diff options
Diffstat (limited to 'man')
-rw-r--r-- | man/CMakeLists.txt | 55 | ||||
-rw-r--r-- | man/NOTES | 3 | ||||
-rw-r--r-- | man/fido2-assert.1 | 33 | ||||
-rw-r--r-- | man/fido2-cred.1 | 8 | ||||
-rw-r--r-- | man/fido_assert_new.3 | 35 | ||||
-rw-r--r-- | man/fido_cbor_info_new.3 | 22 | ||||
-rw-r--r-- | man/fido_cred_new.3 | 65 | ||||
-rw-r--r-- | man/fido_dev_get_touch_begin.3 | 73 | ||||
-rw-r--r-- | man/fido_dev_open.3 | 33 |
9 files changed, 295 insertions, 32 deletions
diff --git a/man/CMakeLists.txt b/man/CMakeLists.txt index 44e4a96..f0d9cb3 100644 --- a/man/CMakeLists.txt +++ b/man/CMakeLists.txt | |||
@@ -3,12 +3,10 @@ | |||
3 | # license that can be found in the LICENSE file. | 3 | # license that can be found in the LICENSE file. |
4 | 4 | ||
5 | find_program(MANDOC_PATH mandoc) | 5 | find_program(MANDOC_PATH mandoc) |
6 | message(STATUS "MANDOC_PATH: ${MANDOC_PATH}") | 6 | find_program(GZIP_PATH gzip) |
7 | 7 | ||
8 | if(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR CMAKE_SYSTEM_NAME STREQUAL "Linux") | 8 | message(STATUS "MANDOC_PATH: ${MANDOC_PATH}") |
9 | find_program(GZIP_PATH gzip) | 9 | message(STATUS "GZIP_PATH: ${GZIP_PATH}") |
10 | message(STATUS "GZIP_PATH: ${GZIP_PATH}") | ||
11 | endif() | ||
12 | 10 | ||
13 | list(APPEND MAN_SOURCES | 11 | list(APPEND MAN_SOURCES |
14 | eddsa_pk_new.3 | 12 | eddsa_pk_new.3 |
@@ -32,6 +30,7 @@ list(APPEND MAN_SOURCES | |||
32 | fido_cred_set_authdata.3 | 30 | fido_cred_set_authdata.3 |
33 | fido_cred_verify.3 | 31 | fido_cred_verify.3 |
34 | fido_dev_get_assert.3 | 32 | fido_dev_get_assert.3 |
33 | fido_dev_get_touch_begin.3 | ||
35 | fido_dev_info_manifest.3 | 34 | fido_dev_info_manifest.3 |
36 | fido_dev_make_cred.3 | 35 | fido_dev_make_cred.3 |
37 | fido_dev_open.3 | 36 | fido_dev_open.3 |
@@ -54,9 +53,13 @@ list(APPEND MAN_ALIAS | |||
54 | fido_assert_new fido_assert_clientdata_hash_len | 53 | fido_assert_new fido_assert_clientdata_hash_len |
55 | fido_assert_new fido_assert_clientdata_hash_ptr | 54 | fido_assert_new fido_assert_clientdata_hash_ptr |
56 | fido_assert_new fido_assert_count | 55 | fido_assert_new fido_assert_count |
56 | fido_assert_new fido_assert_flags | ||
57 | fido_assert_new fido_assert_free | 57 | fido_assert_new fido_assert_free |
58 | fido_assert_new fido_assert_hmac_secret_len | 58 | fido_assert_new fido_assert_hmac_secret_len |
59 | fido_assert_new fido_assert_hmac_secret_ptr | 59 | fido_assert_new fido_assert_hmac_secret_ptr |
60 | fido_assert_new fido_assert_id_len | ||
61 | fido_assert_new fido_assert_id_ptr | ||
62 | fido_assert_new fido_assert_rp_id | ||
60 | fido_assert_new fido_assert_sigcount | 63 | fido_assert_new fido_assert_sigcount |
61 | fido_assert_new fido_assert_sig_len | 64 | fido_assert_new fido_assert_sig_len |
62 | fido_assert_new fido_assert_sig_ptr | 65 | fido_assert_new fido_assert_sig_ptr |
@@ -95,34 +98,46 @@ list(APPEND MAN_ALIAS | |||
95 | fido_bio_template fido_bio_template_new | 98 | fido_bio_template fido_bio_template_new |
96 | fido_bio_template fido_bio_template_set_id | 99 | fido_bio_template fido_bio_template_set_id |
97 | fido_bio_template fido_bio_template_set_name | 100 | fido_bio_template fido_bio_template_set_name |
98 | fido_cbor_info_new fido_cbor_info_aaguid_len | 101 | fido_cbor_info_new fido_cbor_info_aaguid_len |
99 | fido_cbor_info_new fido_cbor_info_aaguid_ptr | 102 | fido_cbor_info_new fido_cbor_info_aaguid_ptr |
100 | fido_cbor_info_new fido_cbor_info_extensions_len | 103 | fido_cbor_info_new fido_cbor_info_extensions_len |
101 | fido_cbor_info_new fido_cbor_info_extensions_ptr | 104 | fido_cbor_info_new fido_cbor_info_extensions_ptr |
102 | fido_cbor_info_new fido_cbor_info_free | 105 | fido_cbor_info_new fido_cbor_info_free |
103 | fido_cbor_info_new fido_cbor_info_maxmsgsiz | 106 | fido_cbor_info_new fido_cbor_info_maxmsgsiz |
107 | fido_cbor_info_new fido_cbor_info_maxcredcntlst; | ||
108 | fido_cbor_info_new fido_cbor_info_maxcredidlen; | ||
104 | fido_cbor_info_new fido_cbor_info_fwversion | 109 | fido_cbor_info_new fido_cbor_info_fwversion |
105 | fido_cbor_info_new fido_cbor_info_options_len | 110 | fido_cbor_info_new fido_cbor_info_options_len |
106 | fido_cbor_info_new fido_cbor_info_options_name_ptr | 111 | fido_cbor_info_new fido_cbor_info_options_name_ptr |
