1FIDO_CRED_NEW(3) BSD Library Functions Manual FIDO_CRED_NEW(3)
2
4 fido_cred_new, fido_cred_free, fido_cred_prot, fido_cred_fmt,
5 fido_cred_rp_id, fido_cred_rp_name, fido_cred_user_name,
6 fido_cred_display_name, fido_cred_authdata_ptr,
7 fido_cred_authdata_raw_ptr, fido_cred_clientdata_hash_ptr,
8 fido_cred_id_ptr, fido_cred_aaguid_ptr, fido_cred_pubkey_ptr,
9 fido_cred_sig_ptr, fido_cred_user_id_ptr, fido_cred_x5c_ptr,
10 fido_cred_authdata_len, fido_cred_authdata_raw_len,
11 fido_cred_clientdata_hash_len, fido_cred_id_len, fido_cred_aaguid_len,
12 fido_cred_pubkey_len, fido_cred_sig_len, fido_cred_user_id_len,
13 fido_cred_x5c_len, fido_cred_type, fido_cred_flags, fido_cred_sigcount —
14 FIDO 2 credential API
15
17 #include <fido.h>
18 fido_cred_t *
20 fido_cred_new(void);
21 void
23 fido_cred_free(fido_cred_t **cred_p);
24 int
26 fido_cred_prot(fido_cred_t *cred);
27 const char *
29 fido_cred_fmt(const fido_cred_t *cred);
30 const char *
32 fido_cred_rp_id(const fido_cred_t *cred);
33 const char *
35 fido_cred_rp_name(const fido_cred_t *cred);
36 const char *
38 fido_cred_user_name(const fido_cred_t *cred);
39 const char *
41 fido_cred_display_name(const fido_cred_t *cred);
42 const unsigned char *
44 fido_cred_authdata_ptr(const fido_cred_t *cred);
45 const unsigned char *
47 fido_cred_authdata_raw_ptr(const fido_cred_t *cred);
48 const unsigned char *
50 fido_cred_clientdata_hash_ptr(const fido_cred_t *cred);
51 const unsigned char *
53 fido_cred_id_ptr(const fido_cred_t *cred);
54 const unsigned char *
56 fido_cred_aaguid_ptr(const fido_cred_t *cred);
57 const unsigned char *
59 fido_cred_pubkey_ptr(const fido_cred_t *cred);
60 const unsigned char *
62 fido_cred_sig_ptr(const fido_cred_t *cred);
63 const unsigned char *
65 fido_cred_user_id_ptr(const fido_cred_t *cred);
66 const unsigned char *
68 fido_cred_x5c_ptr(const fido_cred_t *cred);
69 size_t
71 fido_cred_authdata_len(const fido_cred_t *cred);
72 size_t
74 fido_cred_authdata_raw_len(const fido_cred_t *cred);
75 size_t
77 fido_cred_clientdata_hash_len(const fido_cred_t *cred);
78 size_t
80 fido_cred_id_len(const fido_cred_t *cred);
81 size_t
83 fido_cred_aaguid_len(const fido_cred_t *cred);
84 size_t
86 fido_cred_pubkey_len(const fido_cred_t *cred);
87 size_t
89 fido_cred_sig_len(const fido_cred_t *cred);
90 size_t
92 fido_cred_user_id_len(const fido_cred_t *cred);
93 size_t
95 fido_cred_x5c_len(const fido_cred_t *cred);
96 int
98 fido_cred_type(const fido_cred_t *cred);
99 uint8_t
101 fido_cred_flags(const fido_cred_t *cred);
102 uint32_t
104 fido_cred_sigcount(const fido_cred_t *cred);
105
107 FIDO 2 credentials are abstracted in libfido2 by the fido_cred_t type.
108 The functions described in this page allow a fido_cred_t type to be allo‐
109 cated, deallocated, and inspected. For other operations on fido_cred_t,
110 please refer to fido_cred_set_authdata(3), fido_cred_exclude(3),
111 fido_cred_verify(3), and fido_dev_make_cred(3).
112 The fido_cred_new() function returns a pointer to a newly allocated,
114 empty fido_cred_t type. If memory cannot be allocated, NULL is returned.
115 The fido_cred_free() function releases the memory backing *cred_p, where
117 *cred_p must have been previously allocated by fido_cred_new(). On re‐
118 turn, *cred_p is set to NULL. Either cred_p or *cred_p may be NULL, in
119 which case fido_cred_free() is a NOP.
120 The fido_cred_prot() function returns the protection of cred. See
122 fido_cred_set_prot(3) for the values understood by libfido2.
123 The fido_cred_fmt() function returns a pointer to a NUL-terminated string
125 containing the format of cred, or NULL if cred does not have a format
126 set.
127 The fido_cred_rp_id(), fido_cred_rp_name(), fido_cred_user_name(), and
129 fido_cred_display_name() functions return pointers to NUL-terminated
130 strings holding the relying party ID, relying party name, user name, and
131 user display name attributes of cred, or NULL if the respective entry is
132 not set.
133 The fido_cred_authdata_ptr(), fido_cred_authdata_raw_ptr(),
135 fido_cred_clientdata_hash_ptr(), fido_cred_id_ptr(),
136 fido_cred_aaguid_ptr(), fido_cred_pubkey_ptr(), fido_cred_sig_ptr(),
137 fido_cred_user_id_ptr(), and fido_cred_x5c_ptr() functions return point‐
138 ers to the CBOR-encoded and raw authenticator data, client data hash, ID,
139 authenticator attestation GUID, public key, signature, user ID, and x509
140 certificate parts of cred, or NULL if the respective entry is not set.
141 The corresponding length can be obtained by fido_cred_authdata_len(),
143 fido_cred_authdata_raw_len(), fido_cred_clientdata_hash_len(),
144 fido_cred_id_len(), fido_cred_aaguid_len(), fido_cred_pubkey_len(),
145 fido_cred_sig_len(), fido_cred_user_id_len(), and fido_cred_x5c_len().
146 The authenticator data, x509 certificate, and signature parts of a cre‐
148 dential are typically passed to a FIDO 2 server for verification.
149 The fido_cred_type() function returns the COSE algorithm of cred.
151 The fido_cred_flags() function returns the authenticator data flags of
153 cred.
154 The fido_cred_sigcount() function returns the authenticator data signa‐
156 ture counter of cred.
157
159 The authenticator data returned by fido_cred_authdata_ptr() is a CBOR-en‐
160 coded byte string, as obtained from the authenticator. To obtain the de‐
161 coded byte string, use fido_cred_authdata_raw_ptr().
162 If not NULL, pointers returned by fido_cred_fmt(),
164 fido_cred_authdata_ptr(), fido_cred_clientdata_hash_ptr(),
165 fido_cred_id_ptr(), fido_cred_aaguid_ptr(), fido_cred_pubkey_ptr(),
166 fido_cred_sig_ptr(), and fido_cred_x5c_ptr() are guaranteed to exist un‐
167 til any API function that takes cred without the const qualifier is in‐
168 voked.
169
171 fido_cred_exclude(3), fido_cred_set_authdata(3), fido_cred_verify(3),
172 fido_credman_metadata_new(3), fido_dev_make_cred(3)
173BSD May 23, 2018 BSD