1 files changed, 88 insertions, 0 deletions
diff --git a/man/fido_dev_set_pin.3 b/man/fido_dev_set_pin.3
new file mode 100644
index 0000000..94f841b
--- /dev/null
+++ b/man/fido_dev_set_pin.3
@@ -0,0 +1,88 @@
+.\" Copyright (c) 2018 Yubico AB. All rights reserved.
+.\" Use of this source code is governed by a BSD-style
+.\" license that can be found in the LICENSE file.
+.\"
+.Dd $Mdocdate: May 25 2018 $
+.Dt FIDO_DEV_SET_PIN 3
+.Os
+.Sh NAME
+.Nm fido_dev_set_pin ,
+.Nm fido_dev_get_retry_count ,
+.Nm fido_dev_reset
+.Nd FIDO 2 device management functions
+.Sh SYNOPSIS
+.In fido.h
+.Ft int
+.Fn fido_dev_set_pin "fido_dev_t *dev" "const char *pin" "const char *oldpin"
+.Ft int
+.Fn fido_dev_get_retry_count "fido_dev_t *dev" "int *retries"
+.Ft int
+.Fn fido_dev_reset "fido_dev_t *dev"
+.Sh DESCRIPTION
+The
+.Fn fido_dev_set_pin
+function sets the PIN of device
+.Fa dev
+to
+.Fa pin ,
+where
+.Fa pin
+is a NUL-terminated UTF-8 string.
+If
+.Fa oldpin
+is not NULL, the device's PIN is changed from
+.Fa oldpin
+to
+.Fa pin ,
+where
+.Fa pin
+and
+.Fa oldpin
+are NUL-terminated UTF-8 strings.
+.Pp
+The
+.Fn fido_dev_get_retry_count
+function fills
+.Fa retries
+with the number of PIN retries left in
+.Fa dev
+before lock-out, where
+.Fa retries
+is an addressable pointer.
+.Pp
+The
+.Fn fido_dev_reset
+function performs a reset on
+.Fa dev ,
+resetting the device's PIN and erasing credentials stored on the
+device.
+.Pp
+Please note that
+.Fn fido_dev_set_pin ,
+.Fn fido_dev_get_retry_count ,
+and
+.Fn fido_dev_reset
+are synchronous and will block if necessary.
+.Sh RETURN VALUES
+The error codes returned by
+.Fn fido_dev_set_pin ,
+.Fn fido_dev_get_retry_count ,
+and
+.Fn fido_dev_reset
+are defined in
+.In fido/err.h .
+On success,
+.Dv FIDO_OK
+is returned.
+.Sh CAVEATS
+Regarding
+.Fn fido_dev_reset ,
+the actual user-flow to perform a reset is outside the scope of the
+FIDO2 specification, and may therefore vary depending on the
+authenticator.
+Yubico authenticators will return
+.Dv FIDO_ERR_NOT_ALLOWED
+if a reset is issued later than 5 seconds after power-up, and
+.Dv FIDO_ERR_ACTION_TIMEOUT
+if the user fails to confirm the reset by touching the key
+within 30 seconds.

diff --git a/man/fido_dev_set_pin.3 b/man/fido_dev_set_pin.3 new file mode 100644 index 0000000..94f841b --- /dev/null +++ b/man/fido_dev_set_pin.3
@@ -0,0 +1,88 @@
	1	.\" Copyright (c) 2018 Yubico AB. All rights reserved.
	2	.\" Use of this source code is governed by a BSD-style
	3	.\" license that can be found in the LICENSE file.
	4	.\"
	5	.Dd $Mdocdate: May 25 2018 $
	6	.Dt FIDO_DEV_SET_PIN 3
	7	.Os
	8	.Sh NAME
	9	.Nm fido_dev_set_pin ,
	10	.Nm fido_dev_get_retry_count ,
	11	.Nm fido_dev_reset
	12	.Nd FIDO 2 device management functions
	13	.Sh SYNOPSIS
	14	.In fido.h
	15	.Ft int
	16	.Fn fido_dev_set_pin "fido_dev_t dev" "const char pin" "const char *oldpin"
	17	.Ft int
	18	.Fn fido_dev_get_retry_count "fido_dev_t dev" "int retries"
	19	.Ft int
	20	.Fn fido_dev_reset "fido_dev_t *dev"
	21	.Sh DESCRIPTION
	22	The
	23	.Fn fido_dev_set_pin
	24	function sets the PIN of device
	25	.Fa dev
	26	to
	27	.Fa pin ,
	28	where
	29	.Fa pin
	30	is a NUL-terminated UTF-8 string.
	31	If
	32	.Fa oldpin
	33	is not NULL, the device's PIN is changed from
	34	.Fa oldpin
	35	to
	36	.Fa pin ,
	37	where
	38	.Fa pin
	39	and
	40	.Fa oldpin
	41	are NUL-terminated UTF-8 strings.
	42	.Pp
	43	The
	44	.Fn fido_dev_get_retry_count
	45	function fills
	46	.Fa retries
	47	with the number of PIN retries left in
	48	.Fa dev
	49	before lock-out, where
	50	.Fa retries
	51	is an addressable pointer.
	52	.Pp
	53	The
	54	.Fn fido_dev_reset
	55	function performs a reset on
	56	.Fa dev ,
	57	resetting the device's PIN and erasing credentials stored on the
	58	device.
	59	.Pp
	60	Please note that
	61	.Fn fido_dev_set_pin ,
	62	.Fn fido_dev_get_retry_count ,
	63	and
	64	.Fn fido_dev_reset
	65	are synchronous and will block if necessary.
	66	.Sh RETURN VALUES
	67	The error codes returned by
	68	.Fn fido_dev_set_pin ,
	69	.Fn fido_dev_get_retry_count ,
	70	and
	71	.Fn fido_dev_reset
	72	are defined in
	73	.In fido/err.h .
	74	On success,
	75	.Dv FIDO_OK
	76	is returned.
	77	.Sh CAVEATS
	78	Regarding
	79	.Fn fido_dev_reset ,
	80	the actual user-flow to perform a reset is outside the scope of the
	81	FIDO2 specification, and may therefore vary depending on the
	82	authenticator.
	83	Yubico authenticators will return
	84	.Dv FIDO_ERR_NOT_ALLOWED
	85	if a reset is issued later than 5 seconds after power-up, and
	86	.Dv FIDO_ERR_ACTION_TIMEOUT
	87	if the user fails to confirm the reset by touching the key
	88	within 30 seconds.