Zephyr API Documentation 4.4.99
A Scalable Open Source RTOS
Loading...
Searching...
No Matches
FIDO2
Operating System Services » Authentication

FIDO2 authenticator subsystem. More...

Typedefs

typedef void(* fido2_state_callback_t) (enum fido2_runtime_state state, void *user_data)
 FIDO2 runtime state callback.

Enumerations

enum  fido2_runtime_state { FIDO2_RUNTIME_STATE_STOPPED = 0 , FIDO2_RUNTIME_STATE_IDLE , FIDO2_RUNTIME_STATE_WAITING_USER_PRESENCE , FIDO2_RUNTIME_STATE_PROCESSING }
 Runtime states exposed by the FIDO2 subsystem. More...

Functions

int fido2_init (void)
 Initialize the FIDO2 subsystem.
int fido2_start (void)
 Start the FIDO2 authenticator.
int fido2_stop (void)
 Stop the FIDO2 authenticator.
int fido2_set_state_callback (fido2_state_callback_t cb, void *user_data)
 Set or clear a single FIDO2 runtime state callback.
enum fido2_runtime_state fido2_get_state (void)
 Get the current FIDO2 runtime state.
int fido2_reset (void)
 Perform a factory reset.
enum  fido2_status {
  FIDO2_OK = 0x00 , FIDO2_ERR_INVALID_COMMAND = 0x01 , FIDO2_ERR_INVALID_PARAMETER = 0x02 , FIDO2_ERR_INVALID_LENGTH = 0x03 ,
  FIDO2_ERR_INVALID_SEQ = 0x04 , FIDO2_ERR_TIMEOUT = 0x05 , FIDO2_ERR_CHANNEL_BUSY = 0x06 , FIDO2_ERR_LOCK_REQUIRED = 0x0A ,
  FIDO2_ERR_INVALID_CHANNEL = 0x0B , FIDO2_ERR_CBOR_UNEXPECTED_TYPE = 0x11 , FIDO2_ERR_INVALID_CBOR = 0x12 , FIDO2_ERR_MISSING_PARAMETER = 0x14 ,
  FIDO2_ERR_LIMIT_EXCEEDED = 0x15 , FIDO2_ERR_UNSUPPORTED_EXTENSION = 0x16 , FIDO2_ERR_FP_DATABASE_FULL = 0x17 , FIDO2_ERR_LARGE_BLOB_STORAGE_FULL = 0x18 ,
  FIDO2_ERR_CREDENTIAL_EXCLUDED = 0x19 , FIDO2_ERR_PROCESSING = 0x21 , FIDO2_ERR_INVALID_CREDENTIAL = 0x22 , FIDO2_ERR_USER_ACTION_PENDING = 0x23 ,
  FIDO2_ERR_OPERATION_PENDING = 0x24 , FIDO2_ERR_NO_OPERATIONS = 0x25 , FIDO2_ERR_UNSUPPORTED_ALGORITHM = 0x26 , FIDO2_ERR_OPERATION_DENIED = 0x27 ,
  FIDO2_ERR_KEY_STORE_FULL = 0x28 , FIDO2_ERR_UNSUPPORTED_OPTION = 0x2B , FIDO2_ERR_INVALID_OPTION = 0x2C , FIDO2_ERR_KEEPALIVE_CANCEL = 0x2D ,
  FIDO2_ERR_NO_CREDENTIALS = 0x2E , FIDO2_ERR_USER_ACTION_TIMEOUT = 0x2F , FIDO2_ERR_NOT_ALLOWED = 0x30 , FIDO2_ERR_PIN_INVALID = 0x31 ,
  FIDO2_ERR_PIN_BLOCKED = 0x32 , FIDO2_ERR_PIN_AUTH_INVALID = 0x33 , FIDO2_ERR_PIN_AUTH_BLOCKED = 0x34 , FIDO2_ERR_PIN_NOT_SET = 0x35 ,
  FIDO2_ERR_PUAT_REQUIRED = 0x36 , FIDO2_ERR_PIN_POLICY_VIOLATION = 0x37 , FIDO2_ERR_RESERVED = 0x38 , FIDO2_ERR_REQUEST_TOO_LARGE = 0x39 ,
  FIDO2_ERR_ACTION_TIMEOUT = 0x3A , FIDO2_ERR_UP_REQUIRED = 0x3B , FIDO2_ERR_UV_BLOCKED = 0x3C , FIDO2_ERR_INTEGRITY_FAILURE = 0x3D ,
  FIDO2_ERR_INVALID_SUBCOMMAND = 0x3E , FIDO2_ERR_UV_INVALID = 0x3F , FIDO2_ERR_UNAUTHORIZED_PERMISSION = 0x40 , FIDO2_ERR_OTHER = 0x7F
}
 CTAP2 status codes. More...
enum  fido2_cmd {
  FIDO2_CMD_MAKE_CREDENTIAL = 0x01 , FIDO2_CMD_GET_ASSERTION = 0x02 , FIDO2_CMD_GET_INFO = 0x04 , FIDO2_CMD_CLIENT_PIN = 0x06 ,
  FIDO2_CMD_RESET = 0x07 , FIDO2_CMD_GET_NEXT_ASSERTION = 0x08 , FIDO2_CMD_CREDENTIAL_MGMT = 0x0A , FIDO2_CMD_SELECTION = 0x0B
}
 CTAP2 command codes. More...
