1.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved. 2.\" 3.\" Redistribution and use in source and binary forms, with or without 4.\" modification, are permitted provided that the following conditions are 5.\" met: 6.\" 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in 11.\" the documentation and/or other materials provided with the 12.\" distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 15.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 16.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 17.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 18.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 20.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 24.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" 26.\" SPDX-License-Identifier: BSD-2-Clause 27.\" 28.Dd $Mdocdate: April 27 2022 $ 29.Dt FIDO_ASSERT_SET_AUTHDATA 3 30.Os 31.Sh NAME 32.Nm fido_assert_set_authdata , 33.Nm fido_assert_set_authdata_raw , 34.Nm fido_assert_set_clientdata , 35.Nm fido_assert_set_clientdata_hash , 36.Nm fido_assert_set_count , 37.Nm fido_assert_set_extensions , 38.Nm fido_assert_set_hmac_salt , 39.Nm fido_assert_set_hmac_secret , 40.Nm fido_assert_set_up , 41.Nm fido_assert_set_uv , 42.Nm fido_assert_set_rp , 43.Nm fido_assert_set_sig 44.Nd set parameters of a FIDO2 assertion 45.Sh SYNOPSIS 46.In fido.h 47.Bd -literal 48typedef enum { 49 FIDO_OPT_OMIT = 0, /* use authenticator's default */ 50 FIDO_OPT_FALSE, /* explicitly set option to false */ 51 FIDO_OPT_TRUE, /* explicitly set option to true */ 52} fido_opt_t; 53.Ed 54.Ft int 55.Fn fido_assert_set_authdata "fido_assert_t *assert" "size_t idx" "const unsigned char *ptr" "size_t len" 56.Ft int 57.Fn fido_assert_set_authdata_raw "fido_assert_t *assert" "size_t idx" "const unsigned char *ptr" "size_t len" 58.Ft int 59.Fn fido_assert_set_clientdata "fido_assert_t *assert" "const unsigned char *ptr" "size_t len" 60.Ft int 61.Fn fido_assert_set_clientdata_hash "fido_assert_t *assert" "const unsigned char *ptr" "size_t len" 62.Ft int 63.Fn fido_assert_set_count "fido_assert_t *assert" "size_t n" 64.Ft int 65.Fn fido_assert_set_extensions "fido_assert_t *assert" "int flags" 66.Ft int 67.Fn fido_assert_set_hmac_salt "fido_assert_t *assert" "const unsigned char *ptr" "size_t len" 68.Ft int 69.Fn fido_assert_set_hmac_secret "fido_assert_t *assert" "size_t idx" "const unsigned char *ptr" "size_t len" 70.Ft int 71.Fn fido_assert_set_up "fido_assert_t *assert" "fido_opt_t up" 72.Ft int 73.Fn fido_assert_set_uv "fido_assert_t *assert" "fido_opt_t uv" 74.Ft int 75.Fn fido_assert_set_rp "fido_assert_t *assert" "const char *id" 76.Ft int 77.Fn fido_assert_set_sig "fido_assert_t *assert" "size_t idx" "const unsigned char *ptr" "size_t len" 78.Sh DESCRIPTION 79The 80.Nm 81set of functions define the various parameters of a FIDO2 82assertion, allowing a 83.Fa fido_assert_t 84type to be prepared for a subsequent call to 85.Xr fido_dev_get_assert 3 86or 87.Xr fido_assert_verify 3 . 88For the complete specification of a FIDO2 assertion and the format 89of its constituent parts, please refer to the Web Authentication 90(webauthn) standard. 91.Pp 92The 93.Fn fido_assert_set_count 94function sets the number of assertion statements in 95.Fa assert 96to 97.Fa n . 98.Pp 99The 100.Fn fido_assert_set_authdata 101and 102.Fn fido_assert_set_sig 103functions set the authenticator data and signature parts of the 104statement with index 105.Fa idx 106of 107.Fa assert 108to 109.Fa ptr , 110where 111.Fa ptr 112points to 113.Fa len 114bytes. 