1.\" Copyright (c) 2020 Yubico AB. All rights reserved. 2.\" Use of this source code is governed by a BSD-style 3.\" license that can be found in the LICENSE file. 4.\" 5.Dd $Mdocdate: September 22 2020 $ 6.Dt FIDO_DEV_ENABLE_ENTATTEST 3 7.Os 8.Sh NAME 9.Nm fido_dev_enable_entattest , 10.Nm fido_dev_toggle_always_uv , 11.Nm fido_dev_force_pin_change , 12.Nm fido_dev_set_pin_minlen 13.Nd FIDO 2.1 configuration authenticator API 14.Sh SYNOPSIS 15.In fido.h 16.In fido/config.h 17.Ft int 18.Fn fido_dev_enable_entattest "fido_dev_t *dev" "const char *pin" 19.Ft int 20.Fn fido_dev_toggle_always_uv "fido_dev_t *dev" "const char *pin" 21.Ft int 22.Fn fido_dev_force_pin_change "fido_dev_t *dev" "const char *pin" 23.Ft int 24.Fn fido_dev_set_pin_minlen "fido_dev_t *dev" "size_t len" "const char *pin" 25.Sh DESCRIPTION 26The functions described in this page allow configuration of a 27FIDO 2.1 authenticator. 28.Pp 29The 30.Fn fido_dev_enable_entattest 31function enables the 32.Em Enterprise Attestation 33feature on 34.Fa dev . 35.Em Enterprise Attestation 36instructs the authenticator to include uniquely identifying 37information in subsequent attestation statements. 38The 39.Fa pin 40parameter may be NULL if 41.Fa dev 42does not have a PIN set. 43.Pp 44The 45.Fn fido_dev_toggle_always_uv 46function toggles the 47.Dq user verification always 48feature on 49.Fa dev . 50When set, this toggle enforces user verification at the 51authenticator level for all known credentials. 52If 53.Fa dev 54supports U2F (CTAP1) and the user verification methods supported by 55the authenticator do not allow protection of U2F credentials, the 56U2F subsystem will be disabled by the authenticator. 57The 58.Fa pin 59parameter may be NULL if 60.Fa dev 61does not have a PIN set. 62.Pp 63The 64.Fn fido_dev_force_pin_change 65instructs 66.Fa dev 67to require a PIN change. 68Subsequent PIN authentication attempts against 69.Fa dev 70will fail until its PIN is changed. 71.Pp 72The 73.Fn fido_dev_set_pin_minlen 74function sets the minimum PIN length of 75.Fa dev 76to 77.Fa len . 78Minimum PIN lengths may only be increased. 79.Pp 80Configuration settings are reflected in the payload returned by the 81authenticator in response to a 82.Xr fido_dev_get_cbor_info 3 83call. 84.Sh RETURN VALUES 85The error codes returned by 86.Fn fido_dev_enable_entattest , 87.Fn fido_dev_toggle_always_uv , 88.Fn fido_dev_force_pin_change , 89and 90.Fn fido_dev_set_pin_minlen 91are defined in 92.In fido/err.h . 93On success, 94.Dv FIDO_OK 95is returned. 96.Sh SEE ALSO 97.Xr fido_dev_get_cbor_info 3 , 98.Xr fido_dev_reset 3 99