enum  fido2_cred_protect { FIDO2_CRED_PROTECT_UV_OPTIONAL = 0x01 , FIDO2_CRED_PROTECT_UV_OPTIONAL_WITH_LIST = 0x02 , FIDO2_CRED_PROTECT_UV_REQUIRED = 0x03 }
 Credential protection levels. More...
enum  fido2_cose_alg { FIDO2_COSE_ES256 = -7 , FIDO2_COSE_EDDSA = -8 , FIDO2_COSE_RS256 = -257 }
 COSE algorithm identifiers. More...
#define FIDO2_CREDENTIAL_ID_MAX_SIZE   128
 FIDO2 shared types.
#define FIDO2_RP_ID_MAX_LEN   128
 Maximum relying party ID length.
#define FIDO2_RP_NAME_MAX_LEN   64
 Maximum relying party name length.
#define FIDO2_USER_NAME_MAX_LEN   64
 Maximum user name length.
#define FIDO2_USER_DISPLAY_NAME_MAX_LEN   64
 Maximum user display name length.
#define FIDO2_USER_ID_MAX_SIZE   64
 Maximum user ID size in bytes.
#define FIDO2_AAGUID_SIZE   16
 AAGUID size in bytes.
#define FIDO2_SHA256_SIZE   32
 SHA-256 hash size.
#define FIDO2_PIN_HASH_SIZE   16
 PIN hash size.
#define FIDO2_DISCOVERABLE_CRED_ID_SIZE   32
 Size of a discoverable credential ID.
#define FIDO2_NON_DISCOVERABLE_CRED_ID_SIZE   64
 Size of a non-discoverable credential ID.
#define FIDO2_AUTH_DATA_HEADER_SIZE   37
 Authenticator data header size.
#define FIDO2_ATTESTED_CRED_DATA_MAX_SIZE   (FIDO2_AAGUID_SIZE + 2 + FIDO2_CREDENTIAL_ID_MAX_SIZE + FIDO2_COSE_KEY_MAX_SIZE)
 Attested credential data size.
#define FIDO2_AUTH_DATA_MAX_SIZE   (FIDO2_AUTH_DATA_HEADER_SIZE + FIDO2_ATTESTED_CRED_DATA_MAX_SIZE)
 Maximum authenticatorData size 8.
#define FIDO2_MAX_EXTENSIONS   8
 Maximum number of supported extensions.
#define FIDO2_MAX_VERSIONS   4
 Maximum number of supported versions.
#define FIDO2_EXT_HMAC_SECRET   BIT(0)
 Credential extension HMAC secret.
#define FIDO2_EXT_LARGE_BLOB_KEY   BIT(1)
 Credential extension largeBlobKey.
#define FIDO2_EXT_CRED_BLOB   BIT(2)
 Credential extension credBlob.
#define FIDO2_EXT_THIRD_PARTY_PAY   BIT(3)
 Credential extension thirdPartyPayment.
#define FIDO2_TRANSPORT_USB   BIT(0)
 Transport USB.
#define FIDO2_TRANSPORT_BLE   BIT(1)
 Transport BLE.
#define FIDO2_TRANSPORT_NFC   BIT(2)
 Transport NFC.
#define AUTH_DATA_FLAG_UP   BIT(0)
 User Present (UP) result.
#define AUTH_DATA_FLAG_UV   BIT(2)
 User Verified (UV) result.
#define AUTH_DATA_FLAG_AT   BIT(6)
 Attested credential data included (AT).
#define AUTH_DATA_FLAG_ED   BIT(7)
 Extension data included (ED).
typedef int(* fido2_storage_iterate_cb_t) (const struct fido2_credential *cred, void *user_data)
 FIDO2 credential storage.
const struct fido2_storage_api fido2_storage_backend
 FIDO2 storage backend instance.
int fido2_up_wait (void)
 FIDO2 user presence.
void fido2_up_cancel (void)
 Cancel a pending user presence wait.
int fido2_attestation_sign (const uint8_t *auth_data, size_t auth_data_len, const uint8_t *client_data_hash, uint32_t credential_key_id, struct fido2_attestation_result *result)
 Sign authenticatorData for a new credential.
#define FIDO2_ATTESTATION_FMT_PACKED   "packed"
 FIDO2 attestation.
#define FIDO2_ATTESTATION_FMT_NONE   "none"
 No attestation.
#define FIDO2_ATTESTATION_FMT_MAX_LEN   32
 Maximum attestation format identifier length.

