1FIDO_CRED_NEW(3)         BSD Library Functions Manual         FIDO_CRED_NEW(3)
2

NAME

4     fido_cred_new, fido_cred_free, fido_cred_pin_minlen, fido_cred_prot,
5     fido_cred_fmt, fido_cred_rp_id, fido_cred_rp_name, fido_cred_user_name,
6     fido_cred_display_name, fido_cred_authdata_ptr,
7     fido_cred_authdata_raw_ptr, fido_cred_clientdata_hash_ptr,
8     fido_cred_id_ptr, fido_cred_aaguid_ptr, fido_cred_largeblob_key_ptr,
9     fido_cred_pubkey_ptr, fido_cred_sig_ptr, fido_cred_user_id_ptr,
10     fido_cred_x5c_ptr, fido_cred_attstmt_ptr, fido_cred_authdata_len,
11     fido_cred_authdata_raw_len, fido_cred_clientdata_hash_len,
12     fido_cred_id_len, fido_cred_aaguid_len, fido_cred_largeblob_key_len,
13     fido_cred_pubkey_len, fido_cred_sig_len, fido_cred_user_id_len,
14     fido_cred_x5c_len, fido_cred_attstmt_len, fido_cred_type,
15     fido_cred_flags, fido_cred_sigcount — FIDO2 credential API
16

SYNOPSIS

18     #include <fido.h>
19
20     fido_cred_t *
21     fido_cred_new(void);
22
23     void
24     fido_cred_free(fido_cred_t **cred_p);
25
26     size_t
27     fido_cred_pin_minlen(const fido_cred_t *cred);
28
29     int
30     fido_cred_prot(const fido_cred_t *cred);
31
32     const char *
33     fido_cred_fmt(const fido_cred_t *cred);
34
35     const char *
36     fido_cred_rp_id(const fido_cred_t *cred);
37
38     const char *
39     fido_cred_rp_name(const fido_cred_t *cred);
40
41     const char *
42     fido_cred_user_name(const fido_cred_t *cred);
43
44     const char *
45     fido_cred_display_name(const fido_cred_t *cred);
46
47     const unsigned char *
48     fido_cred_authdata_ptr(const fido_cred_t *cred);
49
50     const unsigned char *
51     fido_cred_authdata_raw_ptr(const fido_cred_t *cred);
52
53     const unsigned char *
54     fido_cred_clientdata_hash_ptr(const fido_cred_t *cred);
55
56     const unsigned char *
57     fido_cred_id_ptr(const fido_cred_t *cred);
58
59     const unsigned char *
60     fido_cred_aaguid_ptr(const fido_cred_t *cred);
61
62     const unsigned char *
63     fido_cred_largeblob_key_ptr(const fido_cred_t *cred);
64
65     const unsigned char *
66     fido_cred_pubkey_ptr(const fido_cred_t *cred);
67
68     const unsigned char *
69     fido_cred_sig_ptr(const fido_cred_t *cred);
70
71     const unsigned char *
72     fido_cred_user_id_ptr(const fido_cred_t *cred);
73
74     const unsigned char *
75     fido_cred_x5c_ptr(const fido_cred_t *cred);
76
77     const unsigned char *
78     fido_cred_attstmt_ptr(const fido_cred_t *cred);
79
80     size_t
81     fido_cred_authdata_len(const fido_cred_t *cred);
82
83     size_t
84     fido_cred_authdata_raw_len(const fido_cred_t *cred);
85
86     size_t
87     fido_cred_clientdata_hash_len(const fido_cred_t *cred);
88
89     size_t
90     fido_cred_id_len(const fido_cred_t *cred);
91
92     size_t
93     fido_cred_aaguid_len(const fido_cred_t *cred);
94
95     size_t
96     fido_cred_largeblob_key_len(const fido_cred_t *cred);
97
98     size_t
99     fido_cred_pubkey_len(const fido_cred_t *cred);
100
101     size_t
102     fido_cred_sig_len(const fido_cred_t *cred);
103
104     size_t
105     fido_cred_user_id_len(const fido_cred_t *cred);
106
107     size_t
108     fido_cred_x5c_len(const fido_cred_t *cred);
109
110     size_t
111     fido_cred_attstmt_len(const fido_cred_t *cred);
112
113     int
114     fido_cred_type(const fido_cred_t *cred);
115
116     uint8_t
117     fido_cred_flags(const fido_cred_t *cred);
118
119     uint32_t
120     fido_cred_sigcount(const fido_cred_t *cred);
121

