NAME

     fido_cred_verify — verifies the signature of a FIDO 2 credential

SYNOPSIS

     #include <fido.h>

     int
     fido_cred_verify(const fido_cred_t *cred);

DESCRIPTION

     The fido_cred_verify() function verifies whether the signature contained in cred matches the
     attributes of the credential.  Before using fido_cred_verify() in a sensitive context, the
     reader is strongly encouraged to make herself familiar with the FIDO 2 credential
     attestation process as defined in the Web Authentication (webauthn) standard.

     A brief description follows:

     The fido_cred_verify() function verifies whether the client data hash, relying party ID,
     credential ID, type, and resident key and user verification attributes of cred have been
     attested by the holder of the private counterpart of the public key contained in the
     credential's x509 certificate.

     Please note that the x509 certificate itself is not verified.

     The attestation statement formats supported by fido_cred_verify() are packed and fido-u2f.
     The attestation type implemented by fido_cred_verify() is Basic Attestation.  The
     attestation key pair is assumed to be of the type ES256.  Other attestation formats and
     types are not supported.

RETURN VALUES

     The error codes returned by fido_cred_verify() are defined in <fido/err.h>.  If cred passes
     verification, then FIDO_OK is returned.

SEE ALSO

     fido_cred_new(3), fido_cred_set_authdata(3)