summaryrefslogtreecommitdiffstats
path: root/man/fido_cred_new.3
diff options
context:
space:
mode:
Diffstat (limited to 'man/fido_cred_new.3')
-rw-r--r--man/fido_cred_new.344
1 files changed, 42 insertions, 2 deletions
diff --git a/man/fido_cred_new.3 b/man/fido_cred_new.3
index 4f8b1be..32ce768 100644
--- a/man/fido_cred_new.3
+++ b/man/fido_cred_new.3
@@ -1,4 +1,4 @@
-.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
+.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
@@ -47,6 +47,8 @@
.Nm fido_cred_pubkey_ptr ,
.Nm fido_cred_sig_ptr ,
.Nm fido_cred_user_id_ptr ,
+.Nm fido_cred_x5c_list_count ,
+.Nm fido_cred_x5c_list_ptr ,
.Nm fido_cred_x5c_ptr ,
.Nm fido_cred_attstmt_ptr ,
.Nm fido_cred_authdata_len ,
@@ -58,6 +60,7 @@
.Nm fido_cred_pubkey_len ,
.Nm fido_cred_sig_len ,
.Nm fido_cred_user_id_len ,
+.Nm fido_cred_x5c_list_len ,
.Nm fido_cred_x5c_len ,
.Nm fido_cred_attstmt_len ,
.Nm fido_cred_type ,
@@ -102,6 +105,10 @@
.Fn fido_cred_sig_ptr "const fido_cred_t *cred"
.Ft const unsigned char *
.Fn fido_cred_user_id_ptr "const fido_cred_t *cred"
+.Ft size_t
+.Fn fido_cred_x5c_list_count "const fido_cred_t *cred"
+.Ft const unsigned char *
+.Fn fido_cred_x5c_list_ptr "const fido_cred_t *cred" "size_t idx"
.Ft const unsigned char *
.Fn fido_cred_x5c_ptr "const fido_cred_t *cred"
.Ft const unsigned char *
@@ -125,6 +132,8 @@
.Ft size_t
.Fn fido_cred_user_id_len "const fido_cred_t *cred"
.Ft size_t
+.Fn fido_cred_x5c_list_len "const fido_cred_t *cred" "size_t idx"
+.Ft size_t
.Fn fido_cred_x5c_len "const fido_cred_t *cred"
.Ft size_t
.Fn fido_cred_attstmt_len "const fido_cred_t *cred"
@@ -246,7 +255,7 @@ and
functions return pointers to the CBOR-encoded and raw authenticator
data, client data hash, ID, authenticator attestation GUID,
.Dq largeBlobKey ,
-public key, signature, user ID, x509 certificate, and attestation
+public key, signature, user ID, x509 leaf certificate, and attestation
statement parts of
.Fa cred ,
or NULL if the respective entry is not set.
@@ -265,6 +274,37 @@ The corresponding length can be obtained by
and
.Fn fido_cred_attstmt_len .
.Pp
+The
+.Fn fido_cred_x5c_list_count
+function returns the length of the x509 certificate chain in
+.Fa cred
+and the
+.Fn fido_cred_x5c_list_ptr
+and
+.Fn fido_cred_x5c_list_len
+functions return a pointer to and length of the x509 certificate at index
+.Fa idx
+respectively.
+Please note that the leaf certificate has an
+.Fa idx
+(index) value of 0 and calling
+.Fn fido_cred_x5c_list_ptr cred 0
+and
+.Fn fido_cred_x5c_list_len cred 0
+is equivalent to
+.Fn fido_cred_x5c_ptr cred
+and
+.Fn fido_cred_x5c_len cred
+respectively.
+If
+.Fa idx
+exceeds the return value of
+.Fn fido_cred_x5c_list_count ,
+.Fn fido_cred_x5c_list_ptr
+returns NULL and
+.Fn fido_cred_x5c_list_len
+returns 0.
+.Pp
The authenticator data, x509 certificate, and signature parts of a
credential are typically passed to a FIDO2 server for verification.
.Pp
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-26 08:34:23 +0000