1f540a430SEd Maste // Copyright (c) Microsoft Corporation. All rights reserved. 2f540a430SEd Maste // Licensed under the MIT License. 3f540a430SEd Maste 4f540a430SEd Maste #ifndef __WEBAUTHN_H_ 5f540a430SEd Maste #define __WEBAUTHN_H_ 6f540a430SEd Maste 7f540a430SEd Maste #pragma once 8f540a430SEd Maste 9f540a430SEd Maste #include <winapifamily.h> 10f540a430SEd Maste 113e696dfbSEd Maste #ifdef _MSC_VER 12f540a430SEd Maste #pragma region Desktop Family or OneCore Family 133e696dfbSEd Maste #endif 14f540a430SEd Maste #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM) 15f540a430SEd Maste 16f540a430SEd Maste #ifdef __cplusplus 17f540a430SEd Maste extern "C" { 18f540a430SEd Maste #endif 19f540a430SEd Maste 20f540a430SEd Maste #ifndef WINAPI 21f540a430SEd Maste #define WINAPI __stdcall 22f540a430SEd Maste #endif 23f540a430SEd Maste 24f540a430SEd Maste #ifndef INITGUID 25f540a430SEd Maste #define INITGUID 26f540a430SEd Maste #include <guiddef.h> 27f540a430SEd Maste #undef INITGUID 28f540a430SEd Maste #else 29f540a430SEd Maste #include <guiddef.h> 30f540a430SEd Maste #endif 31f540a430SEd Maste 32f540a430SEd Maste //+------------------------------------------------------------------------------------------ 33f540a430SEd Maste // API Version Information. 34f540a430SEd Maste // Caller should check for WebAuthNGetApiVersionNumber to check the presence of relevant APIs 35f540a430SEd Maste // and features for their usage. 36f540a430SEd Maste //------------------------------------------------------------------------------------------- 37f540a430SEd Maste 38f540a430SEd Maste #define WEBAUTHN_API_VERSION_1 1 39f540a430SEd Maste // WEBAUTHN_API_VERSION_1 : Baseline Version 40f540a430SEd Maste // Data Structures and their sub versions: 41f540a430SEd Maste // - WEBAUTHN_RP_ENTITY_INFORMATION : 1 42f540a430SEd Maste // - WEBAUTHN_USER_ENTITY_INFORMATION : 1 43f540a430SEd Maste // - WEBAUTHN_CLIENT_DATA : 1 44f540a430SEd Maste // - WEBAUTHN_COSE_CREDENTIAL_PARAMETER : 1 45f540a430SEd Maste // - WEBAUTHN_COSE_CREDENTIAL_PARAMETERS : Not Applicable 46f540a430SEd Maste // - WEBAUTHN_CREDENTIAL : 1 47f540a430SEd Maste // - WEBAUTHN_CREDENTIALS : Not Applicable 48f540a430SEd Maste // - WEBAUTHN_CREDENTIAL_EX : 1 49f540a430SEd Maste // - WEBAUTHN_CREDENTIAL_LIST : Not Applicable 50f540a430SEd Maste // - WEBAUTHN_EXTENSION : Not Applicable 51f540a430SEd Maste // - WEBAUTHN_EXTENSIONS : Not Applicable 52f540a430SEd Maste // - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 3 53f540a430SEd Maste // - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 4 54f540a430SEd Maste // - WEBAUTHN_COMMON_ATTESTATION : 1 55f540a430SEd Maste // - WEBAUTHN_CREDENTIAL_ATTESTATION : 3 56f540a430SEd Maste // - WEBAUTHN_ASSERTION : 1 57f540a430SEd Maste // Extensions: 58f540a430SEd Maste // - WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET 59f540a430SEd Maste // APIs: 60f540a430SEd Maste // - WebAuthNGetApiVersionNumber 61f540a430SEd Maste // - WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable 62f540a430SEd Maste // - WebAuthNAuthenticatorMakeCredential 63f540a430SEd Maste // - WebAuthNAuthenticatorGetAssertion 64f540a430SEd Maste // - WebAuthNFreeCredentialAttestation 65f540a430SEd Maste // - WebAuthNFreeAssertion 66f540a430SEd Maste // - WebAuthNGetCancellationId 67f540a430SEd Maste // - WebAuthNCancelCurrentOperation 68f540a430SEd Maste // - WebAuthNGetErrorName 69f540a430SEd Maste // - WebAuthNGetW3CExceptionDOMError 70*60a517b6SEd Maste // Transports: 71*60a517b6SEd Maste // - WEBAUTHN_CTAP_TRANSPORT_USB 72*60a517b6SEd Maste // - WEBAUTHN_CTAP_TRANSPORT_NFC 73*60a517b6SEd Maste // - WEBAUTHN_CTAP_TRANSPORT_BLE 74*60a517b6SEd Maste // - WEBAUTHN_CTAP_TRANSPORT_INTERNAL 75f540a430SEd Maste 76f540a430SEd Maste #define WEBAUTHN_API_VERSION_2 2 77f540a430SEd Maste // WEBAUTHN_API_VERSION_2 : Delta From WEBAUTHN_API_VERSION_1 78f540a430SEd Maste // Added Extensions: 79f540a430SEd Maste // - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT 80f540a430SEd Maste // 81f540a430SEd Maste 82f540a430SEd Maste #define WEBAUTHN_API_VERSION_3 3 83f540a430SEd Maste // WEBAUTHN_API_VERSION_3 : Delta From WEBAUTHN_API_VERSION_2 84f540a430SEd Maste // Data Structures and their sub versions: 85f540a430SEd Maste // - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 4 86f540a430SEd Maste // - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 5 87f540a430SEd Maste // - WEBAUTHN_CREDENTIAL_ATTESTATION : 4 88f540a430SEd Maste // - WEBAUTHN_ASSERTION : 2 89f540a430SEd Maste // Added Extensions: 90f540a430SEd Maste // - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB 91f540a430SEd Maste // - WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH 92f540a430SEd Maste // 93f540a430SEd Maste 943e696dfbSEd Maste #define WEBAUTHN_API_VERSION_4 4 953e696dfbSEd Maste // WEBAUTHN_API_VERSION_4 : Delta From WEBAUTHN_API_VERSION_3 963e696dfbSEd Maste // Data Structures and their sub versions: 973e696dfbSEd Maste // - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 5 983e696dfbSEd Maste // - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 6 993e696dfbSEd Maste // - WEBAUTHN_ASSERTION : 3 100*60a517b6SEd Maste // - WEBAUTHN_CREDENTIAL_DETAILS : 1 1012ccfa855SEd Maste // APIs: 1022ccfa855SEd Maste // - WebAuthNGetPlatformCredentialList 1032ccfa855SEd Maste // - WebAuthNFreePlatformCredentialList 104*60a517b6SEd Maste // - WebAuthNDeletePlatformCredential 1053e696dfbSEd Maste // 1063e696dfbSEd Maste 107*60a517b6SEd Maste #define WEBAUTHN_API_VERSION_5 5 108*60a517b6SEd Maste // WEBAUTHN_API_VERSION_5 : Delta From WEBAUTHN_API_VERSION_4 109*60a517b6SEd Maste // Data Structures and their sub versions: 110*60a517b6SEd Maste // - WEBAUTHN_CREDENTIAL_DETAILS : 2 111*60a517b6SEd Maste // Extension Changes: 112*60a517b6SEd Maste // - Enabled LARGE_BLOB Support 113*60a517b6SEd Maste // 114*60a517b6SEd Maste 115*60a517b6SEd Maste #define WEBAUTHN_API_VERSION_6 6 116*60a517b6SEd Maste // WEBAUTHN_API_VERSION_6 : Delta From WEBAUTHN_API_VERSION_5 117*60a517b6SEd Maste // Data Structures and their sub versions: 118*60a517b6SEd Maste // - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 6 119*60a517b6SEd Maste // - WEBAUTHN_CREDENTIAL_ATTESTATION : 5 120*60a517b6SEd Maste // - WEBAUTHN_ASSERTION : 4 121*60a517b6SEd Maste // Transports: 122*60a517b6SEd Maste // - WEBAUTHN_CTAP_TRANSPORT_HYBRID 123*60a517b6SEd Maste 124*60a517b6SEd Maste #define WEBAUTHN_API_VERSION_7 7 125*60a517b6SEd Maste // WEBAUTHN_API_VERSION_7 : Delta From WEBAUTHN_API_VERSION_6 126*60a517b6SEd Maste // Data Structures and their sub versions: 127*60a517b6SEd Maste // - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 7 128*60a517b6SEd Maste // - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 7 129*60a517b6SEd Maste // - WEBAUTHN_CREDENTIAL_ATTESTATION : 6 130*60a517b6SEd Maste // - WEBAUTHN_ASSERTION : 5 131*60a517b6SEd Maste 132*60a517b6SEd Maste #define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_7 133f540a430SEd Maste 134f540a430SEd Maste //+------------------------------------------------------------------------------------------ 135f540a430SEd Maste // Information about an RP Entity 136f540a430SEd Maste //------------------------------------------------------------------------------------------- 137f540a430SEd Maste 138f540a430SEd Maste #define WEBAUTHN_RP_ENTITY_INFORMATION_CURRENT_VERSION 1 139f540a430SEd Maste 140f540a430SEd Maste typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION { 141f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 142f540a430SEd Maste // This field is required and should be set to CURRENT_VERSION above. 143f540a430SEd Maste DWORD dwVersion; 144f540a430SEd Maste 145f540a430SEd Maste // Identifier for the RP. This field is required. 146f540a430SEd Maste PCWSTR pwszId; 147f540a430SEd Maste 148f540a430SEd Maste // Contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site". 