NAME

       fido_assert_verify — verifies the signature of a FIDO2 assertion statement

SYNOPSIS

       #include <fido.h>

       int
       fido_assert_verify(const fido_assert_t *assert, size_t idx, int cose_alg, const void *pk);

DESCRIPTION

       The  fido_assert_verify()  function  verifies  whether  the signature contained in statement index idx of
       assert matches the parameters of  the  assertion.   Before  using  fido_assert_verify()  in  a  sensitive
       context,  the  reader  is strongly encouraged to make herself familiar with the FIDO2 assertion statement
       process as defined in the Web Authentication (webauthn) standard.

       A brief description follows:

       The fido_assert_verify() function verifies whether the client data hash, relying party ID, user  presence
       and user verification attributes of assert have been attested by the holder of the private counterpart of
       the  public  key  pk  of  COSE  type  cose_alg,  where cose_alg is COSE_ES256, COSE_ES384, COSE_RS256, or
       COSE_EDDSA, and pk points to a es256_pk_t, es384_pk_t, rs256_pk_t, or eddsa_pk_t type accordingly.

       Please note that the first statement in assert has an idx of 0.

RETURN VALUES

       The error codes returned by fido_assert_verify() are defined in <fido/err.h>.  If statement idx of assert
       passes verification with pk, then FIDO_OK is returned.

SEE ALSO

       fido_assert_new(3), fido_assert_set_authdata(3)

Debian                                            July 15, 2022                            FIDO_ASSERT_VERIFY(3)