// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
#ifndef __WEBAUTHN_H_
#define __WEBAUTHN_H_
#pragma once
#include <winapifamily.h>
#pragma region Desktop Family or OneCore Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM)
#ifdef __cplusplus
extern "C" {
#endif
#ifndef WINAPI
#define WINAPI __stdcall
#endif
#ifndef INITGUID
#define INITGUID
#include <guiddef.h>
#undef INITGUID
#else
#include <guiddef.h>
#endif
//+------------------------------------------------------------------------------------------
// API Version Information.
// Caller should check for WebAuthNGetApiVersionNumber to check the presence of relevant APIs
// and features for their usage.
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_API_VERSION_1 1
// WEBAUTHN_API_VERSION_1 : Baseline Version
// Data Structures and their sub versions:
// - WEBAUTHN_RP_ENTITY_INFORMATION : 1
// - WEBAUTHN_USER_ENTITY_INFORMATION : 1
// - WEBAUTHN_CLIENT_DATA : 1
// - WEBAUTHN_COSE_CREDENTIAL_PARAMETER : 1
// - WEBAUTHN_COSE_CREDENTIAL_PARAMETERS : Not
// Applicable
// - WEBAUTHN_CREDENTIAL : 1
// - WEBAUTHN_CREDENTIALS : Not
// Applicable
// - WEBAUTHN_CREDENTIAL_EX : 1
// - WEBAUTHN_CREDENTIAL_LIST : Not
// Applicable
// - WEBAUTHN_EXTENSION : Not
// Applicable
// - WEBAUTHN_EXTENSIONS : Not
// Applicable
// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 3
// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 4
// - WEBAUTHN_COMMON_ATTESTATION : 1
// - WEBAUTHN_CREDENTIAL_ATTESTATION : 3
// - WEBAUTHN_ASSERTION : 1
// Extensions:
// - WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET
// APIs:
// - WebAuthNGetApiVersionNumber
// - WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable
// - WebAuthNAuthenticatorMakeCredential
// - WebAuthNAuthenticatorGetAssertion
// - WebAuthNFreeCredentialAttestation
// - WebAuthNFreeAssertion
// - WebAuthNGetCancellationId
// - WebAuthNCancelCurrentOperation
// - WebAuthNGetErrorName
// - WebAuthNGetW3CExceptionDOMError
// Transports:
// - WEBAUTHN_CTAP_TRANSPORT_USB
// - WEBAUTHN_CTAP_TRANSPORT_NFC
// - WEBAUTHN_CTAP_TRANSPORT_BLE
// - WEBAUTHN_CTAP_TRANSPORT_INTERNAL
#define WEBAUTHN_API_VERSION_2 2
// WEBAUTHN_API_VERSION_2 : Delta From WEBAUTHN_API_VERSION_1
// Added Extensions:
// - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT
//
#define WEBAUTHN_API_VERSION_3 3
// WEBAUTHN_API_VERSION_3 : Delta From WEBAUTHN_API_VERSION_2
// Data Structures and their sub versions:
// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 4
// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 5
// - WEBAUTHN_CREDENTIAL_ATTESTATION : 4
// - WEBAUTHN_ASSERTION : 2
// Added Extensions:
// - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB
// - WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH
//
#define WEBAUTHN_API_VERSION_4 4
// WEBAUTHN_API_VERSION_4 : Delta From WEBAUTHN_API_VERSION_3
// Data Structures and their sub versions:
// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 5
// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 6
// - WEBAUTHN_ASSERTION : 3
// - WEBAUTHN_CREDENTIAL_DETAILS : 1
// APIs:
// - WebAuthNGetPlatformCredentialList
// - WebAuthNFreePlatformCredentialList
// - WebAuthNDeletePlatformCredential
//
#define WEBAUTHN_API_VERSION_5 5
// WEBAUTHN_API_VERSION_5 : Delta From WEBAUTHN_API_VERSION_4
// Data Structures and their sub versions:
// - WEBAUTHN_CREDENTIAL_DETAILS : 2
// Extension Changes:
// - Enabled LARGE_BLOB Support
//
#define WEBAUTHN_API_VERSION_6 6
// WEBAUTHN_API_VERSION_6 : Delta From WEBAUTHN_API_VERSION_5
// Data Structures and their sub versions:
// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 6
// - WEBAUTHN_CREDENTIAL_ATTESTATION : 5
// - WEBAUTHN_ASSERTION : 4
// Transports:
// - WEBAUTHN_CTAP_TRANSPORT_HYBRID
#define WEBAUTHN_API_VERSION_7 7
// WEBAUTHN_API_VERSION_7 : Delta From WEBAUTHN_API_VERSION_6
// Data Structures and their sub versions:
// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 7
// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 7
// - WEBAUTHN_CREDENTIAL_ATTESTATION : 6
// - WEBAUTHN_ASSERTION : 5
#define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_7
//+------------------------------------------------------------------------------------------
// Information about an RP Entity
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_RP_ENTITY_INFORMATION_CURRENT_VERSION 1
typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION {
// Version of this structure, to allow for modifications in the future.
