1.\" Copyright (c) 2018 Yubico AB. All rights reserved. 2.\" Use of this source code is governed by a BSD-style 3.\" license that can be found in the LICENSE file. 4.\" 5.Dd $Mdocdate: May 24 2018 $ 6.Dt FIDO_ASSERT_VERIFY 3 7.Os 8.Sh NAME 9.Nm fido_assert_verify 10.Nd verifies the signature of a FIDO2 assertion statement 11.Sh SYNOPSIS 12.In fido.h 13.Ft int 14.Fn fido_assert_verify "const fido_assert_t *assert" "size_t idx" "int cose_alg" "const void *pk" 15.Sh DESCRIPTION 16The 17.Fn fido_assert_verify 18function verifies whether the signature contained in statement index 19.Fa idx 20of 21.Fa assert 22matches the parameters of the assertion. 23Before using 24.Fn fido_assert_verify 25in a sensitive context, the reader is strongly encouraged to make 26herself familiar with the FIDO2 assertion statement process 27as defined in the Web Authentication (webauthn) standard. 28.Pp 29A brief description follows: 30.Pp 31The 32.Fn fido_assert_verify 33function verifies whether the client data hash, relying party ID, 34user presence and user verification attributes of 35.Fa assert 36have been attested by the holder of the private counterpart of 37the public key 38.Fa pk 39of COSE type 40.Fa cose_alg , 41where 42.Fa cose_alg 43is 44.Dv COSE_ES256 , 45.Dv COSE_RS256 , 46or 47.Dv COSE_EDDSA , 48and 49.Fa pk 50points to a 51.Vt es256_pk_t , 52.Vt rs256_pk_t , 53or 54.Vt eddsa_pk_t 55type accordingly. 56.Pp 57Please note that the first statement in 58.Fa assert 59has an 60.Fa idx 61of 0. 62.Sh RETURN VALUES 63The error codes returned by 64.Fn fido_assert_verify 65are defined in 66.In fido/err.h . 67If 68statement 69.Fa idx 70of 71.Fa assert 72passes verification with 73.Fa pk , 74then 75.Dv FIDO_OK 76is returned. 77.Sh SEE ALSO 78.Xr fido_assert_new 3 , 79.Xr fido_assert_set_authdata 3 80