xref: /netbsd-src/external/bsd/libfido2/dist/man/fido_assert_set_authdata.3 (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2) 
1.\" Copyright (c) 2018 Yubico AB. All rights reserved.
2.\" Use of this source code is governed by a BSD-style
3.\" license that can be found in the LICENSE file.
4.\"
5.Dd $Mdocdate: May 23 2018 $
6.Dt FIDO_ASSERT_SET_AUTHDATA 3
7.Os
8.Sh NAME
9.Nm fido_assert_set_authdata ,
10.Nm fido_assert_set_authdata_raw ,
11.Nm fido_assert_set_clientdata_hash ,
12.Nm fido_assert_set_count ,
13.Nm fido_assert_set_extensions ,
14.Nm fido_assert_set_hmac_salt ,
15.Nm fido_assert_set_hmac_secret ,
16.Nm fido_assert_set_up ,
17.Nm fido_assert_set_uv ,
18.Nm fido_assert_set_rp ,
19.Nm fido_assert_set_sig
20.Nd set parameters of a FIDO 2 assertion
21.Sh SYNOPSIS
22.In fido.h
23.Bd -literal
24typedef enum {
25	FIDO_OPT_OMIT = 0, /* use authenticator's default */
26	FIDO_OPT_FALSE,    /* explicitly set option to false */
27        FIDO_OPT_TRUE,     /* explicitly set option to true */
28} fido_opt_t;
29.Ed
30.Ft int
31.Fn fido_assert_set_authdata "fido_assert_t *assert" " size_t idx" "const unsigned char *ptr" "size_t len"
32.Ft int
33.Fn fido_assert_set_authdata_raw "fido_assert_t *assert" " size_t idx" "const unsigned char *ptr" "size_t len"
34.Ft int
35.Fn fido_assert_set_clientdata_hash "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
36.Ft int
37.Fn fido_assert_set_count "fido_assert_t *assert" "size_t n"
38.Ft int
39.Fn fido_assert_set_extensions "fido_assert_t *assert" "int flags"
40.Ft int
41.Fn fido_assert_set_hmac_salt "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
42.Ft int
43.Fn fido_assert_set_hmac_secret "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
44.Ft int
45.Fn fido_assert_set_up "fido_assert_t *assert" "fido_opt_t up"
46.Ft int
47.Fn fido_assert_set_uv "fido_assert_t *assert" "fido_opt_t uv"
48.Ft int
49.Fn fido_assert_set_rp "fido_assert_t *assert" "const char *id"
50.Ft int
51.Fn fido_assert_set_sig "fido_assert_t *assert" "size_t idx" "const unsigned char *ptr" "size_t len"
52.Sh DESCRIPTION
53The
54.Nm
55set of functions define the various parameters of a FIDO 2
56assertion, allowing a
57.Fa fido_assert_t
58type to be prepared for a subsequent call to
59.Xr fido_dev_get_assert 3
60or
61.Xr fido_assert_verify 3 .
62For the complete specification of a FIDO 2 assertion and the format
63of its constituent parts, please refer to the Web Authentication
64(webauthn) standard.
65.Pp
66The
67.Fn fido_assert_set_count
68function sets the number of assertion statements in
69.Fa assert
70to
71.Fa n .
72.Pp
73The
74.Fn fido_assert_set_authdata
75and
76.Fn fido_assert_set_sig
77functions set the authenticator data and signature parts of the
78statement with index
79.Fa idx
80of
81.Fa assert
82to
83.Fa ptr ,
84where
85.Fa ptr
86points to
87.Fa len
88bytes.
89A copy of
90.Fa ptr
91is made, and no references to the passed pointer are kept.
92Please note that the first assertion statement of
93.Fa assert
94has an
95.Fa idx
96of
97.Em 0 .
98The authenticator data passed to
99.Fn fido_assert_set_authdata
100must be a CBOR-encoded byte string, as obtained from
101.Fn fido_assert_authdata_ptr .
102Alternatively, a raw binary blob may be passed to
103.Fn fido_assert_set_authdata_raw .
104.Pp
105The
106.Fn fido_assert_set_clientdata_hash ,
107.Fn fido_assert_set_hmac_salt ,
108and
109.Fn fido_assert_set_hmac_secret
110functions set the client data hash and hmac-salt parts of
111.Fa assert
112to
113.Fa ptr ,
114where
115.Fa ptr
116points to
117.Fa len
118bytes.
119A copy of
120.Fa ptr
121is made, and no references to the passed pointer are kept.
122.Pp
123The
124.Fn fido_assert_set_rp
125function sets the relying party
126.Fa id
127of
128.Fa assert ,
129where
130.Fa id
131is a NUL-terminated UTF-8 string.
132The content of
133.Fa id
134is copied, and no references to the passed pointer are kept.
135.Pp
136The
137.Fn fido_assert_set_extensions
138function sets the extensions of
139.Fa assert
140to the bitmask
141.Fa flags .
142At the moment, only the
143.Dv FIDO_EXT_CRED_BLOB ,
144.Dv FIDO_EXT_HMAC_SECRET ,
145and
146.Dv FIDO_EXT_LARGEBLOB_KEY
147extensions are supported.
148If
149.Fa flags
150is zero, the extensions of
151.Fa assert
152are cleared.
153.Pp
154The
155.Fn fido_assert_set_up
156and
157.Fn fido_assert_set_uv
158functions set the
159.Fa up
160(user presence) and
161.Fa uv
162(user verification)
163attributes of
164.Fa assert .
165Both are
166.Dv FIDO_OPT_OMIT
167by default, allowing the authenticator to use its default settings.
168.Pp
169Use of the
170.Nm
171set of functions may happen in two distinct situations:
172when asking a FIDO device to produce a series of assertion
173statements, prior to
174.Xr fido_dev_get_assert 3
175(i.e, in the context of a FIDO client), or when verifying assertion
176statements using
177.Xr fido_assert_verify 3
178(i.e, in the context of a FIDO server).
179.Pp
180For a complete description of the generation of a FIDO 2 assertion
181and its verification, please refer to the FIDO 2 specification.
182An example of how to use the
183.Nm
184set of functions can be found in the
185.Pa examples/assert.c
186file shipped with
187.Em libfido2 .
188.Pp
189.Fn fido_assert_set_hmac_secret
190is not normally useful in a FIDO client or server \(em it is provided
191to enable testing other functionality that relies on retrieving the
192HMAC secret from an assertion obtained from an authenticator.
193.Sh RETURN VALUES
194The
195.Nm
196functions return
197.Dv FIDO_OK
198on success.
199The error codes returned by the
200.Nm
201set of functions are defined in
202.In fido/err.h .
203.Sh SEE ALSO
204.Xr fido_assert_allow_cred 3 ,
205.Xr fido_assert_verify 3 ,
206.Xr fido_dev_get_assert 3
207