DESCRIPTION

123     FIDO2 credentials are abstracted in libfido2 by the fido_cred_t type.
124     The functions described in this page allow a fido_cred_t type to be allo‐
125     cated, deallocated, and inspected.  For other operations on fido_cred_t,
126     please refer to fido_cred_set_authdata(3), fido_cred_exclude(3),
127     fido_cred_verify(3), and fido_dev_make_cred(3).
128
129     The fido_cred_new() function returns a pointer to a newly allocated,
130     empty fido_cred_t type.  If memory cannot be allocated, NULL is returned.
131
132     The fido_cred_free() function releases the memory backing *cred_p, where
133     *cred_p must have been previously allocated by fido_cred_new().  On re‐
134     turn, *cred_p is set to NULL.  Either cred_p or *cred_p may be NULL, in
135     which case fido_cred_free() is a NOP.
136
137     If the CTAP 2.1 FIDO_EXT_MINPINLEN extension is enabled on cred, then the
138     fido_cred_pin_minlen() function returns the minimum PIN length of cred.
139     Otherwise, fido_cred_pin_minlen() returns zero.  See
140     fido_cred_set_pin_minlen(3) on how to enable this extension.
141
142     If the CTAP 2.1 FIDO_EXT_CRED_PROTECT extension is enabled on cred, then
143     the fido_cred_prot() function returns the protection of cred.  Otherwise,
144     fido_cred_prot() returns zero.  See fido_cred_set_prot(3) for the protec‐
145     tion policies understood by libfido2.
146
147     The fido_cred_fmt() function returns a pointer to a NUL-terminated string
148     containing the attestation statement format identifier of cred, or NULL
149     if cred does not have a format set.
150
151     The fido_cred_rp_id(), fido_cred_rp_name(), fido_cred_user_name(), and
152     fido_cred_display_name() functions return pointers to NUL-terminated
153     strings holding the relying party ID, relying party name, user name, and
154     user display name attributes of cred, or NULL if the respective entry is
155     not set.
156
157     The fido_cred_authdata_ptr(), fido_cred_authdata_raw_ptr(),
158     fido_cred_clientdata_hash_ptr(), fido_cred_id_ptr(),
159     fido_cred_aaguid_ptr(), fido_cred_largeblob_key_ptr(),
160     fido_cred_pubkey_ptr(), fido_cred_sig_ptr(), fido_cred_user_id_ptr(),
161     fido_cred_x5c_ptr(), and fido_cred_attstmt_ptr() functions return point‐
162     ers to the CBOR-encoded and raw authenticator data, client data hash, ID,
163     authenticator attestation GUID, “largeBlobKey”, public key, signature,
164     user ID, x509 certificate, and attestation statement parts of cred, or
165     NULL if the respective entry is not set.
166
167     The corresponding length can be obtained by fido_cred_authdata_len(),
168     fido_cred_authdata_raw_len(), fido_cred_clientdata_hash_len(),
169     fido_cred_id_len(), fido_cred_aaguid_len(),
170     fido_cred_largeblob_key_len(), fido_cred_pubkey_len(),
171     fido_cred_sig_len(), fido_cred_user_id_len(), fido_cred_x5c_len(), and
172     fido_cred_attstmt_len().
173
174     The authenticator data, x509 certificate, and signature parts of a cre‐
175     dential are typically passed to a FIDO2 server for verification.
176
177     The fido_cred_type() function returns the COSE algorithm of cred.
178
179     The fido_cred_flags() function returns the authenticator data flags of
180     cred.
181
182     The fido_cred_sigcount() function returns the authenticator data signa‐
183     ture counter of cred.
184

RETURN VALUES

186     The authenticator data returned by fido_cred_authdata_ptr() is a CBOR-en‐
187     coded byte string, as obtained from the authenticator.  To obtain the de‐
188     coded byte string, use fido_cred_authdata_raw_ptr().
189
190     If not NULL, pointers returned by fido_cred_fmt(),
191     fido_cred_authdata_ptr(), fido_cred_clientdata_hash_ptr(),
192     fido_cred_id_ptr(), fido_cred_aaguid_ptr(),
193     fido_cred_largeblob_key_ptr(), fido_cred_pubkey_ptr(),
194     fido_cred_sig_ptr(), and fido_cred_x5c_ptr() are guaranteed to exist un‐
195     til any API function that takes cred without the const qualifier is in‐
196     voked.
197

SEE ALSO

199     fido_cred_exclude(3), fido_cred_set_authdata(3),
200     fido_cred_set_pin_minlen(3), fido_cred_set_prot(3), fido_cred_verify(3),
201     fido_credman_metadata_new(3), fido_dev_largeblob_get(3),
202     fido_dev_make_cred(3)
203
204BSD                              May 23, 2018                              BSD
Impressum