Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
FIDO_DEV_ENABLE_ENTATTES(3) Library Functions ManuaFIDO_DEV_ENABLE_ENTATTES(3)

NAME
       fido_dev_enable_entattest,		    fido_dev_toggle_always_uv,
       fido_dev_force_pin_change,		      fido_dev_set_pin_minlen,
       fido_dev_set_pin_minlen_rpid  --	 CTAP  2.1 configuration authenticator
       API

SYNOPSIS
       #include	<fido.h>
       #include	<fido/config.h>

       int
       fido_dev_enable_entattest(fido_dev_t *dev, const	char *pin);

       int
       fido_dev_toggle_always_uv(fido_dev_t *dev, const	char *pin);

       int
       fido_dev_force_pin_change(fido_dev_t *dev, const	char *pin);

       int
       fido_dev_set_pin_minlen(fido_dev_t *dev,	size_t len, const char *pin);

       int
       fido_dev_set_pin_minlen_rpid(fido_dev_t *dev, const char	* const	*rpid,
	   size_t n, const char	*pin);

DESCRIPTION
       The functions described in this page allow configuration	of a CTAP  2.1
       authenticator.

       The   fido_dev_enable_entattest()   function   enables  the  Enterprise
       Attestation feature on dev.  Enterprise Attestation instructs  the  au-
       thenticator  to	include	uniquely identifying information in subsequent
       attestation statements.	The pin	parameter may be NULL if dev does  not
       have a PIN set.

       The fido_dev_toggle_always_uv() function	toggles	the "user verification
       always"	feature	on dev.	 When set, this	toggle enforces	user verifica-
       tion at the authenticator level for all known credentials.  If dev sup-
       ports U2F (CTAP1) and the user verification methods  supported  by  the
       authenticator  do not allow protection of U2F credentials, the U2F sub-
       system will be disabled by the authenticator.  The pin parameter	may be
       NULL if dev does	not have a PIN set.

       The fido_dev_force_pin_change() function	instructs dev to require a PIN
       change.	Subsequent PIN authentication attempts against dev  will  fail
       until its PIN is	changed.

       The  fido_dev_set_pin_minlen()  function	sets the minimum PIN length of
       dev to len.  Minimum PIN	lengths	may only be increased.

       The fido_dev_set_pin_minlen_rpid() function sets	the  list  of  relying
       party  identifiers  (RP IDs) that are allowed to	obtain the minimum PIN
       length of dev through the CTAP 2.1 FIDO_EXT_MINPINLEN  extension.   The
       list of RP identifiers is denoted by rpid, a vector of n	NUL-terminated
       UTF-8  strings.	 A copy	of rpid	is made, and no	reference to it	or its
       contents	is kept.  The maximum value of n supported by the  authentica-
       tor can be obtained using fido_cbor_info_maxrpid_minpinlen(3).

       Configuration settings are reflected in the payload returned by the au-
       thenticator in response to a fido_dev_get_cbor_info(3) call.

RETURN VALUES
       The    error    codes	returned    by	  fido_dev_enable_entattest(),
       fido_dev_toggle_always_uv(),		  fido_dev_force_pin_change(),
       fido_dev_set_pin_minlen(),  and	fido_dev_set_pin_minlen_rpid() are de-
       fined in	<fido/err.h>.  On success, FIDO_OK is returned.

SEE ALSO
       fido_cbor_info_maxrpid_minpinlen(3),	      fido_cred_pin_minlen(3),
       fido_dev_get_cbor_info(3), fido_dev_reset(3)

FreeBSD	Ports 14.quarterly	March 30, 2022	  FIDO_DEV_ENABLE_ENTATTEST(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=fido_dev_enable_entattest&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help