107 | fido_cbor_info_new fido_cbor_info_options_value_ptr | 112 | fido_cbor_info_new fido_cbor_info_options_value_ptr |
108 | fido_cbor_info_new fido_cbor_info_protocols_len | 113 | fido_cbor_info_new fido_cbor_info_protocols_len |
109 | fido_cbor_info_new fido_cbor_info_protocols_ptr | 114 | fido_cbor_info_new fido_cbor_info_protocols_ptr |
110 | fido_cbor_info_new fido_cbor_info_versions_len | 115 | fido_cbor_info_new fido_cbor_info_versions_len |
111 | fido_cbor_info_new fido_cbor_info_versions_ptr | 116 | fido_cbor_info_new fido_cbor_info_versions_ptr |
112 | fido_cbor_info_new fido_dev_get_cbor_info | 117 | fido_cbor_info_new fido_dev_get_cbor_info |
113 | fido_cred_new fido_cred_authdata_len | 118 | fido_cred_new fido_cred_authdata_len |
114 | fido_cred_new fido_cred_authdata_ptr | 119 | fido_cred_new fido_cred_authdata_ptr |
115 | fido_cred_new fido_cred_clientdata_hash_len | 120 | fido_cred_new fido_cred_clientdata_hash_len |
116 | fido_cred_new fido_cred_clientdata_hash_ptr | 121 | fido_cred_new fido_cred_clientdata_hash_ptr |
122 | fido_cred_new fido_cred_display_name | ||
123 | fido_cred_new fido_cred_flags | ||
117 | fido_cred_new fido_cred_fmt | 124 | fido_cred_new fido_cred_fmt |
118 | fido_cred_new fido_cred_free | 125 | fido_cred_new fido_cred_free |
119 | fido_cred_new fido_cred_id_len | 126 | fido_cred_new fido_cred_id_len |
120 | fido_cred_new fido_cred_id_ptr | 127 | fido_cred_new fido_cred_id_ptr |
128 | fido_cred_new fido_cred_aaguid_len | ||
129 | fido_cred_new fido_cred_aaguid_ptr | ||
121 | fido_cred_new fido_cred_prot | 130 | fido_cred_new fido_cred_prot |
122 | fido_cred_new fido_cred_pubkey_len | 131 | fido_cred_new fido_cred_pubkey_len |
123 | fido_cred_new fido_cred_pubkey_ptr | 132 | fido_cred_new fido_cred_pubkey_ptr |
133 | fido_cred_new fido_cred_rp_id | ||
134 | fido_cred_new fido_cred_rp_name | ||
124 | fido_cred_new fido_cred_sig_len | 135 | fido_cred_new fido_cred_sig_len |
125 | fido_cred_new fido_cred_sig_ptr | 136 | fido_cred_new fido_cred_sig_ptr |
137 | fido_cred_new fido_cred_type | ||
138 | fido_cred_new fido_cred_user_name | ||
139 | fido_cred_new fido_cred_user_id_len | ||
140 | fido_cred_new fido_cred_user_id_ptr | ||
126 | fido_cred_new fido_cred_x5c_len | 141 | fido_cred_new fido_cred_x5c_len |
127 | fido_cred_new fido_cred_x5c_ptr | 142 | fido_cred_new fido_cred_x5c_ptr |
128 | fido_credman_metadata_new fido_credman_del_dev_rk | 143 | fido_credman_metadata_new fido_credman_del_dev_rk |
@@ -171,6 +186,8 @@ list(APPEND MAN_ALIAS | |||
171 | fido_dev_open fido_dev_force_u2f | 186 | fido_dev_open fido_dev_force_u2f |
172 | fido_dev_open fido_dev_free | 187 | fido_dev_open fido_dev_free |
173 | fido_dev_open fido_dev_is_fido2 | 188 | fido_dev_open fido_dev_is_fido2 |
189 | fido_dev_open fido_dev_supports_cred_prot | ||
190 | fido_dev_open fido_dev_supports_pin | ||
174 | fido_dev_open fido_dev_major | 191 | fido_dev_open fido_dev_major |
175 | fido_dev_open fido_dev_minor | 192 | fido_dev_open fido_dev_minor |
176 | fido_dev_open fido_dev_new | 193 | fido_dev_open fido_dev_new |
@@ -224,7 +241,7 @@ endforeach() | |||
224 | # man_gzip | 241 | # man_gzip |
225 | foreach(f ${MAN_SOURCES}) | 242 | foreach(f ${MAN_SOURCES}) |
226 | add_custom_command(OUTPUT ${f}.gz | 243 | add_custom_command(OUTPUT ${f}.gz |
227 | COMMAND gzip -c ${f} > ${f}.gz | 244 | COMMAND gzip -cn ${f} > ${f}.gz |
228 | DEPENDS ${f}) | 245 | DEPENDS ${f}) |
229 | list(APPEND GZ_FILES ${f}.gz) | 246 | list(APPEND GZ_FILES ${f}.gz) |
230 | endforeach() | 247 | endforeach() |
@@ -2,3 +2,6 @@ To generate .partial files for https://developers.yubico.com/: | |||
2 | 2 | ||
3 | $ make -C build man_symlink_html_partial | 3 | $ make -C build man_symlink_html_partial |
4 | $ (cd build/man && pax -p p -r -w *.partial /tmp/partial) | 4 | $ (cd build/man && pax -p p -r -w *.partial /tmp/partial) |
5 | |||
6 | Use mandoc 1.14.4. Otherwise, adjust dyc.css to mandoc's HTML | ||
7 | output. | ||
diff --git a/man/fido2-assert.1 b/man/fido2-assert.1 index 67883e2..e77e771 100644 --- a/man/fido2-assert.1 +++ b/man/fido2-assert.1 | |||
@@ -12,6 +12,7 @@ | |||
12 | .Nm | 12 | .Nm |
13 | .Fl G | 13 | .Fl G |
14 | .Op Fl dhpruv | 14 | .Op Fl dhpruv |
15 | .Op Fl t Ar option | ||
15 | .Op Fl i Ar input_file | 16 | .Op Fl i Ar input_file |
16 | .Op Fl o Ar output_file | 17 | .Op Fl o Ar output_file |
17 | .Ar device | 18 | .Ar device |
