| FIDO_ASSERT_VERIFY(3) | Library Functions Manual | FIDO_ASSERT_VERIFY(3) |
NAME
fido_assert_verify —
verifies the signature of a FIDO2 assertion
statement
SYNOPSIS
#include
<fido.h>
int
fido_assert_verify(const
fido_assert_t *assert,
size_t idx,
int cose_alg,
const void *pk);
DESCRIPTION
The
fido_assert_verify()
function verifies whether the signature contained in statement index
idx of assert matches the
parameters of the assertion. Before using
fido_assert_verify() in a sensitive context, the
reader is strongly encouraged to make herself familiar with the FIDO2
assertion statement process as defined in the Web Authentication (webauthn)
standard.
A brief description follows:
The
fido_assert_verify()
function verifies whether the client data hash, relying party ID, user
presence and user verification attributes of assert
have been attested by the holder of the private counterpart of the public
key pk of COSE type cose_alg,
where cose_alg is COSE_ES256,
COSE_ES384, COSE_RS256, or
COSE_EDDSA, and pk points to a
es256_pk_t, es384_pk_t,
rs256_pk_t, or eddsa_pk_t type
accordingly.
Please note that the first statement in assert has an idx of 0.
RETURN VALUES
The error codes returned by
fido_assert_verify() are defined in
<fido/err.h>. If statement
idx of assert passes
verification with pk, then
FIDO_OK is returned.
SEE ALSO
| July 15, 2022 | Linux 6.10.10-arch1-1 |