Detailed Description

FIDO2 authenticator subsystem.

Since
4.5
Version
0.1.0

Macro Definition Documentation

◆ AUTH_DATA_FLAG_AT

#define AUTH_DATA_FLAG_AT   BIT(6)

#include <zephyr/authentication/fido2/fido2_types.h>

Attested credential data included (AT).

◆ AUTH_DATA_FLAG_ED

#define AUTH_DATA_FLAG_ED   BIT(7)

#include <zephyr/authentication/fido2/fido2_types.h>

Extension data included (ED).

◆ AUTH_DATA_FLAG_UP

#define AUTH_DATA_FLAG_UP   BIT(0)

#include <zephyr/authentication/fido2/fido2_types.h>

User Present (UP) result.

◆ AUTH_DATA_FLAG_UV

#define AUTH_DATA_FLAG_UV   BIT(2)

#include <zephyr/authentication/fido2/fido2_types.h>

User Verified (UV) result.

◆ FIDO2_AAGUID_SIZE

#define FIDO2_AAGUID_SIZE   16

#include <zephyr/authentication/fido2/fido2_types.h>

AAGUID size in bytes.

◆ FIDO2_ATTESTATION_FMT_MAX_LEN

#define FIDO2_ATTESTATION_FMT_MAX_LEN   32

#include <zephyr/authentication/fido2/fido2_attestation.h>

Maximum attestation format identifier length.

◆ FIDO2_ATTESTATION_FMT_NONE

#define FIDO2_ATTESTATION_FMT_NONE   "none"

#include <zephyr/authentication/fido2/fido2_attestation.h>

No attestation.

◆ FIDO2_ATTESTATION_FMT_PACKED

#define FIDO2_ATTESTATION_FMT_PACKED   "packed"

#include <zephyr/authentication/fido2/fido2_attestation.h>

FIDO2 attestation.

Packed attestation

◆ FIDO2_ATTESTED_CRED_DATA_MAX_SIZE

#define FIDO2_ATTESTED_CRED_DATA_MAX_SIZE   (FIDO2_AAGUID_SIZE + 2 + FIDO2_CREDENTIAL_ID_MAX_SIZE + FIDO2_COSE_KEY_MAX_SIZE)

#include <zephyr/authentication/fido2/fido2_types.h>

Attested credential data size.

