1FIDO_CRED_VERIFY(3)      BSD Library Functions Manual      FIDO_CRED_VERIFY(3)
2

NAME

4     fido_cred_verify — verifies the signature of a FIDO 2 credential
5

SYNOPSIS

7     #include <fido.h>
8
9     int
10     fido_cred_verify(const fido_cred_t *cred);
11

DESCRIPTION

13     The fido_cred_verify() function verifies whether the signature contained
14     in cred matches the attributes of the credential.  Before using
15     fido_cred_verify() in a sensitive context, the reader is strongly encour‐
16     aged to make herself familiar with the FIDO 2 credential attestation
17     process as defined in the Web Authentication (webauthn) standard.
18
19     A brief description follows:
20
21     The fido_cred_verify() function verifies whether the client data hash,
22     relying party ID, credential ID, type, and resident key and user verifi‐
23     cation attributes of cred have been attested by the holder of the private
24     counterpart of the public key contained in the credential's x509 certifi‐
25     cate.
26
27     Please note that the x509 certificate itself is not verified.
28
29     The attestation statement formats supported by fido_cred_verify() are
30     packed and fido-u2f.  The attestation type implemented by
31     fido_cred_verify() is Basic Attestation.  The attestation key pair is
32     assumed to be of the type ES256.  Other attestation formats and types are
33     not supported.
34

RETURN VALUES

36     The error codes returned by fido_cred_verify() are defined in
37     <fido/err.h>.  If cred passes verification, then FIDO_OK is returned.
38

SEE ALSO

40     fido_cred_new(3), fido_cred_set_authdata(3)
41
42BSD                              May 10, 2020                              BSD
Impressum