| FIDO_CRED_VERIFY(3) | Library Functions Manual | FIDO_CRED_VERIFY(3) |
fido_cred_verify —
verifies the signature of a FIDO 2 credential
#include
<fido.h>
int
fido_cred_verify(const
fido_cred_t *cred);
The
fido_cred_verify()
function verifies whether the signature contained in
cred matches the attributes of the credential. Before
using fido_cred_verify() in a sensitive context, the
reader is strongly encouraged to make herself familiar with the FIDO 2
credential attestation process as defined in the Web Authentication
(webauthn) standard.
A brief description follows:
The
fido_cred_verify()
function verifies whether the client data hash, relying party ID, credential
ID, type, and resident/discoverable key and user verification attributes of
cred have been attested by the holder of the private
counterpart of the public key contained in the credential's x509
certificate.
Please note that the x509 certificate itself is not verified.
The attestation statement formats
supported by
fido_cred_verify()
are
packed
and
fido-u2f.
The attestation type implemented by
fido_cred_verify() is
Basic
Attestation. The attestation key pair is assumed to be of the type
ES256. Other attestation formats and types are not supported.
The error codes returned by
fido_cred_verify() are defined in
<fido/err.h>. If
cred passes verification, then
FIDO_OK is returned.
| May 23, 2018 | Debian |