// This field is required and should be set to CURRENT_VERSION above.
DWORD dwVersion;
// Identifier for the RP. This field is required.
PCWSTR pwszId;
// Contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site".
// This field is required.
PCWSTR pwszName;
// Optional URL pointing to RP's logo.
PCWSTR pwszIcon;
} WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION;
typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION;
//+------------------------------------------------------------------------------------------
// Information about an User Entity
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_MAX_USER_ID_LENGTH 64
#define WEBAUTHN_USER_ENTITY_INFORMATION_CURRENT_VERSION 1
typedef struct _WEBAUTHN_USER_ENTITY_INFORMATION {
// Version of this structure, to allow for modifications in the future.
// This field is required and should be set to CURRENT_VERSION above.
DWORD dwVersion;
// Identifier for the User. This field is required.
DWORD cbId;
_Field_size_bytes_(cbId)
PBYTE pbId;
// Contains a detailed name for this account, such as "[email protected]".
PCWSTR pwszName;
// Optional URL that can be used to retrieve an image containing the user's current avatar,
// or a data URI that contains the image data.
PCWSTR pwszIcon;
// For User: Contains the friendly name associated with the user account by the Relying Party, such as "John P. Smith".
PCWSTR pwszDisplayName;
} WEBAUTHN_USER_ENTITY_INFORMATION, *PWEBAUTHN_USER_ENTITY_INFORMATION;
typedef const WEBAUTHN_USER_ENTITY_INFORMATION *PCWEBAUTHN_USER_ENTITY_INFORMATION;
//+------------------------------------------------------------------------------------------
// Information about client data.
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_HASH_ALGORITHM_SHA_256 L"SHA-256"
#define WEBAUTHN_HASH_ALGORITHM_SHA_384 L"SHA-384"
#define WEBAUTHN_HASH_ALGORITHM_SHA_512 L"SHA-512"
#define WEBAUTHN_CLIENT_DATA_CURRENT_VERSION 1
typedef struct _WEBAUTHN_CLIENT_DATA {
// Version of this structure, to allow for modifications in the future.
// This field is required and should be set to CURRENT_VERSION above.
DWORD dwVersion;
// Size of the pbClientDataJSON field.
DWORD cbClientDataJSON;
// UTF-8 encoded JSON serialization of the client data.
_Field_size_bytes_(cbClientDataJSON)
PBYTE pbClientDataJSON;
// Hash algorithm ID used to hash the pbClientDataJSON field.
LPCWSTR pwszHashAlgId;
} WEBAUTHN_CLIENT_DATA, *PWEBAUTHN_CLIENT_DATA;
typedef const WEBAUTHN_CLIENT_DATA *PCWEBAUTHN_CLIENT_DATA;
//+------------------------------------------------------------------------------------------
// Information about credential parameters.
