fido_credman_metadata_new
,
fido_credman_rk_new
,
fido_credman_rp_new
,
fido_credman_metadata_free
,
fido_credman_rk_free
,
fido_credman_rp_free
,
fido_credman_rk_existing
,
fido_credman_rk_remaining
,
fido_credman_rk
,
fido_credman_rk_count
,
fido_credman_rp_id
,
fido_credman_rp_name
,
fido_credman_rp_count
,
fido_credman_rp_id_hash_ptr
,
fido_credman_rp_id_hash_len
,
fido_credman_get_dev_metadata
,
fido_credman_get_dev_rk
,
fido_credman_set_dev_rk
,
fido_credman_del_dev_rk
,
fido_credman_get_dev_rp
—
FIDO2 credential management API
#include
<fido.h>
#include
<fido/credman.h>
fido_credman_metadata_t *
fido_credman_metadata_new
(
void);
fido_credman_rk_t *
fido_credman_rk_new
(
void);
fido_credman_rp_t *
fido_credman_rp_new
(
void);
void
fido_credman_metadata_free
(
fido_credman_metadata_t
**metadata_p);
void
fido_credman_rk_free
(
fido_credman_rk_t
**rk_p);
void
fido_credman_rp_free
(
fido_credman_rp_t
**rp_p);
uint64_t
fido_credman_rk_existing
(
const
fido_credman_metadata_t *metadata);
uint64_t
fido_credman_rk_remaining
(
const
fido_credman_metadata_t *metadata);
const fido_cred_t *
fido_credman_rk
(
const
fido_credman_rk_t *rk,
size_t idx);
size_t
fido_credman_rk_count
(
const
fido_credman_rk_t *rk);
const char *
fido_credman_rp_id
(
const
fido_credman_rp_t *rp,
size_t idx);
const char *
fido_credman_rp_name
(
const
fido_credman_rp_t *rp,
size_t idx);
size_t
fido_credman_rp_count
(
const
fido_credman_rp_t *rp);
const unsigned char *
fido_credman_rp_id_hash_ptr
(
const
fido_credman_rp_t *rp,
size_t idx);
size_t
fido_credman_rp_id_hash_len
(
const
fido_credman_rp_t *,
size_t idx);
int
fido_credman_get_dev_metadata
(
fido_dev_t
*dev,
fido_credman_metadata_t
*metadata,
const
char *pin);
int
fido_credman_get_dev_rk
(
fido_dev_t
*dev,
const char
*rp_id,
fido_credman_rk_t
*rk,
const char
*pin);
int
fido_credman_set_dev_rk
(
fido_dev_t
*dev,
fido_cred_t
*cred,
const
char *pin);
int
fido_credman_del_dev_rk
(
fido_dev_t
*dev,
const
unsigned char *cred_id,
size_t
cred_id_len,
const char
*pin);
int
fido_credman_get_dev_rp
(
fido_dev_t
*dev,
fido_credman_rp_t
*rp,
const char
*pin);
The credential management API of
libfido2 allows
resident credentials on a FIDO2 authenticator to be listed, inspected,
modified, and removed. Please note that not all FIDO2 authenticators support
credential management. To obtain information on what an authenticator
supports, please refer to
fido_cbor_info_new(3).
The
fido_credman_metadata_t type abstracts
credential management metadata.
The
fido_credman_metadata_new
() function
returns a pointer to a newly allocated, empty
fido_credman_metadata_t type. If memory
cannot be allocated, NULL is returned.
The
fido_credman_metadata_free
() function
releases the memory backing
*metadata_p,
where
*metadata_p must have been previously
allocated by
fido_credman_metadata_new
().
On return,
*metadata_p is set to NULL. Either
metadata_p or
*metadata_p may be NULL, in which case
fido_credman_metadata_free
() is a NOP.
The
fido_credman_get_dev_metadata
() function
populates
metadata with information retrieved
from
dev. A valid
pin must be provided.
The
fido_credman_rk_existing
() function
inspects
metadata and returns the number of
resident credentials on the authenticator. The
fido_credman_rk_remaining
() function
inspects
metadata and returns the estimated
number of resident credentials that can be created on the authenticator.
The
fido_credman_rk_t type abstracts the set of
resident credentials belonging to a given relying party.
The
fido_credman_rk_new
() function returns a
pointer to a newly allocated, empty
fido_credman_rk_t type. If memory cannot be
allocated, NULL is returned.
The
fido_credman_rk_free
() function releases
the memory backing
*rk_p, where
*rk_p must have been previously allocated by
fido_credman_rk_new
(). On return,
*rk_p is set to NULL. Either
rk_p or
*rk_p may be NULL, in which case
fido_credman_rk_free
() is a NOP.
The
fido_credman_get_dev_rk
() function
populates
rk with the set of resident
credentials belonging to
rp_id in
dev. A valid
pin must be provided.
The
fido_credman_rk_count
() function returns
the number of resident credentials in
rk. The
fido_credman_rk
() function returns a
pointer to the credential at index
idx in
rk. Please note that the first credential in
rk has an
idx (index) value of 0.
The
fido_credman_set_dev_rk
() function
updates the credential pointed to by
cred in
dev. The credential id and user id attributes
of
cred must be set. See
fido_cred_set_id(3)
and
fido_cred_set_user(3)
for details. Only a credential's user attributes (name, display name) may be
updated at this time.
The
fido_credman_del_dev_rk
() function
deletes the resident credential identified by
cred_id from
dev, where
cred_id points to
cred_id_len bytes. A valid
pin must be provided.
The
fido_credman_rp_t type abstracts
information about a relying party.
The
fido_credman_rp_new
() function returns a
pointer to a newly allocated, empty
fido_credman_rp_t type. If memory cannot be
allocated, NULL is returned.
The
fido_credman_rp_free
() function releases
the memory backing
*rp_p, where
*rp_p must have been previously allocated by
fido_credman_rp_new
(). On return,
*rp_p is set to NULL. Either
rp_p or
*rp_p may be NULL, in which case
fido_credman_rp_free
() is a NOP.
The
fido_credman_get_dev_rp
() function
populates
rp with information about relying
parties with resident credentials in
dev. A
valid
pin must be provided.
The
fido_credman_rp_count
() function returns
the number of relying parties in
rp.
The
fido_credman_rp_id
() and
fido_credman_rp_name
() functions return
pointers to the id and name of relying party
idx in
rp.
If not NULL, the values returned by these functions point to NUL-terminated
UTF-8 strings. Please note that the first relying party in
rp has an
idx (index) value of 0.
The
fido_credman_rp_id_hash_ptr
() function
returns a pointer to the hashed id of relying party
idx in
rp.
The corresponding length can be obtained by
fido_credman_rp_id_hash_len
(). Please note
that the first relying party in
rp has an
idx (index) value of 0.
The
fido_credman_get_dev_metadata
(),
fido_credman_get_dev_rk
(),
fido_credman_set_dev_rk
(),
fido_credman_del_dev_rk
(), and
fido_credman_get_dev_rp
() functions return
FIDO_OK
on success. On error, a different
error code defined in
<fido/err.h>
is returned. Functions returning pointers are not guaranteed to succeed, and
should have their return values checked for NULL.
fido_cbor_info_new(3),
fido_cred_new(3),
fido_dev_supports_credman(3)
Resident credentials are called “discoverable credentials” in CTAP
2.1.