fido_dev_set_pin,
fido_dev_get_retry_count,
fido_dev_get_uv_retry_count,
fido_dev_reset —
FIDO2 device management functions
#include
<fido.h>
int
fido_dev_set_pin(
fido_dev_t
*dev,
const char
*pin,
const char
*oldpin);
int
fido_dev_get_retry_count(
fido_dev_t
*dev,
int
*retries);
int
fido_dev_get_uv_retry_count(
fido_dev_t
*dev,
int
*retries);
int
fido_dev_reset(
fido_dev_t
*dev);
The
fido_dev_set_pin() function sets the PIN of
device
dev to
pin, where
pin is a NUL-terminated UTF-8 string. If
oldpin is not NULL, the device's PIN is
changed from
oldpin to
pin, where
pin and
oldpin are NUL-terminated UTF-8 strings.
The
fido_dev_get_retry_count() function fills
retries with the number of PIN retries left
in
dev before lock-out, where
retries is an addressable pointer.
The
fido_dev_get_uv_retry_count() function fills
retries with the number of built-in UV
retries left in
dev before built-in UV is
disabled, where
retries is an addressable
pointer.
The
fido_dev_reset() function performs a reset on
dev, resetting the device's PIN and erasing
credentials stored on the device.
Please note that
fido_dev_set_pin(),
fido_dev_get_retry_count(),
fido_dev_get_uv_retry_count(), and
fido_dev_reset() are synchronous and will block
if necessary.
The error codes returned by
fido_dev_set_pin(),
fido_dev_get_retry_count(),
fido_dev_get_uv_retry_count(), and
fido_dev_reset() are defined in
<fido/err.h>.
On success,
FIDO_OK
is returned.
fido_cbor_info_uv_attempts(3)
Regarding
fido_dev_reset(), the actual user-flow to
perform a reset is outside the scope of the FIDO2 specification, and may
therefore vary depending on the authenticator. Yubico authenticators will
return
FIDO_ERR_NOT_ALLOWED
if a reset is
issued later than 5 seconds after power-up, and
FIDO_ERR_ACTION_TIMEOUT
if the user fails
to confirm the reset by touching the key within 30 seconds.