Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
FIDO_CRED_VERIFY(3)    FreeBSD Library Functions Manual	   FIDO_CRED_VERIFY(3)

NAME
     fido_cred_verify -- verifies the signature	of a FIDO 2 credential

SYNOPSIS
     #include <fido.h>

     int
     fido_cred_verify(const fido_cred_t	*cred);

DESCRIPTION
     The fido_cred_verify() function verifies whether the signature contained
     in	cred matches the attributes of the credential.	Before using
     fido_cred_verify()	in a sensitive context,	the reader is strongly encour-
     aged to make herself familiar with	the FIDO 2 credential attestation
     process as	defined	in the Web Authentication (webauthn) standard.

     A brief description follows:

     The fido_cred_verify() function verifies whether the client data hash,
     relying party ID, credential ID, type, and	resident/discoverable key and
     user verification attributes of cred have been attested by	the holder of
     the private counterpart of	the public key contained in the	credential's
     x509 certificate.

     Please note that the x509 certificate itself is not verified.

     The attestation statement formats supported by fido_cred_verify() are
     packed and	fido-u2f.  The attestation type	implemented by
     fido_cred_verify()	is Basic Attestation.  The attestation key pair	is as-
     sumed to be of the	type ES256.  Other attestation formats and types are
     not supported.

RETURN VALUES
     The error codes returned by fido_cred_verify() are	defined	in
     <fido/err.h>.  If cred passes verification, then FIDO_OK is returned.

SEE ALSO
     fido_cred_new(3), fido_cred_set_authdata(3)

FreeBSD	13.0			 May 23, 2018			  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=fido_cred_verify&sektion=3&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help