FreeBSD Manual Pages
FIDO_DEV_ENABLE_ENTATTES(3) Library Functions ManuaFIDO_DEV_ENABLE_ENTATTES(3) NAME fido_dev_enable_entattest, fido_dev_toggle_always_uv, fido_dev_force_pin_change, fido_dev_set_pin_minlen, fido_dev_set_pin_minlen_rpid -- CTAP 2.1 configuration authenticator API SYNOPSIS #include <fido.h> #include <fido/config.h> int fido_dev_enable_entattest(fido_dev_t *dev, const char *pin); int fido_dev_toggle_always_uv(fido_dev_t *dev, const char *pin); int fido_dev_force_pin_change(fido_dev_t *dev, const char *pin); int fido_dev_set_pin_minlen(fido_dev_t *dev, size_t len, const char *pin); int fido_dev_set_pin_minlen_rpid(fido_dev_t *dev, const char * const *rpid, size_t n, const char *pin); DESCRIPTION The functions described in this page allow configuration of a CTAP 2.1 authenticator. The fido_dev_enable_entattest() function enables the Enterprise Attestation feature on dev. Enterprise Attestation instructs the au- thenticator to include uniquely identifying information in subsequent attestation statements. The pin parameter may be NULL if dev does not have a PIN set. The fido_dev_toggle_always_uv() function toggles the "user verification always" feature on dev. When set, this toggle enforces user verifica- tion at the authenticator level for all known credentials. If dev sup- ports U2F (CTAP1) and the user verification methods supported by the authenticator do not allow protection of U2F credentials, the U2F sub- system will be disabled by the authenticator. The pin parameter may be NULL if dev does not have a PIN set. The fido_dev_force_pin_change() function instructs dev to require a PIN change. Subsequent PIN authentication attempts against dev will fail until its PIN is changed. The fido_dev_set_pin_minlen() function sets the minimum PIN length of dev to len. Minimum PIN lengths may only be increased. The fido_dev_set_pin_minlen_rpid() function sets the list of relying party identifiers (RP IDs) that are allowed to obtain the minimum PIN length of dev through the CTAP 2.1 FIDO_EXT_MINPINLEN extension. The list of RP identifiers is denoted by rpid, a vector of n NUL-terminated UTF-8 strings. A copy of rpid is made, and no reference to it or its contents is kept. The maximum value of n supported by the authentica- tor can be obtained using fido_cbor_info_maxrpid_minpinlen(3). Configuration settings are reflected in the payload returned by the au- thenticator in response to a fido_dev_get_cbor_info(3) call. RETURN VALUES The error codes returned by fido_dev_enable_entattest(), fido_dev_toggle_always_uv(), fido_dev_force_pin_change(), fido_dev_set_pin_minlen(), and fido_dev_set_pin_minlen_rpid() are de- fined in <fido/err.h>. On success, FIDO_OK is returned. SEE ALSO fido_cbor_info_maxrpid_minpinlen(3), fido_cred_pin_minlen(3), fido_dev_get_cbor_info(3), fido_dev_reset(3) FreeBSD Ports 14.quarterly March 30, 2022 FIDO_DEV_ENABLE_ENTATTEST(3)
NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=fido_dev_set_pin_minlen_rpid&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>