@@ -110,6 +111,29 @@ is specified, | |||
110 | .Nm | 111 | .Nm |
111 | will not expect a credential id in its input, and may output | 112 | will not expect a credential id in its input, and may output |
112 | multiple assertions. | 113 | multiple assertions. |
114 | .It Fl t Ar option | ||
115 | Toggles a key/value | ||
116 | .Ar option , | ||
117 | where | ||
118 | .Ar option | ||
119 | is a string of the form | ||
120 | .Dq key=value . | ||
121 | The options supported at present are: | ||
122 | .Bl -tag -width Ds | ||
123 | .It Cm up Ns = Ns Ar true|false | ||
124 | Asks the authenticator for user presence to be enabled or disabled. | ||
125 | .It Cm uv Ns = Ns Ar true|false | ||
126 | Asks the authenticator for user verification to be enabled or | ||
127 | disabled. | ||
128 | .It Cm pin Ns = Ns Ar true|false | ||
129 | Tells | ||
130 | .Nm | ||
131 | whether to prompt for a PIN and request user verification. | ||
132 | .El | ||
133 | .Pp | ||
134 | The | ||
135 | .Fl t | ||
136 | option may be specified multiple times. | ||
113 | .It Fl u | 137 | .It Fl u |
114 | Obtain an assertion using U2F. | 138 | Obtain an assertion using U2F. |
115 | By default, | 139 | By default, |
@@ -119,6 +143,10 @@ U2F otherwise. | |||
119 | .It Fl v | 143 | .It Fl v |
120 | If obtaining an assertion, prompt the user for a PIN and request | 144 | If obtaining an assertion, prompt the user for a PIN and request |
121 | user verification from the authenticator. | 145 | user verification from the authenticator. |
146 | If verifying an assertion, check whether the user verification bit | ||
147 | was signed by the authenticator. | ||
148 | .El | ||
149 | .Pp | ||
122 | If a | 150 | If a |
123 | .Em tty | 151 | .Em tty |
124 | is available, | 152 | is available, |
@@ -127,9 +155,6 @@ will use it to obtain the PIN. | |||
127 | Otherwise, | 155 | Otherwise, |
128 | .Em stdin | 156 | .Em stdin |
129 | is used. | 157 | is used. |
130 | If verifying an assertion, check whether the user verification bit | ||
131 | was signed by the authenticator. | ||
132 | .El | ||
133 | .Sh INPUT FORMAT | 158 | .Sh INPUT FORMAT |
134 | The input of | 159 | The input of |
135 | .Nm | 160 | .Nm |
@@ -140,7 +165,7 @@ When obtaining an assertion, | |||
140 | .Nm | 165 | .Nm |
141 | expects its input to consist of: | 166 | expects its input to consist of: |
142 | .Pp | 167 | .Pp |
143 | .Bl -enum -offset indent -compact | 168 | .Bl -enum -offset indent -compact |
144 | .It | 169 | .It |
145 | client data hash (base64 blob); | 170 | client data hash (base64 blob); |
146 | .It | 171 | .It |
diff --git a/man/fido2-cred.1 b/man/fido2-cred.1 index d9bf7d2..4132d26 100644 --- a/man/fido2-cred.1 +++ b/man/fido2-cred.1 | |||
@@ -12,6 +12,7 @@ | |||
12 | .Nm | 12 | .Nm |
13 | .Fl M | 13 | .Fl M |
14 | .Op Fl dhqruv | 14 | .Op Fl dhqruv |
15 | .Op Fl c Ar cred_protect | ||
15 | .Op Fl i Ar input_file | 16 | .Op Fl i Ar input_file |
16 | .Op Fl o Ar output_file | 17 | .Op Fl o Ar output_file |
17 | .Ar device | 18 | .Ar device |
@@ -19,6 +20,7 @@ | |||
19 | .Nm | 20 | .Nm |
20 | .Fl V | 21 | .Fl V |
21 | .Op Fl dhv | 22 | .Op Fl dhv |
23 | .Op Fl c Ar cred_protect | ||
22 | .Op Fl i Ar input_file | 24 | .Op Fl i Ar input_file |
23 | .Op Fl o Ar output_file | 25 | .Op Fl o Ar output_file |
24 | .Op Ar type | 26 | .Op Ar type |
@@ -89,6 +91,12 @@ to make a new credential on | |||
89 | Tells | 91 | Tells |
90 | .Nm | 92 | .Nm |
91 | to verify a credential. | 93 | to verify a credential. |
94 | .It Fl c Ar cred_protect | ||
95 | If making a credential, set the credential's protection level to | ||
96 | .Ar cred_protect . | ||
97 | If verifying a credential, check whether the credential's protection | ||
98 | level was signed by the authenticator as | ||
99 | .Ar cred_protect . | ||
92 | .It Fl d | 100 | .It Fl d |
93 | Causes | 101 | Causes |
94 | .Nm | 102 | .Nm |
diff --git a/man/fido_assert_new.3 b/man/fido_assert_new.3 index 0c2f92f..b1b1f2f 100644 --- a/man/fido_assert_new.3 +++ b/man/fido_assert_new.3 | |||
@@ -9,6 +9,7 @@ | |||
9 | .Nm fido_assert_new , | 9 | .Nm fido_assert_new , |
10 | .Nm fido_assert_free , | 10 | .Nm fido_assert_free , |
11 | .Nm fido_assert_count , | 11 | .Nm fido_assert_count , |
12 | .Nm fido_assert_rp_id , | ||
12 | .Nm fido_assert_user_display_name , | 13 | .Nm fido_assert_user_display_name , |
