diff options
Diffstat (limited to 'man/fido_cred_verify.3')
-rw-r--r-- | man/fido_cred_verify.3 | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/man/fido_cred_verify.3 b/man/fido_cred_verify.3 new file mode 100644 index 0000000..c75b9a1 --- /dev/null +++ b/man/fido_cred_verify.3 | |||
@@ -0,0 +1,64 @@ | |||
1 | .\" Copyright (c) 2018 Yubico AB. All rights reserved. | ||
2 | .\" Use of this source code is governed by a BSD-style | ||
3 | .\" license that can be found in the LICENSE file. | ||
4 | .\" | ||
5 | .Dd $Mdocdate: May 23 2018 $ | ||
6 | .Dt FIDO_CRED_VERIFY 3 | ||
7 | .Os | ||
8 | .Sh NAME | ||
9 | .Nm fido_cred_verify | ||
10 | .Nd verifies the signature of a FIDO 2 credential | ||
11 | .Sh SYNOPSIS | ||
12 | .In fido.h | ||
13 | .Ft int | ||
14 | .Fn fido_cred_verify "const fido_cred_t *cred" | ||
15 | .Sh DESCRIPTION | ||
16 | The | ||
17 | .Fn fido_cred_verify | ||
18 | function verifies whether the signature contained in | ||
19 | .Fa cred | ||
20 | matches the attributes of the credential. | ||
21 | Before using | ||
22 | .Fn fido_cred_verify | ||
23 | in a sensitive context, the reader is strongly encouraged to make | ||
24 | herself familiar with the FIDO 2 credential attestation process | ||
25 | as defined in the Web Authentication (webauthn) standard. | ||
26 | .Pp | ||
27 | A brief description follows: | ||
28 | .Pp | ||
29 | The | ||
30 | .Fn fido_cred_verify | ||
31 | function verifies whether the client data hash, relying party ID, | ||
32 | credential ID, type, and resident key and user verification | ||
33 | attributes of | ||
34 | .Fa cred | ||
35 | have been attested by the holder of the private counterpart of | ||
36 | the public key contained in the credential's x509 certificate. | ||
37 | .Pp | ||
38 | Please note that the x509 certificate itself is not verified. | ||
39 | .Pp | ||
40 | The attestation statement formats supported by | ||
41 | .Fn fido_cred_verify | ||
42 | are | ||
43 | .Em packed | ||
44 | and | ||
45 | .Em fido-u2f . | ||
46 | The attestation type implemented by | ||
47 | .Fn fido_cred_verify | ||
48 | is | ||
49 | .Em Basic Attestation . | ||
50 | The attestation key pair is assumed to be of the type ES256. | ||
51 | Other attestation formats and types are not supported. | ||
52 | .Sh RETURN VALUES | ||
53 | The error codes returned by | ||
54 | .Fn fido_cred_verify | ||
55 | are defined in | ||
56 | .In fido/err.h . | ||
57 | If | ||
58 | .Fa cred | ||
59 | passes verification, then | ||
60 | .Dv FIDO_OK | ||
61 | is returned. | ||
62 | .Sh SEE ALSO | ||
63 | .Xr fido_cred_new 3 , | ||
64 | .Xr fido_cred_set_authdata 3 | ||