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY L"public-key"
#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256 -7
#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384 -35
#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512 -36
#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256 -257
#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384 -258
#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512 -259
#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256 -37
#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384 -38
#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512 -39
#define WEBAUTHN_COSE_CREDENTIAL_PARAMETER_CURRENT_VERSION 1
typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETER {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Well-known credential type specifying a credential to create.
LPCWSTR pwszCredentialType;
// Well-known COSE algorithm specifying the algorithm to use for the credential.
LONG lAlg;
} WEBAUTHN_COSE_CREDENTIAL_PARAMETER, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETER;
typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETER *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETER;
typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETERS {
DWORD cCredentialParameters;
_Field_size_(cCredentialParameters)
PWEBAUTHN_COSE_CREDENTIAL_PARAMETER pCredentialParameters;
} WEBAUTHN_COSE_CREDENTIAL_PARAMETERS, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETERS;
typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS;
//+------------------------------------------------------------------------------------------
// Information about credential.
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_CREDENTIAL_CURRENT_VERSION 1
typedef struct _WEBAUTHN_CREDENTIAL {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Size of pbID.
DWORD cbId;
// Unique ID for this particular credential.
_Field_size_bytes_(cbId)
PBYTE pbId;
// Well-known credential type specifying what this particular credential is.
LPCWSTR pwszCredentialType;
} WEBAUTHN_CREDENTIAL, *PWEBAUTHN_CREDENTIAL;
typedef const WEBAUTHN_CREDENTIAL *PCWEBAUTHN_CREDENTIAL;
typedef struct _WEBAUTHN_CREDENTIALS {
DWORD cCredentials;
_Field_size_(cCredentials)
PWEBAUTHN_CREDENTIAL pCredentials;
} WEBAUTHN_CREDENTIALS, *PWEBAUTHN_CREDENTIALS;
typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS;
//+------------------------------------------------------------------------------------------
// Information about credential with extra information, such as, dwTransports
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_CTAP_TRANSPORT_USB 0x00000001
#define WEBAUTHN_CTAP_TRANSPORT_NFC 0x00000002
#define WEBAUTHN_CTAP_TRANSPORT_BLE 0x00000004
#define WEBAUTHN_CTAP_TRANSPORT_TEST 0x00000008
#define WEBAUTHN_CTAP_TRANSPORT_INTERNAL 0x00000010
#define WEBAUTHN_CTAP_TRANSPORT_HYBRID 0x00000020
#define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK 0x0000003F
#define WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION 1
typedef struct _WEBAUTHN_CREDENTIAL_EX {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Size of pbID.
DWORD cbId;
// Unique ID for this particular credential.
_Field_size_bytes_(cbId)
PBYTE pbId;
// Well-known credential type specifying what this particular credential is.
LPCWSTR pwszCredentialType;
// Transports. 0 implies no transport restrictions.
DWORD dwTransports;
} WEBAUTHN_CREDENTIAL_EX, *PWEBAUTHN_CREDENTIAL_EX;
typedef const WEBAUTHN_CREDENTIAL_EX *PCWEBAUTHN_CREDENTIAL_EX;
//+------------------------------------------------------------------------------------------
// Information about credential list with extra information
//-------------------------------------------------------------------------------------------
typedef struct _WEBAUTHN_CREDENTIAL_LIST {
DWORD cCredentials;
_Field_size_(cCredentials)
PWEBAUTHN_CREDENTIAL_EX *ppCredentials;
} WEBAUTHN_CREDENTIAL_LIST, *PWEBAUTHN_CREDENTIAL_LIST;
typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST;
//+------------------------------------------------------------------------------------------
// Information about linked devices
//-------------------------------------------------------------------------------------------
#define CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_VERSION_1 1
#define CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_CURRENT_VERSION \
CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_VERSION_1
typedef struct _CTAPCBOR_HYBRID_STORAGE_LINKED_DATA {
// Version
DWORD dwVersion;
// Contact Id
DWORD cbContactId;
_Field_size_bytes_(cbContactId) PBYTE pbContactId;
// Link Id
DWORD cbLinkId;
_Field_size_bytes_(cbLinkId) PBYTE pbLinkId;
// Link secret
DWORD cbLinkSecret;
_Field_size_bytes_(cbLinkSecret) PBYTE pbLinkSecret;
// Authenticator Public Key
DWORD cbPublicKey;
_Field_size_bytes_(cbPublicKey) PBYTE pbPublicKey;
// Authenticator Name
PCWSTR pwszAuthenticatorName;
// Tunnel server domain
WORD wEncodedTunnelServerDomain;
} CTAPCBOR_HYBRID_STORAGE_LINKED_DATA, *PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA;
typedef const CTAPCBOR_HYBRID_STORAGE_LINKED_DATA*
PCCTAPCBOR_HYBRID_STORAGE_LINKED_DATA;
//+------------------------------------------------------------------------------------------
// Credential Information for WebAuthNGetPlatformCredentialList API
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_1 1
#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2 2
#define WEBAUTHN_CREDENTIAL_DETAILS_CURRENT_VERSION \
WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2
typedef struct _WEBAUTHN_CREDENTIAL_DETAILS {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Size of pbCredentialID.
