New upstream version 1.5.0

9 files changed, 295 insertions, 32 deletions

diff --git a/man/CMakeLists.txt b/man/CMakeLists.txt
index 44e4a96..f0d9cb3 100644
--- a/man/CMakeLists.txt
+++ b/man/CMakeLists.txt
@@ -3,12 +3,10 @@
 # license that can be found in the LICENSE file.
 
 find_program(MANDOC_PATH mandoc)
-message(STATUS "MANDOC_PATH: ${MANDOC_PATH}")
+find_program(GZIP_PATH gzip)
 
-if(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR CMAKE_SYSTEM_NAME STREQUAL "Linux")
-        find_program(GZIP_PATH gzip)
-        message(STATUS "GZIP_PATH: ${GZIP_PATH}")
-endif()
+message(STATUS "MANDOC_PATH: ${MANDOC_PATH}")
+message(STATUS "GZIP_PATH: ${GZIP_PATH}")
 
 list(APPEND MAN_SOURCES
         eddsa_pk_new.3
@@ -32,6 +30,7 @@ list(APPEND MAN_SOURCES
         fido_cred_set_authdata.3
         fido_cred_verify.3
         fido_dev_get_assert.3
+        fido_dev_get_touch_begin.3
         fido_dev_info_manifest.3
         fido_dev_make_cred.3
         fido_dev_open.3
@@ -54,9 +53,13 @@ list(APPEND MAN_ALIAS
         fido_assert_new fido_assert_clientdata_hash_len
         fido_assert_new fido_assert_clientdata_hash_ptr
         fido_assert_new fido_assert_count
+        fido_assert_new fido_assert_flags
         fido_assert_new fido_assert_free
         fido_assert_new fido_assert_hmac_secret_len
         fido_assert_new fido_assert_hmac_secret_ptr
+        fido_assert_new fido_assert_id_len
+        fido_assert_new fido_assert_id_ptr
+        fido_assert_new fido_assert_rp_id
         fido_assert_new fido_assert_sigcount
         fido_assert_new fido_assert_sig_len
         fido_assert_new fido_assert_sig_ptr
@@ -95,34 +98,46 @@ list(APPEND MAN_ALIAS
         fido_bio_template fido_bio_template_new
         fido_bio_template fido_bio_template_set_id
         fido_bio_template fido_bio_template_set_name
-        fido_cbor_info_new fido_cbor_info_aaguid_len 
-        fido_cbor_info_new fido_cbor_info_aaguid_ptr 
-        fido_cbor_info_new fido_cbor_info_extensions_len 
-        fido_cbor_info_new fido_cbor_info_extensions_ptr 
-        fido_cbor_info_new fido_cbor_info_free 
+        fido_cbor_info_new fido_cbor_info_aaguid_len
+        fido_cbor_info_new fido_cbor_info_aaguid_ptr
+        fido_cbor_info_new fido_cbor_info_extensions_len
+        fido_cbor_info_new fido_cbor_info_extensions_ptr
+        fido_cbor_info_new fido_cbor_info_free
         fido_cbor_info_new fido_cbor_info_maxmsgsiz
+        fido_cbor_info_new fido_cbor_info_maxcredcntlst;
+        fido_cbor_info_new fido_cbor_info_maxcredidlen;
         fido_cbor_info_new fido_cbor_info_fwversion
-        fido_cbor_info_new fido_cbor_info_options_len 
-        fido_cbor_info_new fido_cbor_info_options_name_ptr 
-        fido_cbor_info_new fido_cbor_info_options_value_ptr 
-        fido_cbor_info_new fido_cbor_info_protocols_len 
-        fido_cbor_info_new fido_cbor_info_protocols_ptr 
-        fido_cbor_info_new fido_cbor_info_versions_len 
-        fido_cbor_info_new fido_cbor_info_versions_ptr 
-        fido_cbor_info_new fido_dev_get_cbor_info 
+        fido_cbor_info_new fido_cbor_info_options_len
+        fido_cbor_info_new fido_cbor_info_options_name_ptr
+        fido_cbor_info_new fido_cbor_info_options_value_ptr