13 | .Nm fido_assert_user_icon , | 14 | .Nm fido_assert_user_icon , |
14 | .Nm fido_assert_user_name , | 15 | .Nm fido_assert_user_name , |
@@ -17,12 +18,15 @@ | |||
17 | .Nm fido_assert_hmac_secret_ptr , | 18 | .Nm fido_assert_hmac_secret_ptr , |
18 | .Nm fido_assert_user_id_ptr , | 19 | .Nm fido_assert_user_id_ptr , |
19 | .Nm fido_assert_sig_ptr , | 20 | .Nm fido_assert_sig_ptr , |
21 | .Nm fido_assert_id_ptr , | ||
20 | .Nm fido_assert_authdata_len , | 22 | .Nm fido_assert_authdata_len , |
21 | .Nm fido_assert_clientdata_hash_len , | 23 | .Nm fido_assert_clientdata_hash_len , |
22 | .Nm fido_assert_hmac_secret_len , | 24 | .Nm fido_assert_hmac_secret_len , |
23 | .Nm fido_assert_user_id_len , | 25 | .Nm fido_assert_user_id_len , |
24 | .Nm fido_assert_sig_len , | 26 | .Nm fido_assert_sig_len , |
25 | .Nm fido_assert_sigcount | 27 | .Nm fido_assert_id_len , |
28 | .Nm fido_assert_sigcount , | ||
29 | .Nm fido_assert_flags | ||
26 | .Nd FIDO 2 assertion API | 30 | .Nd FIDO 2 assertion API |
27 | .Sh SYNOPSIS | 31 | .Sh SYNOPSIS |
28 | .In fido.h | 32 | .In fido.h |
@@ -33,6 +37,8 @@ | |||
33 | .Ft size_t | 37 | .Ft size_t |
34 | .Fn fido_assert_count "const fido_assert_t *assert" | 38 | .Fn fido_assert_count "const fido_assert_t *assert" |
35 | .Ft const char * | 39 | .Ft const char * |
40 | .Fn fido_assert_rp_id "const fido_assert_t *assert" | ||
41 | .Ft const char * | ||
36 | .Fn fido_assert_user_display_name "const fido_assert_t *assert" "size_t idx" | 42 | .Fn fido_assert_user_display_name "const fido_assert_t *assert" "size_t idx" |
37 | .Ft const char * | 43 | .Ft const char * |
38 | .Fn fido_assert_user_icon "const fido_assert_t *assert" "size_t idx" | 44 | .Fn fido_assert_user_icon "const fido_assert_t *assert" "size_t idx" |
@@ -48,6 +54,8 @@ | |||
48 | .Fn fido_assert_user_id_ptr "const fido_assert_t *assert" "size_t idx" | 54 | .Fn fido_assert_user_id_ptr "const fido_assert_t *assert" "size_t idx" |
49 | .Ft const unsigned char * | 55 | .Ft const unsigned char * |
50 | .Fn fido_assert_sig_ptr "const fido_assert_t *assert" "size_t idx" | 56 | .Fn fido_assert_sig_ptr "const fido_assert_t *assert" "size_t idx" |
57 | .Ft const unsigned char * | ||
58 | .Fn fido_assert_id_ptr "const fido_assert_t *assert" "size_t idx" | ||
51 | .Ft size_t | 59 | .Ft size_t |
52 | .Fn fido_assert_authdata_len "const fido_assert_t *assert" "size_t idx" | 60 | .Fn fido_assert_authdata_len "const fido_assert_t *assert" "size_t idx" |
53 | .Ft size_t | 61 | .Ft size_t |
@@ -58,8 +66,12 @@ | |||
58 | .Fn fido_assert_user_id_len "const fido_assert_t *assert" "size_t idx" | 66 | .Fn fido_assert_user_id_len "const fido_assert_t *assert" "size_t idx" |
59 | .Ft size_t | 67 | .Ft size_t |
60 | .Fn fido_assert_sig_len "const fido_assert_t *assert" "size_t idx" | 68 | .Fn fido_assert_sig_len "const fido_assert_t *assert" "size_t idx" |
69 | .Ft size_t | ||
70 | .Fn fido_assert_id_len "const fido_assert_t *assert" "size_t idx" | ||
61 | .Ft uint32_t | 71 | .Ft uint32_t |
62 | .Fn fido_assert_sigcount "const fido_assert_t *assert" "size_t idx" | 72 | .Fn fido_assert_sigcount "const fido_assert_t *assert" "size_t idx" |
73 | .Ft uint8_t | ||
74 | .Fn fido_assert_flags "const fido_assert_t *assert" "size_t idx" | ||
63 | .Sh DESCRIPTION | 75 | .Sh DESCRIPTION |
64 | FIDO 2 assertions are abstracted in | 76 | FIDO 2 assertions are abstracted in |
65 | .Em libfido2 | 77 | .Em libfido2 |
@@ -110,6 +122,12 @@ function returns the number of statements in | |||
110 | .Fa assert . | 122 | .Fa assert . |
111 | .Pp | 123 | .Pp |
112 | The | 124 | The |
125 | .Fn fido_assert_rp_id | ||
126 | function returns a pointer to a NUL-terminated string holding the | ||
127 | relying party ID of | ||
128 | .Fa assert . | ||
129 | .Pp | ||
130 | The | ||
113 | .Fn fido_assert_user_display_name , | 131 | .Fn fido_assert_user_display_name , |
114 | .Fn fido_assert_user_icon , | 132 | .Fn fido_assert_user_icon , |
115 | and | 133 | and |
@@ -126,10 +144,11 @@ The | |||
126 | .Fn fido_assert_user_id_ptr , | 144 | .Fn fido_assert_user_id_ptr , |
127 | .Fn fido_assert_authdata_ptr , | 145 | .Fn fido_assert_authdata_ptr , |
128 | .Fn fido_assert_hmac_secret_ptr , | 146 | .Fn fido_assert_hmac_secret_ptr , |
147 | .Fn fido_assert_sig_ptr , | ||
129 | and | 148 | and |
130 | .Fn fido_assert_sig_ptr | 149 | .Fn fido_assert_id_ptr |
