FreeBSD Manual Pages

home | help
FIDO_CREDMAN_METADATA... BSD Library Functions Manual FIDO_CREDMAN_METADATA...

NAME
     fido_credman_metadata_new,	fido_credman_rk_new, fido_credman_rp_new,
     fido_credman_metadata_free, fido_credman_rk_free, fido_credman_rp_free,
     fido_credman_rk_existing, fido_credman_rk_remaining, fido_credman_rk,
     fido_credman_rk_count, fido_credman_rp_id,	fido_credman_rp_name,
     fido_credman_rp_count, fido_credman_rp_id_hash_ptr,
     fido_credman_rp_id_hash_len, fido_credman_get_dev_metadata,
     fido_credman_get_dev_rk, fido_credman_del_dev_rk, fido_credman_get_dev_rp
     --	FIDO 2 credential management API

SYNOPSIS
     #include <fido.h>
     #include <fido/credman.h>

     fido_credman_metadata_t *
     fido_credman_metadata_new(void);

     fido_credman_rk_t *
     fido_credman_rk_new(void);

     fido_credman_rp_t *
     fido_credman_rp_new(void);

     void
     fido_credman_metadata_free(fido_credman_metadata_t	**metadata_p);

     void
     fido_credman_rk_free(fido_credman_rk_t **rk_p);

     void
     fido_credman_rp_free(fido_credman_rp_t **rp_p);

     uint64_t
     fido_credman_rk_existing(const fido_credman_metadata_t *metadata);

     uint64_t
     fido_credman_rk_remaining(const fido_credman_metadata_t *metadata);

     const fido_cred_t *
     fido_credman_rk(const fido_credman_rk_t *rk, size_t idx);

     size_t
     fido_credman_rk_count(const fido_credman_rk_t *rk);

     const char	*
     fido_credman_rp_id(const fido_credman_rp_t	*rp, size_t idx);

     const char	*
     fido_credman_rp_name(const	fido_credman_rp_t *rp, size_t idx);

     size_t
     fido_credman_rp_count(const fido_credman_rp_t *rp);

     const unsigned char *
     fido_credman_rp_id_hash_ptr(const fido_credman_rp_t *rp, size_t idx);

     size_t
     fido_credman_rp_id_hash_len(const fido_credman_rp_t *, size_t idx);

     int
     fido_credman_get_dev_metadata(fido_dev_t *dev,
	 fido_credman_metadata_t *metadata, const char *pin);

     int
     fido_credman_get_dev_rk(fido_dev_t	*dev, const char *rp_id,
	 fido_credman_rk_t *rk,	const char *pin);

     int
     fido_credman_del_dev_rk(fido_dev_t	*dev, const, unsigned, char,
	 *cred_id", size_t cred_id_len,	const char *pin);

     int
     fido_credman_get_dev_rp(fido_dev_t	*dev, fido_credman_rp_t	*rp,
	 const char *pin);

DESCRIPTION
     The credential management API of libfido2 allows resident credentials on
     a FIDO2 authenticator to be listed, inspected, and	removed.  Please note
     that not all FIDO2	authenticators support credential management.  To ob-
     tain information on what an authenticator supports, please	refer to
     fido_cbor_info_new(3).

     The fido_credman_metadata_t type abstracts	credential management meta-
     data.

     The fido_credman_metadata_new() function returns a	pointer	to a newly al-
     located, empty fido_credman_metadata_t type.  If memory cannot be allo-
     cated, NULL is returned.

     The fido_credman_metadata_free() function releases	the memory backing
     *metadata_p, where	*metadata_p must have been previously allocated	by
     fido_credman_metadata_new().  On return, *metadata_p is set to NULL.  Ei-
     ther metadata_p or	*metadata_p may	be NULL, in which case
     fido_credman_metadata_free() is a NOP.

     The fido_credman_get_dev_metadata() function populates metadata with in-
     formation retrieved from dev.  A valid pin	must be	provided.

