From 173bfbf7886608a4a7abbfac6a42ac4bf4a3432d Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 20 Sep 2020 16:14:20 +0100 Subject: New upstream version 1.5.0 --- man/CMakeLists.txt | 55 ++++++++++++++++++++----------- man/NOTES | 3 ++ man/fido2-assert.1 | 33 ++++++++++++++++--- man/fido2-cred.1 | 8 +++++ man/fido_assert_new.3 | 35 +++++++++++++++++--- man/fido_cbor_info_new.3 | 22 +++++++++++-- man/fido_cred_new.3 | 65 +++++++++++++++++++++++++++++++++++-- man/fido_dev_get_touch_begin.3 | 73 ++++++++++++++++++++++++++++++++++++++++++ man/fido_dev_open.3 | 33 +++++++++++++++++++ 9 files changed, 295 insertions(+), 32 deletions(-) create mode 100644 man/fido_dev_get_touch_begin.3 (limited to 'man') diff --git a/man/CMakeLists.txt b/man/CMakeLists.txt index 44e4a96..f0d9cb3 100644 --- a/man/CMakeLists.txt +++ b/man/CMakeLists.txt @@ -3,12 +3,10 @@ # license that can be found in the LICENSE file. find_program(MANDOC_PATH mandoc) -message(STATUS "MANDOC_PATH: ${MANDOC_PATH}") +find_program(GZIP_PATH gzip) -if(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR CMAKE_SYSTEM_NAME STREQUAL "Linux") - find_program(GZIP_PATH gzip) - message(STATUS "GZIP_PATH: ${GZIP_PATH}") -endif() +message(STATUS "MANDOC_PATH: ${MANDOC_PATH}") +message(STATUS "GZIP_PATH: ${GZIP_PATH}") list(APPEND MAN_SOURCES eddsa_pk_new.3 @@ -32,6 +30,7 @@ list(APPEND MAN_SOURCES fido_cred_set_authdata.3 fido_cred_verify.3 fido_dev_get_assert.3 + fido_dev_get_touch_begin.3 fido_dev_info_manifest.3 fido_dev_make_cred.3 fido_dev_open.3 @@ -54,9 +53,13 @@ list(APPEND MAN_ALIAS fido_assert_new fido_assert_clientdata_hash_len fido_assert_new fido_assert_clientdata_hash_ptr fido_assert_new fido_assert_count + fido_assert_new fido_assert_flags fido_assert_new fido_assert_free fido_assert_new fido_assert_hmac_secret_len fido_assert_new fido_assert_hmac_secret_ptr + fido_assert_new fido_assert_id_len + fido_assert_new fido_assert_id_ptr + fido_assert_new fido_assert_rp_id fido_assert_new fido_assert_sigcount fido_assert_new fido_assert_sig_len fido_assert_new fido_assert_sig_ptr @@ -95,34 +98,46 @@ list(APPEND MAN_ALIAS fido_bio_template fido_bio_template_new fido_bio_template fido_bio_template_set_id fido_bio_template fido_bio_template_set_name - fido_cbor_info_new fido_cbor_info_aaguid_len - fido_cbor_info_new fido_cbor_info_aaguid_ptr - fido_cbor_info_new fido_cbor_info_extensions_len - fido_cbor_info_new fido_cbor_info_extensions_ptr - fido_cbor_info_new fido_cbor_info_free + fido_cbor_info_new fido_cbor_info_aaguid_len + fido_cbor_info_new fido_cbor_info_aaguid_ptr + fido_cbor_info_new fido_cbor_info_extensions_len + fido_cbor_info_new fido_cbor_info_extensions_ptr + fido_cbor_info_new fido_cbor_info_free fido_cbor_info_new fido_cbor_info_maxmsgsiz + fido_cbor_info_new fido_cbor_info_maxcredcntlst; + fido_cbor_info_new fido_cbor_info_maxcredidlen; fido_cbor_info_new fido_cbor_info_fwversion - fido_cbor_info_new fido_cbor_info_options_len - fido_cbor_info_new fido_cbor_info_options_name_ptr - fido_cbor_info_new fido_cbor_info_options_value_ptr - fido_cbor_info_new fido_cbor_info_protocols_len - fido_cbor_info_new fido_cbor_info_protocols_ptr - fido_cbor_info_new fido_cbor_info_versions_len - fido_cbor_info_new fido_cbor_info_versions_ptr - fido_cbor_info_new fido_dev_get_cbor_info + fido_cbor_info_new fido_cbor_info_options_len + fido_cbor_info_new fido_cbor_info_options_name_ptr + fido_cbor_info_new fido_cbor_info_options_value_ptr + fido_cbor_info_new fido_cbor_info_protocols_len + fido_cbor_info_new fido_cbor_info_protocols_ptr + fido_cbor_info_new fido_cbor_info_versions_len + fido_cbor_info_new fido_cbor_info_versions_ptr + fido_cbor_info_new fido_dev_get_cbor_info fido_cred_new fido_cred_authdata_len fido_cred_new fido_cred_authdata_ptr fido_cred_new fido_cred_clientdata_hash_len fido_cred_new fido_cred_clientdata_hash_ptr + fido_cred_new fido_cred_display_name + fido_cred_new fido_cred_flags fido_cred_new fido_cred_fmt fido_cred_new fido_cred_free fido_cred_new fido_cred_id_len fido_cred_new fido_cred_id_ptr + fido_cred_new fido_cred_aaguid_len + fido_cred_new fido_cred_aaguid_ptr fido_cred_new fido_cred_prot fido_cred_new fido_cred_pubkey_len fido_cred_new fido_cred_pubkey_ptr + fido_cred_new fido_cred_rp_id + fido_cred_new fido_cred_rp_name fido_cred_new fido_cred_sig_len fido_cred_new fido_cred_sig_ptr + fido_cred_new fido_cred_type + fido_cred_new fido_cred_user_name + fido_cred_new fido_cred_user_id_len + fido_cred_new fido_cred_user_id_ptr fido_cred_new fido_cred_x5c_len fido_cred_new fido_cred_x5c_ptr fido_credman_metadata_new fido_credman_del_dev_rk @@ -171,6 +186,8 @@ list(APPEND MAN_ALIAS fido_dev_open fido_dev_force_u2f fido_dev_open fido_dev_free fido_dev_open fido_dev_is_fido2 + fido_dev_open fido_dev_supports_cred_prot + fido_dev_open fido_dev_supports_pin fido_dev_open fido_dev_major fido_dev_open fido_dev_minor fido_dev_open fido_dev_new @@ -224,7 +241,7 @@ endforeach() # man_gzip foreach(f ${MAN_SOURCES}) add_custom_command(OUTPUT ${f}.gz - COMMAND gzip -c ${f} > ${f}.gz + COMMAND gzip -cn ${f} > ${f}.gz DEPENDS ${f}) list(APPEND GZ_FILES ${f}.gz) endforeach() diff --git a/man/NOTES b/man/NOTES index 4a461ff..5cba436 100644 --- a/man/NOTES +++ b/man/NOTES @@ -2,3 +2,6 @@ To generate .partial files for https://developers.yubico.com/: $ make -C build man_symlink_html_partial $ (cd build/man && pax -p p -r -w *.partial /tmp/partial) + +Use mandoc 1.14.4. Otherwise, adjust dyc.css to mandoc's HTML +output. diff --git a/man/fido2-assert.1 b/man/fido2-assert.1 index 67883e2..e77e771 100644 --- a/man/fido2-assert.1 +++ b/man/fido2-assert.1 @@ -12,6 +12,7 @@ .Nm .Fl G .Op Fl dhpruv +.Op Fl t Ar option .Op Fl i Ar input_file .Op Fl o Ar output_file .Ar device @@ -110,6 +111,29 @@ is specified, .Nm will not expect a credential id in its input, and may output multiple assertions. +.It Fl t Ar option +Toggles a key/value +.Ar option , +where +.Ar option +is a string of the form +.Dq key=value . +The options supported at present are: +.Bl -tag -width Ds +.It Cm up Ns = Ns Ar true|false +Asks the authenticator for user presence to be enabled or disabled. +.It Cm uv Ns = Ns Ar true|false +Asks the authenticator for user verification to be enabled or +disabled. +.It Cm pin Ns = Ns Ar true|false +Tells +.Nm +whether to prompt for a PIN and request user verification. +.El +.Pp +The +.Fl t +option may be specified multiple times. .It Fl u Obtain an assertion using U2F. By default, @@ -119,6 +143,10 @@ U2F otherwise. .It Fl v If obtaining an assertion, prompt the user for a PIN and request user verification from the authenticator. +If verifying an assertion, check whether the user verification bit +was signed by the authenticator. +.El +.Pp If a .Em tty is available, @@ -127,9 +155,6 @@ will use