summaryrefslogtreecommitdiffstats
path: root/man
diff options
context:
space:
mode:
Diffstat (limited to 'man')
-rw-r--r--man/CMakeLists.txt6
-rw-r--r--man/fido_cred_new.344
-rw-r--r--man/fido_cred_set_authdata.328
3 files changed, 73 insertions, 5 deletions
diff --git a/man/CMakeLists.txt b/man/CMakeLists.txt
index 6616e4e..e83a9d7 100644
--- a/man/CMakeLists.txt
+++ b/man/CMakeLists.txt
@@ -186,6 +186,9 @@ list(APPEND MAN_ALIAS
fido_cred_new fido_cred_user_id_ptr
fido_cred_new fido_cred_user_name
fido_cred_new fido_cred_x5c_len
+ fido_cred_new fido_cred_x5c_list_count
+ fido_cred_new fido_cred_x5c_list_len
+ fido_cred_new fido_cred_x5c_list_ptr
fido_cred_new fido_cred_x5c_ptr
fido_cred_verify fido_cred_verify_self
fido_credman_metadata_new fido_credman_del_dev_rk
@@ -208,6 +211,7 @@ list(APPEND MAN_ALIAS
fido_credman_metadata_new fido_credman_rp_new
fido_credman_metadata_new fido_credman_set_dev_rk
fido_cred_set_authdata fido_cred_set_attstmt
+ fido_cred_set_authdata fido_cred_set_attobj
fido_cred_set_authdata fido_cred_set_authdata_raw
fido_cred_set_authdata fido_cred_set_blob
fido_cred_set_authdata fido_cred_set_clientdata
@@ -393,7 +397,7 @@ if(GZIP_PATH)
install(FILES ${PROJECT_BINARY_DIR}/man/${DST}.3.gz
DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
endforeach()
-elseif(NOT MSVC)
+else()
add_dependencies(man man_symlink)
foreach(f ${MAN_SOURCES})
if (${f} MATCHES ".1$")
diff --git a/man/fido_cred_new.3 b/man/fido_cred_new.3
index 4f8b1be..32ce768 100644
--- a/man/fido_cred_new.3
+++ b/man/fido_cred_new.3
@@ -1,4 +1,4 @@
-.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
+.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
@@ -47,6 +47,8 @@
.Nm fido_cred_pubkey_ptr ,
.Nm fido_cred_sig_ptr ,
.Nm fido_cred_user_id_ptr ,
+.Nm fido_cred_x5c_list_count ,
+.Nm fido_cred_x5c_list_ptr ,
.Nm fido_cred_x5c_ptr ,
.Nm fido_cred_attstmt_ptr ,
.Nm fido_cred_authdata_len ,
@@ -58,6 +60,7 @@
.Nm fido_cred_pubkey_len ,
.Nm fido_cred_sig_len ,
.Nm fido_cred_user_id_len ,
+.Nm fido_cred_x5c_list_len ,
.Nm fido_cred_x5c_len ,
.Nm fido_cred_attstmt_len ,
.Nm fido_cred_type ,
@@ -102,6 +105,10 @@
.Fn fido_cred_sig_ptr "const fido_cred_t *cred"
.Ft const unsigned char *
.Fn fido_cred_user_id_ptr "const fido_cred_t *cred"
+.Ft size_t
+.Fn fido_cred_x5c_list_count "const fido_cred_t *cred"
+.Ft const unsigned char *
+.Fn fido_cred_x5c_list_ptr "const fido_cred_t *cred" "size_t idx"
.Ft const unsigned char *
.Fn fido_cred_x5c_ptr "const fido_cred_t *cred"
.Ft const unsigned char *
@@ -125,6 +132,8 @@
.Ft size_t
.Fn fido_cred_user_id_len "const fido_cred_t *cred"
.Ft size_t
+.Fn fido_cred_x5c_list_len "const fido_cred_t *cred" "size_t idx"
+.Ft size_t
.Fn fido_cred_x5c_len "const fido_cred_t *cred"
.Ft size_t
.Fn fido_cred_attstmt_len "const fido_cred_t *cred"
@@ -246,7 +255,7 @@ and
functions return pointers to the CBOR-encoded and raw authenticator
data, client data hash, ID, authenticator attestation GUID,
.Dq largeBlobKey ,
-public key, signature, user ID, x509 certificate, and attestation
+public key, signature, user ID, x509 leaf certificate, and attestation
statement parts of
.Fa cred ,
or NULL if the respective entry is not set.