+        fido_cbor_info_new fido_cbor_info_protocols_len
+        fido_cbor_info_new fido_cbor_info_protocols_ptr
+        fido_cbor_info_new fido_cbor_info_versions_len
+        fido_cbor_info_new fido_cbor_info_versions_ptr
+        fido_cbor_info_new fido_dev_get_cbor_info
         fido_cred_new fido_cred_authdata_len
         fido_cred_new fido_cred_authdata_ptr
         fido_cred_new fido_cred_clientdata_hash_len
         fido_cred_new fido_cred_clientdata_hash_ptr
+        fido_cred_new fido_cred_display_name
+        fido_cred_new fido_cred_flags
         fido_cred_new fido_cred_fmt
         fido_cred_new fido_cred_free
         fido_cred_new fido_cred_id_len
         fido_cred_new fido_cred_id_ptr
+        fido_cred_new fido_cred_aaguid_len
+        fido_cred_new fido_cred_aaguid_ptr
         fido_cred_new fido_cred_prot
         fido_cred_new fido_cred_pubkey_len
         fido_cred_new fido_cred_pubkey_ptr
+        fido_cred_new fido_cred_rp_id
+        fido_cred_new fido_cred_rp_name
         fido_cred_new fido_cred_sig_len
         fido_cred_new fido_cred_sig_ptr
+        fido_cred_new fido_cred_type
+        fido_cred_new fido_cred_user_name
+        fido_cred_new fido_cred_user_id_len
+        fido_cred_new fido_cred_user_id_ptr
         fido_cred_new fido_cred_x5c_len
         fido_cred_new fido_cred_x5c_ptr
         fido_credman_metadata_new fido_credman_del_dev_rk
@@ -171,6 +186,8 @@ list(APPEND MAN_ALIAS
         fido_dev_open fido_dev_force_u2f
         fido_dev_open fido_dev_free
         fido_dev_open fido_dev_is_fido2
+        fido_dev_open fido_dev_supports_cred_prot
+        fido_dev_open fido_dev_supports_pin
         fido_dev_open fido_dev_major
         fido_dev_open fido_dev_minor
         fido_dev_open fido_dev_new
@@ -224,7 +241,7 @@ endforeach()
 # man_gzip
 foreach(f ${MAN_SOURCES})
         add_custom_command(OUTPUT ${f}.gz
-                COMMAND gzip -c ${f} > ${f}.gz
+                COMMAND gzip -cn ${f} > ${f}.gz
                 DEPENDS ${f})
         list(APPEND GZ_FILES ${f}.gz)
 endforeach()
diff --git a/man/NOTES b/man/NOTES
index 4a461ff..5cba436 100644
--- a/man/NOTES
+++ b/man/NOTES
@@ -2,3 +2,6 @@ To generate .partial files for https://developers.yubico.com/:
 
 $ make -C build man_symlink_html_partial
 $ (cd build/man && pax -p p -r -w *.partial /tmp/partial)
+
+Use mandoc 1.14.4. Otherwise, adjust dyc.css to mandoc's HTML
+output.
diff --git a/man/fido2-assert.1 b/man/fido2-assert.1
index 67883e2..e77e771 100644
--- a/man/fido2-assert.1
+++ b/man/fido2-assert.1
@@ -12,6 +12,7 @@
 .Nm
 .Fl G
 .Op Fl dhpruv
+.Op Fl t Ar option
 .Op Fl i Ar input_file
 .Op Fl o Ar output_file
 .Ar device
@@ -110,6 +111,29 @@ is specified,
 .Nm
 will not expect a credential id in its input, and may output
 multiple assertions.
+.It Fl t Ar option
+Toggles a key/value
+.Ar option ,
+where
+.Ar option
+is a string of the form
+.Dq key=value .
+The options supported at present are:
+.Bl -tag -width Ds
+.It Cm up Ns = Ns Ar true|false
+Asks the authenticator for user presence to be enabled or disabled.
+.It Cm uv Ns = Ns Ar true|false
+Asks the authenticator for user verification to be enabled or
+disabled.
