xref: /freebsd-src/contrib/libfido2/man/fido_assert_verify.3 (revision 2ccfa855b2fc331819953e3de1b1c15ce5b95a7e) 
1*2ccfa855SEd Maste.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
20afa8e06SEd Maste.\"
3*2ccfa855SEd Maste.\" Redistribution and use in source and binary forms, with or without
4*2ccfa855SEd Maste.\" modification, are permitted provided that the following conditions are
5*2ccfa855SEd Maste.\" met:
6*2ccfa855SEd Maste.\"
7*2ccfa855SEd Maste.\"    1. Redistributions of source code must retain the above copyright
8*2ccfa855SEd Maste.\"       notice, this list of conditions and the following disclaimer.
9*2ccfa855SEd Maste.\"    2. Redistributions in binary form must reproduce the above copyright
10*2ccfa855SEd Maste.\"       notice, this list of conditions and the following disclaimer in
11*2ccfa855SEd Maste.\"       the documentation and/or other materials provided with the
12*2ccfa855SEd Maste.\"       distribution.
13*2ccfa855SEd Maste.\"
14*2ccfa855SEd Maste.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
15*2ccfa855SEd Maste.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
16*2ccfa855SEd Maste.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
17*2ccfa855SEd Maste.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
18*2ccfa855SEd Maste.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
19*2ccfa855SEd Maste.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
20*2ccfa855SEd Maste.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21*2ccfa855SEd Maste.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22*2ccfa855SEd Maste.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23*2ccfa855SEd Maste.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24*2ccfa855SEd Maste.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25*2ccfa855SEd Maste.\"
26*2ccfa855SEd Maste.\" SPDX-License-Identifier: BSD-2-Clause
27*2ccfa855SEd Maste.\"
28*2ccfa855SEd Maste.Dd $Mdocdate: July 15 2022 $
290afa8e06SEd Maste.Dt FIDO_ASSERT_VERIFY 3
300afa8e06SEd Maste.Os
310afa8e06SEd Maste.Sh NAME
320afa8e06SEd Maste.Nm fido_assert_verify
330afa8e06SEd Maste.Nd verifies the signature of a FIDO2 assertion statement
340afa8e06SEd Maste.Sh SYNOPSIS
350afa8e06SEd Maste.In fido.h
360afa8e06SEd Maste.Ft int
373e696dfbSEd Maste.Fn fido_assert_verify "const fido_assert_t *assert" "size_t idx" "int cose_alg" "const void *pk"
380afa8e06SEd Maste.Sh DESCRIPTION
390afa8e06SEd MasteThe
400afa8e06SEd Maste.Fn fido_assert_verify
410afa8e06SEd Mastefunction verifies whether the signature contained in statement index
420afa8e06SEd Maste.Fa idx
430afa8e06SEd Masteof
440afa8e06SEd Maste.Fa assert
450afa8e06SEd Mastematches the parameters of the assertion.
460afa8e06SEd MasteBefore using
470afa8e06SEd Maste.Fn fido_assert_verify
480afa8e06SEd Mastein a sensitive context, the reader is strongly encouraged to make
490afa8e06SEd Masteherself familiar with the FIDO2 assertion statement process
500afa8e06SEd Masteas defined in the Web Authentication (webauthn) standard.
510afa8e06SEd Maste.Pp
520afa8e06SEd MasteA brief description follows:
530afa8e06SEd Maste.Pp
540afa8e06SEd MasteThe
550afa8e06SEd Maste.Fn fido_assert_verify
560afa8e06SEd Mastefunction verifies whether the client data hash, relying party ID,
570afa8e06SEd Masteuser presence and user verification attributes of
580afa8e06SEd Maste.Fa assert
590afa8e06SEd Mastehave been attested by the holder of the private counterpart of
600afa8e06SEd Mastethe public key
610afa8e06SEd Maste.Fa pk
620afa8e06SEd Masteof COSE type
630afa8e06SEd Maste.Fa cose_alg ,
640afa8e06SEd Mastewhere
650afa8e06SEd Maste.Fa cose_alg
660afa8e06SEd Masteis
670afa8e06SEd Maste.Dv COSE_ES256 ,
68*2ccfa855SEd Maste.Dv COSE_ES384 ,
690afa8e06SEd Maste.Dv COSE_RS256 ,
700afa8e06SEd Masteor
710afa8e06SEd Maste.Dv COSE_EDDSA ,
720afa8e06SEd Masteand
730afa8e06SEd Maste.Fa pk
740afa8e06SEd Mastepoints to a
750afa8e06SEd Maste.Vt es256_pk_t ,
76*2ccfa855SEd Maste.Vt es384_pk_t ,
770afa8e06SEd Maste.Vt rs256_pk_t ,
780afa8e06SEd Masteor
790afa8e06SEd Maste.Vt eddsa_pk_t
800afa8e06SEd Mastetype accordingly.
810afa8e06SEd Maste.Pp
820afa8e06SEd MastePlease note that the first statement in
830afa8e06SEd Maste.Fa assert
840afa8e06SEd Mastehas an
850afa8e06SEd Maste.Fa idx
860afa8e06SEd Masteof 0.
870afa8e06SEd Maste.Sh RETURN VALUES
880afa8e06SEd MasteThe error codes returned by
890afa8e06SEd Maste.Fn fido_assert_verify
900afa8e06SEd Masteare defined in
910afa8e06SEd Maste.In fido/err.h .
920afa8e06SEd MasteIf
930afa8e06SEd Mastestatement
940afa8e06SEd Maste.Fa idx
950afa8e06SEd Masteof
960afa8e06SEd Maste.Fa assert
970afa8e06SEd Mastepasses verification with
980afa8e06SEd Maste.Fa pk ,
990afa8e06SEd Mastethen
1000afa8e06SEd Maste.Dv FIDO_OK
1010afa8e06SEd Masteis returned.
1020afa8e06SEd Maste.Sh SEE ALSO
1030afa8e06SEd Maste.Xr fido_assert_new 3 ,
1040afa8e06SEd Maste.Xr fido_assert_set_authdata 3
105