149f540a430SEd Maste // This field is required. 150f540a430SEd Maste PCWSTR pwszName; 151f540a430SEd Maste 152f540a430SEd Maste // Optional URL pointing to RP's logo. 153f540a430SEd Maste PCWSTR pwszIcon; 154f540a430SEd Maste } WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION; 155f540a430SEd Maste typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION; 156f540a430SEd Maste 157f540a430SEd Maste //+------------------------------------------------------------------------------------------ 158f540a430SEd Maste // Information about an User Entity 159f540a430SEd Maste //------------------------------------------------------------------------------------------- 160f540a430SEd Maste #define WEBAUTHN_MAX_USER_ID_LENGTH 64 161f540a430SEd Maste 162f540a430SEd Maste #define WEBAUTHN_USER_ENTITY_INFORMATION_CURRENT_VERSION 1 163f540a430SEd Maste 164f540a430SEd Maste typedef struct _WEBAUTHN_USER_ENTITY_INFORMATION { 165f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 166f540a430SEd Maste // This field is required and should be set to CURRENT_VERSION above. 167f540a430SEd Maste DWORD dwVersion; 168f540a430SEd Maste 169f540a430SEd Maste // Identifier for the User. This field is required. 170f540a430SEd Maste DWORD cbId; 171f540a430SEd Maste _Field_size_bytes_(cbId) 172f540a430SEd Maste PBYTE pbId; 173f540a430SEd Maste 174f540a430SEd Maste // Contains a detailed name for this account, such as "john.p.smith@example.com". 175f540a430SEd Maste PCWSTR pwszName; 176f540a430SEd Maste 177f540a430SEd Maste // Optional URL that can be used to retrieve an image containing the user's current avatar, 178f540a430SEd Maste // or a data URI that contains the image data. 179f540a430SEd Maste PCWSTR pwszIcon; 180f540a430SEd Maste 181f540a430SEd Maste // For User: Contains the friendly name associated with the user account by the Relying Party, such as "John P. Smith". 182f540a430SEd Maste PCWSTR pwszDisplayName; 183f540a430SEd Maste } WEBAUTHN_USER_ENTITY_INFORMATION, *PWEBAUTHN_USER_ENTITY_INFORMATION; 184f540a430SEd Maste typedef const WEBAUTHN_USER_ENTITY_INFORMATION *PCWEBAUTHN_USER_ENTITY_INFORMATION; 185f540a430SEd Maste 186f540a430SEd Maste //+------------------------------------------------------------------------------------------ 187f540a430SEd Maste // Information about client data. 188f540a430SEd Maste //------------------------------------------------------------------------------------------- 189f540a430SEd Maste 190f540a430SEd Maste #define WEBAUTHN_HASH_ALGORITHM_SHA_256 L"SHA-256" 191f540a430SEd Maste #define WEBAUTHN_HASH_ALGORITHM_SHA_384 L"SHA-384" 192f540a430SEd Maste #define WEBAUTHN_HASH_ALGORITHM_SHA_512 L"SHA-512" 193f540a430SEd Maste 194f540a430SEd Maste #define WEBAUTHN_CLIENT_DATA_CURRENT_VERSION 1 195f540a430SEd Maste 196f540a430SEd Maste typedef struct _WEBAUTHN_CLIENT_DATA { 197f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 198f540a430SEd Maste // This field is required and should be set to CURRENT_VERSION above. 199f540a430SEd Maste DWORD dwVersion; 200f540a430SEd Maste 201f540a430SEd Maste // Size of the pbClientDataJSON field. 202f540a430SEd Maste DWORD cbClientDataJSON; 203f540a430SEd Maste // UTF-8 encoded JSON serialization of the client data. 204f540a430SEd Maste _Field_size_bytes_(cbClientDataJSON) 205f540a430SEd Maste PBYTE pbClientDataJSON; 206f540a430SEd Maste 207f540a430SEd Maste // Hash algorithm ID used to hash the pbClientDataJSON field. 208f540a430SEd Maste LPCWSTR pwszHashAlgId; 209f540a430SEd Maste } WEBAUTHN_CLIENT_DATA, *PWEBAUTHN_CLIENT_DATA; 210f540a430SEd Maste typedef const WEBAUTHN_CLIENT_DATA *PCWEBAUTHN_CLIENT_DATA; 211f540a430SEd Maste 212f540a430SEd Maste //+------------------------------------------------------------------------------------------ 213f540a430SEd Maste // Information about credential parameters. 214f540a430SEd Maste //------------------------------------------------------------------------------------------- 215f540a430SEd Maste 216f540a430SEd Maste #define WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY L"public-key" 217f540a430SEd Maste 218f540a430SEd Maste #define WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256 -7 219f540a430SEd Maste #define WEBAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384 -35 220f540a430SEd Maste #define WEBAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512 -36 221f540a430SEd Maste 222f540a430SEd Maste #define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256 -257 223f540a430SEd Maste #define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384 -258 224f540a430SEd Maste #define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512 -259 225f540a430SEd Maste 226f540a430SEd Maste #define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256 -37 227f540a430SEd Maste #define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384 -38 228f540a430SEd Maste #define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512 -39 229f540a430SEd Maste 230f540a430SEd Maste #define WEBAUTHN_COSE_CREDENTIAL_PARAMETER_CURRENT_VERSION 1 231f540a430SEd Maste 232f540a430SEd Maste typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETER { 233f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 234f540a430SEd Maste DWORD dwVersion; 235f540a430SEd Maste 236f540a430SEd Maste // Well-known credential type specifying a credential to create. 237f540a430SEd Maste LPCWSTR pwszCredentialType; 238f540a430SEd Maste 239f540a430SEd Maste // Well-known COSE algorithm specifying the algorithm to use for the credential. 240f540a430SEd Maste LONG lAlg; 241f540a430SEd Maste } WEBAUTHN_COSE_CREDENTIAL_PARAMETER, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETER; 242f540a430SEd Maste typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETER *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETER; 243f540a430SEd Maste 244f540a430SEd Maste typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETERS { 245f540a430SEd Maste DWORD cCredentialParameters; 246f540a430SEd Maste _Field_size_(cCredentialParameters) 247f540a430SEd Maste PWEBAUTHN_COSE_CREDENTIAL_PARAMETER pCredentialParameters; 248f540a430SEd Maste } WEBAUTHN_COSE_CREDENTIAL_PARAMETERS, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETERS; 249f540a430SEd Maste typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS; 250f540a430SEd Maste 251f540a430SEd Maste //+------------------------------------------------------------------------------------------ 252f540a430SEd Maste // Information about credential. 253f540a430SEd Maste //------------------------------------------------------------------------------------------- 254f540a430SEd Maste #define WEBAUTHN_CREDENTIAL_CURRENT_VERSION 1 255f540a430SEd Maste 256f540a430SEd Maste typedef struct _WEBAUTHN_CREDENTIAL { 257f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 258f540a430SEd Maste DWORD dwVersion; 259f540a430SEd Maste 260f540a430SEd Maste // Size of pbID. 261f540a430SEd Maste DWORD cbId; 262f540a430SEd Maste // Unique ID for this particular credential. 