xref: /freebsd/contrib/libfido2/man/fido_dev_enable_entattest.3 (revision 3332f1b444d4a73238e9f59cca27bfc95fe936bd) 
1.\" Copyright (c) 2020 Yubico AB. All rights reserved.
2.\" Use of this source code is governed by a BSD-style
3.\" license that can be found in the LICENSE file.
4.\"
5.Dd $Mdocdate: September 22 2020 $
6.Dt FIDO_DEV_ENABLE_ENTATTEST 3
7.Os
8.Sh NAME
9.Nm fido_dev_enable_entattest ,
10.Nm fido_dev_toggle_always_uv ,
11.Nm fido_dev_force_pin_change ,
12.Nm fido_dev_set_pin_minlen
13.Nd FIDO 2.1 configuration authenticator API
14.Sh SYNOPSIS
15.In fido.h
16.In fido/config.h
17.Ft int
18.Fn fido_dev_enable_entattest "fido_dev_t *dev" "const char *pin"
19.Ft int
20.Fn fido_dev_toggle_always_uv "fido_dev_t *dev" "const char *pin"
21.Ft int
22.Fn fido_dev_force_pin_change "fido_dev_t *dev" "const char *pin"
23.Ft int
24.Fn fido_dev_set_pin_minlen "fido_dev_t *dev" "size_t len" "const char *pin"
25.Sh DESCRIPTION
26The functions described in this page allow configuration of a
27FIDO 2.1 authenticator.
28.Pp
29The
30.Fn fido_dev_enable_entattest
31function enables the
32.Em Enterprise Attestation
33feature on
34.Fa dev .
35.Em Enterprise Attestation
36instructs the authenticator to include uniquely identifying
37information in subsequent attestation statements.
38The
39.Fa pin
40parameter may be NULL if
41.Fa dev
42does not have a PIN set.
43.Pp
44The
45.Fn fido_dev_toggle_always_uv
46function toggles the
47.Dq user verification always
48feature on
49.Fa dev .
50When set, this toggle enforces user verification at the
51authenticator level for all known credentials.
52If
53.Fa dev
54supports U2F (CTAP1) and the user verification methods supported by
55the authenticator do not allow protection of U2F credentials, the
56U2F subsystem will be disabled by the authenticator.
57The
58.Fa pin
59parameter may be NULL if
60.Fa dev
61does not have a PIN set.
62.Pp
63The
64.Fn fido_dev_force_pin_change
65instructs
66.Fa dev
67to require a PIN change.
68Subsequent PIN authentication attempts against
69.Fa dev
70will fail until its PIN is changed.
71.Pp
72The
73.Fn fido_dev_set_pin_minlen
74function sets the minimum PIN length of
75.Fa dev
76to
77.Fa len .
78Minimum PIN lengths may only be increased.
79.Pp
80Configuration settings are reflected in the payload returned by the
81authenticator in response to a
82.Xr fido_dev_get_cbor_info 3
83call.
84.Sh RETURN VALUES
85The error codes returned by
86.Fn fido_dev_enable_entattest ,
87.Fn fido_dev_toggle_always_uv ,
88.Fn fido_dev_force_pin_change ,
89and
90.Fn fido_dev_set_pin_minlen
91are defined in
92.In fido/err.h .
93On success,
94.Dv FIDO_OK
95is returned.
96.Sh SEE ALSO
97.Xr fido_dev_get_cbor_info 3 ,
98.Xr fido_dev_reset 3
99