1 files changed, 64 insertions, 0 deletions
diff --git a/man/fido_cred_verify.3 b/man/fido_cred_verify.3
new file mode 100644
index 0000000..c75b9a1
--- /dev/null
+++ b/man/fido_cred_verify.3
@@ -0,0 +1,64 @@
+.\" Copyright (c) 2018 Yubico AB. All rights reserved.
+.\" Use of this source code is governed by a BSD-style
+.\" license that can be found in the LICENSE file.
+.\"
+.Dd $Mdocdate: May 23 2018 $
+.Dt FIDO_CRED_VERIFY 3
+.Os
+.Sh NAME
+.Nm fido_cred_verify
+.Nd verifies the signature of a FIDO 2 credential
+.Sh SYNOPSIS
+.In fido.h
+.Ft int
+.Fn fido_cred_verify "const fido_cred_t *cred"
+.Sh DESCRIPTION
+The
+.Fn fido_cred_verify
+function verifies whether the signature contained in
+.Fa cred
+matches the attributes of the credential.
+Before using
+.Fn fido_cred_verify
+in a sensitive context, the reader is strongly encouraged to make
+herself familiar with the FIDO 2 credential attestation process
+as defined in the Web Authentication (webauthn) standard.
+.Pp
+A brief description follows:
+.Pp
+The
+.Fn fido_cred_verify
+function verifies whether the client data hash, relying party ID,
+credential ID, type, and resident key and user verification
+attributes of
+.Fa cred
+have been attested by the holder of the private counterpart of
+the public key contained in the credential's x509 certificate.
+.Pp
+Please note that the x509 certificate itself is not verified.
+.Pp
+The attestation statement formats supported by
+.Fn fido_cred_verify
+are
+.Em packed
+and
+.Em fido-u2f .
+The attestation type implemented by
+.Fn fido_cred_verify
+is
+.Em Basic Attestation .
+The attestation key pair is assumed to be of the type ES256.
+Other attestation formats and types are not supported.
+.Sh RETURN VALUES
+The error codes returned by
+.Fn fido_cred_verify
+are defined in
+.In fido/err.h .
+If
+.Fa cred
+passes verification, then
+.Dv FIDO_OK
+is returned.
+.Sh SEE ALSO
+.Xr fido_cred_new 3 ,
+.Xr fido_cred_set_authdata 3

diff --git a/man/fido_cred_verify.3 b/man/fido_cred_verify.3 new file mode 100644 index 0000000..c75b9a1 --- /dev/null +++ b/man/fido_cred_verify.3
@@ -0,0 +1,64 @@
	1	.\" Copyright (c) 2018 Yubico AB. All rights reserved.
	2	.\" Use of this source code is governed by a BSD-style
	3	.\" license that can be found in the LICENSE file.
	4	.\"
	5	.Dd $Mdocdate: May 23 2018 $
	6	.Dt FIDO_CRED_VERIFY 3
	7	.Os
	8	.Sh NAME
	9	.Nm fido_cred_verify
	10	.Nd verifies the signature of a FIDO 2 credential
	11	.Sh SYNOPSIS
	12	.In fido.h
	13	.Ft int
	14	.Fn fido_cred_verify "const fido_cred_t *cred"
	15	.Sh DESCRIPTION
	16	The
	17	.Fn fido_cred_verify
	18	function verifies whether the signature contained in
	19	.Fa cred
	20	matches the attributes of the credential.
	21	Before using
	22	.Fn fido_cred_verify
	23	in a sensitive context, the reader is strongly encouraged to make
	24	herself familiar with the FIDO 2 credential attestation process
	25	as defined in the Web Authentication (webauthn) standard.
	26	.Pp
	27	A brief description follows:
	28	.Pp
	29	The
	30	.Fn fido_cred_verify
	31	function verifies whether the client data hash, relying party ID,
	32	credential ID, type, and resident key and user verification
	33	attributes of
	34	.Fa cred
	35	have been attested by the holder of the private counterpart of
	36	the public key contained in the credential's x509 certificate.
	37	.Pp
	38	Please note that the x509 certificate itself is not verified.
	39	.Pp
	40	The attestation statement formats supported by
	41	.Fn fido_cred_verify
	42	are
	43	.Em packed
	44	and
	45	.Em fido-u2f .
	46	The attestation type implemented by
	47	.Fn fido_cred_verify
	48	is
	49	.Em Basic Attestation .
	50	The attestation key pair is assumed to be of the type ES256.
	51	Other attestation formats and types are not supported.
	52	.Sh RETURN VALUES
	53	The error codes returned by
	54	.Fn fido_cred_verify
	55	are defined in
	56	.In fido/err.h .
	57	If
	58	.Fa cred
	59	passes verification, then
	60	.Dv FIDO_OK
	61	is returned.
	62	.Sh SEE ALSO
	63	.Xr fido_cred_new 3 ,
	64	.Xr fido_cred_set_authdata 3