◆ FIDO2_AUTH_DATA_HEADER_SIZE

#define FIDO2_AUTH_DATA_HEADER_SIZE   37

#include <zephyr/authentication/fido2/fido2_types.h>

Authenticator data header size.

◆ FIDO2_AUTH_DATA_MAX_SIZE

#define FIDO2_AUTH_DATA_MAX_SIZE   (FIDO2_AUTH_DATA_HEADER_SIZE + FIDO2_ATTESTED_CRED_DATA_MAX_SIZE)

#include <zephyr/authentication/fido2/fido2_types.h>

Maximum authenticatorData size 8.

◆ FIDO2_CREDENTIAL_ID_MAX_SIZE

#define FIDO2_CREDENTIAL_ID_MAX_SIZE   128

#include <zephyr/authentication/fido2/fido2_types.h>

FIDO2 shared types.

Maximum credential ID size in bytes

◆ FIDO2_DISCOVERABLE_CRED_ID_SIZE

#define FIDO2_DISCOVERABLE_CRED_ID_SIZE   32

#include <zephyr/authentication/fido2/fido2_types.h>

Size of a discoverable credential ID.

◆ FIDO2_EXT_CRED_BLOB

#define FIDO2_EXT_CRED_BLOB   BIT(2)

#include <zephyr/authentication/fido2/fido2_types.h>

Credential extension credBlob.

◆ FIDO2_EXT_HMAC_SECRET

#define FIDO2_EXT_HMAC_SECRET   BIT(0)

#include <zephyr/authentication/fido2/fido2_types.h>

Credential extension HMAC secret.

◆ FIDO2_EXT_LARGE_BLOB_KEY

#define FIDO2_EXT_LARGE_BLOB_KEY   BIT(1)

#include <zephyr/authentication/fido2/fido2_types.h>

Credential extension largeBlobKey.

◆ FIDO2_EXT_THIRD_PARTY_PAY

#define FIDO2_EXT_THIRD_PARTY_PAY   BIT(3)

#include <zephyr/authentication/fido2/fido2_types.h>

Credential extension thirdPartyPayment.

◆ FIDO2_MAX_EXTENSIONS

#define FIDO2_MAX_EXTENSIONS   8

#include <zephyr/authentication/fido2/fido2_types.h>

Maximum number of supported extensions.

◆ FIDO2_MAX_VERSIONS

#define FIDO2_MAX_VERSIONS   4

#include <zephyr/authentication/fido2/fido2_types.h>

Maximum number of supported versions.

◆ FIDO2_NON_DISCOVERABLE_CRED_ID_SIZE

#define FIDO2_NON_DISCOVERABLE_CRED_ID_SIZE   64

#include <zephyr/authentication/fido2/fido2_types.h>

Size of a non-discoverable credential ID.

◆ FIDO2_PIN_HASH_SIZE

#define FIDO2_PIN_HASH_SIZE   16

#include <zephyr/authentication/fido2/fido2_types.h>

PIN hash size.

◆ FIDO2_RP_ID_MAX_LEN

#define FIDO2_RP_ID_MAX_LEN   128

#include <zephyr/authentication/fido2/fido2_types.h>

Maximum relying party ID length.

◆ FIDO2_RP_NAME_MAX_LEN

#define FIDO2_RP_NAME_MAX_LEN   64

#include <zephyr/authentication/fido2/fido2_types.h>

Maximum relying party name length.

◆ FIDO2_SHA256_SIZE

#define FIDO2_SHA256_SIZE   32

#include <zephyr/authentication/fido2/fido2_types.h>

SHA-256 hash size.

◆ FIDO2_TRANSPORT_BLE

#define FIDO2_TRANSPORT_BLE   BIT(1)

#include <zephyr/authentication/fido2/fido2_types.h>

Transport BLE.