263f540a430SEd Maste _Field_size_bytes_(cbId) 264f540a430SEd Maste PBYTE pbId; 265f540a430SEd Maste 266f540a430SEd Maste // Well-known credential type specifying what this particular credential is. 267f540a430SEd Maste LPCWSTR pwszCredentialType; 268f540a430SEd Maste } WEBAUTHN_CREDENTIAL, *PWEBAUTHN_CREDENTIAL; 269f540a430SEd Maste typedef const WEBAUTHN_CREDENTIAL *PCWEBAUTHN_CREDENTIAL; 270f540a430SEd Maste 271f540a430SEd Maste typedef struct _WEBAUTHN_CREDENTIALS { 272f540a430SEd Maste DWORD cCredentials; 273f540a430SEd Maste _Field_size_(cCredentials) 274f540a430SEd Maste PWEBAUTHN_CREDENTIAL pCredentials; 275f540a430SEd Maste } WEBAUTHN_CREDENTIALS, *PWEBAUTHN_CREDENTIALS; 276f540a430SEd Maste typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS; 277f540a430SEd Maste 278f540a430SEd Maste //+------------------------------------------------------------------------------------------ 279f540a430SEd Maste // Information about credential with extra information, such as, dwTransports 280f540a430SEd Maste //------------------------------------------------------------------------------------------- 281f540a430SEd Maste 282f540a430SEd Maste #define WEBAUTHN_CTAP_TRANSPORT_USB 0x00000001 283f540a430SEd Maste #define WEBAUTHN_CTAP_TRANSPORT_NFC 0x00000002 284f540a430SEd Maste #define WEBAUTHN_CTAP_TRANSPORT_BLE 0x00000004 285f540a430SEd Maste #define WEBAUTHN_CTAP_TRANSPORT_TEST 0x00000008 286f540a430SEd Maste #define WEBAUTHN_CTAP_TRANSPORT_INTERNAL 0x00000010 287*60a517b6SEd Maste #define WEBAUTHN_CTAP_TRANSPORT_HYBRID 0x00000020 288*60a517b6SEd Maste #define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK 0x0000003F 289f540a430SEd Maste 290f540a430SEd Maste #define WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION 1 291f540a430SEd Maste 292f540a430SEd Maste typedef struct _WEBAUTHN_CREDENTIAL_EX { 293f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 294f540a430SEd Maste DWORD dwVersion; 295f540a430SEd Maste 296f540a430SEd Maste // Size of pbID. 297f540a430SEd Maste DWORD cbId; 298f540a430SEd Maste // Unique ID for this particular credential. 299f540a430SEd Maste _Field_size_bytes_(cbId) 300f540a430SEd Maste PBYTE pbId; 301f540a430SEd Maste 302f540a430SEd Maste // Well-known credential type specifying what this particular credential is. 303f540a430SEd Maste LPCWSTR pwszCredentialType; 304f540a430SEd Maste 305f540a430SEd Maste // Transports. 0 implies no transport restrictions. 306f540a430SEd Maste DWORD dwTransports; 307f540a430SEd Maste } WEBAUTHN_CREDENTIAL_EX, *PWEBAUTHN_CREDENTIAL_EX; 308f540a430SEd Maste typedef const WEBAUTHN_CREDENTIAL_EX *PCWEBAUTHN_CREDENTIAL_EX; 309f540a430SEd Maste 310f540a430SEd Maste //+------------------------------------------------------------------------------------------ 311f540a430SEd Maste // Information about credential list with extra information 312f540a430SEd Maste //------------------------------------------------------------------------------------------- 313f540a430SEd Maste 314f540a430SEd Maste typedef struct _WEBAUTHN_CREDENTIAL_LIST { 315f540a430SEd Maste DWORD cCredentials; 316f540a430SEd Maste _Field_size_(cCredentials) 317f540a430SEd Maste PWEBAUTHN_CREDENTIAL_EX *ppCredentials; 318f540a430SEd Maste } WEBAUTHN_CREDENTIAL_LIST, *PWEBAUTHN_CREDENTIAL_LIST; 319f540a430SEd Maste typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST; 320f540a430SEd Maste 321f540a430SEd Maste //+------------------------------------------------------------------------------------------ 322*60a517b6SEd Maste // Information about linked devices 323*60a517b6SEd Maste //------------------------------------------------------------------------------------------- 324*60a517b6SEd Maste 325*60a517b6SEd Maste #define CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_VERSION_1 1 326*60a517b6SEd Maste #define CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_CURRENT_VERSION CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_VERSION_1 327*60a517b6SEd Maste 328*60a517b6SEd Maste typedef struct _CTAPCBOR_HYBRID_STORAGE_LINKED_DATA 329*60a517b6SEd Maste { 330*60a517b6SEd Maste // Version 331*60a517b6SEd Maste DWORD dwVersion; 332*60a517b6SEd Maste 333*60a517b6SEd Maste // Contact Id 334*60a517b6SEd Maste DWORD cbContactId; 335*60a517b6SEd Maste _Field_size_bytes_(cbContactId) 336*60a517b6SEd Maste PBYTE pbContactId; 337*60a517b6SEd Maste 338*60a517b6SEd Maste // Link Id 339*60a517b6SEd Maste DWORD cbLinkId; 340*60a517b6SEd Maste _Field_size_bytes_(cbLinkId) 341*60a517b6SEd Maste PBYTE pbLinkId; 342*60a517b6SEd Maste 343*60a517b6SEd Maste // Link secret 344*60a517b6SEd Maste DWORD cbLinkSecret; 345*60a517b6SEd Maste _Field_size_bytes_(cbLinkSecret) 346*60a517b6SEd Maste PBYTE pbLinkSecret; 347*60a517b6SEd Maste 348*60a517b6SEd Maste // Authenticator Public Key 349*60a517b6SEd Maste DWORD cbPublicKey; 350*60a517b6SEd Maste _Field_size_bytes_(cbPublicKey) 351*60a517b6SEd Maste PBYTE pbPublicKey; 352*60a517b6SEd Maste 353*60a517b6SEd Maste // Authenticator Name 354*60a517b6SEd Maste PCWSTR pwszAuthenticatorName; 355*60a517b6SEd Maste 356*60a517b6SEd Maste // Tunnel server domain 357*60a517b6SEd Maste WORD wEncodedTunnelServerDomain; 358*60a517b6SEd Maste } CTAPCBOR_HYBRID_STORAGE_LINKED_DATA, *PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA; 359*60a517b6SEd Maste typedef const CTAPCBOR_HYBRID_STORAGE_LINKED_DATA *PCCTAPCBOR_HYBRID_STORAGE_LINKED_DATA; 360*60a517b6SEd Maste 361*60a517b6SEd Maste //+------------------------------------------------------------------------------------------ 3622ccfa855SEd Maste // Credential Information for WebAuthNGetPlatformCredentialList API 3632ccfa855SEd Maste //------------------------------------------------------------------------------------------- 3642ccfa855SEd Maste 3652ccfa855SEd Maste #define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_1 1 366*60a517b6SEd Maste #define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2 2 367*60a517b6SEd Maste #define WEBAUTHN_CREDENTIAL_DETAILS_CURRENT_VERSION WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2 3682ccfa855SEd Maste 3692ccfa855SEd Maste typedef struct _WEBAUTHN_CREDENTIAL_DETAILS { 3702ccfa855SEd Maste // Version of this structure, to allow for modifications in the future. 3712ccfa855SEd Maste DWORD dwVersion; 3722ccfa855SEd Maste 3732ccfa855SEd Maste // Size of pbCredentialID. 3742ccfa855SEd Maste DWORD cbCredentialID; 3752ccfa855SEd Maste _Field_size_bytes_(cbCredentialID) 3762ccfa855SEd Maste PBYTE pbCredentialID; 3772ccfa855SEd Maste 3782ccfa855SEd Maste // RP Info 3792ccfa855SEd Maste PWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation; 3802ccfa855SEd Maste 3812ccfa855SEd Maste // User Info 3822ccfa855SEd Maste PWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation; 383*60a517b6SEd Maste 384*60a517b6SEd Maste // Removable or not. 385*60a517b6SEd Maste BOOL bRemovable; 386*60a517b6SEd Maste 387*60a517b6SEd Maste // 388*60a517b6SEd Maste // The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2 389*60a517b6SEd Maste // 390*60a517b6SEd Maste 391*60a517b6SEd Maste // Backed Up or not. 392*60a517b6SEd Maste BOOL bBackedUp; 3932ccfa855SEd Maste } WEBAUTHN_CREDENTIAL_DETAILS, *PWEBAUTHN_CREDENTIAL_DETAILS; 3942ccfa855SEd Maste typedef const WEBAUTHN_CREDENTIAL_DETAILS *PCWEBAUTHN_CREDENTIAL_DETAILS; 3952ccfa855SEd Maste 3962ccfa855SEd Maste typedef struct _WEBAUTHN_CREDENTIAL_DETAILS_LIST { 3972ccfa855SEd Maste DWORD cCredentialDetails; 3982ccfa855SEd Maste _Field_size_(cCredentialDetails) 3992ccfa855SEd Maste PWEBAUTHN_CREDENTIAL_DETAILS *ppCredentialDetails; 4002ccfa855SEd Maste } WEBAUTHN_CREDENTIAL_DETAILS_LIST, *PWEBAUTHN_CREDENTIAL_DETAILS_LIST; 4012ccfa855SEd Maste typedef const WEBAUTHN_CREDENTIAL_DETAILS_LIST *PCWEBAUTHN_CREDENTIAL_DETAILS_LIST; 4022ccfa855SEd Maste 4032ccfa855SEd Maste #define WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1 1 4042ccfa855SEd Maste #define WEBAUTHN_GET_CREDENTIALS_OPTIONS_CURRENT_VERSION WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1 4052ccfa855SEd Maste 4062ccfa855SEd Maste typedef struct _WEBAUTHN_GET_CREDENTIALS_OPTIONS { 4072ccfa855SEd Maste // Version of this structure, to allow for modifications in the future. 4082ccfa855SEd Maste DWORD dwVersion; 4092ccfa855SEd Maste 410*60a517b6SEd Maste // Optional. 4112ccfa855SEd Maste LPCWSTR pwszRpId; 4122ccfa855SEd Maste 4132ccfa855SEd Maste // Optional. BrowserInPrivate Mode. Defaulting to FALSE. 