1FIDO_DEV_ENABLE_ENTAT... BSD Library Functions Manual FIDO_DEV_ENABLE_ENTAT...
2

NAME

4     fido_dev_enable_entattest, fido_dev_toggle_always_uv,
5     fido_dev_force_pin_change, fido_dev_set_pin_minlen,
6     fido_dev_set_pin_minlen_rpid — CTAP 2.1 configuration authenticator API
7

SYNOPSIS

9     #include <fido.h>
10     #include <fido/config.h>
11
12     int
13     fido_dev_enable_entattest(fido_dev_t *dev, const char *pin);
14
15     int
16     fido_dev_toggle_always_uv(fido_dev_t *dev, const char *pin);
17
18     int
19     fido_dev_force_pin_change(fido_dev_t *dev, const char *pin);
20
21     int
22     fido_dev_set_pin_minlen(fido_dev_t *dev, size_t len, const char *pin);
23
24     int
25     fido_dev_set_pin_minlen_rpid(fido_dev_t *dev, const char * const *rpid,
26         size_t n, const char *pin);
27

DESCRIPTION

29     The functions described in this page allow configuration of a CTAP 2.1
30     authenticator.
31
32     The fido_dev_enable_entattest() function enables the Enterprise
33     Attestation feature on dev.  Enterprise Attestation instructs the authen‐
34     ticator to include uniquely identifying information in subsequent attes‐
35     tation statements.  The pin parameter may be NULL if dev does not have a
36     PIN set.
37
38     The fido_dev_toggle_always_uv() function toggles the “user verification
39     always” feature on dev.  When set, this toggle enforces user verification
40     at the authenticator level for all known credentials.  If dev supports
41     U2F (CTAP1) and the user verification methods supported by the authenti‐
42     cator do not allow protection of U2F credentials, the U2F subsystem will
43     be disabled by the authenticator.  The pin parameter may be NULL if dev
44     does not have a PIN set.
45
46     The fido_dev_force_pin_change() function instructs dev to require a PIN
47     change.  Subsequent PIN authentication attempts against dev will fail un‐
48     til its PIN is changed.
49
50     The fido_dev_set_pin_minlen() function sets the minimum PIN length of dev
51     to len.  Minimum PIN lengths may only be increased.
52
53     The fido_dev_set_pin_minlen_rpid() function sets the list of relying
54     party identifiers (RP IDs) that are allowed to obtain the minimum PIN
55     length of dev through the CTAP 2.1 FIDO_EXT_MINPINLEN extension.  The
56     list of RP identifiers is denoted by rpid, a vector of n NUL-terminated
57     UTF-8 strings.  A copy of rpid is made, and no reference to it or its
58     contents is kept.  The maximum value of n supported by the authenticator
59     can be obtained using fido_cbor_info_maxrpid_minpinlen(3).
60
61     Configuration settings are reflected in the payload returned by the au‐
62     thenticator in response to a fido_dev_get_cbor_info(3) call.
63

RETURN VALUES

65     The error codes returned by fido_dev_enable_entattest(),
66     fido_dev_toggle_always_uv(), fido_dev_force_pin_change(),
67     fido_dev_set_pin_minlen(), and fido_dev_set_pin_minlen_rpid() are defined
68     in <fido/err.h>.  On success, FIDO_OK is returned.
69

SEE ALSO

71     fido_cbor_info_maxrpid_minpinlen(3), fido_cred_pin_minlen(3),
72     fido_dev_get_cbor_info(3), fido_dev_reset(3)
73
74BSD                             March 30, 2022                             BSD
Impressum