131 | functions return pointers to the user ID, authenticator data, | 150 | functions return pointers to the user ID, authenticator data, |
132 | hmac-secret, and signature attributes of statement | 151 | hmac-secret, signature, and credential ID attributes of statement |
133 | .Fa idx | 152 | .Fa idx |
134 | in | 153 | in |
135 | .Fa assert . | 154 | .Fa assert . |
@@ -137,8 +156,9 @@ The | |||
137 | .Fn fido_assert_user_id_len , | 156 | .Fn fido_assert_user_id_len , |
138 | .Fn fido_assert_authdata_len , | 157 | .Fn fido_assert_authdata_len , |
139 | .Fn fido_assert_hmac_secret_len , | 158 | .Fn fido_assert_hmac_secret_len , |
159 | .Fn fido_assert_sig_len , | ||
140 | and | 160 | and |
141 | .Fn fido_assert_sig_len | 161 | .Fn fido_assert_id_len |
142 | functions can be used to retrieve the corresponding length of a | 162 | functions can be used to retrieve the corresponding length of a |
143 | specific attribute. | 163 | specific attribute. |
144 | .Pp | 164 | .Pp |
@@ -149,6 +169,13 @@ function can be used to obtain the signature counter of statement | |||
149 | in | 169 | in |
150 | .Fa assert . | 170 | .Fa assert . |
151 | .Pp | 171 | .Pp |
172 | The | ||
173 | .Fn fido_assert_flags | ||
174 | function returns the authenticator data flags of statement | ||
175 | .Fa idx | ||
176 | in | ||
177 | .Fa assert . | ||
178 | .Pp | ||
152 | Please note that the first statement in | 179 | Please note that the first statement in |
153 | .Fa assert | 180 | .Fa assert |
154 | has an | 181 | has an |
diff --git a/man/fido_cbor_info_new.3 b/man/fido_cbor_info_new.3 index 3e7de1f..ee942e6 100644 --- a/man/fido_cbor_info_new.3 +++ b/man/fido_cbor_info_new.3 | |||
@@ -21,6 +21,8 @@ | |||
21 | .Nm fido_cbor_info_versions_len , | 21 | .Nm fido_cbor_info_versions_len , |
22 | .Nm fido_cbor_info_options_len , | 22 | .Nm fido_cbor_info_options_len , |
23 | .Nm fido_cbor_info_maxmsgsiz , | 23 | .Nm fido_cbor_info_maxmsgsiz , |
24 | .Nm fido_cbor_info_maxcredcntlst , | ||
25 | .Nm fido_cbor_info_maxcredidlen , | ||
24 | .Nm fido_cbor_info_fwversion | 26 | .Nm fido_cbor_info_fwversion |
25 | .Nd FIDO 2 CBOR Info API | 27 | .Nd FIDO 2 CBOR Info API |
26 | .Sh SYNOPSIS | 28 | .Sh SYNOPSIS |
@@ -56,6 +58,10 @@ | |||
56 | .Ft uint64_t | 58 | .Ft uint64_t |
57 | .Fn fido_cbor_info_maxmsgsiz "const fido_cbor_info_t *ci" | 59 | .Fn fido_cbor_info_maxmsgsiz "const fido_cbor_info_t *ci" |
58 | .Ft uint64_t | 60 | .Ft uint64_t |
61 | .Fn fido_cbor_info_maxcredcntlst "const fido_cbor_info_t *ci" | ||
62 | .Ft uint64_t | ||
63 | .Fn fido_cbor_info_maxcredidlen "const fido_cbor_info_t *ci" | ||
64 | .Ft uint64_t | ||
59 | .Fn fido_cbor_info_fwversion "const fido_cbor_info_t *ci" | 65 | .Fn fido_cbor_info_fwversion "const fido_cbor_info_t *ci" |
60 | .Sh DESCRIPTION | 66 | .Sh DESCRIPTION |
61 | The | 67 | The |
@@ -103,8 +109,8 @@ The | |||
103 | .Fn fido_cbor_info_protocols_ptr , | 109 | .Fn fido_cbor_info_protocols_ptr , |
104 | and | 110 | and |
105 | .Fn fido_cbor_info_versions_ptr | 111 | .Fn fido_cbor_info_versions_ptr |
106 | functions return pointers to the AAGUID, supported extensions, | 112 | functions return pointers to the authenticator attestation GUID, |
107 | PIN protocol and CTAP version strings of | 113 | supported extensions, PIN protocol and CTAP version strings of |
108 | .Fa ci . | 114 | .Fa ci . |
109 | The corresponding length of a given attribute can be | 115 | The corresponding length of a given attribute can be |
110 | obtained by | 116 | obtained by |
@@ -131,6 +137,18 @@ function returns the maximum message size attribute of | |||
131 | .Fa ci . | 137 | .Fa ci . |
132 | .Pp | 138 | .Pp |
133 | The | 139 | The |
140 | .Fn fido_cbor_info_maxcredcntlst | ||
141 | function returns the maximum supported number of credentials in | ||
142 | a single credential ID list as reported in | ||
143 | .Fa ci . | ||
144 | .Pp | ||
145 | The | ||
146 | .Fn fido_cbor_info_maxcredidlen | ||
147 | function returns the maximum supported length of a credential ID | ||
148 | as reported in | ||
149 | .Fa ci . | ||
150 | .Pp | ||
151 | The | ||
134 | .Fn fido_cbor_info_fwversion | 152 | .Fn fido_cbor_info_fwversion |
135 | function returns the firmware version attribute of | 153 | function returns the firmware version attribute of |
136 | .Fa ci . | 154 | .Fa ci . |