4142ccfa855SEd Maste BOOL bBrowserInPrivateMode; 4152ccfa855SEd Maste } WEBAUTHN_GET_CREDENTIALS_OPTIONS, *PWEBAUTHN_GET_CREDENTIALS_OPTIONS; 4162ccfa855SEd Maste typedef const WEBAUTHN_GET_CREDENTIALS_OPTIONS *PCWEBAUTHN_GET_CREDENTIALS_OPTIONS; 4172ccfa855SEd Maste 4182ccfa855SEd Maste //+------------------------------------------------------------------------------------------ 4193e696dfbSEd Maste // PRF values. 4203e696dfbSEd Maste //------------------------------------------------------------------------------------------- 4213e696dfbSEd Maste 4223e696dfbSEd Maste #define WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH 32 4233e696dfbSEd Maste 4242ccfa855SEd Maste // SALT values below by default are converted into RAW Hmac-Secret values as per PRF extension. 4252ccfa855SEd Maste // - SHA-256(UTF8Encode("WebAuthn PRF") || 0x00 || Value) 4262ccfa855SEd Maste // 427*60a517b6SEd Maste // Set WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG in dwFlags in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, 4282ccfa855SEd Maste // if caller wants to provide RAW Hmac-Secret SALT values directly. In that case, 4292ccfa855SEd Maste // values if provided MUST be of WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH size. 4302ccfa855SEd Maste 4313e696dfbSEd Maste typedef struct _WEBAUTHN_HMAC_SECRET_SALT { 4323e696dfbSEd Maste // Size of pbFirst. 4333e696dfbSEd Maste DWORD cbFirst; 4343e696dfbSEd Maste _Field_size_bytes_(cbFirst) 4353e696dfbSEd Maste PBYTE pbFirst; // Required 4363e696dfbSEd Maste 4373e696dfbSEd Maste // Size of pbSecond. 4383e696dfbSEd Maste DWORD cbSecond; 4393e696dfbSEd Maste _Field_size_bytes_(cbSecond) 4403e696dfbSEd Maste PBYTE pbSecond; 4413e696dfbSEd Maste } WEBAUTHN_HMAC_SECRET_SALT, *PWEBAUTHN_HMAC_SECRET_SALT; 4423e696dfbSEd Maste typedef const WEBAUTHN_HMAC_SECRET_SALT *PCWEBAUTHN_HMAC_SECRET_SALT; 4433e696dfbSEd Maste 4443e696dfbSEd Maste typedef struct _WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT { 4453e696dfbSEd Maste // Size of pbCredID. 4463e696dfbSEd Maste DWORD cbCredID; 4473e696dfbSEd Maste _Field_size_bytes_(cbCredID) 4483e696dfbSEd Maste PBYTE pbCredID; // Required 4493e696dfbSEd Maste 4503e696dfbSEd Maste // PRF Values for above credential 4513e696dfbSEd Maste PWEBAUTHN_HMAC_SECRET_SALT pHmacSecretSalt; // Required 4523e696dfbSEd Maste } WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT, *PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT; 4533e696dfbSEd Maste typedef const WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT *PCWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT; 4543e696dfbSEd Maste 4553e696dfbSEd Maste typedef struct _WEBAUTHN_HMAC_SECRET_SALT_VALUES { 4563e696dfbSEd Maste PWEBAUTHN_HMAC_SECRET_SALT pGlobalHmacSalt; 4573e696dfbSEd Maste 4583e696dfbSEd Maste DWORD cCredWithHmacSecretSaltList; 4593e696dfbSEd Maste _Field_size_(cCredWithHmacSecretSaltList) 4603e696dfbSEd Maste PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT pCredWithHmacSecretSaltList; 4613e696dfbSEd Maste } WEBAUTHN_HMAC_SECRET_SALT_VALUES, *PWEBAUTHN_HMAC_SECRET_SALT_VALUES; 4623e696dfbSEd Maste typedef const WEBAUTHN_HMAC_SECRET_SALT_VALUES *PCWEBAUTHN_HMAC_SECRET_SALT_VALUES; 4633e696dfbSEd Maste 4643e696dfbSEd Maste //+------------------------------------------------------------------------------------------ 465f540a430SEd Maste // Hmac-Secret extension 466f540a430SEd Maste //------------------------------------------------------------------------------------------- 467f540a430SEd Maste 468f540a430SEd Maste #define WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET L"hmac-secret" 469f540a430SEd Maste // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET 470f540a430SEd Maste // MakeCredential Input Type: BOOL. 471f540a430SEd Maste // - pvExtension must point to a BOOL with the value TRUE. 472f540a430SEd Maste // - cbExtension must contain the sizeof(BOOL). 473f540a430SEd Maste // MakeCredential Output Type: BOOL. 474f540a430SEd Maste // - pvExtension will point to a BOOL with the value TRUE if credential 475f540a430SEd Maste // was successfully created with HMAC_SECRET. 476f540a430SEd Maste // - cbExtension will contain the sizeof(BOOL). 477f540a430SEd Maste // GetAssertion Input Type: Not Supported 478f540a430SEd Maste // GetAssertion Output Type: Not Supported 479f540a430SEd Maste 480f540a430SEd Maste //+------------------------------------------------------------------------------------------ 481f540a430SEd Maste // credProtect extension 482f540a430SEd Maste //------------------------------------------------------------------------------------------- 483f540a430SEd Maste 484f540a430SEd Maste #define WEBAUTHN_USER_VERIFICATION_ANY 0 485f540a430SEd Maste #define WEBAUTHN_USER_VERIFICATION_OPTIONAL 1 486f540a430SEd Maste #define WEBAUTHN_USER_VERIFICATION_OPTIONAL_WITH_CREDENTIAL_ID_LIST 2 487f540a430SEd Maste #define WEBAUTHN_USER_VERIFICATION_REQUIRED 3 488f540a430SEd Maste 489f540a430SEd Maste typedef struct _WEBAUTHN_CRED_PROTECT_EXTENSION_IN { 490f540a430SEd Maste // One of the above WEBAUTHN_USER_VERIFICATION_* values 491f540a430SEd Maste DWORD dwCredProtect; 492f540a430SEd Maste // Set the following to TRUE to require authenticator support for the credProtect extension 493f540a430SEd Maste BOOL bRequireCredProtect; 494f540a430SEd Maste } WEBAUTHN_CRED_PROTECT_EXTENSION_IN, *PWEBAUTHN_CRED_PROTECT_EXTENSION_IN; 495f540a430SEd Maste typedef const WEBAUTHN_CRED_PROTECT_EXTENSION_IN *PCWEBAUTHN_CRED_PROTECT_EXTENSION_IN; 496f540a430SEd Maste 497f540a430SEd Maste 498f540a430SEd Maste #define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT L"credProtect" 499f540a430SEd Maste // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT 500f540a430SEd Maste // MakeCredential Input Type: WEBAUTHN_CRED_PROTECT_EXTENSION_IN. 501f540a430SEd Maste // - pvExtension must point to a WEBAUTHN_CRED_PROTECT_EXTENSION_IN struct 502f540a430SEd Maste // - cbExtension will contain the sizeof(WEBAUTHN_CRED_PROTECT_EXTENSION_IN). 503f540a430SEd Maste // MakeCredential Output Type: DWORD. 504f540a430SEd Maste // - pvExtension will point to a DWORD with one of the above WEBAUTHN_USER_VERIFICATION_* values 505f540a430SEd Maste // if credential was successfully created with CRED_PROTECT. 506f540a430SEd Maste // - cbExtension will contain the sizeof(DWORD). 507f540a430SEd Maste // GetAssertion Input Type: Not Supported 508f540a430SEd Maste // GetAssertion Output Type: Not Supported 509f540a430SEd Maste 510f540a430SEd Maste //+------------------------------------------------------------------------------------------ 511f540a430SEd Maste // credBlob extension 512f540a430SEd Maste //------------------------------------------------------------------------------------------- 513f540a430SEd Maste 514f540a430SEd Maste typedef struct _WEBAUTHN_CRED_BLOB_EXTENSION { 515f540a430SEd Maste // Size of pbCredBlob. 516f540a430SEd Maste DWORD cbCredBlob; 517f540a430SEd Maste _Field_size_bytes_(cbCredBlob) 518f540a430SEd Maste PBYTE pbCredBlob; 519f540a430SEd Maste } WEBAUTHN_CRED_BLOB_EXTENSION, *PWEBAUTHN_CRED_BLOB_EXTENSION; 520f540a430SEd Maste typedef const WEBAUTHN_CRED_BLOB_EXTENSION *PCWEBAUTHN_CRED_BLOB_EXTENSION; 521f540a430SEd Maste 522f540a430SEd Maste 523f540a430SEd Maste #define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB L"credBlob" 524f540a430SEd Maste // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB 525f540a430SEd Maste // MakeCredential Input Type: WEBAUTHN_CRED_BLOB_EXTENSION. 526f540a430SEd Maste // - pvExtension must point to a WEBAUTHN_CRED_BLOB_EXTENSION struct 527f540a430SEd Maste // - cbExtension must contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION). 528f540a430SEd Maste // MakeCredential Output Type: BOOL. 529f540a430SEd Maste // - pvExtension will point to a BOOL with the value TRUE if credBlob was successfully created 530f540a430SEd Maste // - cbExtension will contain the sizeof(BOOL). 531f540a430SEd Maste // GetAssertion Input Type: BOOL. 532f540a430SEd Maste // - pvExtension must point to a BOOL with the value TRUE to request the credBlob. 