+.It Cm pin Ns = Ns Ar true|false
+Tells
+.Nm
+whether to prompt for a PIN and request user verification.
+.El
+.Pp
+The
+.Fl t
+option may be specified multiple times.
 .It Fl u
 Obtain an assertion using U2F.
 By default,
@@ -119,6 +143,10 @@ U2F otherwise.
 .It Fl v
 If obtaining an assertion, prompt the user for a PIN and request
 user verification from the authenticator.
+If verifying an assertion, check whether the user verification bit
+was signed by the authenticator.
+.El
+.Pp
 If a
 .Em tty
 is available,
@@ -127,9 +155,6 @@ will use it to obtain the PIN.
 Otherwise,
 .Em stdin
 is used.
-If verifying an assertion, check whether the user verification bit
-was signed by the authenticator.
-.El
 .Sh INPUT FORMAT
 The input of
 .Nm
@@ -140,7 +165,7 @@ When obtaining an assertion,
 .Nm
 expects its input to consist of:
 .Pp
-.Bl -enum -offset indent -compact                                   
+.Bl -enum -offset indent -compact
 .It
 client data hash (base64 blob);
 .It
diff --git a/man/fido2-cred.1 b/man/fido2-cred.1
index d9bf7d2..4132d26 100644
--- a/man/fido2-cred.1
+++ b/man/fido2-cred.1
@@ -12,6 +12,7 @@
 .Nm
 .Fl M
 .Op Fl dhqruv
+.Op Fl c Ar cred_protect
 .Op Fl i Ar input_file
 .Op Fl o Ar output_file
 .Ar device
@@ -19,6 +20,7 @@
 .Nm
 .Fl V
 .Op Fl dhv
+.Op Fl c Ar cred_protect
 .Op Fl i Ar input_file
 .Op Fl o Ar output_file
 .Op Ar type
@@ -89,6 +91,12 @@ to make a new credential on
 Tells
 .Nm
 to verify a credential.
+.It Fl c Ar cred_protect
+If making a credential, set the credential's protection level to
+.Ar cred_protect .
+If verifying a credential, check whether the credential's protection
+level was signed by the authenticator as
+.Ar cred_protect .
 .It Fl d
 Causes
 .Nm
diff --git a/man/fido_assert_new.3 b/man/fido_assert_new.3
index 0c2f92f..b1b1f2f 100644
--- a/man/fido_assert_new.3
+++ b/man/fido_assert_new.3
@@ -9,6 +9,7 @@
 .Nm fido_assert_new ,
 .Nm fido_assert_free ,
 .Nm fido_assert_count ,
+.Nm fido_assert_rp_id ,
 .Nm fido_assert_user_display_name ,
 .Nm fido_assert_user_icon ,
 .Nm fido_assert_user_name ,
@@ -17,12 +18,15 @@
 .Nm fido_assert_hmac_secret_ptr ,
 .Nm fido_assert_user_id_ptr ,
 .Nm fido_assert_sig_ptr ,
+.Nm fido_assert_id_ptr ,
 .Nm fido_assert_authdata_len ,
 .Nm fido_assert_clientdata_hash_len ,
 .Nm fido_assert_hmac_secret_len ,
 .Nm fido_assert_user_id_len ,
 .Nm fido_assert_sig_len ,
-.Nm fido_assert_sigcount
+.Nm fido_assert_id_len ,
+.Nm fido_assert_sigcount ,
+.Nm fido_assert_flags
 .Nd FIDO 2 assertion API
 .Sh SYNOPSIS
 .In fido.h
@@ -33,6 +37,8 @@
 .Ft size_t
 .Fn fido_assert_count "const fido_assert_t *assert"
 .Ft const char *
+.Fn fido_assert_rp_id "const fido_assert_t *assert"
+.Ft const char *
 .Fn fido_assert_user_display_name "const fido_assert_t *assert" "size_t idx"
 .Ft const char *
 .Fn fido_assert_user_icon "const fido_assert_t *assert" "size_t idx"
@@ -48,6 +54,8 @@
 .Fn fido_assert_user_id_ptr "const fido_assert_t *assert" "size_t idx"
 .Ft const unsigned char *
 .Fn fido_assert_sig_ptr "const fido_assert_t *assert" "size_t idx"
+.Ft const unsigned char *
+.Fn fido_assert_id_ptr "const fido_assert_t *assert" "size_t idx"
 .Ft size_t
 .Fn fido_assert_authdata_len "const fido_assert_t *assert" "size_t idx"
 .Ft size_t
@@ -58,8 +66,12 @@
 .Fn fido_assert_user_id_len "const fido_assert_t *assert" "size_t idx"
 .Ft size_t
 .Fn fido_assert_sig_len "const fido_assert_t *assert" "size_t idx"
+.Ft size_t
+.Fn fido_assert_id_len "const fido_assert_t *assert" "size_t idx"
 .Ft uint32_t
 .Fn fido_assert_sigcount "const fido_assert_t *assert" "size_t idx"
+.Ft uint8_t
+.Fn fido_assert_flags "const fido_assert_t *assert" "size_t idx"
 .Sh DESCRIPTION
 FIDO 2 assertions are abstracted in
 .Em libfido2
@@ -110,6 +122,12 @@ function returns the number of statements in
 .Fa assert .
