Provided by: libfido2-doc_1.3.1-1ubuntu2_all 
NAME
fido_credman_metadata_new, fido_credman_rk_new, fido_credman_rp_new,
fido_credman_metadata_free, fido_credman_rk_free, fido_credman_rp_free,
fido_credman_rk_existing, fido_credman_rk_remaining, fido_credman_rk, fido_credman_rk_count,
fido_credman_rp_id, fido_credman_rp_name, fido_credman_rp_count,
fido_credman_rp_id_hash_ptr, fido_credman_rp_id_hash_len, fido_credman_get_dev_metadata,
fido_credman_get_dev_rk, fido_credman_del_dev_rk, fido_credman_get_dev_rp — FIDO 2
credential management API
SYNOPSIS
#include <fido.h>
#include <fido/credman.h>
fido_credman_metadata_t *
fido_credman_metadata_new(void);
fido_credman_rk_t *
fido_credman_rk_new(void);
fido_credman_rp_t *
fido_credman_rp_new(void);
void
fido_credman_metadata_free(fido_credman_metadata_t **metadata_p);
void
fido_credman_rk_free(fido_credman_rk_t **rk_p);
void
fido_credman_rp_free(fido_credman_rp_t **rp_p);
uint64_t
fido_credman_rk_existing(const fido_credman_metadata_t *metadata);
uint64_t
fido_credman_rk_remaining(const fido_credman_metadata_t *metadata);
const fido_cred_t *
fido_credman_rk(const fido_credman_rk_t *rk, size_t idx);
size_t
fido_credman_rk_count(const fido_credman_rk_t *rk);
const char *
fido_credman_rp_id(const fido_credman_rp_t *rp, size_t idx);
const char *
fido_credman_rp_name(const fido_credman_rp_t *rp, size_t idx);
size_t
fido_credman_rp_count(const fido_credman_rp_t *rp);
const unsigned char *
fido_credman_rp_id_hash_ptr(const fido_credman_rp_t *rp, size_t idx);
size_t
fido_credman_rp_id_hash_len(const fido_credman_rp_t *, size_t idx);
int
fido_credman_get_dev_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata,
const char *pin);
int
fido_credman_get_dev_rk(fido_dev_t *dev, const char *rp_id, fido_credman_rk_t *rk,
const char *pin);
int
fido_credman_del_dev_rk(fido_dev_t *dev, const, unsigned, char, *cred_id",
size_t cred_id_len, const char *pin);
int
fido_credman_get_dev_rp(fido_dev_t *dev, fido_credman_rp_t *rp, const char *pin);
DESCRIPTION
The credential management API of libfido2 allows resident credentials on a FIDO2
authenticator to be listed, inspected, and removed. Please note that not all authenticators
support credential management. To obtain information on what an authenticator supports,
please refer to fido_cbor_info_new(3).
The fido_credman_metadata_t type abstracts credential management metadata.
The fido_credman_metadata_new() function returns a pointer to a newly allocated, empty
fido_credman_metadata_t type. If memory cannot be allocated, NULL is returned.
The fido_credman_metadata_free() function releases the memory backing *metadata_p, where
*metadata_p must have been previously allocated by fido_credman_metadata_new(). On return,
*metadata_p is set to NULL. Either metadata_p or *metadata_p may be NULL, in which case
fido_credman_metadata_free() is a NOP.
The fido_credman_get_dev_metadata() function populates metadata with information retrieved
from dev. A valid pin must be provided.
The fido_credman_rk_existing() function inspects metadata and returns the number of resident
credentials on the authenticator. The fido_credman_rk_remaining() function inspects
metadata and returns the estimated number of resident credentials that can be created on the
authenticator.
The fido_credman_rk_t type abstracts the set of resident credentials belonging to a given
relying party.
The fido_credman_rk_new() function returns a pointer to a newly allocated, empty
fido_credman_rk_t type. If memory cannot be allocated, NULL is returned.
The fido_credman_rk_free() function releases the memory backing *rk_p, where *rk_p must have
been previously allocated by fido_credman_rk_new(). On return, *rk_p is set to NULL.
Either rk_p or *rk_p may be NULL, in which case fido_credman_rk_free() is a NOP.
The fido_credman_get_dev_rk() function populates rk with the set of resident credentials
belonging to rp_id in dev. A valid pin must be provided.
The fido_credman_rk_count() function returns the number of resident credentials in rk. The
fido_credman_rk() function returns a pointer to the credential at index idx in rk. Please
note that the first credential in rk has an idx (index) value of 0.
The fido_credman_del_dev_rk() function deletes the resident credential identified by cred_id
from dev, where cred_id points to cred_id_len bytes. A valid pin must be provided.
The fido_credman_rp_t type abstracts information about a relying party.
The fido_credman_rp_new() function returns a pointer to a newly allocated, empty
fido_credman_rp_t type. If memory cannot be allocated, NULL is returned.
The fido_credman_rp_free() function releases the memory backing *rp_p, where *rp_p must have
been previously allocated by fido_credman_rp_new(). On return, *rp_p is set to NULL.
Either rp_p or *rp_p may be NULL, in which case fido_credman_rp_free() is a NOP.
The fido_credman_get_dev_rp() function populates rp with information about relying parties
with resident credentials in dev. A valid pin must be provided.
The fido_credman_rp_count() function returns the number of relying parties in rp.
The fido_credman_rp_id() and fido_credman_rp_name() functions return pointers to the id and
name of relying party idx in rp. If not NULL, the values returned by these functions point
to NUL-terminated UTF-8 strings. Please note that the first relying party in rp has an idx
(index) value of 0.
The fido_credman_rp_id_hash_ptr() function returns a pointer to the hashed id of relying
party idx in rp. The corresponding length can be obtained by fido_credman_rp_id_hash_len().
Please note that the first relying party in rp has an idx (index) value of 0.
RETURN VALUES
The fido_credman_get_dev_metadata(), fido_credman_get_dev_rk(), fido_credman_del_dev_rk(),
and fido_credman_get_dev_rp() functions return FIDO_OK on success. On error, a different
error code defined in <fido/err.h> is returned. Functions returning pointers are not
guaranteed to succeed, and should have their return values checked for NULL.
SEE ALSO
fido_cbor_info_new(3), fido_cred_new(3)