Updated: 2020/Jul/29


FIDO_CRED_VERIFY(3)        Library Functions Manual        FIDO_CRED_VERIFY(3)

NAME
     fido_cred_verify - verifies the signature of a FIDO 2 credential

SYNOPSIS
     #include <fido.h>

     int
     fido_cred_verify(const fido_cred_t *cred);

DESCRIPTION
     The fido_cred_verify() function verifies whether the signature contained
     in cred matches the attributes of the credential.  Before using
     fido_cred_verify() in a sensitive context, the reader is strongly
     encouraged to make herself familiar with the FIDO 2 credential
     attestation process as defined in the Web Authentication (webauthn)
     standard.

     A brief description follows:

     The fido_cred_verify() function verifies whether the client data hash,
     relying party ID, credential ID, type, and resident key and user
     verification attributes of cred have been attested by the holder of the
     private counterpart of the public key contained in the credential's x509
     certificate.

     Please note that the x509 certificate itself is not verified.

     The attestation statement formats supported by fido_cred_verify() are
     packed and fido-u2f.  The attestation type implemented by
     fido_cred_verify() is Basic Attestation.  The attestation key pair is
     assumed to be of the type ES256.  Other attestation formats and types are
     not supported.

RETURN VALUES
     The error codes returned by fido_cred_verify() are defined in
     <fido/err.h>.  If cred passes verification, then FIDO_OK is returned.

SEE ALSO
     fido_cred_new(3), fido_cred_set_authdata(3)

NetBSD 9.99                $Mdocdate: May 23 2018 $                NetBSD 9.99