it to obtain the PIN. Otherwise, .Em stdin is used. -If verifying an assertion, check whether the user verification bit -was signed by the authenticator. -.El .Sh INPUT FORMAT The input of .Nm @@ -140,7 +165,7 @@ When obtaining an assertion, .Nm expects its input to consist of: .Pp -.Bl -enum -offset indent -compact +.Bl -enum -offset indent -compact .It client data hash (base64 blob); .It diff --git a/man/fido2-cred.1 b/man/fido2-cred.1 index d9bf7d2..4132d26 100644 --- a/man/fido2-cred.1 +++ b/man/fido2-cred.1 @@ -12,6 +12,7 @@ .Nm .Fl M .Op Fl dhqruv +.Op Fl c Ar cred_protect .Op Fl i Ar input_file .Op Fl o Ar output_file .Ar device @@ -19,6 +20,7 @@ .Nm .Fl V .Op Fl dhv +.Op Fl c Ar cred_protect .Op Fl i Ar input_file .Op Fl o Ar output_file .Op Ar type @@ -89,6 +91,12 @@ to make a new credential on Tells .Nm to verify a credential. +.It Fl c Ar cred_protect +If making a credential, set the credential's protection level to +.Ar cred_protect . +If verifying a credential, check whether the credential's protection +level was signed by the authenticator as +.Ar cred_protect . .It Fl d Causes .Nm diff --git a/man/fido_assert_new.3 b/man/fido_assert_new.3 index 0c2f92f..b1b1f2f 100644 --- a/man/fido_assert_new.3 +++ b/man/fido_assert_new.3 @@ -9,6 +9,7 @@ .Nm fido_assert_new , .Nm fido_assert_free , .Nm fido_assert_count , +.Nm fido_assert_rp_id , .Nm fido_assert_user_display_name , .Nm fido_assert_user_icon , .Nm fido_assert_user_name , @@ -17,12 +18,15 @@ .Nm fido_assert_hmac_secret_ptr , .Nm fido_assert_user_id_ptr , .Nm fido_assert_sig_ptr , +.Nm fido_assert_id_ptr , .Nm fido_assert_authdata_len , .Nm fido_assert_clientdata_hash_len , .Nm fido_assert_hmac_secret_len , .Nm fido_assert_user_id_len , .Nm fido_assert_sig_len , -.Nm fido_assert_sigcount +.Nm fido_assert_id_len , +.Nm fido_assert_sigcount , +.Nm fido_assert_flags .Nd FIDO 2 assertion API .Sh SYNOPSIS .In fido.h @@ -33,6 +37,8 @@ .Ft size_t .Fn fido_assert_count "const fido_assert_t *assert" .Ft const char * +.Fn fido_assert_rp_id "const fido_assert_t *assert" +.Ft const char * .Fn fido_assert_user_display_name "const fido_assert_t *assert" "size_t idx" .Ft const char * .Fn fido_assert_user_icon "const fido_assert_t *assert" "size_t idx" @@ -48,6 +54,8 @@ .Fn fido_assert_user_id_ptr "const fido_assert_t *assert" "size_t idx" .Ft const unsigned char * .Fn fido_assert_sig_ptr "const fido_assert_t *assert" "size_t idx" +.Ft const unsigned char * +.Fn fido_assert_id_ptr "const fido_assert_t *assert" "size_t idx" .Ft size_t .Fn fido_assert_authdata_len "const fido_assert_t *assert" "size_t idx" .Ft size_t @@ -58,8 +66,12 @@ .Fn fido_assert_user_id_len "const fido_assert_t *assert" "size_t idx" .Ft size_t .Fn fido_assert_sig_len "const fido_assert_t *assert" "size_t idx" +.Ft size_t +.Fn fido_assert_id_len "const fido_assert_t *assert" "size_t idx" .Ft uint32_t .Fn fido_assert_sigcount "const fido_assert_t *assert" "size_t idx" +.Ft uint8_t +.Fn fido_assert_flags "const fido_assert_t *assert" "size_t idx" .Sh DESCRIPTION FIDO 2 assertions are abstracted in .Em libfido2 @@ -110,6 +122,12 @@ function returns the number of statements in .Fa assert . .Pp The +.Fn fido_assert_rp_id +function returns a pointer to a NUL-terminated string holding the +relying party ID of +.Fa assert . +.Pp +The .Fn fido_assert_user_display_name , .Fn fido_assert_user_icon , and @@ -126,10 +144,11 @@ The .Fn fido_assert_user_id_ptr , .Fn fido_assert_authdata_ptr , .Fn fido_assert_hmac_secret_ptr , +.Fn fido_assert_sig_ptr , and -.Fn fido_assert_sig_ptr +.Fn fido_assert_id_ptr functions return pointers to the user ID, authenticator data, -hmac-secret, and signature attributes of statement +hmac-secret, signature, and credential ID attributes of statement .Fa idx in .Fa assert . @@ -137,8 +156,9 @@ The .Fn fido_assert_user_id_len , .Fn fido_assert_authdata_len , .Fn fido_assert_hmac_secret_len , +.Fn fido_assert_sig_len , and -.Fn fido_assert_sig_len +.Fn fido_assert_id_len functions can be used to retrieve the corresponding length of a specific attribute. .Pp @@ -149,6 +169,13 @@ function can be used to obtain the signature counter of statement in .Fa assert . .Pp +The +.Fn fido_assert_flags +function returns the authenticator data flags of statement +.Fa idx +in +.Fa assert . +.Pp Please note that the first statement in .Fa assert has an diff --git a/man/fido_cbor_info_new.3 b/man/fido_cbor_info_new.3 index 3e7de1f..ee942e6 100644 --- a/man/fido_cbor_info_new.3 +++ b/man/fido_cbor_info_new.3 @@ -21,6 +21,8 @@ .Nm fido_cbor_info_versions_len , .Nm fido_cbor_info_options_len , .Nm fido_cbor_info_maxmsgsiz , +.Nm fido_cbor_info_maxcredcntlst , +.Nm fido_cbor_info_maxcredidlen , .Nm fido_cbor_info_fwversion .Nd FIDO 2 CBOR Info API .Sh SYNOPSIS @@ -56,6 +58,10 @@ .Ft uint64_t .Fn fido_cbor_info_maxmsgsiz "const fido_cbor_info_t *ci" .Ft uint64_t +.Fn fido_cbor_info_maxcredcntlst "const fido_cbor_info_t *ci" +.Ft uint64_t +.Fn fido_cbor_info_maxcredidlen "const fido_cbor_info_t *ci" +.Ft uint64_t .Fn fido_cbor_info_fwversion "const fido_cbor_info_t *ci" .Sh DESCRIPTION The @@ -103,8 +109,8 @@ The .Fn fido_cbor_info_protocols_ptr , and .Fn fido_cbor_info_versions_ptr -functions return pointers to the AAGUID, supported extensions, -PIN protocol and CTAP version strings of +functions return pointers to the authenticator attestation GUID, +supported extensions, PIN protocol and CTAP version strings of .Fa ci . The corresponding length of a given attribute can be obtained by @@ -131,6 +137,18 @@ function returns the maximum message size attribute of .Fa ci . .Pp The +.Fn fido_cbor_info_maxcredcntlst +function returns the maximum supported number of credentials in +a single credential ID list as reported in +.Fa ci . +.Pp +The +.Fn fido_cbor_info_maxcredidlen +function returns the maximum supported length of a credential ID +as reported in +.Fa ci . +.Pp +The .Fn fido_cbor_info_fwversion function returns the firmware version attribute of .Fa ci . diff --git a/man/fido_cred_new.3 b/man/fido_cred_new.3 index 22af60c..d2023eb 100644 --- a/man/fido_cred_new.3 +++ b/man/fido_cred_new.3 @@ -10,18 +10,28 @@ .Nm fido_cred_free , .Nm fido_cred_prot , .Nm fido_cred_fmt , +.Nm fido_cred_rp_id , +.Nm fido_cred_rp_name , +.Nm fido_cred_user_name , +.Nm fido_cred_display_name , .Nm fido_cred_authdata_ptr , .Nm fido_cred_clientdata_hash_ptr , .Nm fido_cred_id_ptr , +.Nm fido_cred_aaguid_ptr , .Nm fido_cred_pubkey_ptr , .Nm fido_cred_sig_ptr , +.Nm fido_cred_user_id_ptr , .Nm fido_cred_x5c_ptr , .Nm fido_cred_authdata_len , .Nm fido_cred_clientdata_hash_len , .Nm fido_cred_id_len , +.Nm fido_cred_aaguid_len , .Nm fido_cred_pubkey_len , .Nm fido_cred_sig_len , -.Nm fido_cred_x5c_len +.Nm fido_cred_user_id_len , +.Nm fido_cred_x5c_len , +.Nm fido_cred_type , +.Nm fido_cred_flags .Nd FIDO 2 credential API .Sh SYNOPSIS .In fido.h @@ -33,6 +43,14 @@ .Fn fido_cred_prot "fido_cred_t *cred" .Ft const char * .Fn fido_cred_fmt "const fido_cred_t *cred" +.Ft const char * +.Fn fido_cred_rp_id "const fido_cred_t *cred" +.Ft const char * +.Fn fido_cred_rp_name "const fido_cred_t *cred" +.Ft const char * +.Fn fido_cred_user_name "const fido_cred_t *cred" +.Ft const char * +.Fn fido_cred_display_name "const fido_cred_t *cred" .Ft const unsigned char * .Fn fido_cred_authdata_ptr "const fido_cred_t *cred" .Ft const unsigned char * @@ -40,10 +58,14 @@ .Ft const unsigned char * .Fn fido_cred_id_ptr "const fido_cred_t *cred" .Ft const unsigned char * +.Fn fido_cred_aaguid_ptr "const fido_cred_t *cred" +.Ft const unsigned char * .Fn fido_cred_pubkey_ptr "const fido_cred_t *cred" .Ft const unsigned char * .Fn fido_cred_sig_ptr "const fido_cred_t *cred" .Ft const unsigned char * +.Fn fido_cred_user_id_ptr "const fido_cred_t *cred" +.Ft const unsigned char * .Fn fido_cred_x5c_ptr "const fido_cred_t *cred" .Ft size_t .Fn fido_cred_authdata_len "const fido_cred_t *cred" @@ -52,11 +74,19 @@ .Ft size_t .Fn fido_cred_id_len "const fido_cred_t *cred" .Ft size_t +.Fn fido_cred_aaguid_len "const fido_cred_t *cred" +.Ft size_t .Fn fido_cred_pubkey_len "const fido_cred_t *cred" .Ft size_t .Fn fido_cred_sig_len "const fido_cred_t *cred" .Ft size_t +.Fn fido_cred_user_id_len "const fido_cred_t *cred" +.Ft size_t .Fn fido_cred_x5c_len "const fido_cred_t *cred" +.Ft int +.Fn fido_cred_type "const fido_cred_t *cred" +.Ft uint8_t +.Fn fido_cred_flags "const fido_cred_t *cred" .Sh DESCRIPTION FIDO 2 credentials are abstracted in .Em libfido2 @@ -120,15 +150,30 @@ or NULL if does not have a format set. .Pp The +.Fn fido_cred_rp_id , +.Fn fido_cred_rp_name , +.Fn fido_cred_user_name , +and +.Fn fido_cred_display_name +functions return pointers to NUL-terminated strings holding the +relying party ID, relying party name, user name, and user display +name attributes of +.Fa cred , +or NULL if the respective entry is not set. +.Pp +The .Fn fido_cred_authdata_ptr , .Fn fido_cred_clientdata_hash_ptr , .Fn fido_cred_id_ptr , +.Fn fido_cred_aaguid_ptr , .Fn fido_cred_pubkey_ptr , .Fn fido_cred_sig_ptr , +.Fn fido_cred_user_id_ptr , and .Fn fido_cred_x5c_ptr functions return pointers to the authenticator data, client data -hash, ID, public key, signature and x509 certificate parts of +hash, ID, authenticator attestation GUID, public key, signature, +user ID, and x509 certificate parts of .Fa cred , or NULL if the respective entry is not set. .Pp @@ -136,12 +181,25 @@ The corresponding length can be obtained by .Fn fido_cred_authdata_len , .Fn fido_cred_clientdata_hash_len , .Fn fido_cred_id_len , +.Fn fido_cred_aaguid_len , .Fn fido_cred_pubkey_len , +.Fn fido_cred_sig_len , +.Fn fido_cred_user_id_len , and -.Fn fido_cred_sig_len . +.Fn fido_cred_x5c_len . .Pp The authenticator data, x509 certificate, and signature parts of a credential are typically passed to a FIDO 2 server for verification. +.Pp +The +.Fn fido_cred_type +function returns the COSE algorithm of +.Fa cred . +.Pp +The +.Fn fido_cred_flags +function returns the authenticator data flags of +.Fa cred . .Sh RETURN VALUES The authenticator data returned by .Fn fido_cred_authdata_ptr @@ -152,6 +210,7 @@ If not NULL, pointers returned by .Fn fido_cred_authdata_ptr , .Fn fido_cred_clientdata_hash_ptr , .Fn fido_cred_id_ptr , +.Fn fido_cred_aaguid_ptr , .Fn fido_cred_pubkey_ptr , .Fn fido_cred_sig_ptr , and diff --git a/man/fido_dev_get_touch_begin.3 b/man/fido_dev_get_touch_begin.3 new file mode 100644 index 0000000..8372c6f --- /dev/null +++ b/man/fido_dev_get_touch_begin.3 @@ -0,0 +1,73 @@ +.