1FIDO_CRED_VERIFY(3) BSD Library Functions Manual FIDO_CRED_VERIFY(3)
2
4 fido_cred_verify — verifies the attestation signature of a FIDO 2 creden‐
5 tial
6
8 #include <fido.h>
9
10 int
11 fido_cred_verify(const fido_cred_t *cred);
12
14 The fido_cred_verify() function verifies whether the attestation signa‐
15 ture contained in cred matches the attributes of the credential. Before
16 using fido_cred_verify() in a sensitive context, the reader is strongly
17 encouraged to make herself familiar with the FIDO 2 credential attesta‐
18 tion process as defined in the Web Authentication (webauthn) standard.
19
20 A brief description follows:
21
22 The fido_cred_verify() function verifies whether the client data hash,
23 relying party ID, credential ID, type, and resident/discoverable key and
24 user verification attributes of cred have been attested by the holder of
25 the private counterpart of the public key contained in the credential's
26 x509 certificate.
27
28 Please note that the x509 certificate itself is not verified.
29
30 The attestation statement formats supported by fido_cred_verify() are
31 packed and fido-u2f. The attestation type implemented by
32 fido_cred_verify() is Basic Attestation. The attestation key pair is as‐
33 sumed to be of the type ES256. Other attestation formats and types are
34 not supported.
35
37 The error codes returned by fido_cred_verify() are defined in
38 <fido/err.h>. If cred does not contain attestation data, then
39 FIDO_ERR_INVALID_ARGUMENT is returned. If cred passes verification, then
40 FIDO_OK is returned.
41
43 fido_cred_new(3), fido_cred_set_authdata(3)
44
45BSD May 23, 2018 BSD