DWORD cbCredentialID;
_Field_size_bytes_(cbCredentialID) PBYTE pbCredentialID;
// RP Info
PWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation;
// User Info
PWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation;
// Removable or not.
BOOL bRemovable;
//
// The following fields have been added in
// WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2
//
// Backed Up or not.
BOOL bBackedUp;
} WEBAUTHN_CREDENTIAL_DETAILS, *PWEBAUTHN_CREDENTIAL_DETAILS;
typedef const WEBAUTHN_CREDENTIAL_DETAILS* PCWEBAUTHN_CREDENTIAL_DETAILS;
typedef struct _WEBAUTHN_CREDENTIAL_DETAILS_LIST {
DWORD cCredentialDetails;
_Field_size_(cCredentialDetails)
PWEBAUTHN_CREDENTIAL_DETAILS* ppCredentialDetails;
} WEBAUTHN_CREDENTIAL_DETAILS_LIST, *PWEBAUTHN_CREDENTIAL_DETAILS_LIST;
typedef const WEBAUTHN_CREDENTIAL_DETAILS_LIST*
PCWEBAUTHN_CREDENTIAL_DETAILS_LIST;
#define WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1 1
#define WEBAUTHN_GET_CREDENTIALS_OPTIONS_CURRENT_VERSION \
WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1
typedef struct _WEBAUTHN_GET_CREDENTIALS_OPTIONS {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Optional.
LPCWSTR pwszRpId;
// Optional. BrowserInPrivate Mode. Defaulting to FALSE.
BOOL bBrowserInPrivateMode;
} WEBAUTHN_GET_CREDENTIALS_OPTIONS, *PWEBAUTHN_GET_CREDENTIALS_OPTIONS;
typedef const WEBAUTHN_GET_CREDENTIALS_OPTIONS*
PCWEBAUTHN_GET_CREDENTIALS_OPTIONS;
//+------------------------------------------------------------------------------------------
// PRF values.
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH 32
// SALT values below by default are converted into RAW Hmac-Secret values as per
// PRF extension.
// - SHA-256(UTF8Encode("WebAuthn PRF") || 0x00 || Value)
//
// Set WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG in dwFlags in
// WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS,
// if caller wants to provide RAW Hmac-Secret SALT values directly. In that
// case, values if provided MUST be of WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH
// size.
typedef struct _WEBAUTHN_HMAC_SECRET_SALT {
// Size of pbFirst.
DWORD cbFirst;
_Field_size_bytes_(cbFirst) PBYTE pbFirst; // Required
// Size of pbSecond.
DWORD cbSecond;
_Field_size_bytes_(cbSecond) PBYTE pbSecond;
} WEBAUTHN_HMAC_SECRET_SALT, *PWEBAUTHN_HMAC_SECRET_SALT;
typedef const WEBAUTHN_HMAC_SECRET_SALT* PCWEBAUTHN_HMAC_SECRET_SALT;
typedef struct _WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT {
// Size of pbCredID.