 .Pp
 The
+.Fn fido_assert_rp_id
+function returns a pointer to a NUL-terminated string holding the
+relying party ID of
+.Fa assert .
+.Pp
+The
 .Fn fido_assert_user_display_name ,
 .Fn fido_assert_user_icon ,
 and
@@ -126,10 +144,11 @@ The
 .Fn fido_assert_user_id_ptr ,
 .Fn fido_assert_authdata_ptr ,
 .Fn fido_assert_hmac_secret_ptr ,
+.Fn fido_assert_sig_ptr ,
 and
-.Fn fido_assert_sig_ptr
+.Fn fido_assert_id_ptr
 functions return pointers to the user ID, authenticator data,
-hmac-secret, and signature attributes of statement
+hmac-secret, signature, and credential ID attributes of statement
 .Fa idx
 in
 .Fa assert .
@@ -137,8 +156,9 @@ The
 .Fn fido_assert_user_id_len ,
 .Fn fido_assert_authdata_len ,
 .Fn fido_assert_hmac_secret_len ,
+.Fn fido_assert_sig_len ,
 and
-.Fn fido_assert_sig_len
+.Fn fido_assert_id_len
 functions can be used to retrieve the corresponding length of a
 specific attribute.
 .Pp
@@ -149,6 +169,13 @@ function can be used to obtain the signature counter of statement
 in
 .Fa assert .
 .Pp
+The
+.Fn fido_assert_flags
+function returns the authenticator data flags of statement
+.Fa idx
+in
+.Fa assert .
+.Pp
 Please note that the first statement in
 .Fa assert
 has an
diff --git a/man/fido_cbor_info_new.3 b/man/fido_cbor_info_new.3
index 3e7de1f..ee942e6 100644
--- a/man/fido_cbor_info_new.3
+++ b/man/fido_cbor_info_new.3
@@ -21,6 +21,8 @@
 .Nm fido_cbor_info_versions_len ,
 .Nm fido_cbor_info_options_len ,
 .Nm fido_cbor_info_maxmsgsiz ,
+.Nm fido_cbor_info_maxcredcntlst ,
+.Nm fido_cbor_info_maxcredidlen ,
 .Nm fido_cbor_info_fwversion
 .Nd FIDO 2 CBOR Info API
 .Sh SYNOPSIS
@@ -56,6 +58,10 @@
 .Ft uint64_t
 .Fn fido_cbor_info_maxmsgsiz "const fido_cbor_info_t *ci"
 .Ft uint64_t
+.Fn fido_cbor_info_maxcredcntlst "const fido_cbor_info_t *ci"
+.Ft uint64_t
+.Fn fido_cbor_info_maxcredidlen "const fido_cbor_info_t *ci"
+.Ft uint64_t
 .Fn fido_cbor_info_fwversion "const fido_cbor_info_t *ci"
 .Sh DESCRIPTION
 The
@@ -103,8 +109,8 @@ The
 .Fn fido_cbor_info_protocols_ptr ,
 and
 .Fn fido_cbor_info_versions_ptr
-functions return pointers to the AAGUID, supported extensions,
-PIN protocol and CTAP version strings of
+functions return pointers to the authenticator attestation GUID,
+supported extensions, PIN protocol and CTAP version strings of
 .Fa ci .
