Updated: 2020/Jul/29


FIDO_ASSERT_VERIFY(3)      Library Functions Manual      FIDO_ASSERT_VERIFY(3)

NAME
     fido_assert_verify - verifies the signature of a FIDO 2 assertion
     statement

SYNOPSIS
     #include <fido.h>

     int
     fido_assert_verify(fido_assert_t *assert, size_t idx, int cose_alg,
         const void *pk);

DESCRIPTION
     The fido_assert_verify() function verifies whether the signature
     contained in statement index idx of assert matches the parameters of the
     assertion.  Before using fido_assert_verify() in a sensitive context, the
     reader is strongly encouraged to make herself familiar with the FIDO 2
     assertion statement process as defined in the Web Authentication
     (webauthn) standard.

     A brief description follows:

     The fido_assert_verify() function verifies whether the client data hash,
     relying party ID, user presence and user verification attributes of
     assert have been attested by the holder of the private counterpart of the
     public key pk of COSE type cose_alg, where cose_alg is COSE_ES256,
     COSE_RS256, or COSE_EDDSA, and pk points to a es256_pk_t, rs256_pk_t, or
     eddsa_pk_t type accordingly.

     Please note that the first statement in assert has an idx of 0.

RETURN VALUES
     The error codes returned by fido_assert_verify() are defined in
     <fido/err.h>.  If statement idx of assert passes verification with pk,
     then FIDO_OK is returned.

SEE ALSO
     fido_assert_new(3), fido_assert_set_authdata(3)

NetBSD 9.99                $Mdocdate: May 24 2018 $                NetBSD 9.99