diff --git a/man/fido_cred_new.3 b/man/fido_cred_new.3 index 22af60c..d2023eb 100644 --- a/man/fido_cred_new.3 +++ b/man/fido_cred_new.3 | |||
@@ -10,18 +10,28 @@ | |||
10 | .Nm fido_cred_free , | 10 | .Nm fido_cred_free , |
11 | .Nm fido_cred_prot , | 11 | .Nm fido_cred_prot , |
12 | .Nm fido_cred_fmt , | 12 | .Nm fido_cred_fmt , |
13 | .Nm fido_cred_rp_id , | ||
14 | .Nm fido_cred_rp_name , | ||
15 | .Nm fido_cred_user_name , | ||
16 | .Nm fido_cred_display_name , | ||
13 | .Nm fido_cred_authdata_ptr , | 17 | .Nm fido_cred_authdata_ptr , |
14 | .Nm fido_cred_clientdata_hash_ptr , | 18 | .Nm fido_cred_clientdata_hash_ptr , |
15 | .Nm fido_cred_id_ptr , | 19 | .Nm fido_cred_id_ptr , |
20 | .Nm fido_cred_aaguid_ptr , | ||
16 | .Nm fido_cred_pubkey_ptr , | 21 | .Nm fido_cred_pubkey_ptr , |
17 | .Nm fido_cred_sig_ptr , | 22 | .Nm fido_cred_sig_ptr , |
23 | .Nm fido_cred_user_id_ptr , | ||
18 | .Nm fido_cred_x5c_ptr , | 24 | .Nm fido_cred_x5c_ptr , |
19 | .Nm fido_cred_authdata_len , | 25 | .Nm fido_cred_authdata_len , |
20 | .Nm fido_cred_clientdata_hash_len , | 26 | .Nm fido_cred_clientdata_hash_len , |
21 | .Nm fido_cred_id_len , | 27 | .Nm fido_cred_id_len , |
28 | .Nm fido_cred_aaguid_len , | ||
22 | .Nm fido_cred_pubkey_len , | 29 | .Nm fido_cred_pubkey_len , |
23 | .Nm fido_cred_sig_len , | 30 | .Nm fido_cred_sig_len , |
24 | .Nm fido_cred_x5c_len | 31 | .Nm fido_cred_user_id_len , |
32 | .Nm fido_cred_x5c_len , | ||
33 | .Nm fido_cred_type , | ||
34 | .Nm fido_cred_flags | ||
25 | .Nd FIDO 2 credential API | 35 | .Nd FIDO 2 credential API |
26 | .Sh SYNOPSIS | 36 | .Sh SYNOPSIS |
27 | .In fido.h | 37 | .In fido.h |
@@ -33,6 +43,14 @@ | |||
33 | .Fn fido_cred_prot "fido_cred_t *cred" | 43 | .Fn fido_cred_prot "fido_cred_t *cred" |
34 | .Ft const char * | 44 | .Ft const char * |
35 | .Fn fido_cred_fmt "const fido_cred_t *cred" | 45 | .Fn fido_cred_fmt "const fido_cred_t *cred" |
46 | .Ft const char * | ||
47 | .Fn fido_cred_rp_id "const fido_cred_t *cred" | ||
48 | .Ft const char * | ||
49 | .Fn fido_cred_rp_name "const fido_cred_t *cred" | ||
50 | .Ft const char * | ||
51 | .Fn fido_cred_user_name "const fido_cred_t *cred" | ||
52 | .Ft const char * | ||
53 | .Fn fido_cred_display_name "const fido_cred_t *cred" | ||
36 | .Ft const unsigned char * | 54 | .Ft const unsigned char * |
37 | .Fn fido_cred_authdata_ptr "const fido_cred_t *cred" | 55 | .Fn fido_cred_authdata_ptr "const fido_cred_t *cred" |
38 | .Ft const unsigned char * | 56 | .Ft const unsigned char * |
@@ -40,10 +58,14 @@ | |||
40 | .Ft const unsigned char * | 58 | .Ft const unsigned char * |
41 | .Fn fido_cred_id_ptr "const fido_cred_t *cred" | 59 | .Fn fido_cred_id_ptr "const fido_cred_t *cred" |
42 | .Ft const unsigned char * | 60 | .Ft const unsigned char * |
61 | .Fn fido_cred_aaguid_ptr "const fido_cred_t *cred" | ||
62 | .Ft const unsigned char * | ||
43 | .Fn fido_cred_pubkey_ptr "const fido_cred_t *cred" | 63 | .Fn fido_cred_pubkey_ptr "const fido_cred_t *cred" |
44 | .Ft const unsigned char * | 64 | .Ft const unsigned char * |
45 | .Fn fido_cred_sig_ptr "const fido_cred_t *cred" | 65 | .Fn fido_cred_sig_ptr "const fido_cred_t *cred" |
46 | .Ft const unsigned char * | 66 | .Ft const unsigned char * |
67 | .Fn fido_cred_user_id_ptr "const fido_cred_t *cred" | ||
68 | .Ft const unsigned char * | ||
47 | .Fn fido_cred_x5c_ptr "const fido_cred_t *cred" | 69 | .Fn fido_cred_x5c_ptr "const fido_cred_t *cred" |
48 | .Ft size_t | 70 | .Ft size_t |
49 | .Fn fido_cred_authdata_len "const fido_cred_t *cred" | 71 | .Fn fido_cred_authdata_len "const fido_cred_t *cred" |
@@ -52,11 +74,19 @@ | |||
52 | .Ft size_t | 74 | .Ft size_t |
53 | .Fn fido_cred_id_len "const fido_cred_t *cred" | 75 | .Fn fido_cred_id_len "const fido_cred_t *cred" |
54 | .Ft size_t | 76 | .Ft size_t |
77 | .Fn fido_cred_aaguid_len "const fido_cred_t *cred" | ||
78 | .Ft size_t | ||
55 | .Fn fido_cred_pubkey_len "const fido_cred_t *cred" | 79 | .Fn fido_cred_pubkey_len "const fido_cred_t *cred" |
56 | .Ft size_t | 80 | .Ft size_t |
57 | .Fn fido_cred_sig_len "const fido_cred_t *cred" | 81 | .Fn fido_cred_sig_len "const fido_cred_t *cred" |
58 | .Ft size_t | 82 | .Ft size_t |
83 | .Fn fido_cred_user_id_len "const fido_cred_t *cred" | ||
84 | .Ft size_t | ||
59 | .Fn fido_cred_x5c_len "const fido_cred_t *cred" | 85 | .Fn fido_cred_x5c_len "const fido_cred_t *cred" |
86 | .Ft int | ||