115A copy of 116.Fa ptr 117is made, and no references to the passed pointer are kept. 118Please note that the first assertion statement of 119.Fa assert 120has an 121.Fa idx 122of 123.Em 0 . 124The authenticator data passed to 125.Fn fido_assert_set_authdata 126must be a CBOR-encoded byte string, as obtained from 127.Fn fido_assert_authdata_ptr . 128Alternatively, a raw binary blob may be passed to 129.Fn fido_assert_set_authdata_raw . 130.Pp 131The 132.Fn fido_assert_set_clientdata_hash 133function sets the client data hash of 134.Fa assert 135to 136.Fa ptr , 137where 138.Fa ptr 139points to 140.Fa len 141bytes. 142A copy of 143.Fa ptr 144is made, and no references to the passed pointer are kept. 145.Pp 146The 147.Fn fido_assert_set_clientdata 148function allows an application to set the client data hash of 149.Fa assert 150by specifying the assertion's unhashed client data. 151This is required by Windows Hello, which calculates the client data 152hash internally. 153For compatibility with Windows Hello, applications should use 154.Fn fido_assert_set_clientdata 155instead of 156.Fn fido_assert_set_clientdata_hash . 157.Pp 158The 159.Fn fido_assert_set_rp 160function sets the relying party 161.Fa id 162of 163.Fa assert , 164where 165.Fa id 166is a NUL-terminated UTF-8 string. 167The content of 168.Fa id 169is copied, and no references to the passed pointer are kept. 170.Pp 171The 172.Fn fido_assert_set_extensions 173function sets the extensions of 174.Fa assert 175to the bitmask 176.Fa flags . 177At the moment, only the 178.Dv FIDO_EXT_CRED_BLOB , 179.Dv FIDO_EXT_HMAC_SECRET , 180and 181.Dv FIDO_EXT_LARGEBLOB_KEY 182extensions are supported. 183If 184.Fa flags 185is zero, the extensions of 186.Fa assert 187are cleared. 188.Pp 189The 190.Fn fido_assert_set_hmac_salt 191and 192.Fn fido_assert_set_hmac_secret 193functions set the hmac-salt and hmac-secret parts of 194.Fa assert 195to 196.Fa ptr , 197where 198.Fa ptr 199points to 200.Fa len 201bytes. 202A copy of 203.Fa ptr 204is made, and no references to the passed pointer are kept. 205The HMAC Secret 206.Pq hmac-secret 207Extension is a CTAP 2.0 extension. 208Note that the resulting hmac-secret varies according to whether 209user verification was performed by the authenticator. 210The 211.Fn fido_assert_set_hmac_secret 212function is normally only useful when writing tests. 213.Pp 214The 215.Fn fido_assert_set_up 216and 217.Fn fido_assert_set_uv 218functions set the 219.Fa up 220(user presence) and 221.Fa uv 222(user verification) 223attributes of 224.Fa assert . 225Both are 226.Dv FIDO_OPT_OMIT 227by default, allowing the authenticator to use its default settings. 228.Pp 229Use of the 230.Nm 231set of functions may happen in two distinct situations: 232when asking a FIDO2 device to produce a series of assertion 233statements, prior to 234.Xr fido_dev_get_assert 3 235(i.e, in the context of a FIDO2 client), or when verifying assertion 236statements using 237.Xr fido_assert_verify 3 238(i.e, in the context of a FIDO2 server). 239.Pp 240For a complete description of the generation of a FIDO2 assertion 241and its verification, please refer to the FIDO2 specification. 242An example of how to use the 243.Nm 244set of functions can be found in the 245.Pa examples/assert.c 246file shipped with 247.Em libfido2 . 248.Sh RETURN VALUES 249The 250.Nm 251functions return 252.Dv FIDO_OK 253on success. 254The error codes returned by the 255.Nm 256set of functions are defined in 257.In fido/err.h . 258.Sh SEE ALSO 259.Xr fido_assert_allow_cred 3 , 260.Xr fido_assert_verify 3 , 261.Xr fido_dev_get_assert 3 262