Provided by: libfido2-doc_1.11.0-1_all 
NAME
fido_credman_metadata_new, fido_credman_rk_new, fido_credman_rp_new,
fido_credman_metadata_free, fido_credman_rk_free, fido_credman_rp_free,
fido_credman_rk_existing, fido_credman_rk_remaining, fido_credman_rk, fido_credman_rk_count,
fido_credman_rp_id, fido_credman_rp_name, fido_credman_rp_count,
fido_credman_rp_id_hash_ptr, fido_credman_rp_id_hash_len, fido_credman_get_dev_metadata,
fido_credman_get_dev_rk, fido_credman_set_dev_rk, fido_credman_del_dev_rk,
fido_credman_get_dev_rp — FIDO2 credential management API
SYNOPSIS
#include <fido.h>
#include <fido/credman.h>
fido_credman_metadata_t *
fido_credman_metadata_new(void);
fido_credman_rk_t *
fido_credman_rk_new(void);
fido_credman_rp_t *
fido_credman_rp_new(void);
void
fido_credman_metadata_free(fido_credman_metadata_t **metadata_p);
void
fido_credman_rk_free(fido_credman_rk_t **rk_p);
void
fido_credman_rp_free(fido_credman_rp_t **rp_p);
uint64_t
fido_credman_rk_existing(const fido_credman_metadata_t *metadata);
uint64_t
fido_credman_rk_remaining(const fido_credman_metadata_t *metadata);
const fido_cred_t *
fido_credman_rk(const fido_credman_rk_t *rk, size_t idx);
size_t
fido_credman_rk_count(const fido_credman_rk_t *rk);
const char *
fido_credman_rp_id(const fido_credman_rp_t *rp, size_t idx);
const char *
fido_credman_rp_name(const fido_credman_rp_t *rp, size_t idx);
size_t
fido_credman_rp_count(const fido_credman_rp_t *rp);
const unsigned char *
fido_credman_rp_id_hash_ptr(const fido_credman_rp_t *rp, size_t idx);
size_t
fido_credman_rp_id_hash_len(const fido_credman_rp_t *, size_t idx);
int
fido_credman_get_dev_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata,
const char *pin);
int
fido_credman_get_dev_rk(fido_dev_t *dev, const char *rp_id, fido_credman_rk_t *rk,
const char *pin);
int
fido_credman_set_dev_rk(fido_dev_t *dev, fido_cred_t *cred, const char *pin);
int
fido_credman_del_dev_rk(fido_dev_t *dev, const unsigned char *cred_id, size_t cred_id_len,
const char *pin);
int
fido_credman_get_dev_rp(fido_dev_t *dev, fido_credman_rp_t *rp, const char *pin);
DESCRIPTION
The credential management API of libfido2 allows resident credentials on a FIDO2
authenticator to be listed, inspected, modified, and removed. Please note that not all
FIDO2 authenticators support credential management. To obtain information on what an
authenticator supports, please refer to fido_cbor_info_new(3).
The fido_credman_metadata_t type abstracts credential management metadata.
The fido_credman_metadata_new() function returns a pointer to a newly allocated, empty
fido_credman_metadata_t type. If memory cannot be allocated, NULL is returned.
The fido_credman_metadata_free() function releases the memory backing *metadata_p, where
*metadata_p must have been previously allocated by fido_credman_metadata_new(). On return,
*metadata_p is set to NULL. Either metadata_p or *metadata_p may be NULL, in which case
fido_credman_metadata_free() is a NOP.
The fido_credman_get_dev_metadata() function populates metadata with information retrieved
from dev. A valid pin must be provided.
The fido_credman_rk_existing() function inspects metadata and returns the number of resident
credentials on the authenticator. The fido_credman_rk_remaining() function inspects
metadata and returns the estimated number of resident credentials that can be created on the
authenticator.
The fido_credman_rk_t type abstracts the set of resident credentials belonging to a given
relying party.
The fido_credman_rk_new() function returns a pointer to a newly allocated, empty
fido_credman_rk_t type. If memory cannot be allocated, NULL is returned.
The fido_credman_rk_free() function releases the memory backing *rk_p, where *rk_p must have
been previously allocated by fido_credman_rk_new(). On return, *rk_p is set to NULL.
Either rk_p or *rk_p may be NULL, in which case fido_credman_rk_free() is a NOP.
The fido_credman_get_dev_rk() function populates rk with the set of resident credentials
belonging to rp_id in dev. A valid pin must be provided.
The fido_credman_rk_count() function returns the number of resident credentials in rk. The
fido_credman_rk() function returns a pointer to the credential at index idx in rk. Please
note that the first credential in rk has an idx (index) value of 0.
The fido_credman_set_dev_rk() function updates the credential pointed to by cred in dev.
The credential id and user id attributes of cred must be set. See fido_cred_set_id(3) and
fido_cred_set_user(3) for details. Only a credential's user attributes (name, display name)
may be updated at this time.
The fido_credman_del_dev_rk() function deletes the resident credential identified by cred_id
from dev, where cred_id points to cred_id_len bytes. A valid pin must be provided.
The fido_credman_rp_t type abstracts information about a relying party.
The fido_credman_rp_new() function returns a pointer to a newly allocated, empty
fido_credman_rp_t type. If memory cannot be allocated, NULL is returned.
The fido_credman_rp_free() function releases the memory backing *rp_p, where *rp_p must have
been previously allocated by fido_credman_rp_new(). On return, *rp_p is set to NULL.
Either rp_p or *rp_p may be NULL, in which case fido_credman_rp_free() is a NOP.
The fido_credman_get_dev_rp() function populates rp with information about relying parties
with resident credentials in dev. A valid pin must be provided.
The fido_credman_rp_count() function returns the number of relying parties in rp.
The fido_credman_rp_id() and fido_credman_rp_name() functions return pointers to the id and
name of relying party idx in rp. If not NULL, the values returned by these functions point
to NUL-terminated UTF-8 strings. Please note that the first relying party in rp has an idx
(index) value of 0.
The fido_credman_rp_id_hash_ptr() function returns a pointer to the hashed id of relying
party idx in rp. The corresponding length can be obtained by fido_credman_rp_id_hash_len().
Please note that the first relying party in rp has an idx (index) value of 0.
RETURN VALUES
The fido_credman_get_dev_metadata(), fido_credman_get_dev_rk(), fido_credman_set_dev_rk(),
fido_credman_del_dev_rk(), and fido_credman_get_dev_rp() functions return FIDO_OK on
success. On error, a different error code defined in <fido/err.h> is returned. Functions
returning pointers are not guaranteed to succeed, and should have their return values
checked for NULL.
SEE ALSO
fido_cbor_info_new(3), fido_cred_new(3), fido_dev_supports_credman(3)
CAVEATS
Resident credentials are called “discoverable credentials” in CTAP 2.1.