87 | .Fn fido_cred_type "const fido_cred_t *cred" | ||
88 | .Ft uint8_t | ||
89 | .Fn fido_cred_flags "const fido_cred_t *cred" | ||
60 | .Sh DESCRIPTION | 90 | .Sh DESCRIPTION |
61 | FIDO 2 credentials are abstracted in | 91 | FIDO 2 credentials are abstracted in |
62 | .Em libfido2 | 92 | .Em libfido2 |
@@ -120,15 +150,30 @@ or NULL if | |||
120 | does not have a format set. | 150 | does not have a format set. |
121 | .Pp | 151 | .Pp |
122 | The | 152 | The |
153 | .Fn fido_cred_rp_id , | ||
154 | .Fn fido_cred_rp_name , | ||
155 | .Fn fido_cred_user_name , | ||
156 | and | ||
157 | .Fn fido_cred_display_name | ||
158 | functions return pointers to NUL-terminated strings holding the | ||
159 | relying party ID, relying party name, user name, and user display | ||
160 | name attributes of | ||
161 | .Fa cred , | ||
162 | or NULL if the respective entry is not set. | ||
163 | .Pp | ||
164 | The | ||
123 | .Fn fido_cred_authdata_ptr , | 165 | .Fn fido_cred_authdata_ptr , |
124 | .Fn fido_cred_clientdata_hash_ptr , | 166 | .Fn fido_cred_clientdata_hash_ptr , |
125 | .Fn fido_cred_id_ptr , | 167 | .Fn fido_cred_id_ptr , |
168 | .Fn fido_cred_aaguid_ptr , | ||
126 | .Fn fido_cred_pubkey_ptr , | 169 | .Fn fido_cred_pubkey_ptr , |
127 | .Fn fido_cred_sig_ptr , | 170 | .Fn fido_cred_sig_ptr , |
171 | .Fn fido_cred_user_id_ptr , | ||
128 | and | 172 | and |
129 | .Fn fido_cred_x5c_ptr | 173 | .Fn fido_cred_x5c_ptr |
130 | functions return pointers to the authenticator data, client data | 174 | functions return pointers to the authenticator data, client data |
131 | hash, ID, public key, signature and x509 certificate parts of | 175 | hash, ID, authenticator attestation GUID, public key, signature, |
176 | user ID, and x509 certificate parts of | ||
132 | .Fa cred , | 177 | .Fa cred , |
133 | or NULL if the respective entry is not set. | 178 | or NULL if the respective entry is not set. |
134 | .Pp | 179 | .Pp |
@@ -136,12 +181,25 @@ The corresponding length can be obtained by | |||
136 | .Fn fido_cred_authdata_len , | 181 | .Fn fido_cred_authdata_len , |
137 | .Fn fido_cred_clientdata_hash_len , | 182 | .Fn fido_cred_clientdata_hash_len , |
138 | .Fn fido_cred_id_len , | 183 | .Fn fido_cred_id_len , |
184 | .Fn fido_cred_aaguid_len , | ||
139 | .Fn fido_cred_pubkey_len , | 185 | .Fn fido_cred_pubkey_len , |
186 | .Fn fido_cred_sig_len , | ||
187 | .Fn fido_cred_user_id_len , | ||
140 | and | 188 | and |
141 | .Fn fido_cred_sig_len . | 189 | .Fn fido_cred_x5c_len . |
142 | .Pp | 190 | .Pp |
143 | The authenticator data, x509 certificate, and signature parts of a | 191 | The authenticator data, x509 certificate, and signature parts of a |
144 | credential are typically passed to a FIDO 2 server for verification. | 192 | credential are typically passed to a FIDO 2 server for verification. |
193 | .Pp | ||
194 | The | ||
195 | .Fn fido_cred_type | ||
196 | function returns the COSE algorithm of | ||
197 | .Fa cred . | ||
198 | .Pp | ||
199 | The | ||
200 | .Fn fido_cred_flags | ||
201 | function returns the authenticator data flags of | ||
202 | .Fa cred . | ||
145 | .Sh RETURN VALUES | 203 | .Sh RETURN VALUES |
146 | The authenticator data returned by | 204 | The authenticator data returned by |
147 | .Fn fido_cred_authdata_ptr | 205 | .Fn fido_cred_authdata_ptr |
@@ -152,6 +210,7 @@ If not NULL, pointers returned by | |||
152 | .Fn fido_cred_authdata_ptr , | 210 | .Fn fido_cred_authdata_ptr , |
153 | .Fn fido_cred_clientdata_hash_ptr , | 211 | .Fn fido_cred_clientdata_hash_ptr , |
154 | .Fn fido_cred_id_ptr , | 212 | .Fn fido_cred_id_ptr , |
213 | .Fn fido_cred_aaguid_ptr , | ||
155 | .Fn fido_cred_pubkey_ptr , | 214 | .Fn fido_cred_pubkey_ptr , |
156 | .Fn fido_cred_sig_ptr , | 215 | .Fn fido_cred_sig_ptr , |
157 | and | 216 | and |
diff --git a/man/fido_dev_get_touch_begin.3 b/man/fido_dev_get_touch_begin.3 new file mode 100644 index 0000000..8372c6f --- /dev/null +++ b/man/fido_dev_get_touch_begin.3 | |||
@@ -0,0 +1,73 @@ | |||
1 | .\" Copyright (c) 2020 Yubico AB. All rights reserved. | ||
2 | .\" Use of this source code is governed by a BSD-style | ||
3 | .\" license that can be found in the LICENSE file. | ||
4 | .\" | ||
5 | .Dd $Mdocdate: August 5 2020 $ | ||
6 | .Dt FIDO_DEV_GET_TOUCH_BEGIN 3 | ||
7 | .Os | ||
8 | .Sh NAME | ||
9 | .Nm fido_dev_get_touch_begin , | ||
10 | .Nm fido_dev_get_touch_status | ||