533f540a430SEd Maste // - cbExtension must contain the sizeof(BOOL). 534f540a430SEd Maste // GetAssertion Output Type: WEBAUTHN_CRED_BLOB_EXTENSION. 535f540a430SEd Maste // - pvExtension will point to a WEBAUTHN_CRED_BLOB_EXTENSION struct if the authenticator 536f540a430SEd Maste // returns the credBlob in the signed extensions 537f540a430SEd Maste // - cbExtension will contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION). 538f540a430SEd Maste 539f540a430SEd Maste //+------------------------------------------------------------------------------------------ 540f540a430SEd Maste // minPinLength extension 541f540a430SEd Maste //------------------------------------------------------------------------------------------- 542f540a430SEd Maste 543f540a430SEd Maste #define WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH L"minPinLength" 544f540a430SEd Maste // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH 545f540a430SEd Maste // MakeCredential Input Type: BOOL. 546f540a430SEd Maste // - pvExtension must point to a BOOL with the value TRUE to request the minPinLength. 547f540a430SEd Maste // - cbExtension must contain the sizeof(BOOL). 548f540a430SEd Maste // MakeCredential Output Type: DWORD. 549f540a430SEd Maste // - pvExtension will point to a DWORD with the minimum pin length if returned by the authenticator 550f540a430SEd Maste // - cbExtension will contain the sizeof(DWORD). 551f540a430SEd Maste // GetAssertion Input Type: Not Supported 552f540a430SEd Maste // GetAssertion Output Type: Not Supported 553f540a430SEd Maste 554f540a430SEd Maste //+------------------------------------------------------------------------------------------ 555f540a430SEd Maste // Information about Extensions. 556f540a430SEd Maste //------------------------------------------------------------------------------------------- 557f540a430SEd Maste typedef struct _WEBAUTHN_EXTENSION { 558f540a430SEd Maste LPCWSTR pwszExtensionIdentifier; 559f540a430SEd Maste DWORD cbExtension; 560f540a430SEd Maste PVOID pvExtension; 561f540a430SEd Maste } WEBAUTHN_EXTENSION, *PWEBAUTHN_EXTENSION; 562f540a430SEd Maste typedef const WEBAUTHN_EXTENSION *PCWEBAUTHN_EXTENSION; 563f540a430SEd Maste 564f540a430SEd Maste typedef struct _WEBAUTHN_EXTENSIONS { 565f540a430SEd Maste DWORD cExtensions; 566f540a430SEd Maste _Field_size_(cExtensions) 567f540a430SEd Maste PWEBAUTHN_EXTENSION pExtensions; 568f540a430SEd Maste } WEBAUTHN_EXTENSIONS, *PWEBAUTHN_EXTENSIONS; 569f540a430SEd Maste typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS; 570f540a430SEd Maste 571f540a430SEd Maste //+------------------------------------------------------------------------------------------ 572f540a430SEd Maste // Options. 573f540a430SEd Maste //------------------------------------------------------------------------------------------- 574f540a430SEd Maste 575f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY 0 576f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM 1 577f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM 2 578f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2 3 579f540a430SEd Maste 580f540a430SEd Maste #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY 0 581f540a430SEd Maste #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED 1 582f540a430SEd Maste #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED 2 583f540a430SEd Maste #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED 3 584f540a430SEd Maste 585f540a430SEd Maste #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ANY 0 586f540a430SEd Maste #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE 1 587f540a430SEd Maste #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT 2 588f540a430SEd Maste #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT 3 589f540a430SEd Maste 590f540a430SEd Maste #define WEBAUTHN_ENTERPRISE_ATTESTATION_NONE 0 591f540a430SEd Maste #define WEBAUTHN_ENTERPRISE_ATTESTATION_VENDOR_FACILITATED 1 592f540a430SEd Maste #define WEBAUTHN_ENTERPRISE_ATTESTATION_PLATFORM_MANAGED 2 593f540a430SEd Maste 594f540a430SEd Maste #define WEBAUTHN_LARGE_BLOB_SUPPORT_NONE 0 595f540a430SEd Maste #define WEBAUTHN_LARGE_BLOB_SUPPORT_REQUIRED 1 596f540a430SEd Maste #define WEBAUTHN_LARGE_BLOB_SUPPORT_PREFERRED 2 597f540a430SEd Maste 598f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1 1 599f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 2 600f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 3 601f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 4 6023e696dfbSEd Maste #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 5 603*60a517b6SEd Maste #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6 6 604*60a517b6SEd Maste #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7 7 605*60a517b6SEd Maste #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7 606f540a430SEd Maste 607f540a430SEd Maste typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS { 608f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 609f540a430SEd Maste DWORD dwVersion; 610f540a430SEd Maste 611f540a430SEd Maste // Time that the operation is expected to complete within. 612f540a430SEd Maste // This is used as guidance, and can be overridden by the platform. 613f540a430SEd Maste DWORD dwTimeoutMilliseconds; 614f540a430SEd Maste 615f540a430SEd Maste // Credentials used for exclusion. 616f540a430SEd Maste WEBAUTHN_CREDENTIALS CredentialList; 617f540a430SEd Maste 618f540a430SEd Maste // Optional extensions to parse when performing the operation. 619f540a430SEd Maste WEBAUTHN_EXTENSIONS Extensions; 620f540a430SEd Maste 621f540a430SEd Maste // Optional. Platform vs Cross-Platform Authenticators. 622f540a430SEd Maste DWORD dwAuthenticatorAttachment; 623f540a430SEd Maste 624f540a430SEd Maste // Optional. Require key to be resident or not. Defaulting to FALSE. 625f540a430SEd Maste BOOL bRequireResidentKey; 626f540a430SEd Maste 627f540a430SEd Maste // User Verification Requirement. 628f540a430SEd Maste DWORD dwUserVerificationRequirement; 629f540a430SEd Maste 630f540a430SEd Maste // Attestation Conveyance Preference. 631f540a430SEd Maste DWORD dwAttestationConveyancePreference; 632f540a430SEd Maste 633f540a430SEd Maste // Reserved for future Use 634f540a430SEd Maste DWORD dwFlags; 635f540a430SEd Maste 636f540a430SEd Maste // 637f540a430SEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 638f540a430SEd Maste // 639f540a430SEd Maste 640f540a430SEd Maste // Cancellation Id - Optional - See WebAuthNGetCancellationId 641f540a430SEd Maste GUID *pCancellationId; 642f540a430SEd Maste 643f540a430SEd Maste // 644f540a430SEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 645f540a430SEd Maste // 646f540a430SEd Maste 647f540a430SEd Maste // Exclude Credential List. If present, "CredentialList" will be ignored. 648f540a430SEd Maste PWEBAUTHN_CREDENTIAL_LIST pExcludeCredentialList; 649f540a430SEd Maste 650f540a430SEd Maste // 651f540a430SEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 652f540a430SEd Maste // 653f540a430SEd Maste 654f540a430SEd Maste // Enterprise Attestation 655f540a430SEd Maste DWORD dwEnterpriseAttestation; 656f540a430SEd Maste 657f540a430SEd Maste // Large Blob Support: none, required or preferred 658f540a430SEd Maste // 659f540a430SEd Maste // NTE_INVALID_PARAMETER when large blob required or preferred and 6603e696dfbSEd Maste // bRequireResidentKey isn't set to TRUE 661f540a430SEd Maste DWORD dwLargeBlobSupport; 662f540a430SEd Maste 663f540a430SEd Maste // Optional. Prefer key to be resident. Defaulting to FALSE. When TRUE, 664f540a430SEd Maste // overrides the above bRequireResidentKey. 665f540a430SEd Maste BOOL bPreferResidentKey; 666f540a430SEd Maste 6673e696dfbSEd Maste // 6683e696dfbSEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 6693e696dfbSEd Maste // 6703e696dfbSEd Maste 6713e696dfbSEd Maste // Optional. BrowserInPrivate Mode. Defaulting to FALSE. 