1FIDO_CRED_NEW(3)         BSD Library Functions Manual         FIDO_CRED_NEW(3)
2

NAME

4     fido_cred_new, fido_cred_free, fido_cred_prot, fido_cred_fmt,
5     fido_cred_rp_id, fido_cred_rp_name, fido_cred_user_name,
6     fido_cred_display_name, fido_cred_authdata_ptr,
7     fido_cred_authdata_raw_ptr, fido_cred_clientdata_hash_ptr,
8     fido_cred_id_ptr, fido_cred_aaguid_ptr, fido_cred_largeblob_key_ptr,
9     fido_cred_pubkey_ptr, fido_cred_sig_ptr, fido_cred_user_id_ptr,
10     fido_cred_x5c_ptr, fido_cred_authdata_len, fido_cred_authdata_raw_len,
11     fido_cred_clientdata_hash_len, fido_cred_id_len, fido_cred_aaguid_len,
12     fido_cred_largeblob_key_len, fido_cred_pubkey_len, fido_cred_sig_len,
13     fido_cred_user_id_len, fido_cred_x5c_len, fido_cred_type,
14     fido_cred_flags, fido_cred_sigcount — FIDO 2 credential API
15

SYNOPSIS

17     #include <fido.h>
18
19     fido_cred_t *
20     fido_cred_new(void);
21
22     void
23     fido_cred_free(fido_cred_t **cred_p);
24
25     int
26     fido_cred_prot(fido_cred_t *cred);
27
28     const char *
29     fido_cred_fmt(const fido_cred_t *cred);
30
31     const char *
32     fido_cred_rp_id(const fido_cred_t *cred);
33
34     const char *
35     fido_cred_rp_name(const fido_cred_t *cred);
36
37     const char *
38     fido_cred_user_name(const fido_cred_t *cred);
39
40     const char *
41     fido_cred_display_name(const fido_cred_t *cred);
42
43     const unsigned char *
44     fido_cred_authdata_ptr(const fido_cred_t *cred);
45
46     const unsigned char *
47     fido_cred_authdata_raw_ptr(const fido_cred_t *cred);
48
49     const unsigned char *
50     fido_cred_clientdata_hash_ptr(const fido_cred_t *cred);
51
52     const unsigned char *
53     fido_cred_id_ptr(const fido_cred_t *cred);
54
55     const unsigned char *
56     fido_cred_aaguid_ptr(const fido_cred_t *cred);
57
58     const unsigned char *
59     fido_cred_largeblob_key_ptr(const fido_cred_t *cred);
60
61     const unsigned char *
62     fido_cred_pubkey_ptr(const fido_cred_t *cred);
63
64     const unsigned char *
65     fido_cred_sig_ptr(const fido_cred_t *cred);
66
67     const unsigned char *
68     fido_cred_user_id_ptr(const fido_cred_t *cred);
69
70     const unsigned char *
71     fido_cred_x5c_ptr(const fido_cred_t *cred);
72
73     size_t
74     fido_cred_authdata_len(const fido_cred_t *cred);
75
76     size_t
77     fido_cred_authdata_raw_len(const fido_cred_t *cred);
78
79     size_t
80     fido_cred_clientdata_hash_len(const fido_cred_t *cred);
81
82     size_t
83     fido_cred_id_len(const fido_cred_t *cred);
84
85     size_t
86     fido_cred_aaguid_len(const fido_cred_t *cred);
87
88     size_t
89     fido_cred_largeblob_key_len(const fido_cred_t *cred);
90
91     size_t
92     fido_cred_pubkey_len(const fido_cred_t *cred);
93
94     size_t
95     fido_cred_sig_len(const fido_cred_t *cred);
96
97     size_t
98     fido_cred_user_id_len(const fido_cred_t *cred);
99
100     size_t
101     fido_cred_x5c_len(const fido_cred_t *cred);
102
103     int
104     fido_cred_type(const fido_cred_t *cred);
105
106     uint8_t
107     fido_cred_flags(const fido_cred_t *cred);
108
109     uint32_t
110     fido_cred_sigcount(const fido_cred_t *cred);
111