11 | .Nd asynchronously wait for touch on a FIDO 2 authenticator | ||
12 | .Sh SYNOPSIS | ||
13 | .In fido.h | ||
14 | .Ft int | ||
15 | .Fn fido_dev_get_touch_begin "fido_dev_t *dev" | ||
16 | .Ft int | ||
17 | .Fn fido_dev_get_touch_status "fido_dev_t *dev" "int *touched" "int ms" | ||
18 | .Sh DESCRIPTION | ||
19 | The functions described in this page allow an application to | ||
20 | asynchronously wait for touch on a FIDO authenticator. | ||
21 | This is useful when multiple authenticators are present and | ||
22 | the application needs to know which one to use. | ||
23 | .Pp | ||
24 | The | ||
25 | .Fn fido_dev_get_touch_begin | ||
26 | function initiates a touch request on | ||
27 | .Fa dev . | ||
28 | .Pp | ||
29 | The | ||
30 | .Fn fido_dev_get_touch_status | ||
31 | function continues an ongoing touch request on | ||
32 | .Fa dev , | ||
33 | blocking up to | ||
34 | .Fa ms | ||
35 | milliseconds. | ||
36 | On success, | ||
37 | .Fa touched | ||
38 | will be updated to reflect the touch request status. | ||
39 | If | ||
40 | .Fa touched | ||
41 | is 1, the device was touched, and the touch request is | ||
42 | terminated. | ||
43 | If | ||
44 | .Fa touched | ||
45 | is 0, the application may call | ||
46 | .Fn fido_dev_get_touch_status | ||
47 | to continue the touch request, or | ||
48 | .Fn fido_dev_cancel | ||
49 | to terminate it. | ||
50 | .Sh RETURN VALUES | ||
51 | The error codes returned by | ||
52 | .Fn fido_dev_get_touch_begin | ||
53 | and | ||
54 | .Fn fido_dev_get_touch_status | ||
55 | are defined in | ||
56 | .In fido/err.h . | ||
57 | On success, | ||
58 | .Dv FIDO_OK | ||
59 | is returned. | ||
60 | .Sh EXAMPLES | ||
61 | Please refer to | ||
62 | .Em examples/select.c | ||
63 | in | ||
64 | .Em libfido2's | ||
65 | source tree. | ||
66 | .Sh SEE ALSO | ||
67 | .Xr fido_dev_cancel 3 | ||
68 | .Sh CAVEATS | ||
69 | The | ||
70 | .Fn fido_dev_get_touch_status | ||
71 | function will cause a command to be transmitted to U2F | ||
72 | authenticators. | ||
73 | These transmissions should not exceed a frequency of 5Hz. | ||
diff --git a/man/fido_dev_open.3 b/man/fido_dev_open.3 index 53e3a12..6c7489d 100644 --- a/man/fido_dev_open.3 +++ b/man/fido_dev_open.3 | |||
@@ -14,6 +14,9 @@ | |||
14 | .Nm fido_dev_force_fido2 , | 14 | .Nm fido_dev_force_fido2 , |
15 | .Nm fido_dev_force_u2f , | 15 | .Nm fido_dev_force_u2f , |
16 | .Nm fido_dev_is_fido2 , | 16 | .Nm fido_dev_is_fido2 , |
17 | .Nm fido_dev_supports_cred_prot , | ||
18 | .Nm fido_dev_supports_pin , | ||
19 | .Nm fido_dev_has_pin , | ||
17 | .Nm fido_dev_protocol , | 20 | .Nm fido_dev_protocol , |
18 | .Nm fido_dev_build , | 21 | .Nm fido_dev_build , |
19 | .Nm fido_dev_flags , | 22 | .Nm fido_dev_flags , |
@@ -38,6 +41,12 @@ | |||
38 | .Fn fido_dev_force_u2f "fido_dev_t *dev" | 41 | .Fn fido_dev_force_u2f "fido_dev_t *dev" |
39 | .Ft bool | 42 | .Ft bool |
40 | .Fn fido_dev_is_fido2 "const fido_dev_t *dev" | 43 | .Fn fido_dev_is_fido2 "const fido_dev_t *dev" |
44 | .Ft bool | ||
45 | .Fn fido_dev_supports_cred_prot "const fido_dev_t *dev" | ||
46 | .Ft bool | ||
47 | .Fn fido_dev_supports_pin "const fido_dev_t *dev" | ||
48 | .Ft bool | ||
49 | .Fn fido_dev_has_pin "const fido_dev_t *dev" | ||
41 | .Ft uint8_t | 50 | .Ft uint8_t |
42 | .Fn fido_dev_protocol "const fido_dev_t *dev" | 51 | .Fn fido_dev_protocol "const fido_dev_t *dev" |
43 | .Ft uint8_t | 52 | .Ft uint8_t |
@@ -117,6 +126,30 @@ if | |||
117 | is a FIDO 2 device. | 126 | is a FIDO 2 device. |
118 | .Pp | 127 | .Pp |
119 | The | 128 | The |
129 | .Fn fido_dev_supports_cred_prot | ||
130 | function returns | ||
131 | .Dv true | ||
132 | if | ||
133 | .Fa dev | ||
134 | supports FIDO 2.1 Credential Protection. | ||
135 | .Pp | ||
136 | The | ||
137 | .Fn fido_dev_supports_pin | ||
138 | function returns | ||
139 | .Dv true | ||
140 | if | ||
141 | .Fa dev | ||
142 | supports FIDO 2.0 Client PINs. | ||
143 | .Pp | ||
144 | The | ||
145 | .Fn fido_dev_has_pin | ||
146 | function returns | ||
147 | .Dv true | ||
148 | if | ||
149 | .Fa dev | ||
150 | has a FIDO 2.0 Client PIN set. | ||
151 | .Pp | ||
152 | The | ||
120 | .Fn fido_dev_protocol | 153 | .Fn fido_dev_protocol |
121 | function returns the CTAPHID protocol version identifier of | 154 | function returns the CTAPHID protocol version identifier of |
122 | .Fa dev . | 155 | .Fa dev . |