Scroll to navigation

FIDO_CRED_NEW(3) Library Functions Manual FIDO_CRED_NEW(3)


fido_cred_new, fido_cred_free, fido_cred_prot, fido_cred_fmt, fido_cred_rp_id, fido_cred_rp_name, fido_cred_user_name, fido_cred_display_name, fido_cred_authdata_ptr, fido_cred_clientdata_hash_ptr, fido_cred_id_ptr, fido_cred_aaguid_ptr, fido_cred_pubkey_ptr, fido_cred_sig_ptr, fido_cred_user_id_ptr, fido_cred_x5c_ptr, fido_cred_authdata_len, fido_cred_clientdata_hash_len, fido_cred_id_len, fido_cred_aaguid_len, fido_cred_pubkey_len, fido_cred_sig_len, fido_cred_user_id_len, fido_cred_x5c_len, fido_cred_type, fido_cred_flags
FIDO 2 credential API


#include <fido.h>

fido_cred_t *

fido_cred_free(fido_cred_t **cred_p);

fido_cred_prot(fido_cred_t *cred);

const char *
fido_cred_fmt(const fido_cred_t *cred);

const char *
fido_cred_rp_id(const fido_cred_t *cred);

const char *
fido_cred_rp_name(const fido_cred_t *cred);

const char *
fido_cred_user_name(const fido_cred_t *cred);

const char *
fido_cred_display_name(const fido_cred_t *cred);

const unsigned char *
fido_cred_authdata_ptr(const fido_cred_t *cred);

const unsigned char *
fido_cred_clientdata_hash_ptr(const fido_cred_t *cred);

const unsigned char *
fido_cred_id_ptr(const fido_cred_t *cred);

const unsigned char *
fido_cred_aaguid_ptr(const fido_cred_t *cred);

const unsigned char *
fido_cred_pubkey_ptr(const fido_cred_t *cred);

const unsigned char *
fido_cred_sig_ptr(const fido_cred_t *cred);

const unsigned char *
fido_cred_user_id_ptr(const fido_cred_t *cred);

const unsigned char *
fido_cred_x5c_ptr(const fido_cred_t *cred);

fido_cred_authdata_len(const fido_cred_t *cred);

fido_cred_clientdata_hash_len(const fido_cred_t *cred);

fido_cred_id_len(const fido_cred_t *cred);

fido_cred_aaguid_len(const fido_cred_t *cred);

fido_cred_pubkey_len(const fido_cred_t *cred);

fido_cred_sig_len(const fido_cred_t *cred);

fido_cred_user_id_len(const fido_cred_t *cred);

fido_cred_x5c_len(const fido_cred_t *cred);

fido_cred_type(const fido_cred_t *cred);

fido_cred_flags(const fido_cred_t *cred);


FIDO 2 credentials are abstracted in libfido2 by the fido_cred_t type. The functions described in this page allow a fido_cred_t type to be allocated, deallocated, and inspected. For other operations on fido_cred_t, please refer to fido_cred_set_authdata(3), fido_cred_exclude(3), fido_cred_verify(3), and fido_dev_make_cred(3).

The fido_cred_new() function returns a pointer to a newly allocated, empty fido_cred_t type. If memory cannot be allocated, NULL is returned.

The fido_cred_free() function releases the memory backing *cred_p, where *cred_p must have been previously allocated by fido_cred_new(). On return, *cred_p is set to NULL. Either cred_p or *cred_p may be NULL, in which case fido_cred_free() is a NOP.

The fido_cred_prot() function returns the protection of cred. See fido_cred_set_prot(3) for the values understood by libfido2.

The fido_cred_fmt() function returns a pointer to a NUL-terminated string containing the format of cred, or NULL if cred does not have a format set.

The fido_cred_rp_id(), fido_cred_rp_name(), fido_cred_user_name(), and fido_cred_display_name() functions return pointers to NUL-terminated strings holding the relying party ID, relying party name, user name, and user display name attributes of cred, or NULL if the respective entry is not set.

The fido_cred_authdata_ptr(), fido_cred_clientdata_hash_ptr(), fido_cred_id_ptr(), fido_cred_aaguid_ptr(), fido_cred_pubkey_ptr(), fido_cred_sig_ptr(), fido_cred_user_id_ptr(), and fido_cred_x5c_ptr() functions return pointers to the authenticator data, client data hash, ID, authenticator attestation GUID, public key, signature, user ID, and x509 certificate parts of cred, or NULL if the respective entry is not set.

The corresponding length can be obtained by fido_cred_authdata_len(), fido_cred_clientdata_hash_len(), fido_cred_id_len(), fido_cred_aaguid_len(), fido_cred_pubkey_len(), fido_cred_sig_len(), fido_cred_user_id_len(), and fido_cred_x5c_len().

The authenticator data, x509 certificate, and signature parts of a credential are typically passed to a FIDO 2 server for verification.

The fido_cred_type() function returns the COSE algorithm of cred.

The fido_cred_flags() function returns the authenticator data flags of cred.


The authenticator data returned by fido_cred_authdata_ptr() is a CBOR-encoded byte string, as obtained from the authenticator.

If not NULL, pointers returned by fido_cred_fmt(), fido_cred_authdata_ptr(), fido_cred_clientdata_hash_ptr(), fido_cred_id_ptr(), fido_cred_aaguid_ptr(), fido_cred_pubkey_ptr(), fido_cred_sig_ptr(), and fido_cred_x5c_ptr() are guaranteed to exist until any API function that takes cred without the const qualifier is invoked.


fido_cred_exclude(3), fido_cred_set_authdata(3), fido_cred_verify(3), fido_credman_metadata_new(3), fido_dev_make_cred(3)
May 23, 2018 Linux 4.19.0-12-amd64