◆ FIDO2_TRANSPORT_NFC

#define FIDO2_TRANSPORT_NFC   BIT(2)

#include <zephyr/authentication/fido2/fido2_types.h>

Transport NFC.

◆ FIDO2_TRANSPORT_USB

#define FIDO2_TRANSPORT_USB   BIT(0)

#include <zephyr/authentication/fido2/fido2_types.h>

Transport USB.

◆ FIDO2_USER_DISPLAY_NAME_MAX_LEN

#define FIDO2_USER_DISPLAY_NAME_MAX_LEN   64

#include <zephyr/authentication/fido2/fido2_types.h>

Maximum user display name length.

◆ FIDO2_USER_ID_MAX_SIZE

#define FIDO2_USER_ID_MAX_SIZE   64

#include <zephyr/authentication/fido2/fido2_types.h>

Maximum user ID size in bytes.

◆ FIDO2_USER_NAME_MAX_LEN

#define FIDO2_USER_NAME_MAX_LEN   64

#include <zephyr/authentication/fido2/fido2_types.h>

Maximum user name length.

Typedef Documentation

◆ fido2_state_callback_t

typedef void(* fido2_state_callback_t) (enum fido2_runtime_state state, void *user_data)

#include <zephyr/authentication/fido2/fido2.h>

FIDO2 runtime state callback.

Called when the FIDO2 runtime state changes.

Note
This callback is called synchronously. Runtime state transitions are reported from FIDO2 internal thread/workqueue context.
The callback must be lightweight and must not block for long periods.
Parameters
stateNew runtime state.
user_dataOpaque context pointer provided during callback setup.

◆ fido2_storage_iterate_cb_t

typedef int(* fido2_storage_iterate_cb_t) (const struct fido2_credential *cred, void *user_data)

#include <zephyr/authentication/fido2/fido2_storage.h>

FIDO2 credential storage.

Callback for enumerating credentials.

Parameters
credThe current credential
user_dataOpaque user context
Return values
0Continue enumeration
non-zeroStop enumeration; value is propagated to fido2_storage_iterate()

Enumeration Type Documentation

◆ fido2_cmd

enum fido2_cmd

#include <zephyr/authentication/fido2/fido2_types.h>

CTAP2 command codes.

Enumerator
FIDO2_CMD_MAKE_CREDENTIAL 

Create a new credential.

FIDO2_CMD_GET_ASSERTION 

Authenticate with a credential.

FIDO2_CMD_GET_INFO 

Get authenticator info.

FIDO2_CMD_CLIENT_PIN 

Client PIN operations.

FIDO2_CMD_RESET 

Factory reset.

FIDO2_CMD_GET_NEXT_ASSERTION 

Get next assertion.

FIDO2_CMD_CREDENTIAL_MGMT 

Credential management.

FIDO2_CMD_SELECTION 

Authenticator selection.

◆ fido2_cose_alg

enum fido2_cose_alg

#include <zephyr/authentication/fido2/fido2_types.h>

COSE algorithm identifiers.

Enumerator
FIDO2_COSE_ES256 

ECDSA w/ SHA-256.

FIDO2_COSE_EDDSA 

EdDSA.

FIDO2_COSE_RS256 

RSASSA-PKCS1-v1_5 w/ SHA-256.

◆ fido2_cred_protect

enum fido2_cred_protect

#include <zephyr/authentication/fido2/fido2_types.h>

Credential protection levels.

Enumerator
FIDO2_CRED_PROTECT_UV_OPTIONAL 

UV optional; credential usable without verification.

FIDO2_CRED_PROTECT_UV_OPTIONAL_WITH_LIST 

UV optional; credential usable only with credential ID list.

FIDO2_CRED_PROTECT_UV_REQUIRED 

UV required; credential always requires user verification.

◆ fido2_runtime_state

enum fido2_runtime_state

#include <zephyr/authentication/fido2/fido2.h>

Runtime states exposed by the FIDO2 subsystem.

Enumerator
FIDO2_RUNTIME_STATE_STOPPED 

FIDO2 is stopped and not handling commands.

