fido_dev_enable_entattest.3

Updated: 2021/Dec/3
FIDO_DEV_ENABLE_ENTATTEST(3)                          Library Functions Manual

NAME
     fido_dev_enable_entattest, fido_dev_toggle_always_uv,
     fido_dev_force_pin_change, fido_dev_set_pin_minlen - FIDO 2.1
     configuration authenticator API

SYNOPSIS
     #include <fido.h>
     #include <fido/config.h>

     int
     fido_dev_enable_entattest(fido_dev_t *dev, const char *pin);

     int
     fido_dev_toggle_always_uv(fido_dev_t *dev, const char *pin);

     int
     fido_dev_force_pin_change(fido_dev_t *dev, const char *pin);

     int
     fido_dev_set_pin_minlen(fido_dev_t *dev, size_t len, const char *pin);

DESCRIPTION
     The functions described in this page allow configuration of a FIDO 2.1
     authenticator.

     The fido_dev_enable_entattest() function enables the Enterprise
     Attestation feature on dev.  Enterprise Attestation instructs the
     authenticator to include uniquely identifying information in subsequent
     attestation statements.  The pin parameter may be NULL if dev does not
     have a PIN set.

     The fido_dev_toggle_always_uv() function toggles the "user verification
     always" feature on dev.  When set, this toggle enforces user verification
     at the authenticator level for all known credentials.  If dev supports
     U2F (CTAP1) and the user verification methods supported by the
     authenticator do not allow protection of U2F credentials, the U2F
     subsystem will be disabled by the authenticator.  The pin parameter may
     be NULL if dev does not have a PIN set.

     The fido_dev_force_pin_change() instructs dev to require a PIN change.
     Subsequent PIN authentication attempts against dev will fail until its
     PIN is changed.

     The fido_dev_set_pin_minlen() function sets the minimum PIN length of dev
     to len.  Minimum PIN lengths may only be increased.

     Configuration settings are reflected in the payload returned by the
     authenticator in response to a fido_dev_get_cbor_info(3) call.

RETURN VALUES
     The error codes returned by fido_dev_enable_entattest(),
     fido_dev_toggle_always_uv(), fido_dev_force_pin_change(), and
     fido_dev_set_pin_minlen() are defined in <fido/err.h>.  On success,
     FIDO_OK is returned.

SEE ALSO
     fido_dev_get_cbor_info(3), fido_dev_reset(3)

NetBSD 9.99             $Mdocdate: September 22 2020 $             NetBSD 9.99