@@ -265,6 +274,37 @@ The corresponding length can be obtained by
and
.Fn fido_cred_attstmt_len .
.Pp
+The
+.Fn fido_cred_x5c_list_count
+function returns the length of the x509 certificate chain in
+.Fa cred
+and the
+.Fn fido_cred_x5c_list_ptr
+and
+.Fn fido_cred_x5c_list_len
+functions return a pointer to and length of the x509 certificate at index
+.Fa idx
+respectively.
+Please note that the leaf certificate has an
+.Fa idx
+(index) value of 0 and calling
+.Fn fido_cred_x5c_list_ptr cred 0
+and
+.Fn fido_cred_x5c_list_len cred 0
+is equivalent to
+.Fn fido_cred_x5c_ptr cred
+and
+.Fn fido_cred_x5c_len cred
+respectively.
+If
+.Fa idx
+exceeds the return value of
+.Fn fido_cred_x5c_list_count ,
+.Fn fido_cred_x5c_list_ptr
+returns NULL and
+.Fn fido_cred_x5c_list_len
+returns 0.
+.Pp
The authenticator data, x509 certificate, and signature parts of a
credential are typically passed to a FIDO2 server for verification.
.Pp
diff --git a/man/fido_cred_set_authdata.3 b/man/fido_cred_set_authdata.3
index e453832..ba3507f 100644
--- a/man/fido_cred_set_authdata.3
+++ b/man/fido_cred_set_authdata.3
@@ -32,6 +32,7 @@
.Nm fido_cred_set_authdata ,
.Nm fido_cred_set_authdata_raw ,
.Nm fido_cred_set_attstmt ,
+.Nm fido_cred_set_attobj ,
.Nm fido_cred_set_x509 ,
.Nm fido_cred_set_sig ,
.Nm fido_cred_set_id ,
@@ -64,6 +65,8 @@ typedef enum {
.Ft int
.Fn fido_cred_set_attstmt "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
.Ft int
+.Fn fido_cred_set_attobj "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
+.Ft int
.Fn fido_cred_set_x509 "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
.Ft int
.Fn fido_cred_set_sig "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
@@ -110,14 +113,15 @@ of its constituent parts, please refer to the Web Authentication
The
.Fn fido_cred_set_authdata ,
.Fn fido_cred_set_attstmt ,
+.Fn fido_cred_set_attobj ,
.Fn fido_cred_set_x509 ,
.Fn fido_cred_set_sig ,
.Fn fido_cred_set_id ,
and
.Fn fido_cred_set_clientdata_hash
functions set the authenticator data, attestation statement,
-attestation certificate, attestation signature, id, and client
-data hash parts of
+attestation object, attestation certificate, attestation signature,
+id, and client data hash parts of
.Fa cred
to
.Fa ptr ,
@@ -157,6 +161,26 @@ The latter two are meant to be used in contexts where the
credential's complete attestation statement is not available or
required.
.Pp
+The attestation object passed to
+.Fn fido_cred_set_attobj
+must be a CBOR-encoded map containing
+.Dq authData ,
+.Dq fmt ,
+and
+.Dq attStmt .
+An application calling
+.Fn fido_cred_set_attobj
+does not need to call
+.Fn fido_cred_set_fmt ,
+.Fn fido_cred_set_attstmt ,
+.Fn fido_cred_set_authdata ,
+or
+.Fn fido_cred_set_authdata_raw .
+.Fn fido_cred_set_attobj
+may be useful in applications interfacing with the WebAuthn API,
+removing the need to first parse the attestation object to verify the
+credential.
+.Pp
The
.Fn fido_cred_set_clientdata
function allows an application to set the client data hash of
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-10 05:42:44 +0000