FIDO2_RUNTIME_STATE_IDLE 

FIDO2 is running and idle.

FIDO2_RUNTIME_STATE_WAITING_USER_PRESENCE 

FIDO2 is waiting for user presence confirmation.

FIDO2_RUNTIME_STATE_PROCESSING 

FIDO2 is processing a command after user presence.

◆ fido2_status

enum fido2_status

#include <zephyr/authentication/fido2/fido2_types.h>

CTAP2 status codes.

Enumerator
FIDO2_OK 

Success.

FIDO2_ERR_INVALID_COMMAND 

Invalid command.

FIDO2_ERR_INVALID_PARAMETER 

Invalid parameter.

FIDO2_ERR_INVALID_LENGTH 

Invalid message length.

FIDO2_ERR_INVALID_SEQ 

Invalid sequence number.

FIDO2_ERR_TIMEOUT 

Request timed out.

FIDO2_ERR_CHANNEL_BUSY 

Channel busy.

FIDO2_ERR_LOCK_REQUIRED 

Command requires lock.

FIDO2_ERR_INVALID_CHANNEL 

Invalid channel.

FIDO2_ERR_CBOR_UNEXPECTED_TYPE 

Unexpected CBOR type.

FIDO2_ERR_INVALID_CBOR 

Invalid CBOR encoding.

FIDO2_ERR_MISSING_PARAMETER 

Required parameter missing.

FIDO2_ERR_LIMIT_EXCEEDED 

Limit exceeded.

FIDO2_ERR_UNSUPPORTED_EXTENSION 

Unsupported extension.

FIDO2_ERR_FP_DATABASE_FULL 

Fingerprint database full.

FIDO2_ERR_LARGE_BLOB_STORAGE_FULL 

Large blob storage full.

FIDO2_ERR_CREDENTIAL_EXCLUDED 

Credential in excludeList found.

FIDO2_ERR_PROCESSING 

Processing.

FIDO2_ERR_INVALID_CREDENTIAL 

Invalid credential.

FIDO2_ERR_USER_ACTION_PENDING 

Waiting for user action.

FIDO2_ERR_OPERATION_PENDING 

Operation pending.

FIDO2_ERR_NO_OPERATIONS 

No operations pending.

FIDO2_ERR_UNSUPPORTED_ALGORITHM 

Unsupported algorithm.

FIDO2_ERR_OPERATION_DENIED 

Operation denied.

FIDO2_ERR_KEY_STORE_FULL 

Key store full.

FIDO2_ERR_UNSUPPORTED_OPTION 

Unsupported option.

FIDO2_ERR_INVALID_OPTION 

Option value invalid for this operation.

FIDO2_ERR_KEEPALIVE_CANCEL 

Keepalive cancelled by platform.

FIDO2_ERR_NO_CREDENTIALS 

No credentials found.

FIDO2_ERR_USER_ACTION_TIMEOUT 

User action timed out.

FIDO2_ERR_NOT_ALLOWED 

Operation not allowed.

FIDO2_ERR_PIN_INVALID 

Invalid PIN.

FIDO2_ERR_PIN_BLOCKED 

PIN blocked.

FIDO2_ERR_PIN_AUTH_INVALID 

PIN auth verification failed.

FIDO2_ERR_PIN_AUTH_BLOCKED 

PIN auth blocked.

FIDO2_ERR_PIN_NOT_SET 

PIN not set.

FIDO2_ERR_PUAT_REQUIRED 

PIN/UV auth token required.

FIDO2_ERR_PIN_POLICY_VIOLATION 

PIN policy violation.

FIDO2_ERR_RESERVED 

PIN/UV auth token expired.

FIDO2_ERR_REQUEST_TOO_LARGE 

Request exceeds maxMsgSize.

FIDO2_ERR_ACTION_TIMEOUT 

Platform response timed out.

FIDO2_ERR_UP_REQUIRED 

User presence required.

FIDO2_ERR_UV_BLOCKED 

User verification blocked.