 The corresponding length of a given attribute can be
 obtained by
@@ -131,6 +137,18 @@ function returns the maximum message size attribute of
 .Fa ci .
 .Pp
 The
+.Fn fido_cbor_info_maxcredcntlst
+function returns the maximum supported number of credentials in
+a single credential ID list as reported in
+.Fa ci .
+.Pp
+The
+.Fn fido_cbor_info_maxcredidlen
+function returns the maximum supported length of a credential ID
+as reported in
+.Fa ci .
+.Pp
+The
 .Fn fido_cbor_info_fwversion
 function returns the firmware version attribute of
 .Fa ci .
diff --git a/man/fido_cred_new.3 b/man/fido_cred_new.3
index 22af60c..d2023eb 100644
--- a/man/fido_cred_new.3
+++ b/man/fido_cred_new.3
@@ -10,18 +10,28 @@
 .Nm fido_cred_free ,
 .Nm fido_cred_prot ,
 .Nm fido_cred_fmt ,
+.Nm fido_cred_rp_id ,
+.Nm fido_cred_rp_name ,
+.Nm fido_cred_user_name ,
+.Nm fido_cred_display_name ,
 .Nm fido_cred_authdata_ptr ,
 .Nm fido_cred_clientdata_hash_ptr ,
 .Nm fido_cred_id_ptr ,
+.Nm fido_cred_aaguid_ptr ,
 .Nm fido_cred_pubkey_ptr ,
 .Nm fido_cred_sig_ptr ,
+.Nm fido_cred_user_id_ptr ,
 .Nm fido_cred_x5c_ptr ,
 .Nm fido_cred_authdata_len ,
 .Nm fido_cred_clientdata_hash_len ,
 .Nm fido_cred_id_len ,
+.Nm fido_cred_aaguid_len ,
 .Nm fido_cred_pubkey_len ,
 .Nm fido_cred_sig_len ,
-.Nm fido_cred_x5c_len
+.Nm fido_cred_user_id_len ,
+.Nm fido_cred_x5c_len ,
+.Nm fido_cred_type ,
+.Nm fido_cred_flags
 .Nd FIDO 2 credential API
 .Sh SYNOPSIS
 .In fido.h
@@ -33,6 +43,14 @@
 .Fn fido_cred_prot "fido_cred_t *cred"
 .Ft const char *
 .Fn fido_cred_fmt "const fido_cred_t *cred"
+.Ft const char *
+.Fn fido_cred_rp_id "const fido_cred_t *cred"
+.Ft const char *
+.Fn fido_cred_rp_name "const fido_cred_t *cred"
+.Ft const char *
+.Fn fido_cred_user_name "const fido_cred_t *cred"
+.Ft const char *
+.Fn fido_cred_display_name "const fido_cred_t *cred"
 .Ft const unsigned char *
 .Fn fido_cred_authdata_ptr "const fido_cred_t *cred"
 .Ft const unsigned char *
@@ -40,10 +58,14 @@
 .Ft const unsigned char *
 .Fn fido_cred_id_ptr "const fido_cred_t *cred"
 .Ft const unsigned char *
+.Fn fido_cred_aaguid_ptr "const fido_cred_t *cred"
+.Ft const unsigned char *
 .Fn fido_cred_pubkey_ptr "const fido_cred_t *cred"
 .Ft const unsigned char *
 .Fn fido_cred_sig_ptr "const fido_cred_t *cred"
 .Ft const unsigned char *
+.Fn fido_cred_user_id_ptr "const fido_cred_t *cred"
+.Ft const unsigned char *
 .Fn fido_cred_x5c_ptr "const fido_cred_t *cred"
 .Ft size_t
 .Fn fido_cred_authdata_len "const fido_cred_t *cred"
@@ -52,11 +74,19 @@
 .Ft size_t
 .Fn fido_cred_id_len "const fido_cred_t *cred"
 .Ft size_t
+.Fn fido_cred_aaguid_len "const fido_cred_t *cred"
+.Ft size_t
 .Fn fido_cred_pubkey_len "const fido_cred_t *cred"
 .Ft size_t
 .Fn fido_cred_sig_len "const fido_cred_t *cred"
 .Ft size_t
+.Fn fido_cred_user_id_len "const fido_cred_t *cred"
+.Ft size_t
 .Fn fido_cred_x5c_len "const fido_cred_t *cred"
+.Ft int
+.Fn fido_cred_type "const fido_cred_t *cred"
+.Ft uint8_t
+.Fn fido_cred_flags "const fido_cred_t *cred"
 .Sh DESCRIPTION
 FIDO 2 credentials are abstracted in
 .Em libfido2
@@ -120,15 +150,30 @@ or NULL if
 does not have a format set.
