table of contents
- buster-backports 1.5.0-2~bpo10+1
- testing 1.5.0-2
- unstable 1.6.0-2
FIDO_CRED_VERIFY(3) | Library Functions Manual | FIDO_CRED_VERIFY(3) |
NAME¶
fido_cred_verify
—
SYNOPSIS¶
#include <fido.h>
int
fido_cred_verify
(const
fido_cred_t *cred);
DESCRIPTION¶
Thefido_cred_verify
() function verifies whether the
signature contained in cred matches the attributes of
the credential. Before using fido_cred_verify
() in a
sensitive context, the reader is strongly encouraged to make herself familiar
with the FIDO 2 credential attestation process as defined in the Web
Authentication (webauthn) standard.
A brief description follows:
The fido_cred_verify
() function verifies
whether the client data hash, relying party ID, credential ID, type, and
resident key and user verification attributes of cred
have been attested by the holder of the private counterpart of the public
key contained in the credential's x509 certificate.
Please note that the x509 certificate itself is not verified.
The attestation statement formats supported by
fido_cred_verify
() are packed and
fido-u2f. The attestation type implemented by
fido_cred_verify
() is Basic
Attestation. The attestation key pair is assumed to be of the type
ES256. Other attestation formats and types are not supported.
RETURN VALUES¶
The error codes returned byfido_cred_verify
() are
defined in <fido/err.h>
. If
cred passes verification, then
FIDO_OK
is returned.
SEE ALSO¶
fido_cred_new(3), fido_cred_set_authdata(3)May 23, 2018 | Linux 4.19.0-12-amd64 |