6723e696dfbSEd Maste BOOL bBrowserInPrivateMode; 6733e696dfbSEd Maste 674*60a517b6SEd Maste // 675*60a517b6SEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6 676*60a517b6SEd Maste // 677*60a517b6SEd Maste 678*60a517b6SEd Maste // Enable PRF 679*60a517b6SEd Maste BOOL bEnablePrf; 680*60a517b6SEd Maste 681*60a517b6SEd Maste // 682*60a517b6SEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7 683*60a517b6SEd Maste // 684*60a517b6SEd Maste 685*60a517b6SEd Maste // Optional. Linked Device Connection Info. 686*60a517b6SEd Maste PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA pLinkedDevice; 687*60a517b6SEd Maste 688*60a517b6SEd Maste // Size of pbJsonExt 689*60a517b6SEd Maste DWORD cbJsonExt; 690*60a517b6SEd Maste _Field_size_bytes_(cbJsonExt) 691*60a517b6SEd Maste PBYTE pbJsonExt; 692f540a430SEd Maste } WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS; 693f540a430SEd Maste typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS; 694f540a430SEd Maste 695f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_NONE 0 696f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_GET 1 697f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_SET 2 698f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_DELETE 3 699f540a430SEd Maste 700f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_1 1 701f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 2 702f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 3 703f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 4 704f540a430SEd Maste #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 5 7053e696dfbSEd Maste #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 6 706*60a517b6SEd Maste #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7 7 707*60a517b6SEd Maste #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7 708f540a430SEd Maste 7092ccfa855SEd Maste /* 7102ccfa855SEd Maste Information about flags. 7112ccfa855SEd Maste */ 7122ccfa855SEd Maste 7132ccfa855SEd Maste #define WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG 0x00100000 7142ccfa855SEd Maste 715f540a430SEd Maste typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS { 716f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 717f540a430SEd Maste DWORD dwVersion; 718f540a430SEd Maste 719f540a430SEd Maste // Time that the operation is expected to complete within. 720f540a430SEd Maste // This is used as guidance, and can be overridden by the platform. 721f540a430SEd Maste DWORD dwTimeoutMilliseconds; 722f540a430SEd Maste 723f540a430SEd Maste // Allowed Credentials List. 724f540a430SEd Maste WEBAUTHN_CREDENTIALS CredentialList; 725f540a430SEd Maste 726f540a430SEd Maste // Optional extensions to parse when performing the operation. 727f540a430SEd Maste WEBAUTHN_EXTENSIONS Extensions; 728f540a430SEd Maste 729f540a430SEd Maste // Optional. Platform vs Cross-Platform Authenticators. 730f540a430SEd Maste DWORD dwAuthenticatorAttachment; 731f540a430SEd Maste 732f540a430SEd Maste // User Verification Requirement. 733f540a430SEd Maste DWORD dwUserVerificationRequirement; 734f540a430SEd Maste 7352ccfa855SEd Maste // Flags 736f540a430SEd Maste DWORD dwFlags; 737f540a430SEd Maste 738f540a430SEd Maste // 739f540a430SEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 740f540a430SEd Maste // 741f540a430SEd Maste 742f540a430SEd Maste // Optional identifier for the U2F AppId. Converted to UTF8 before being hashed. Not lower cased. 743f540a430SEd Maste PCWSTR pwszU2fAppId; 744f540a430SEd Maste 745f540a430SEd Maste // If the following is non-NULL, then, set to TRUE if the above pwszU2fAppid was used instead of 746f540a430SEd Maste // PCWSTR pwszRpId; 747f540a430SEd Maste BOOL *pbU2fAppId; 748f540a430SEd Maste 749f540a430SEd Maste // 750f540a430SEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 751f540a430SEd Maste // 752f540a430SEd Maste 753f540a430SEd Maste // Cancellation Id - Optional - See WebAuthNGetCancellationId 754f540a430SEd Maste GUID *pCancellationId; 755f540a430SEd Maste 756f540a430SEd Maste // 757f540a430SEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 758f540a430SEd Maste // 759f540a430SEd Maste 760f540a430SEd Maste // Allow Credential List. If present, "CredentialList" will be ignored. 761f540a430SEd Maste PWEBAUTHN_CREDENTIAL_LIST pAllowCredentialList; 762f540a430SEd Maste 763f540a430SEd Maste // 764f540a430SEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 765f540a430SEd Maste // 766f540a430SEd Maste 767f540a430SEd Maste DWORD dwCredLargeBlobOperation; 768f540a430SEd Maste 769f540a430SEd Maste // Size of pbCredLargeBlob 770f540a430SEd Maste DWORD cbCredLargeBlob; 771f540a430SEd Maste _Field_size_bytes_(cbCredLargeBlob) 772f540a430SEd Maste PBYTE pbCredLargeBlob; 7733e696dfbSEd Maste 7743e696dfbSEd Maste // 7753e696dfbSEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 7763e696dfbSEd Maste // 7773e696dfbSEd Maste 7783e696dfbSEd Maste // PRF values which will be converted into HMAC-SECRET values according to WebAuthn Spec. 7793e696dfbSEd Maste PWEBAUTHN_HMAC_SECRET_SALT_VALUES pHmacSecretSaltValues; 7803e696dfbSEd Maste 7813e696dfbSEd Maste // Optional. BrowserInPrivate Mode. Defaulting to FALSE. 7823e696dfbSEd Maste BOOL bBrowserInPrivateMode; 7833e696dfbSEd Maste 784*60a517b6SEd Maste // 785*60a517b6SEd Maste // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7 786*60a517b6SEd Maste // 787*60a517b6SEd Maste 788*60a517b6SEd Maste // Optional. Linked Device Connection Info. 789*60a517b6SEd Maste PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA pLinkedDevice; 790*60a517b6SEd Maste 791*60a517b6SEd Maste // Optional. Allowlist MUST contain 1 credential applicable for Hybrid transport. 792*60a517b6SEd Maste BOOL bAutoFill; 793*60a517b6SEd Maste 794*60a517b6SEd Maste // Size of pbJsonExt 795*60a517b6SEd Maste DWORD cbJsonExt; 796*60a517b6SEd Maste _Field_size_bytes_(cbJsonExt) 797*60a517b6SEd Maste PBYTE pbJsonExt; 798f540a430SEd Maste } WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS; 799f540a430SEd Maste typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS; 800f540a430SEd Maste 801f540a430SEd Maste 802f540a430SEd Maste //+------------------------------------------------------------------------------------------ 803f540a430SEd Maste // Attestation Info. 804f540a430SEd Maste // 805f540a430SEd Maste //------------------------------------------------------------------------------------------- 806f540a430SEd Maste #define WEBAUTHN_ATTESTATION_DECODE_NONE 0 807f540a430SEd Maste #define WEBAUTHN_ATTESTATION_DECODE_COMMON 1 808f540a430SEd Maste // WEBAUTHN_ATTESTATION_DECODE_COMMON supports format types 809f540a430SEd Maste // L"packed" 810f540a430SEd Maste // L"fido-u2f" 811f540a430SEd Maste 812f540a430SEd Maste #define WEBAUTHN_ATTESTATION_VER_TPM_2_0 L"2.0" 813f540a430SEd Maste 814f540a430SEd Maste typedef struct _WEBAUTHN_X5C { 815f540a430SEd Maste // Length of X.509 encoded certificate 816f540a430SEd Maste DWORD cbData; 817f540a430SEd Maste // X.509 encoded certificate bytes 818f540a430SEd Maste _Field_size_bytes_(cbData) 819f540a430SEd Maste PBYTE pbData; 820f540a430SEd Maste } WEBAUTHN_X5C, *PWEBAUTHN_X5C; 821f540a430SEd Maste 822f540a430SEd Maste // Supports either Self or Full Basic Attestation 823f540a430SEd Maste 824f540a430SEd Maste // Note, new fields will be added to the following data structure to 825f540a430SEd Maste // support additional attestation format types, such as, TPM. 826f540a430SEd Maste // When fields are added, the dwVersion will be incremented. 