FIDO2_ERR_INTEGRITY_FAILURE 

Authenticator integrity check failed.

FIDO2_ERR_INVALID_SUBCOMMAND 

Invalid subcommand for this command.

FIDO2_ERR_UV_INVALID 

User verification failed.

FIDO2_ERR_UNAUTHORIZED_PERMISSION 

PIN/UV token missing permission.

FIDO2_ERR_OTHER 

Other unspecified error.

Function Documentation

◆ fido2_attestation_sign()

int fido2_attestation_sign ( const uint8_t * auth_data,
size_t auth_data_len,
const uint8_t * client_data_hash,
uint32_t credential_key_id,
struct fido2_attestation_result * result )

#include <zephyr/authentication/fido2/fido2_attestation.h>

Sign authenticatorData for a new credential.

Parameters
auth_dataRaw authenticatorData bytes.
auth_data_lenLength of auth_data.
client_data_hash32-byte SHA-256 of clientDataJSON.
credential_key_idPSA key handle of the credential key. Only for self-attestation.
resultAttestation result to fill.
Return values
0On success.
-errnoOn failure; subsystem aborts MakeCredential.

◆ fido2_get_state()

enum fido2_runtime_state fido2_get_state ( void )

#include <zephyr/authentication/fido2/fido2.h>

Get the current FIDO2 runtime state.

Note
This function is ISR-safe.
Returns
Current runtime state.

◆ fido2_init()

int fido2_init ( void )

#include <zephyr/authentication/fido2/fido2.h>

Initialize the FIDO2 subsystem.

Sets up credential storage, crypto, and registered transports.

Return values
0If successful.
-errnoOn failure.

◆ fido2_reset()

int fido2_reset ( void )

#include <zephyr/authentication/fido2/fido2.h>

Perform a factory reset.

Wipes all stored credentials, PIN state, and resets the authenticator. Must be executed within 10 seconds of power-up per CTAP2 specification. The 10-second power-up window is enforced internally.

Return values
0If successful.
-errnoOn failure.

◆ fido2_set_state_callback()

int fido2_set_state_callback ( fido2_state_callback_t cb,
void * user_data )

#include <zephyr/authentication/fido2/fido2.h>

Set or clear a single FIDO2 runtime state callback.

Set cb to NULL to clear the callback.

Note
If cb is non-NULL, it is called once immediately with the current state in the caller context.
Parameters
cbCallback function, or NULL to disable callbacks.
user_dataOpaque context pointer passed to cb.
Return values
0Always succeeds.

◆ fido2_start()

int fido2_start ( void )

#include <zephyr/authentication/fido2/fido2.h>

Start the FIDO2 authenticator.

Begins listening for CTAP2 commands on all enabled transports.

Return values
0If successful.
-errnoOn failure.

◆ fido2_stop()

int fido2_stop ( void )

#include <zephyr/authentication/fido2/fido2.h>

Stop the FIDO2 authenticator.

Stops all transports and the processing thread.

Return values
0If successful.
-errnoOn failure.

◆ fido2_up_cancel()

void fido2_up_cancel ( void )

#include <zephyr/authentication/fido2/fido2_up.h>

Cancel a pending user presence wait.

Called when the cancel command is received from a transport.

◆ fido2_up_wait()

int fido2_up_wait ( void )

#include <zephyr/authentication/fido2/fido2_up.h>

FIDO2 user presence.

Check for user presence.

Blocks up to CONFIG_FIDO2_UP_TIMEOUT_MS waiting for a physical user gesture.

Return values
0User presence confirmed.
-ETIMEDOUTTimeout expired without user interaction.
-ECANCELEDCanceled user interaction.
-errnoOn other failure.

Variable Documentation

◆ fido2_storage_backend

const struct fido2_storage_api fido2_storage_backend
extern

#include <zephyr/authentication/fido2/fido2_storage.h>

FIDO2 storage backend instance.

A storage backend must provide exactly one definition of this symbol. Multiple definitions will cause a link error.