\" Copyright (c) 2020 Yubico AB. All rights reserved. +.\" Use of this source code is governed by a BSD-style +.\" license that can be found in the LICENSE file. +.\" +.Dd $Mdocdate: August 5 2020 $ +.Dt FIDO_DEV_GET_TOUCH_BEGIN 3 +.Os +.Sh NAME +.Nm fido_dev_get_touch_begin , +.Nm fido_dev_get_touch_status +.Nd asynchronously wait for touch on a FIDO 2 authenticator +.Sh SYNOPSIS +.In fido.h +.Ft int +.Fn fido_dev_get_touch_begin "fido_dev_t *dev" +.Ft int +.Fn fido_dev_get_touch_status "fido_dev_t *dev" "int *touched" "int ms" +.Sh DESCRIPTION +The functions described in this page allow an application to +asynchronously wait for touch on a FIDO authenticator. +This is useful when multiple authenticators are present and +the application needs to know which one to use. +.Pp +The +.Fn fido_dev_get_touch_begin +function initiates a touch request on +.Fa dev . +.Pp +The +.Fn fido_dev_get_touch_status +function continues an ongoing touch request on +.Fa dev , +blocking up to +.Fa ms +milliseconds. +On success, +.Fa touched +will be updated to reflect the touch request status. +If +.Fa touched +is 1, the device was touched, and the touch request is +terminated. +If +.Fa touched +is 0, the application may call +.Fn fido_dev_get_touch_status +to continue the touch request, or +.Fn fido_dev_cancel +to terminate it. +.Sh RETURN VALUES +The error codes returned by +.Fn fido_dev_get_touch_begin +and +.Fn fido_dev_get_touch_status +are defined in +.In fido/err.h . +On success, +.Dv FIDO_OK +is returned. +.Sh EXAMPLES +Please refer to +.Em examples/select.c +in +.Em libfido2's +source tree. +.Sh SEE ALSO +.Xr fido_dev_cancel 3 +.Sh CAVEATS +The +.Fn fido_dev_get_touch_status +function will cause a command to be transmitted to U2F +authenticators. +These transmissions should not exceed a frequency of 5Hz. diff --git a/man/fido_dev_open.3 b/man/fido_dev_open.3 index 53e3a12..6c7489d 100644 --- a/man/fido_dev_open.3 +++ b/man/fido_dev_open.3 @@ -14,6 +14,9 @@ .Nm fido_dev_force_fido2 , .Nm fido_dev_force_u2f , .Nm fido_dev_is_fido2 , +.Nm fido_dev_supports_cred_prot , +.Nm fido_dev_supports_pin , +.Nm fido_dev_has_pin , .Nm fido_dev_protocol , .Nm fido_dev_build , .Nm fido_dev_flags , @@ -38,6 +41,12 @@ .Fn fido_dev_force_u2f "fido_dev_t *dev" .Ft bool .Fn fido_dev_is_fido2 "const fido_dev_t *dev" +.Ft bool +.Fn fido_dev_supports_cred_prot "const fido_dev_t *dev" +.Ft bool +.Fn fido_dev_supports_pin "const fido_dev_t *dev" +.Ft bool +.Fn fido_dev_has_pin "const fido_dev_t *dev" .Ft uint8_t .Fn fido_dev_protocol "const fido_dev_t *dev" .Ft uint8_t @@ -117,6 +126,30 @@ if is a FIDO 2 device. .Pp The +.Fn fido_dev_supports_cred_prot +function returns +.Dv true +if +.Fa dev +supports FIDO 2.1 Credential Protection. +.Pp +The +.Fn fido_dev_supports_pin +function returns +.Dv true +if +.Fa dev +supports FIDO 2.0 Client PINs. +.Pp +The +.Fn fido_dev_has_pin +function returns +.Dv true +if +.Fa dev +has a FIDO 2.0 Client PIN set. +.Pp +The .Fn fido_dev_protocol function returns the CTAPHID protocol version identifier of .Fa dev . -- cgit v1.2.3