DESCRIPTION

113     FIDO 2 credentials are abstracted in libfido2 by the fido_cred_t type.
114     The functions described in this page allow a fido_cred_t type to be allo‐
115     cated, deallocated, and inspected.  For other operations on fido_cred_t,
116     please refer to fido_cred_set_authdata(3), fido_cred_exclude(3),
117     fido_cred_verify(3), and fido_dev_make_cred(3).
118
119     The fido_cred_new() function returns a pointer to a newly allocated,
120     empty fido_cred_t type.  If memory cannot be allocated, NULL is returned.
121
122     The fido_cred_free() function releases the memory backing *cred_p, where
123     *cred_p must have been previously allocated by fido_cred_new().  On re‐
124     turn, *cred_p is set to NULL.  Either cred_p or *cred_p may be NULL, in
125     which case fido_cred_free() is a NOP.
126
127     The fido_cred_prot() function returns the protection of cred.  See
128     fido_cred_set_prot(3) for the values understood by libfido2.
129
130     The fido_cred_fmt() function returns a pointer to a NUL-terminated string
131     containing the format of cred, or NULL if cred does not have a format
132     set.
133
134     The fido_cred_rp_id(), fido_cred_rp_name(), fido_cred_user_name(), and
135     fido_cred_display_name() functions return pointers to NUL-terminated
136     strings holding the relying party ID, relying party name, user name, and
137     user display name attributes of cred, or NULL if the respective entry is
138     not set.
139
140     The fido_cred_authdata_ptr(), fido_cred_authdata_raw_ptr(),
141     fido_cred_clientdata_hash_ptr(), fido_cred_id_ptr(),
142     fido_cred_aaguid_ptr(), fido_cred_largeblob_key_ptr(),
143     fido_cred_pubkey_ptr(), fido_cred_sig_ptr(), fido_cred_user_id_ptr(), and
144     fido_cred_x5c_ptr() functions return pointers to the CBOR-encoded and raw
145     authenticator data, client data hash, ID, authenticator attestation GUID,
146     “largeBlobKey”, public key, signature, user ID, and x509 certificate
147     parts of cred, or NULL if the respective entry is not set.
148
149     The corresponding length can be obtained by fido_cred_authdata_len(),
150     fido_cred_authdata_raw_len(), fido_cred_clientdata_hash_len(),
151     fido_cred_id_len(), fido_cred_aaguid_len(),
152     fido_cred_largeblob_key_len(), fido_cred_pubkey_len(),
153     fido_cred_sig_len(), fido_cred_user_id_len(), and fido_cred_x5c_len().
154
155     The authenticator data, x509 certificate, and signature parts of a cre‐
156     dential are typically passed to a FIDO 2 server for verification.
157
158     The fido_cred_type() function returns the COSE algorithm of cred.
159
160     The fido_cred_flags() function returns the authenticator data flags of
161     cred.
162
163     The fido_cred_sigcount() function returns the authenticator data signa‐
164     ture counter of cred.
165

RETURN VALUES

167     The authenticator data returned by fido_cred_authdata_ptr() is a CBOR-en‐
168     coded byte string, as obtained from the authenticator.  To obtain the de‐
169     coded byte string, use fido_cred_authdata_raw_ptr().
170
171     If not NULL, pointers returned by fido_cred_fmt(),
172     fido_cred_authdata_ptr(), fido_cred_clientdata_hash_ptr(),
173     fido_cred_id_ptr(), fido_cred_aaguid_ptr(),
174     fido_cred_largeblob_key_ptr(), fido_cred_pubkey_ptr(),
175     fido_cred_sig_ptr(), and fido_cred_x5c_ptr() are guaranteed to exist un‐
176     til any API function that takes cred without the const qualifier is in‐
177     voked.
178

SEE ALSO

180     fido_cred_exclude(3), fido_cred_set_authdata(3), fido_cred_verify(3),
181     fido_credman_metadata_new(3), fido_dev_largeblob_get(3),
182     fido_dev_make_cred(3)
183
184BSD                              May 23, 2018                              BSD
Impressum