DWORD cbCredID;
_Field_size_bytes_(cbCredID) PBYTE pbCredID; // Required
// PRF Values for above credential
PWEBAUTHN_HMAC_SECRET_SALT pHmacSecretSalt; // Required
} WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT, *PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT;
typedef const WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT*
PCWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT;
typedef struct _WEBAUTHN_HMAC_SECRET_SALT_VALUES {
PWEBAUTHN_HMAC_SECRET_SALT pGlobalHmacSalt;
DWORD cCredWithHmacSecretSaltList;
_Field_size_(cCredWithHmacSecretSaltList)
PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT pCredWithHmacSecretSaltList;
} WEBAUTHN_HMAC_SECRET_SALT_VALUES, *PWEBAUTHN_HMAC_SECRET_SALT_VALUES;
typedef const WEBAUTHN_HMAC_SECRET_SALT_VALUES*
PCWEBAUTHN_HMAC_SECRET_SALT_VALUES;
//+------------------------------------------------------------------------------------------
// Hmac-Secret extension
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET L"hmac-secret"
// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET
// MakeCredential Input Type: BOOL.
// - pvExtension must point to a BOOL with the value TRUE.
// - cbExtension must contain the sizeof(BOOL).
// MakeCredential Output Type: BOOL.
// - pvExtension will point to a BOOL with the value TRUE if credential
// was successfully created with HMAC_SECRET.
// - cbExtension will contain the sizeof(BOOL).
// GetAssertion Input Type: Not Supported
// GetAssertion Output Type: Not Supported
//+------------------------------------------------------------------------------------------
// credProtect extension
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_USER_VERIFICATION_ANY 0
#define WEBAUTHN_USER_VERIFICATION_OPTIONAL 1
#define WEBAUTHN_USER_VERIFICATION_OPTIONAL_WITH_CREDENTIAL_ID_LIST 2
#define WEBAUTHN_USER_VERIFICATION_REQUIRED 3
typedef struct _WEBAUTHN_CRED_PROTECT_EXTENSION_IN {
// One of the above WEBAUTHN_USER_VERIFICATION_* values
DWORD dwCredProtect;
// Set the following to TRUE to require authenticator support for the
// credProtect extension
BOOL bRequireCredProtect;
} WEBAUTHN_CRED_PROTECT_EXTENSION_IN, *PWEBAUTHN_CRED_PROTECT_EXTENSION_IN;
typedef const WEBAUTHN_CRED_PROTECT_EXTENSION_IN*
PCWEBAUTHN_CRED_PROTECT_EXTENSION_IN;
#define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT L"credProtect"
// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT
// MakeCredential Input Type: WEBAUTHN_CRED_PROTECT_EXTENSION_IN.
// - pvExtension must point to a WEBAUTHN_CRED_PROTECT_EXTENSION_IN struct
// - cbExtension will contain the
// sizeof(WEBAUTHN_CRED_PROTECT_EXTENSION_IN).
// MakeCredential Output Type: DWORD.
// - pvExtension will point to a DWORD with one of the above
// WEBAUTHN_USER_VERIFICATION_* values
// if credential was successfully created with CRED_PROTECT.
// - cbExtension will contain the sizeof(DWORD).
// GetAssertion Input Type: Not Supported
// GetAssertion Output Type: Not Supported
//+------------------------------------------------------------------------------------------
// credBlob extension
//-------------------------------------------------------------------------------------------
typedef struct _WEBAUTHN_CRED_BLOB_EXTENSION {
// Size of pbCredBlob.
DWORD cbCredBlob;
_Field_size_bytes_(cbCredBlob) PBYTE pbCredBlob;
} WEBAUTHN_CRED_BLOB_EXTENSION, *PWEBAUTHN_CRED_BLOB_EXTENSION;
typedef const WEBAUTHN_CRED_BLOB_EXTENSION* PCWEBAUTHN_CRED_BLOB_EXTENSION;
#define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB L"credBlob"
// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB
// MakeCredential Input Type: WEBAUTHN_CRED_BLOB_EXTENSION.
