Provided by: libfido2-doc_1.3.1-1ubuntu2_all 
NAME
fido_credman_metadata_new, fido_credman_rk_new, fido_credman_rp_new, fido_credman_metadata_free,
fido_credman_rk_free, fido_credman_rp_free, fido_credman_rk_existing, fido_credman_rk_remaining,
fido_credman_rk, fido_credman_rk_count, fido_credman_rp_id, fido_credman_rp_name, fido_credman_rp_count,
fido_credman_rp_id_hash_ptr, fido_credman_rp_id_hash_len, fido_credman_get_dev_metadata,
fido_credman_get_dev_rk, fido_credman_del_dev_rk, fido_credman_get_dev_rp — FIDO 2 credential management
API
SYNOPSIS
#include <fido.h>
#include <fido/credman.h>
fido_credman_metadata_t *
fido_credman_metadata_new(void);
fido_credman_rk_t *
fido_credman_rk_new(void);
fido_credman_rp_t *
fido_credman_rp_new(void);
void
fido_credman_metadata_free(fido_credman_metadata_t **metadata_p);
void
fido_credman_rk_free(fido_credman_rk_t **rk_p);
void
fido_credman_rp_free(fido_credman_rp_t **rp_p);
uint64_t
fido_credman_rk_existing(const fido_credman_metadata_t *metadata);
uint64_t
fido_credman_rk_remaining(const fido_credman_metadata_t *metadata);
const fido_cred_t *
fido_credman_rk(const fido_credman_rk_t *rk, size_t idx);
size_t
fido_credman_rk_count(const fido_credman_rk_t *rk);
const char *
fido_credman_rp_id(const fido_credman_rp_t *rp, size_t idx);
const char *
fido_credman_rp_name(const fido_credman_rp_t *rp, size_t idx);
size_t
fido_credman_rp_count(const fido_credman_rp_t *rp);
const unsigned char *
fido_credman_rp_id_hash_ptr(const fido_credman_rp_t *rp, size_t idx);
size_t
fido_credman_rp_id_hash_len(const fido_credman_rp_t *, size_t idx);
int
fido_credman_get_dev_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata, const char *pin);
int
fido_credman_get_dev_rk(fido_dev_t *dev, const char *rp_id, fido_credman_rk_t *rk, const char *pin);
int
fido_credman_del_dev_rk(fido_dev_t *dev, const, unsigned, char, *cred_id", size_t cred_id_len,
const char *pin);
int
fido_credman_get_dev_rp(fido_dev_t *dev, fido_credman_rp_t *rp, const char *pin);
DESCRIPTION
The credential management API of libfido2 allows resident credentials on a FIDO2 authenticator to be
listed, inspected, and removed. Please note that not all authenticators support credential management.
To obtain information on what an authenticator supports, please refer to fido_cbor_info_new(3).
The fido_credman_metadata_t type abstracts credential management metadata.
The fido_credman_metadata_new() function returns a pointer to a newly allocated, empty
fido_credman_metadata_t type. If memory cannot be allocated, NULL is returned.
The fido_credman_metadata_free() function releases the memory backing *metadata_p, where *metadata_p must
have been previously allocated by fido_credman_metadata_new(). On return, *metadata_p is set to NULL.
Either metadata_p or *metadata_p may be NULL, in which case fido_credman_metadata_free() is a NOP.
The fido_credman_get_dev_metadata() function populates metadata with information retrieved from dev. A
valid pin must be provided.
The fido_credman_rk_existing() function inspects metadata and returns the number of resident credentials
on the authenticator. The fido_credman_rk_remaining() function inspects metadata and returns the
estimated number of resident credentials that can be created on the authenticator.
The fido_credman_rk_t type abstracts the set of resident credentials belonging to a given relying party.
The fido_credman_rk_new() function returns a pointer to a newly allocated, empty fido_credman_rk_t type.
If memory cannot be allocated, NULL is returned.
The fido_credman_rk_free() function releases the memory backing *rk_p, where *rk_p must have been
previously allocated by fido_credman_rk_new(). On return, *rk_p is set to NULL. Either rk_p or *rk_p
may be NULL, in which case fido_credman_rk_free() is a NOP.
The fido_credman_get_dev_rk() function populates rk with the set of resident credentials belonging to
rp_id in dev. A valid pin must be provided.
The fido_credman_rk_count() function returns the number of resident credentials in rk. The
fido_credman_rk() function returns a pointer to the credential at index idx in rk. Please note that the
first credential in rk has an idx (index) value of 0.
The fido_credman_del_dev_rk() function deletes the resident credential identified by cred_id from dev,
where cred_id points to cred_id_len bytes. A valid pin must be provided.
The fido_credman_rp_t type abstracts information about a relying party.
The fido_credman_rp_new() function returns a pointer to a newly allocated, empty fido_credman_rp_t type.
If memory cannot be allocated, NULL is returned.
The fido_credman_rp_free() function releases the memory backing *rp_p, where *rp_p must have been
previously allocated by fido_credman_rp_new(). On return, *rp_p is set to NULL. Either rp_p or *rp_p
may be NULL, in which case fido_credman_rp_free() is a NOP.
The fido_credman_get_dev_rp() function populates rp with information about relying parties with resident
credentials in dev. A valid pin must be provided.
The fido_credman_rp_count() function returns the number of relying parties in rp.
The fido_credman_rp_id() and fido_credman_rp_name() functions return pointers to the id and name of
relying party idx in rp. If not NULL, the values returned by these functions point to NUL-terminated
UTF-8 strings. Please note that the first relying party in rp has an idx (index) value of 0.
The fido_credman_rp_id_hash_ptr() function returns a pointer to the hashed id of relying party idx in rp.
The corresponding length can be obtained by fido_credman_rp_id_hash_len(). Please note that the first
relying party in rp has an idx (index) value of 0.
RETURN VALUES
The fido_credman_get_dev_metadata(), fido_credman_get_dev_rk(), fido_credman_del_dev_rk(), and
fido_credman_get_dev_rp() functions return FIDO_OK on success. On error, a different error code defined
in <fido/err.h> is returned. Functions returning pointers are not guaranteed to succeed, and should have
their return values checked for NULL.
SEE ALSO
fido_cbor_info_new(3), fido_cred_new(3)
Debian June 28, 2019 FIDO_CREDMAN_METADATA_NEW(3)