 .Pp
 The
+.Fn fido_cred_rp_id ,
+.Fn fido_cred_rp_name ,
+.Fn fido_cred_user_name ,
+and
+.Fn fido_cred_display_name
+functions return pointers to NUL-terminated strings holding the
+relying party ID, relying party name, user name, and user display
+name attributes of
+.Fa cred ,
+or NULL if the respective entry is not set.
+.Pp
+The
 .Fn fido_cred_authdata_ptr ,
 .Fn fido_cred_clientdata_hash_ptr ,
 .Fn fido_cred_id_ptr ,
+.Fn fido_cred_aaguid_ptr ,
 .Fn fido_cred_pubkey_ptr ,
 .Fn fido_cred_sig_ptr ,
+.Fn fido_cred_user_id_ptr ,
 and
 .Fn fido_cred_x5c_ptr
 functions return pointers to the authenticator data, client data
-hash, ID, public key, signature and x509 certificate parts of
+hash, ID, authenticator attestation GUID, public key, signature,
+user ID, and x509 certificate parts of
 .Fa cred ,
 or NULL if the respective entry is not set.
 .Pp
@@ -136,12 +181,25 @@ The corresponding length can be obtained by
 .Fn fido_cred_authdata_len ,
 .Fn fido_cred_clientdata_hash_len ,
 .Fn fido_cred_id_len ,
+.Fn fido_cred_aaguid_len ,
 .Fn fido_cred_pubkey_len ,
+.Fn fido_cred_sig_len ,
+.Fn fido_cred_user_id_len ,
 and
-.Fn fido_cred_sig_len .
+.Fn fido_cred_x5c_len .
 .Pp
 The authenticator data, x509 certificate, and signature parts of a
 credential are typically passed to a FIDO 2 server for verification.
+.Pp
+The
+.Fn fido_cred_type
+function returns the COSE algorithm of
+.Fa cred .
+.Pp
+The
+.Fn fido_cred_flags
+function returns the authenticator data flags of
+.Fa cred .
 .Sh RETURN VALUES
 The authenticator data returned by
 .Fn fido_cred_authdata_ptr
@@ -152,6 +210,7 @@ If not NULL, pointers returned by
 .Fn fido_cred_authdata_ptr ,
 .Fn fido_cred_clientdata_hash_ptr ,
 .Fn fido_cred_id_ptr ,
+.Fn fido_cred_aaguid_ptr ,
 .Fn fido_cred_pubkey_ptr ,
 .Fn fido_cred_sig_ptr ,
 and
diff --git a/man/fido_dev_get_touch_begin.3 b/man/fido_dev_get_touch_begin.3
new file mode 100644
index 0000000..8372c6f
--- /dev/null
+++ b/man/fido_dev_get_touch_begin.3
@@ -0,0 +1,73 @@
+.\" Copyright (c) 2020 Yubico AB. All rights reserved.
+.\" Use of this source code is governed by a BSD-style
+.\" license that can be found in the LICENSE file.
