1FIDO_DEV_ENABLE_ENTAT... BSD Library Functions Manual FIDO_DEV_ENABLE_ENTAT...
2
4 fido_dev_enable_entattest, fido_dev_toggle_always_uv,
5 fido_dev_force_pin_change, fido_dev_set_pin_minlen,
6 fido_dev_set_pin_minlen_rpid — CTAP 2.1 configuration authenticator API
7
9 #include <fido.h>
10 #include <fido/config.h>
11
12 int
13 fido_dev_enable_entattest(fido_dev_t *dev, const char *pin);
14
15 int
16 fido_dev_toggle_always_uv(fido_dev_t *dev, const char *pin);
17
18 int
19 fido_dev_force_pin_change(fido_dev_t *dev, const char *pin);
20
21 int
22 fido_dev_set_pin_minlen(fido_dev_t *dev, size_t len, const char *pin);
23
24 int
25 fido_dev_set_pin_minlen_rpid(fido_dev_t *dev, const char * const *rpid,
26 size_t n, const char *pin);
27
29 The functions described in this page allow configuration of a CTAP 2.1
30 authenticator.
31
32 The fido_dev_enable_entattest() function enables the Enterprise
33 Attestation feature on dev. Enterprise Attestation instructs the authen‐
34 ticator to include uniquely identifying information in subsequent attes‐
35 tation statements. The pin parameter may be NULL if dev does not have a
36 PIN set.
37
38 The fido_dev_toggle_always_uv() function toggles the “user verification
39 always” feature on dev. When set, this toggle enforces user verification
40 at the authenticator level for all known credentials. If dev supports
41 U2F (CTAP1) and the user verification methods supported by the authenti‐
42 cator do not allow protection of U2F credentials, the U2F subsystem will
43 be disabled by the authenticator. The pin parameter may be NULL if dev
44 does not have a PIN set.
45
46 The fido_dev_force_pin_change() instructs dev to require a PIN change.
47 Subsequent PIN authentication attempts against dev will fail until its
48 PIN is changed.
49
50 The fido_dev_set_pin_minlen() function sets the minimum PIN length of dev
51 to len. Minimum PIN lengths may only be increased.
52
53 The fido_dev_set_pin_minlen_rpid() function sets the list of relying
54 party identifiers (RP IDs) that are allowed to obtain the minimum PIN
55 length of dev through the CTAP 2.1 FIDO_EXT_MINPINLEN extension. The
56 list of RP identifiers is denoted by rpid, a vector of n NUL-terminated
57 UTF-8 strings. A copy of rpid is made, and no reference to it or its
58 contents is kept.
59
60 Configuration settings are reflected in the payload returned by the au‐
61 thenticator in response to a fido_dev_get_cbor_info(3) call.
62
64 The error codes returned by fido_dev_enable_entattest(),
65 fido_dev_toggle_always_uv(), fido_dev_force_pin_change(),
66 fido_dev_set_pin_minlen(), and fido_dev_set_pin_minlen_rpid() are defined
67 in <fido/err.h>. On success, FIDO_OK is returned.
68
70 fido_cred_pin_minlen(3), fido_dev_get_cbor_info(3), fido_dev_reset(3)
71
72BSD September 22, 2020 BSD