     The fido_credman_rk_existing() function inspects metadata and returns the
     number of resident	credentials on the authenticator.  The
     fido_credman_rk_remaining() function inspects metadata and	returns	the
     estimated number of resident credentials that can be created on the au-
     thenticator.

     The fido_credman_rk_t type	abstracts the set of resident credentials be-
     longing to	a given	relying	party.

     The fido_credman_rk_new() function	returns	a pointer to a newly allo-
     cated, empty fido_credman_rk_t type.  If memory cannot be allocated, NULL
     is	returned.

     The fido_credman_rk_free()	function releases the memory backing *rk_p,
     where *rk_p must have been	previously allocated by	fido_credman_rk_new().
     On	return,	*rk_p is set to	NULL.  Either rk_p or *rk_p may	be NULL, in
     which case	fido_credman_rk_free() is a NOP.

     The fido_credman_get_dev_rk() function populates rk with the set of resi-
     dent credentials belonging	to rp_id in dev.  A valid pin must be pro-
     vided.

     The fido_credman_rk_count() function returns the number of	resident cre-
     dentials in rk.  The fido_credman_rk() function returns a pointer to the
     credential	at index idx in	rk.  Please note that the first	credential in
     rk	has an idx (index) value of 0.

     The fido_credman_del_dev_rk() function deletes the	resident credential
     identified	by cred_id from	dev, where cred_id points to cred_id_len
     bytes.  A valid pin must be provided.

     The fido_credman_rp_t type	abstracts information about a relying party.

     The fido_credman_rp_new() function	returns	a pointer to a newly allo-
     cated, empty fido_credman_rp_t type.  If memory cannot be allocated, NULL
     is	returned.

     The fido_credman_rp_free()	function releases the memory backing *rp_p,
     where *rp_p must have been	previously allocated by	fido_credman_rp_new().
     On	return,	*rp_p is set to	NULL.  Either rp_p or *rp_p may	be NULL, in
     which case	fido_credman_rp_free() is a NOP.

     The fido_credman_get_dev_rp() function populates rp with information
     about relying parties with	resident credentials in	dev.  A	valid pin must
     be	provided.

     The fido_credman_rp_count() function returns the number of	relying	par-
     ties in rp.

     The fido_credman_rp_id() and fido_credman_rp_name() functions return
     pointers to the id	and name of relying party idx in rp.  If not NULL, the
     values returned by	these functions	point to NUL-terminated	UTF-8 strings.
     Please note that the first	relying	party in rp has	an idx (index) value
     of	0.

     The fido_credman_rp_id_hash_ptr() function	returns	a pointer to the
     hashed id of relying party	idx in rp.  The	corresponding length can be
     obtained by fido_credman_rp_id_hash_len().	 Please	note that the first
     relying party in rp has an	idx (index) value of 0.

RETURN VALUES
     The fido_credman_get_dev_metadata(), fido_credman_get_dev_rk(),
     fido_credman_del_dev_rk(),	and fido_credman_get_dev_rp() functions	return
     FIDO_OK on	success.  On error, a different	error code defined in
     <fido/err.h> is returned.	Functions returning pointers are not guaran-
     teed to succeed, and should have their return values checked for NULL.

SEE ALSO
     fido_cbor_info_new(3), fido_cred_new(3)

CAVEATS
     Credential	management is a	tentative feature of FIDO 2.1.	Applications
     willing to	strictly abide by FIDO 2.0 should refrain from using creden-
     tial management.  Applications using credential management	should ensure
     it	is supported by	the authenticator prior	to using the API.  Since FIDO
     2.1 hasn't	been finalised,	there is a chance the functionality and	asso-
     ciated data structures may	change.

BSD				 June 28, 2019				   BSD
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=fido_credman_metadata_new&sektion=3&manpath=FreeBSD+13.0-RELEASE+and+Ports>
home | help
Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages
