NAME

     fido_assert_verify — verifies the signature of a FIDO2 assertion statement

SYNOPSIS

     #include <fido.h>

     int
     fido_assert_verify(const fido_assert_t *assert, size_t idx, int cose_alg, const void *pk);

DESCRIPTION

     The fido_assert_verify() function verifies whether the signature contained in statement
     index idx of assert matches the parameters of the assertion.  Before using
     fido_assert_verify() in a sensitive context, the reader is strongly encouraged to make
     herself familiar with the FIDO2 assertion statement process as defined in the Web
     Authentication (webauthn) standard.

     A brief description follows:

     The fido_assert_verify() function verifies whether the client data hash, relying party ID,
     user presence and user verification attributes of assert have been attested by the holder of
     the private counterpart of the public key pk of COSE type cose_alg, where cose_alg is
     COSE_ES256, COSE_RS256, or COSE_EDDSA, and pk points to a es256_pk_t, rs256_pk_t, or
     eddsa_pk_t type accordingly.

     Please note that the first statement in assert has an idx of 0.

RETURN VALUES

     The error codes returned by fido_assert_verify() are defined in <fido/err.h>.  If statement
     idx of assert passes verification with pk, then FIDO_OK is returned.

SEE ALSO

     fido_assert_new(3), fido_assert_set_authdata(3)