table of contents
- buster-backports 1.5.0-2~bpo10+1
- testing 1.5.0-2
- unstable 1.6.0-2
| FIDO_CREDMAN_METADATA_NEW(3) | Library Functions Manual | FIDO_CREDMAN_METADATA_NEW(3) |
NAME¶
fido_credman_metadata_new,
fido_credman_rk_new,
fido_credman_rp_new,
fido_credman_metadata_free,
fido_credman_rk_free,
fido_credman_rp_free,
fido_credman_rk_existing,
fido_credman_rk_remaining,
fido_credman_rk,
fido_credman_rk_count,
fido_credman_rp_id,
fido_credman_rp_name,
fido_credman_rp_count,
fido_credman_rp_id_hash_ptr,
fido_credman_rp_id_hash_len,
fido_credman_get_dev_metadata,
fido_credman_get_dev_rk,
fido_credman_del_dev_rk,
fido_credman_get_dev_rp —
SYNOPSIS¶
#include <fido.h>
#include <fido/credman.h>
fido_credman_metadata_t *
fido_credman_metadata_new(void);
fido_credman_rk_t *
fido_credman_rk_new(void);
fido_credman_rp_t *
fido_credman_rp_new(void);
void
fido_credman_metadata_free(fido_credman_metadata_t
**metadata_p);
void
fido_credman_rk_free(fido_credman_rk_t
**rk_p);
void
fido_credman_rp_free(fido_credman_rp_t
**rp_p);
uint64_t
fido_credman_rk_existing(const
fido_credman_metadata_t *metadata);
uint64_t
fido_credman_rk_remaining(const
fido_credman_metadata_t *metadata);
const fido_cred_t *
fido_credman_rk(const
fido_credman_rk_t *rk,
size_t idx);
size_t
fido_credman_rk_count(const
fido_credman_rk_t *rk);
const char *
fido_credman_rp_id(const
fido_credman_rp_t *rp,
size_t idx);
const char *
fido_credman_rp_name(const
fido_credman_rp_t *rp,
size_t idx);
size_t
fido_credman_rp_count(const
fido_credman_rp_t *rp);
const unsigned char *
fido_credman_rp_id_hash_ptr(const
fido_credman_rp_t *rp,
size_t idx);
size_t
fido_credman_rp_id_hash_len(const
fido_credman_rp_t *,
size_t idx);
int
fido_credman_get_dev_metadata(fido_dev_t
*dev,
fido_credman_metadata_t
*metadata, const char
*pin);
int
fido_credman_get_dev_rk(fido_dev_t
*dev, const char
*rp_id, fido_credman_rk_t
*rk, const char
*pin);
int
fido_credman_del_dev_rk(fido_dev_t
*dev, const,
unsigned,
char,
*cred_id",
size_t cred_id_len,
const char *pin);
int
fido_credman_get_dev_rp(fido_dev_t
*dev, fido_credman_rp_t
*rp, const char
*pin);
DESCRIPTION¶
The credential management API of libfido2 allows resident credentials on a FIDO2 authenticator to be listed, inspected, and removed. Please note that not all FIDO2 authenticators support credential management. To obtain information on what an authenticator supports, please refer to fido_cbor_info_new(3).The fido_credman_metadata_t type abstracts credential management metadata.
The fido_credman_metadata_new() function
returns a pointer to a newly allocated, empty
fido_credman_metadata_t type. If memory cannot be
allocated, NULL is returned.
The fido_credman_metadata_free() function
releases the memory backing *metadata_p, where
*metadata_p must have been previously allocated by
fido_credman_metadata_new(). On return,
*metadata_p is set to NULL. Either
metadata_p or *metadata_p may be
NULL, in which case fido_credman_metadata_free() is
a NOP.
The fido_credman_get_dev_metadata()
function populates metadata with information retrieved
from dev. A valid pin must be
provided.
The fido_credman_rk_existing() function
inspects metadata and returns the number of resident
credentials on the authenticator. The
fido_credman_rk_remaining() function inspects
metadata and returns the estimated number of resident
credentials that can be created on the authenticator.
The fido_credman_rk_t type abstracts the set of resident credentials belonging to a given relying party.
The fido_credman_rk_new() function returns
a pointer to a newly allocated, empty
fido_credman_rk_t type. If memory cannot be allocated,
NULL is returned.
The fido_credman_rk_free() function
releases the memory backing *rk_p, where
*rk_p must have been previously allocated by
fido_credman_rk_new(). On return,
*rk_p is set to NULL. Either
rk_p or *rk_p may be NULL, in
which case fido_credman_rk_free() is a NOP.
The fido_credman_get_dev_rk() function
populates rk with the set of resident credentials
belonging to rp_id in dev. A
valid pin must be provided.
The fido_credman_rk_count() function
returns the number of resident credentials in rk. The
fido_credman_rk() function returns a pointer to the
credential at index idx in rk.
Please note that the first credential in rk has an
idx (index) value of 0.
The fido_credman_del_dev_rk() function
deletes the resident credential identified by cred_id
from dev, where cred_id points
to cred_id_len bytes. A valid
pin must be provided.
The fido_credman_rp_t type abstracts information about a relying party.
The fido_credman_rp_new() function returns
a pointer to a newly allocated, empty
fido_credman_rp_t type. If memory cannot be allocated,
NULL is returned.
The fido_credman_rp_free() function
releases the memory backing *rp_p, where
*rp_p must have been previously allocated by
fido_credman_rp_new(). On return,
*rp_p is set to NULL. Either
rp_p or *rp_p may be NULL, in
which case fido_credman_rp_free() is a NOP.
The fido_credman_get_dev_rp() function
populates rp with information about relying parties
with resident credentials in dev. A valid
pin must be provided.
The fido_credman_rp_count() function
returns the number of relying parties in rp.
The fido_credman_rp_id() and
fido_credman_rp_name() functions return pointers to
the id and name of relying party idx in
rp. If not NULL, the values returned by these
functions point to NUL-terminated UTF-8 strings. Please note that the first
relying party in rp has an idx
(index) value of 0.
The fido_credman_rp_id_hash_ptr() function
returns a pointer to the hashed id of relying party
idx in rp. The corresponding
length can be obtained by
fido_credman_rp_id_hash_len(). Please note that the
first relying party in rp has an
idx (index) value of 0.
RETURN VALUES¶
Thefido_credman_get_dev_metadata(),
fido_credman_get_dev_rk(),
fido_credman_del_dev_rk(), and
fido_credman_get_dev_rp() functions return
FIDO_OK on success. On error, a different error code
defined in <fido/err.h> is
returned. Functions returning pointers are not guaranteed to succeed, and
should have their return values checked for NULL.
SEE ALSO¶
fido_cbor_info_new(3), fido_cred_new(3)CAVEATS¶
Credential management is a tentative feature of FIDO 2.1. Applications willing to strictly abide by FIDO 2.0 should refrain from using credential management. Applications using credential management should ensure it is supported by the authenticator prior to using the API. Since FIDO 2.1 hasn't been finalised, there is a chance the functionality and associated data structures may change.| June 28, 2019 | Linux 4.19.0-12-amd64 |