1.\" Copyright (c) 2018 Yubico AB. All rights reserved. 2.\" Use of this source code is governed by a BSD-style 3.\" license that can be found in the LICENSE file. 4.\" 5.Dd $Mdocdate: May 23 2018 $ 6.Dt FIDO_CRED_VERIFY 3 7.Os 8.Sh NAME 9.Nm fido_cred_verify 10.Nd verifies the attestation signature of a FIDO 2 credential 11.Sh SYNOPSIS 12.In fido.h 13.Ft int 14.Fn fido_cred_verify "const fido_cred_t *cred" 15.Sh DESCRIPTION 16The 17.Fn fido_cred_verify 18function verifies whether the attestation signature contained in 19.Fa cred 20matches the attributes of the credential. 21Before using 22.Fn fido_cred_verify 23in a sensitive context, the reader is strongly encouraged to make 24herself familiar with the FIDO 2 credential attestation process 25as defined in the Web Authentication (webauthn) standard. 26.Pp 27A brief description follows: 28.Pp 29The 30.Fn fido_cred_verify 31function verifies whether the client data hash, relying party ID, 32credential ID, type, and resident/discoverable key and user verification 33attributes of 34.Fa cred 35have been attested by the holder of the private counterpart of 36the public key contained in the credential's x509 certificate. 37.Pp 38Please note that the x509 certificate itself is not verified. 39.Pp 40The attestation statement formats supported by 41.Fn fido_cred_verify 42are 43.Em packed 44and 45.Em fido-u2f . 46The attestation type implemented by 47.Fn fido_cred_verify 48is 49.Em Basic Attestation . 50The attestation key pair is assumed to be of the type ES256. 51Other attestation formats and types are not supported. 52.Sh RETURN VALUES 53The error codes returned by 54.Fn fido_cred_verify 55are defined in 56.In fido/err.h . 57If 58.Fa cred 59does not contain attestation data, then 60.Dv FIDO_ERR_INVALID_ARGUMENT 61is returned. 62If 63.Fa cred 64passes verification, then 65.Dv FIDO_OK 66is returned. 67.Sh SEE ALSO 68.Xr fido_cred_new 3 , 69.Xr fido_cred_set_authdata 3 70