3 b/man/fido_assert_verify.3
new file mode 100644
index 0000000..82e64e1
--- /dev/null
+++ b/man/fido_assert_verify.3
@@ -0,0 +1,79 @@
+.\" Copyright (c) 2018 Yubico AB. All rights reserved.
+.\" Use of this source code is governed by a BSD-style
+.\" license that can be found in the LICENSE file.
+.\"
+.Dd $Mdocdate: May 24 2018 $
+.Dt FIDO_ASSERT_VERIFY 3
+.Os
+.Sh NAME
+.Nm fido_assert_verify
+.Nd verifies the signature of a FIDO 2 assertion statement
+.Sh SYNOPSIS
+.In fido.h
+.Ft int
+.Fn fido_assert_verify "fido_assert_t *assert" "size_t idx" "int cose_alg" "const void *pk"
+.Sh DESCRIPTION
+The
+.Fn fido_assert_verify
+function verifies whether the signature contained in statement index
+.Fa idx
+of
+.Fa assert
+matches the parameters of the assertion.
+Before using
+.Fn fido_assert_verify
+in a sensitive context, the reader is strongly encouraged to make
+herself familiar with the FIDO 2 assertion statement process
+as defined in the Web Authentication (webauthn) standard.
+.Pp
+A brief description follows:
+.Pp
+The
+.Fn fido_assert_verify
+function verifies whether the client data hash, relying party ID,
+user presence and user verification attributes of
+.Fa assert
+have been attested by the holder of the private counterpart of
+the public key
+.Fa pk
+of COSE type
+.Fa cose_alg ,
+where
+.Fa cose_alg
+is
+.Dv COSE_ES256 ,
+.Dv COSE_RS256 ,
+or
+.Dv COSE_EDDSA ,
+and
+.Fa pk
+points to a
+.Vt es256_pk_t ,
+.Vt rs256_pk_t ,
+or
+.Vt eddsa_pk_t
+type accordingly.
+.Pp
+Please note that the first statement in
+.Fa assert
+has an
+.Fa idx
+of 0.
+.Sh RETURN VALUES
+The error codes returned by
+.Fn fido_assert_verify
+are defined in
+.In fido/err.h .
+If
+statement
+.Fa idx
+of
+.Fa assert
+passes verification with
+.Fa pk ,
+then
+.Dv FIDO_OK
+is returned.
+.Sh SEE ALSO
+.Xr fido_assert_new 3 ,
+.Xr fido_assert_set_authdata 3

diff --git a/man/fido_assert_verify.3 b/man/fido_assert_verify.3 new file mode 100644 index 0000000..82e64e1 --- /dev/null +++ b/man/fido_assert_verify.3
@@ -0,0 +1,79 @@
	1	.\" Copyright (c) 2018 Yubico AB. All rights reserved.
	2	.\" Use of this source code is governed by a BSD-style
	3	.\" license that can be found in the LICENSE file.
	4	.\"
	5	.Dd $Mdocdate: May 24 2018 $
	6	.Dt FIDO_ASSERT_VERIFY 3
	7	.Os
	8	.Sh NAME
	9	.Nm fido_assert_verify
	10	.Nd verifies the signature of a FIDO 2 assertion statement
	11	.Sh SYNOPSIS
	12	.In fido.h
	13	.Ft int
	14	.Fn fido_assert_verify "fido_assert_t assert" "size_t idx" "int cose_alg" "const void pk"
	15	.Sh DESCRIPTION
	16	The
	17	.Fn fido_assert_verify
	18	function verifies whether the signature contained in statement index
	19	.Fa idx
	20	of
	21	.Fa assert
	22	matches the parameters of the assertion.
	23	Before using
	24	.Fn fido_assert_verify
	25	in a sensitive context, the reader is strongly encouraged to make
	26	herself familiar with the FIDO 2 assertion statement process
	27	as defined in the Web Authentication (webauthn) standard.
	28	.Pp
	29	A brief description follows:
	30	.Pp
	31	The
	32	.Fn fido_assert_verify
	33	function verifies whether the client data hash, relying party ID,
	34	user presence and user verification attributes of
	35	.Fa assert
	36	have been attested by the holder of the private counterpart of
	37	the public key
	38	.Fa pk
	39	of COSE type
	40	.Fa cose_alg ,
	41	where
	42	.Fa cose_alg
	43	is
	44	.Dv COSE_ES256 ,
	45	.Dv COSE_RS256 ,
	46	or
	47	.Dv COSE_EDDSA ,
	48	and
	49	.Fa pk
	50	points to a
	51	.Vt es256_pk_t ,
	52	.Vt rs256_pk_t ,
	53	or
	54	.Vt eddsa_pk_t
	55	type accordingly.
	56	.Pp
	57	Please note that the first statement in
	58	.Fa assert
	59	has an
	60	.Fa idx
	61	of 0.
	62	.Sh RETURN VALUES
	63	The error codes returned by
	64	.Fn fido_assert_verify
	65	are defined in
	66	.In fido/err.h .
	67	If
	68	statement
	69	.Fa idx
	70	of
	71	.Fa assert
	72	passes verification with
	73	.Fa pk ,
	74	then
	75	.Dv FIDO_OK
	76	is returned.
	77	.Sh SEE ALSO
	78	.Xr fido_assert_new 3 ,
	79	.Xr fido_assert_set_authdata 3