xref: /freebsd/contrib/libfido2/man/fido_assert_set_authdata.3 (revision 13ec1e3155c7e9bf037b12af186351b7fa9b9450)
1.\" Copyright (c) 2018 Yubico AB. All rights reserved.
2.\" Use of this source code is governed by a BSD-style
3.\" license that can be found in the LICENSE file.
4.\"
5.Dd $Mdocdate: May 23 2018 $
6.Dt FIDO_ASSERT_SET_AUTHDATA 3
7.Os
8.Sh NAME
9.Nm fido_assert_set_authdata ,
10.Nm fido_assert_set_authdata_raw ,
11.Nm fido_assert_set_clientdata ,
12.Nm fido_assert_set_clientdata_hash ,
13.Nm fido_assert_set_count ,
14.Nm fido_assert_set_extensions ,
15.Nm fido_assert_set_hmac_salt ,
16.Nm fido_assert_set_hmac_secret ,
17.Nm fido_assert_set_up ,
18.Nm fido_assert_set_uv ,
19.Nm fido_assert_set_rp ,
20.Nm fido_assert_set_sig
21.Nd set parameters of a FIDO 2 assertion
22.Sh SYNOPSIS
23.In fido.h
24.Bd -literal
25typedef enum {
26	FIDO_OPT_OMIT = 0, /* use authenticator's default */
27	FIDO_OPT_FALSE,    /* explicitly set option to false */
28        FIDO_OPT_TRUE,     /* explicitly set option to true */
29} fido_opt_t;
30.Ed
31.Ft int
32.Fn fido_assert_set_authdata "fido_assert_t *assert" " size_t idx" "const unsigned char *ptr" "size_t len"
33.Ft int
34.Fn fido_assert_set_authdata_raw "fido_assert_t *assert" " size_t idx" "const unsigned char *ptr" "size_t len"
35.Ft int
36.Fn fido_assert_set_clientdata "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
37.Ft int
38.Fn fido_assert_set_clientdata_hash "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
39.Ft int
40.Fn fido_assert_set_count "fido_assert_t *assert" "size_t n"
41.Ft int
42.Fn fido_assert_set_extensions "fido_assert_t *assert" "int flags"
43.Ft int
44.Fn fido_assert_set_hmac_salt "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
45.Ft int
46.Fn fido_assert_set_hmac_secret "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
47.Ft int
48.Fn fido_assert_set_up "fido_assert_t *assert" "fido_opt_t up"
49.Ft int
50.Fn fido_assert_set_uv "fido_assert_t *assert" "fido_opt_t uv"
51.Ft int
52.Fn fido_assert_set_rp "fido_assert_t *assert" "const char *id"
53.Ft int
54.Fn fido_assert_set_sig "fido_assert_t *assert" "size_t idx" "const unsigned char *ptr" "size_t len"
55.Sh DESCRIPTION
56The
57.Nm
58set of functions define the various parameters of a FIDO 2
59assertion, allowing a
60.Fa fido_assert_t
61type to be prepared for a subsequent call to
62.Xr fido_dev_get_assert 3
63or
64.Xr fido_assert_verify 3 .
65For the complete specification of a FIDO 2 assertion and the format
66of its constituent parts, please refer to the Web Authentication
67(webauthn) standard.
68.Pp
69The
70.Fn fido_assert_set_count
71function sets the number of assertion statements in
72.Fa assert
73to
74.Fa n .
75.Pp
76The
77.Fn fido_assert_set_authdata
78and
79.Fn fido_assert_set_sig
80functions set the authenticator data and signature parts of the
81statement with index
82.Fa idx
83of
84.Fa assert
85to
86.Fa ptr ,
87where
88.Fa ptr
89points to
90.Fa len
91bytes.
92A copy of
93.Fa ptr
94is made, and no references to the passed pointer are kept.
95Please note that the first assertion statement of
96.Fa assert
97has an
98.Fa idx
99of
100.Em 0 .
101The authenticator data passed to
102.Fn fido_assert_set_authdata
103must be a CBOR-encoded byte string, as obtained from
104.Fn fido_assert_authdata_ptr .
105Alternatively, a raw binary blob may be passed to
106.Fn fido_assert_set_authdata_raw .
107.Pp
108The
109.Fn fido_assert_set_clientdata_hash ,
110.Fn fido_assert_set_hmac_salt ,
111and
112.Fn fido_assert_set_hmac_secret
113functions set the client data hash and hmac-salt parts of
114.Fa assert
115to
116.Fa ptr ,
117where
118.Fa ptr
119points to
120.Fa len
121bytes.
122A copy of
123.Fa ptr
124is made, and no references to the passed pointer are kept.
125.Pp
126The
127.Fn fido_assert_set_clientdata
128function allows an application to set the client data hash of
129.Fa assert
130by specifying the assertion's unhashed client data.
131This is required by Windows Hello, which calculates the client data
132hash internally.
133For compatibility with Windows Hello, applications should use
134.Fn fido_assert_set_clientdata
135instead of
136.Fn fido_assert_set_clientdata_hash .
137.Pp
138The
139.Fn fido_assert_set_rp
140function sets the relying party
141.Fa id
142of
143.Fa assert ,
144where
145.Fa id
146is a NUL-terminated UTF-8 string.
147The content of
148.Fa id
149is copied, and no references to the passed pointer are kept.
150.Pp
151The
152.Fn fido_assert_set_extensions
153function sets the extensions of
154.Fa assert
155to the bitmask
156.Fa flags .
157At the moment, only the
158.Dv FIDO_EXT_CRED_BLOB ,
159.Dv FIDO_EXT_HMAC_SECRET ,
160and
161.Dv FIDO_EXT_LARGEBLOB_KEY
162extensions are supported.
163If
164.Fa flags
165is zero, the extensions of
166.Fa assert
167are cleared.
168.Pp
169The
170.Fn fido_assert_set_up
171and
172.Fn fido_assert_set_uv
173functions set the
174.Fa up
175(user presence) and
176.Fa uv
177(user verification)
178attributes of
179.Fa assert .
180Both are
181.Dv FIDO_OPT_OMIT
182by default, allowing the authenticator to use its default settings.
183.Pp
184Use of the
185.Nm
186set of functions may happen in two distinct situations:
187when asking a FIDO device to produce a series of assertion
188statements, prior to
189.Xr fido_dev_get_assert 3
190(i.e, in the context of a FIDO client), or when verifying assertion
191statements using
192.Xr fido_assert_verify 3
193(i.e, in the context of a FIDO server).
194.Pp
195For a complete description of the generation of a FIDO 2 assertion
196and its verification, please refer to the FIDO 2 specification.
197An example of how to use the
198.Nm
199set of functions can be found in the
200.Pa examples/assert.c
201file shipped with
202.Em libfido2 .
203.Pp
204.Fn fido_assert_set_hmac_secret
205is not normally useful in a FIDO client or server \(em it is provided
206to enable testing other functionality that relies on retrieving the
207HMAC secret from an assertion obtained from an authenticator.
208.Sh RETURN VALUES
209The
210.Nm
211functions return
212.Dv FIDO_OK
213on success.
214The error codes returned by the
215.Nm
216set of functions are defined in
217.In fido/err.h .
218.Sh SEE ALSO
219.Xr fido_assert_allow_cred 3 ,
220.Xr fido_assert_verify 3 ,
221.Xr fido_dev_get_assert 3
222