// - pvExtension must point to a WEBAUTHN_CRED_BLOB_EXTENSION struct
// - cbExtension must contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION).
// MakeCredential Output Type: BOOL.
// - pvExtension will point to a BOOL with the value TRUE if credBlob was
// successfully created
// - cbExtension will contain the sizeof(BOOL).
// GetAssertion Input Type: BOOL.
// - pvExtension must point to a BOOL with the value TRUE to request the
// credBlob.
// - cbExtension must contain the sizeof(BOOL).
// GetAssertion Output Type: WEBAUTHN_CRED_BLOB_EXTENSION.
// - pvExtension will point to a WEBAUTHN_CRED_BLOB_EXTENSION struct if the
// authenticator
// returns the credBlob in the signed extensions
// - cbExtension will contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION).
//+------------------------------------------------------------------------------------------
// minPinLength extension
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH L"minPinLength"
// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH
// MakeCredential Input Type: BOOL.
// - pvExtension must point to a BOOL with the value TRUE to request the
// minPinLength.
// - cbExtension must contain the sizeof(BOOL).
// MakeCredential Output Type: DWORD.
// - pvExtension will point to a DWORD with the minimum pin length if
// returned by the authenticator
// - cbExtension will contain the sizeof(DWORD).
// GetAssertion Input Type: Not Supported
// GetAssertion Output Type: Not Supported
//+------------------------------------------------------------------------------------------
// Information about Extensions.
//-------------------------------------------------------------------------------------------
typedef struct _WEBAUTHN_EXTENSION {
LPCWSTR pwszExtensionIdentifier;
DWORD cbExtension;
PVOID pvExtension;
} WEBAUTHN_EXTENSION, *PWEBAUTHN_EXTENSION;
typedef const WEBAUTHN_EXTENSION *PCWEBAUTHN_EXTENSION;
typedef struct _WEBAUTHN_EXTENSIONS {
DWORD cExtensions;
_Field_size_(cExtensions)
PWEBAUTHN_EXTENSION pExtensions;
} WEBAUTHN_EXTENSIONS, *PWEBAUTHN_EXTENSIONS;
typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS;
//+------------------------------------------------------------------------------------------
// Options.
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY 0
#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM 1
#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM 2
#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2 3
#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY 0
#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED 1
#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED 2
#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED 3
#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ANY 0
#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE 1
#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT 2
#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT 3
#define WEBAUTHN_ENTERPRISE_ATTESTATION_NONE 0
#define WEBAUTHN_ENTERPRISE_ATTESTATION_VENDOR_FACILITATED 1
#define WEBAUTHN_ENTERPRISE_ATTESTATION_PLATFORM_MANAGED 2
#define WEBAUTHN_LARGE_BLOB_SUPPORT_NONE 0
#define WEBAUTHN_LARGE_BLOB_SUPPORT_REQUIRED 1
#define WEBAUTHN_LARGE_BLOB_SUPPORT_PREFERRED 2
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1 1
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 2
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 3
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 4
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 5
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6 6
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7 7
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION \
WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7
typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Time that the operation is expected to complete within.
// This is used as guidance, and can be overridden by the platform.
DWORD dwTimeoutMilliseconds;
// Credentials used for exclusion.
WEBAUTHN_CREDENTIALS CredentialList;
// Optional extensions to parse when performing the operation.
WEBAUTHN_EXTENSIONS Extensions;
// Optional. Platform vs Cross-Platform Authenticators.
DWORD dwAuthenticatorAttachment;
// Optional. Require key to be resident or not. Defaulting to FALSE.
BOOL bRequireResidentKey;
// User Verification Requirement.
DWORD dwUserVerificationRequirement;
// Attestation Conveyance Preference.