827f540a430SEd Maste // 828f540a430SEd Maste // Therefore, your code must make the following check: 829f540a430SEd Maste // "if (dwVersion >= WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION)" 830f540a430SEd Maste 831f540a430SEd Maste #define WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION 1 832f540a430SEd Maste 833f540a430SEd Maste typedef struct _WEBAUTHN_COMMON_ATTESTATION { 834f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 835f540a430SEd Maste DWORD dwVersion; 836f540a430SEd Maste 837f540a430SEd Maste // Hash and Padding Algorithm 838f540a430SEd Maste // 839f540a430SEd Maste // The following won't be set for "fido-u2f" which assumes "ES256". 840f540a430SEd Maste PCWSTR pwszAlg; 841f540a430SEd Maste LONG lAlg; // COSE algorithm 842f540a430SEd Maste 843f540a430SEd Maste // Signature that was generated for this attestation. 844f540a430SEd Maste DWORD cbSignature; 845f540a430SEd Maste _Field_size_bytes_(cbSignature) 846f540a430SEd Maste PBYTE pbSignature; 847f540a430SEd Maste 848f540a430SEd Maste // Following is set for Full Basic Attestation. If not, set then, this is Self Attestation. 849f540a430SEd Maste // Array of X.509 DER encoded certificates. The first certificate is the signer, leaf certificate. 850f540a430SEd Maste DWORD cX5c; 851f540a430SEd Maste _Field_size_(cX5c) 852f540a430SEd Maste PWEBAUTHN_X5C pX5c; 853f540a430SEd Maste 854f540a430SEd Maste // Following are also set for tpm 855f540a430SEd Maste PCWSTR pwszVer; // L"2.0" 856f540a430SEd Maste DWORD cbCertInfo; 857f540a430SEd Maste _Field_size_bytes_(cbCertInfo) 858f540a430SEd Maste PBYTE pbCertInfo; 859f540a430SEd Maste DWORD cbPubArea; 860f540a430SEd Maste _Field_size_bytes_(cbPubArea) 861f540a430SEd Maste PBYTE pbPubArea; 862f540a430SEd Maste } WEBAUTHN_COMMON_ATTESTATION, *PWEBAUTHN_COMMON_ATTESTATION; 863f540a430SEd Maste typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION; 864f540a430SEd Maste 865f540a430SEd Maste #define WEBAUTHN_ATTESTATION_TYPE_PACKED L"packed" 866f540a430SEd Maste #define WEBAUTHN_ATTESTATION_TYPE_U2F L"fido-u2f" 867f540a430SEd Maste #define WEBAUTHN_ATTESTATION_TYPE_TPM L"tpm" 868f540a430SEd Maste #define WEBAUTHN_ATTESTATION_TYPE_NONE L"none" 869f540a430SEd Maste 870f540a430SEd Maste #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_1 1 871f540a430SEd Maste #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 2 872f540a430SEd Maste #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 3 873f540a430SEd Maste #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 4 874*60a517b6SEd Maste #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 5 875*60a517b6SEd Maste #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6 6 876*60a517b6SEd Maste #define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6 877f540a430SEd Maste 878f540a430SEd Maste typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION { 879f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 880f540a430SEd Maste DWORD dwVersion; 881f540a430SEd Maste 882f540a430SEd Maste // Attestation format type 883f540a430SEd Maste PCWSTR pwszFormatType; 884f540a430SEd Maste 885f540a430SEd Maste // Size of cbAuthenticatorData. 886f540a430SEd Maste DWORD cbAuthenticatorData; 887f540a430SEd Maste // Authenticator data that was created for this credential. 888f540a430SEd Maste _Field_size_bytes_(cbAuthenticatorData) 889f540a430SEd Maste PBYTE pbAuthenticatorData; 890f540a430SEd Maste 891f540a430SEd Maste // Size of CBOR encoded attestation information 892f540a430SEd Maste //0 => encoded as CBOR null value. 893f540a430SEd Maste DWORD cbAttestation; 894f540a430SEd Maste //Encoded CBOR attestation information 895f540a430SEd Maste _Field_size_bytes_(cbAttestation) 896f540a430SEd Maste PBYTE pbAttestation; 897f540a430SEd Maste 898f540a430SEd Maste DWORD dwAttestationDecodeType; 899f540a430SEd Maste // Following depends on the dwAttestationDecodeType 900f540a430SEd Maste // WEBAUTHN_ATTESTATION_DECODE_NONE 901f540a430SEd Maste // NULL - not able to decode the CBOR attestation information 902f540a430SEd Maste // WEBAUTHN_ATTESTATION_DECODE_COMMON 903f540a430SEd Maste // PWEBAUTHN_COMMON_ATTESTATION; 904f540a430SEd Maste PVOID pvAttestationDecode; 905f540a430SEd Maste 906f540a430SEd Maste // The CBOR encoded Attestation Object to be returned to the RP. 907f540a430SEd Maste DWORD cbAttestationObject; 908f540a430SEd Maste _Field_size_bytes_(cbAttestationObject) 909f540a430SEd Maste PBYTE pbAttestationObject; 910f540a430SEd Maste 911f540a430SEd Maste // The CredentialId bytes extracted from the Authenticator Data. 912f540a430SEd Maste // Used by Edge to return to the RP. 913f540a430SEd Maste DWORD cbCredentialId; 914f540a430SEd Maste _Field_size_bytes_(cbCredentialId) 915f540a430SEd Maste PBYTE pbCredentialId; 916f540a430SEd Maste 917f540a430SEd Maste // 918f540a430SEd Maste // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 919f540a430SEd Maste // 920f540a430SEd Maste 921f540a430SEd Maste WEBAUTHN_EXTENSIONS Extensions; 922f540a430SEd Maste 923f540a430SEd Maste // 924f540a430SEd Maste // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 925f540a430SEd Maste // 926f540a430SEd Maste 927f540a430SEd Maste // One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to 928f540a430SEd Maste // the transport that was used. 929f540a430SEd Maste DWORD dwUsedTransport; 930f540a430SEd Maste 931f540a430SEd Maste // 932f540a430SEd Maste // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 933f540a430SEd Maste // 934f540a430SEd Maste 935f540a430SEd Maste BOOL bEpAtt; 936f540a430SEd Maste BOOL bLargeBlobSupported; 937f540a430SEd Maste BOOL bResidentKey; 938f540a430SEd Maste 939*60a517b6SEd Maste // 940*60a517b6SEd Maste // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 941*60a517b6SEd Maste // 942*60a517b6SEd Maste 943*60a517b6SEd Maste BOOL bPrfEnabled; 944*60a517b6SEd Maste 945*60a517b6SEd Maste // 946*60a517b6SEd Maste // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6 947*60a517b6SEd Maste // 948*60a517b6SEd Maste 949*60a517b6SEd Maste DWORD cbUnsignedExtensionOutputs; 950*60a517b6SEd Maste _Field_size_bytes_(cbUnsignedExtensionOutputs) 951*60a517b6SEd Maste PBYTE pbUnsignedExtensionOutputs; 952f540a430SEd Maste } WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION; 953f540a430SEd Maste typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION; 954f540a430SEd Maste 955f540a430SEd Maste 956f540a430SEd Maste //+------------------------------------------------------------------------------------------ 957f540a430SEd Maste // authenticatorGetAssertion output. 958f540a430SEd Maste //------------------------------------------------------------------------------------------- 959f540a430SEd Maste 960f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NONE 0 961f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_SUCCESS 1 962f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_SUPPORTED 2 963f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_DATA 3 964f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_PARAMETER 4 965f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_FOUND 5 966f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_MULTIPLE_CREDENTIALS 6 967f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_LACK_OF_SPACE 7 968f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_PLATFORM_ERROR 8 969f540a430SEd Maste #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_AUTHENTICATOR_ERROR 9 970f540a430SEd Maste 971f540a430SEd Maste #define WEBAUTHN_ASSERTION_VERSION_1 1 972f540a430SEd Maste #define WEBAUTHN_ASSERTION_VERSION_2 2 9733e696dfbSEd Maste #define WEBAUTHN_ASSERTION_VERSION_3 3 974*60a517b6SEd Maste #define WEBAUTHN_ASSERTION_VERSION_4 4 975*60a517b6SEd Maste #define WEBAUTHN_ASSERTION_VERSION_5 5 976*60a517b6SEd Maste #define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_5 977f540a430SEd Maste 978f540a430SEd Maste typedef struct _WEBAUTHN_ASSERTION { 979f540a430SEd Maste // Version of this structure, to allow for modifications in the future. 980f540a430SEd Maste DWORD dwVersion; 981f540a430SEd Maste 982f540a430SEd Maste // Size of cbAuthenticatorData. 