fido_assert_verify —
verifies the signature of a FIDO2 assertion
statement
#include
<fido.h>
int
fido_assert_verify(
const
fido_assert_t *assert,
size_t idx,
int cose_alg,
const void *pk);
The
fido_assert_verify() function verifies
whether the signature contained in statement index
idx of
assert matches the parameters of the
assertion. Before using
fido_assert_verify() in a sensitive
context, the reader is strongly encouraged to make herself familiar with the
FIDO2 assertion statement process as defined in the Web Authentication
(webauthn) standard.
A brief description follows:
The
fido_assert_verify() function verifies
whether the client data hash, relying party ID, user presence and user
verification attributes of
assert have been
attested by the holder of the private counterpart of the public key
pk of COSE type
cose_alg, where
cose_alg is
COSE_ES256,
COSE_ES384,
COSE_RS256, or
COSE_EDDSA, and
pk points to a
es256_pk_t,
es384_pk_t,
rs256_pk_t, or
eddsa_pk_t type accordingly.
Please note that the first statement in
assert
has an
idx of 0.
The error codes returned by
fido_assert_verify() are defined in
<fido/err.h>.
If statement
idx of
assert passes verification with
pk, then
FIDO_OK is returned.
fido_assert_new(3),
fido_assert_set_authdata(3)