1 files changed, 55 insertions, 0 deletions

diff --git a/tools/fido2-assert.c b/tools/fido2-assert.c
new file mode 100644
index 0000000..351ed4f
--- /dev/null
+++ b/tools/fido2-assert.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2018-2023 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+/*
+ * Example usage:
+ *
+ * $ echo assertion challenge | openssl sha256 -binary | base64 > assert_param
+ * $ echo relying party >> assert_param
+ * $ head -1 cred >> assert_param # credential id
+ * $ tail -n +2 cred > pubkey # credential pubkey
+ * $ fido2-assert -G -i assert_param /dev/hidraw5 | fido2-assert -V pubkey rs256
+ *
+ * See blurb in fido2-cred.c on how to obtain cred.
+ */
+
+#include <fido.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../openbsd-compat/openbsd-compat.h"
+#include "extern.h"
+
+void
+usage(void)
+{
+	fprintf(stderr,
+"usage: fido2-assert -G [-bdhpruvw] [-t option] [-i input_file] [-o output_file] device\n"
+"       fido2-assert -V [-dhpv] [-i input_file] key_file [type]\n"
+	);
+
+	exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+	if (argc < 2 || strlen(argv[1]) != 2 || argv[1][0] != '-')
+		usage();
+
+	switch (argv[1][1]) {
+	case 'G':
+		return (assert_get(--argc, ++argv));
+	case 'V':
+		return (assert_verify(--argc, ++argv));
+	}
+
+	usage();
+
+	/* NOTREACHED */
+}