983f540a430SEd Maste DWORD cbAuthenticatorData; 984f540a430SEd Maste // Authenticator data that was created for this assertion. 985f540a430SEd Maste _Field_size_bytes_(cbAuthenticatorData) 986f540a430SEd Maste PBYTE pbAuthenticatorData; 987f540a430SEd Maste 988f540a430SEd Maste // Size of pbSignature. 989f540a430SEd Maste DWORD cbSignature; 990f540a430SEd Maste // Signature that was generated for this assertion. 991f540a430SEd Maste _Field_size_bytes_(cbSignature) 992f540a430SEd Maste PBYTE pbSignature; 993f540a430SEd Maste 994f540a430SEd Maste // Credential that was used for this assertion. 995f540a430SEd Maste WEBAUTHN_CREDENTIAL Credential; 996f540a430SEd Maste 997f540a430SEd Maste // Size of User Id 998f540a430SEd Maste DWORD cbUserId; 999f540a430SEd Maste // UserId 1000f540a430SEd Maste _Field_size_bytes_(cbUserId) 1001f540a430SEd Maste PBYTE pbUserId; 1002f540a430SEd Maste 1003f540a430SEd Maste // 1004f540a430SEd Maste // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_2 1005f540a430SEd Maste // 1006f540a430SEd Maste 1007f540a430SEd Maste WEBAUTHN_EXTENSIONS Extensions; 1008f540a430SEd Maste 1009f540a430SEd Maste // Size of pbCredLargeBlob 1010f540a430SEd Maste DWORD cbCredLargeBlob; 1011f540a430SEd Maste _Field_size_bytes_(cbCredLargeBlob) 1012f540a430SEd Maste PBYTE pbCredLargeBlob; 1013f540a430SEd Maste 1014f540a430SEd Maste DWORD dwCredLargeBlobStatus; 1015f540a430SEd Maste 10163e696dfbSEd Maste // 10173e696dfbSEd Maste // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_3 10183e696dfbSEd Maste // 10193e696dfbSEd Maste 10203e696dfbSEd Maste PWEBAUTHN_HMAC_SECRET_SALT pHmacSecret; 10213e696dfbSEd Maste 1022*60a517b6SEd Maste // 1023*60a517b6SEd Maste // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_4 1024*60a517b6SEd Maste // 1025*60a517b6SEd Maste 1026*60a517b6SEd Maste // One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to 1027*60a517b6SEd Maste // the transport that was used. 1028*60a517b6SEd Maste DWORD dwUsedTransport; 1029*60a517b6SEd Maste 1030*60a517b6SEd Maste // 1031*60a517b6SEd Maste // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_5 1032*60a517b6SEd Maste // 1033*60a517b6SEd Maste 1034*60a517b6SEd Maste DWORD cbUnsignedExtensionOutputs; 1035*60a517b6SEd Maste _Field_size_bytes_(cbUnsignedExtensionOutputs) 1036*60a517b6SEd Maste PBYTE pbUnsignedExtensionOutputs; 1037f540a430SEd Maste } WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION; 1038f540a430SEd Maste typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION; 1039f540a430SEd Maste 1040f540a430SEd Maste //+------------------------------------------------------------------------------------------ 1041f540a430SEd Maste // APIs. 1042f540a430SEd Maste //------------------------------------------------------------------------------------------- 1043f540a430SEd Maste 1044f540a430SEd Maste DWORD 1045f540a430SEd Maste WINAPI 1046f540a430SEd Maste WebAuthNGetApiVersionNumber(); 1047f540a430SEd Maste 1048f540a430SEd Maste HRESULT 1049f540a430SEd Maste WINAPI 1050f540a430SEd Maste WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable( 1051f540a430SEd Maste _Out_ BOOL *pbIsUserVerifyingPlatformAuthenticatorAvailable); 1052f540a430SEd Maste 1053f540a430SEd Maste 1054f540a430SEd Maste HRESULT 1055f540a430SEd Maste WINAPI 1056f540a430SEd Maste WebAuthNAuthenticatorMakeCredential( 1057f540a430SEd Maste _In_ HWND hWnd, 1058f540a430SEd Maste _In_ PCWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation, 1059f540a430SEd Maste _In_ PCWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation, 1060f540a430SEd Maste _In_ PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS pPubKeyCredParams, 1061f540a430SEd Maste _In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, 1062f540a430SEd Maste _In_opt_ PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS pWebAuthNMakeCredentialOptions, 1063f540a430SEd Maste _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_ATTESTATION *ppWebAuthNCredentialAttestation); 1064f540a430SEd Maste 1065f540a430SEd Maste 1066f540a430SEd Maste HRESULT 1067f540a430SEd Maste WINAPI 1068f540a430SEd Maste WebAuthNAuthenticatorGetAssertion( 1069f540a430SEd Maste _In_ HWND hWnd, 1070f540a430SEd Maste _In_ LPCWSTR pwszRpId, 1071f540a430SEd Maste _In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, 1072f540a430SEd Maste _In_opt_ PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS pWebAuthNGetAssertionOptions, 1073f540a430SEd Maste _Outptr_result_maybenull_ PWEBAUTHN_ASSERTION *ppWebAuthNAssertion); 1074f540a430SEd Maste 1075f540a430SEd Maste void 1076f540a430SEd Maste WINAPI 1077f540a430SEd Maste WebAuthNFreeCredentialAttestation( 1078f540a430SEd Maste _In_opt_ PWEBAUTHN_CREDENTIAL_ATTESTATION pWebAuthNCredentialAttestation); 1079f540a430SEd Maste 1080f540a430SEd Maste void 1081f540a430SEd Maste WINAPI 1082f540a430SEd Maste WebAuthNFreeAssertion( 1083f540a430SEd Maste _In_ PWEBAUTHN_ASSERTION pWebAuthNAssertion); 1084f540a430SEd Maste 1085f540a430SEd Maste HRESULT 1086f540a430SEd Maste WINAPI 1087f540a430SEd Maste WebAuthNGetCancellationId( 1088f540a430SEd Maste _Out_ GUID* pCancellationId); 1089f540a430SEd Maste 1090f540a430SEd Maste HRESULT 1091f540a430SEd Maste WINAPI 1092f540a430SEd Maste WebAuthNCancelCurrentOperation( 1093f540a430SEd Maste _In_ const GUID* pCancellationId); 1094f540a430SEd Maste 1095*60a517b6SEd Maste // Returns NTE_NOT_FOUND when credentials are not found. 10962ccfa855SEd Maste HRESULT 10972ccfa855SEd Maste WINAPI 10982ccfa855SEd Maste WebAuthNGetPlatformCredentialList( 10992ccfa855SEd Maste _In_ PCWEBAUTHN_GET_CREDENTIALS_OPTIONS pGetCredentialsOptions, 11002ccfa855SEd Maste _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST *ppCredentialDetailsList); 11012ccfa855SEd Maste 11022ccfa855SEd Maste void 11032ccfa855SEd Maste WINAPI 11042ccfa855SEd Maste WebAuthNFreePlatformCredentialList( 11052ccfa855SEd Maste _In_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST pCredentialDetailsList); 11062ccfa855SEd Maste 1107*60a517b6SEd Maste HRESULT 1108*60a517b6SEd Maste WINAPI 1109*60a517b6SEd Maste WebAuthNDeletePlatformCredential( 1110*60a517b6SEd Maste _In_ DWORD cbCredentialId, 1111*60a517b6SEd Maste _In_reads_bytes_(cbCredentialId) const BYTE *pbCredentialId 1112*60a517b6SEd Maste ); 1113*60a517b6SEd Maste 1114f540a430SEd Maste // 1115f540a430SEd Maste // Returns the following Error Names: 1116f540a430SEd Maste // L"Success" - S_OK 1117f540a430SEd Maste // L"InvalidStateError" - NTE_EXISTS 1118f540a430SEd Maste // L"ConstraintError" - HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED), 1119f540a430SEd Maste // NTE_NOT_SUPPORTED, 1120f540a430SEd Maste // NTE_TOKEN_KEYSET_STORAGE_FULL 1121f540a430SEd Maste // L"NotSupportedError" - NTE_INVALID_PARAMETER 1122f540a430SEd Maste // L"NotAllowedError" - NTE_DEVICE_NOT_FOUND, 1123f540a430SEd Maste // NTE_NOT_FOUND, 1124f540a430SEd Maste // HRESULT_FROM_WIN32(ERROR_CANCELLED), 1125f540a430SEd Maste // NTE_USER_CANCELLED, 1126f540a430SEd Maste // HRESULT_FROM_WIN32(ERROR_TIMEOUT) 1127f540a430SEd Maste // L"UnknownError" - All other hr values 1128f540a430SEd Maste // 1129f540a430SEd Maste PCWSTR 1130f540a430SEd Maste WINAPI 1131f540a430SEd Maste WebAuthNGetErrorName( 1132f540a430SEd Maste _In_ HRESULT hr); 1133f540a430SEd Maste 1134f540a430SEd Maste HRESULT 1135f540a430SEd Maste WINAPI 1136f540a430SEd Maste WebAuthNGetW3CExceptionDOMError( 1137f540a430SEd Maste _In_ HRESULT hr); 1138f540a430SEd Maste 1139f540a430SEd Maste 1140f540a430SEd Maste #ifdef __cplusplus 1141f540a430SEd Maste } // Balance extern "C" above 1142f540a430SEd Maste #endif 1143f540a430SEd Maste 1144f540a430SEd Maste #endif // WINAPI_FAMILY_PARTITION 11453e696dfbSEd Maste #ifdef _MSC_VER 1146f540a430SEd Maste #pragma endregion 11473e696dfbSEd Maste #endif 1148f540a430SEd Maste 1149f540a430SEd Maste #endif // __WEBAUTHN_H_ 1150