Scroll to navigation

FIDO_DEV_SET_PIN(3) Library Functions Manual FIDO_DEV_SET_PIN(3)

NAME

fido_dev_set_pin, fido_dev_get_retry_count, fido_dev_get_uv_retry_count, fido_dev_resetFIDO2 device management functions

SYNOPSIS

#include <fido.h>

int
fido_dev_set_pin(fido_dev_t *dev, const char *pin, const char *oldpin);

int
fido_dev_get_retry_count(fido_dev_t *dev, int *retries);

int
fido_dev_get_uv_retry_count(fido_dev_t *dev, int *retries);

int
fido_dev_reset(fido_dev_t *dev);

DESCRIPTION

The () function sets the PIN of device dev to pin, where pin is a NUL-terminated UTF-8 string. If oldpin is not NULL, the device's PIN is changed from oldpin to pin, where pin and oldpin are NUL-terminated UTF-8 strings.

The () function fills retries with the number of PIN retries left in dev before lock-out, where retries is an addressable pointer.

The () function fills retries with the number of built-in UV retries left in dev before built-in UV is disabled, where retries is an addressable pointer.

The () function performs a reset on dev, resetting the device's PIN and erasing credentials stored on the device.

Please note that (), fido_dev_get_retry_count(), fido_dev_get_uv_retry_count(), and fido_dev_reset() are synchronous and will block if necessary.

RETURN VALUES

The error codes returned by fido_dev_set_pin(), fido_dev_get_retry_count(), fido_dev_get_uv_retry_count(), and fido_dev_reset() are defined in <fido/err.h>. On success, FIDO_OK is returned.

SEE ALSO

fido_cbor_info_uv_attempts(3)

CAVEATS

Regarding fido_dev_reset(), the actual user-flow to perform a reset is outside the scope of the FIDO2 specification, and may therefore vary depending on the authenticator. Yubico authenticators will return FIDO_ERR_NOT_ALLOWED if a reset is issued later than 5 seconds after power-up, and FIDO_ERR_ACTION_TIMEOUT if the user fails to confirm the reset by touching the key within 30 seconds.

May 25, 2018 Linux 5.14.0-427.18.1.el9_4.x86_64