+.\"
+.Dd $Mdocdate: August 5 2020 $
+.Dt FIDO_DEV_GET_TOUCH_BEGIN 3
+.Os
+.Sh NAME
+.Nm fido_dev_get_touch_begin ,
+.Nm fido_dev_get_touch_status
+.Nd asynchronously wait for touch on a FIDO 2 authenticator
+.Sh SYNOPSIS
+.In fido.h
+.Ft int
+.Fn fido_dev_get_touch_begin "fido_dev_t *dev"
+.Ft int
+.Fn fido_dev_get_touch_status "fido_dev_t *dev" "int *touched" "int ms"
+.Sh DESCRIPTION
+The functions described in this page allow an application to
+asynchronously wait for touch on a FIDO authenticator.
+This is useful when multiple authenticators are present and
+the application needs to know which one to use.
+.Pp
+The
+.Fn fido_dev_get_touch_begin
+function initiates a touch request on
+.Fa dev .
+.Pp
+The
+.Fn fido_dev_get_touch_status
+function continues an ongoing touch request on
+.Fa dev ,
+blocking up to
+.Fa ms
+milliseconds.
+On success,
+.Fa touched
+will be updated to reflect the touch request status.
+If
+.Fa touched
+is 1, the device was touched, and the touch request is
+terminated.
+If
+.Fa touched
+is 0, the application may call
+.Fn fido_dev_get_touch_status
+to continue the touch request, or
+.Fn fido_dev_cancel
+to terminate it.
+.Sh RETURN VALUES
+The error codes returned by
+.Fn fido_dev_get_touch_begin
+and
+.Fn fido_dev_get_touch_status
+are defined in
+.In fido/err.h .
+On success,
+.Dv FIDO_OK
+is returned.
+.Sh EXAMPLES
+Please refer to
+.Em examples/select.c
+in
+.Em libfido2's
+source tree.
+.Sh SEE ALSO
+.Xr fido_dev_cancel 3
+.Sh CAVEATS
+The
+.Fn fido_dev_get_touch_status
+function will cause a command to be transmitted to U2F
+authenticators.
+These transmissions should not exceed a frequency of 5Hz.
diff --git a/man/fido_dev_open.3 b/man/fido_dev_open.3
index 53e3a12..6c7489d 100644
--- a/man/fido_dev_open.3
+++ b/man/fido_dev_open.3
@@ -14,6 +14,9 @@
 .Nm fido_dev_force_fido2 ,
 .Nm fido_dev_force_u2f ,
 .Nm fido_dev_is_fido2 ,
+.Nm fido_dev_supports_cred_prot ,
+.Nm fido_dev_supports_pin ,
+.Nm fido_dev_has_pin ,
 .Nm fido_dev_protocol ,
 .Nm fido_dev_build ,
 .Nm fido_dev_flags ,
@@ -38,6 +41,12 @@
 .Fn fido_dev_force_u2f "fido_dev_t *dev"
 .Ft bool
 .Fn fido_dev_is_fido2 "const fido_dev_t *dev"
+.Ft bool
+.Fn fido_dev_supports_cred_prot "const fido_dev_t *dev"
+.Ft bool
+.Fn fido_dev_supports_pin "const fido_dev_t *dev"
+.Ft bool
+.Fn fido_dev_has_pin "const fido_dev_t *dev"
 .Ft uint8_t
 .Fn fido_dev_protocol "const fido_dev_t *dev"
 .Ft uint8_t
@@ -117,6 +126,30 @@ if
 is a FIDO 2 device.
 .Pp
 The
+.Fn fido_dev_supports_cred_prot
+function returns
+.Dv true
+if
+.Fa dev
+supports FIDO 2.1 Credential Protection.
+.Pp
+The
+.Fn fido_dev_supports_pin
+function returns
+.Dv true
+if
+.Fa dev
+supports FIDO 2.0 Client PINs.
+.Pp
+The
+.Fn fido_dev_has_pin
+function returns
+.Dv true
+if
+.Fa dev
+has a FIDO 2.0 Client PIN set.
+.Pp
+The
 .Fn fido_dev_protocol
 function returns the CTAPHID protocol version identifier of
 .Fa dev .