man: document fido_cred_x5c_list_{count,len,ptr}()

Yubico · Feb 13, 2024 · 768c3c9 · 768c3c9
1 parent b465d28
commit 768c3c9
Showing 1 changed file with 25 additions and 2 deletions.
diff --git a/man/fido_cred_new.3 b/man/fido_cred_new.3
@@ -1,4 +1,4 @@
-.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
+.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are
@@ -47,6 +47,8 @@
 .Nm fido_cred_pubkey_ptr ,
 .Nm fido_cred_sig_ptr ,
 .Nm fido_cred_user_id_ptr ,
+.Nm fido_cred_x5c_list_count ,
+.Nm fido_cred_x5c_list_ptr ,
 .Nm fido_cred_x5c_ptr ,
 .Nm fido_cred_attstmt_ptr ,
 .Nm fido_cred_authdata_len ,
@@ -58,6 +60,7 @@
 .Nm fido_cred_pubkey_len ,
 .Nm fido_cred_sig_len ,
 .Nm fido_cred_user_id_len ,
+.Nm fido_cred_x5c_list_len ,
 .Nm fido_cred_x5c_len ,
 .Nm fido_cred_attstmt_len ,
 .Nm fido_cred_type ,
@@ -102,6 +105,10 @@
 .Fn fido_cred_sig_ptr "const fido_cred_t *cred"
 .Ft const unsigned char *
 .Fn fido_cred_user_id_ptr "const fido_cred_t *cred"
+.Ft size_t
+.Fn fido_cred_x5c_list_count "const fido_cred_t *cred"
+.Ft const unsigned char *
+.Fn fido_cred_x5c_list_ptr "const fido_cred_t *cred" "size_t idx"
 .Ft const unsigned char *
 .Fn fido_cred_x5c_ptr "const fido_cred_t *cred"
 .Ft const unsigned char *
@@ -125,6 +132,8 @@
 .Ft size_t
 .Fn fido_cred_user_id_len "const fido_cred_t *cred"
 .Ft size_t
+.Fn fido_cred_x5c_list_len "const fido_cred_t *cred" "size_t idx"
+.Ft size_t
 .Fn fido_cred_x5c_len "const fido_cred_t *cred"
 .Ft size_t
 .Fn fido_cred_attstmt_len "const fido_cred_t *cred"
@@ -246,7 +255,7 @@ and
 functions return pointers to the CBOR-encoded and raw authenticator
 data, client data hash, ID, authenticator attestation GUID,
 .Dq largeBlobKey ,
-public key, signature, user ID, x509 certificate, and attestation
+public key, signature, user ID, x509 leaf certificate, and attestation
 statement parts of
 .Fa cred ,
 or NULL if the respective entry is not set.
@@ -265,6 +274,20 @@ The corresponding length can be obtained by
 and
 .Fn fido_cred_attstmt_len .
 .Pp
+The
+.Fn fido_cred_x5c_list_count
+function returns the length of the x509 certificate chain in
+.Fa cred
+and the
+.Fn fido_cred_x5c_list_ptr ,
+.Fn fido_cred_x5c_list_len ,
+functions return a pointer to and length of the x509 certificate at index
+.Fa idx
+respectively.
+Please note that the leaf certificate has an
+.Fa idx
+(index) value of 0.
+.Pp
 The authenticator data, x509 certificate, and signature parts of a
 credential are typically passed to a FIDO2 server for verification.
 .Pp