DWORD dwAttestationConveyancePreference;
// Reserved for future Use
DWORD dwFlags;
//
// The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2
//
// Cancellation Id - Optional - See WebAuthNGetCancellationId
GUID *pCancellationId;
//
// The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3
//
// Exclude Credential List. If present, "CredentialList" will be ignored.
PWEBAUTHN_CREDENTIAL_LIST pExcludeCredentialList;
//
// The following fields have been added in
// WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4
//
// Enterprise Attestation
DWORD dwEnterpriseAttestation;
// Large Blob Support: none, required or preferred
//
// NTE_INVALID_PARAMETER when large blob required or preferred and
// bRequireResidentKey isn't set to TRUE
DWORD dwLargeBlobSupport;
// Optional. Prefer key to be resident. Defaulting to FALSE. When TRUE,
// overrides the above bRequireResidentKey.
BOOL bPreferResidentKey;
//
// The following fields have been added in
// WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5
//
// Optional. BrowserInPrivate Mode. Defaulting to FALSE.
BOOL bBrowserInPrivateMode;
//
// The following fields have been added in
// WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6
//
// Enable PRF
BOOL bEnablePrf;
//
// The following fields have been added in
// WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7
//
// Optional. Linked Device Connection Info.
PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA pLinkedDevice;
// Size of pbJsonExt
DWORD cbJsonExt;
_Field_size_bytes_(cbJsonExt) PBYTE pbJsonExt;
} WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_NONE 0
#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_GET 1
#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_SET 2
#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_DELETE 3
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_1 1
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 2
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 3
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 4
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 5
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 6
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7 7
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION \
WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7
/*
Information about flags.
*/
#define WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG 0x00100000
typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Time that the operation is expected to complete within.
// This is used as guidance, and can be overridden by the platform.
DWORD dwTimeoutMilliseconds;
// Allowed Credentials List.
WEBAUTHN_CREDENTIALS CredentialList;
// Optional extensions to parse when performing the operation.
WEBAUTHN_EXTENSIONS Extensions;
// Optional. Platform vs Cross-Platform Authenticators.
DWORD dwAuthenticatorAttachment;
// User Verification Requirement.
DWORD dwUserVerificationRequirement;
// Flags
DWORD dwFlags;
//
// The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2
//
// Optional identifier for the U2F AppId. Converted to UTF8 before being hashed. Not lower cased.
PCWSTR pwszU2fAppId;
// If the following is non-NULL, then, set to TRUE if the above pwszU2fAppid was used instead of
// PCWSTR pwszRpId;
BOOL *pbU2fAppId;
//
// The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3
//
// Cancellation Id - Optional - See WebAuthNGetCancellationId
GUID *pCancellationId;
//
// The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4
//
// Allow Credential List. If present, "CredentialList" will be ignored.
PWEBAUTHN_CREDENTIAL_LIST pAllowCredentialList;
//
// The following fields have been added in
// WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5
//
DWORD dwCredLargeBlobOperation;
// Size of pbCredLargeBlob
DWORD cbCredLargeBlob;
_Field_size_bytes_(cbCredLargeBlob) PBYTE pbCredLargeBlob;
//
// The following fields have been added in
// WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6
//
// PRF values which will be converted into HMAC-SECRET values according to
// WebAuthn Spec.
PWEBAUTHN_HMAC_SECRET_SALT_VALUES pHmacSecretSaltValues;
// Optional. BrowserInPrivate Mode. Defaulting to FALSE.
BOOL bBrowserInPrivateMode;
//
// The following fields have been added in
// WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7
//
// Optional. Linked Device Connection Info.
PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA pLinkedDevice;
// Optional. Allowlist MUST contain 1 credential applicable for Hybrid
// transport.
BOOL bAutoFill;
// Size of pbJsonExt
DWORD cbJsonExt;
_Field_size_bytes_(cbJsonExt) PBYTE pbJsonExt;
} WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
//+------------------------------------------------------------------------------------------
// Attestation Info.
//
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_ATTESTATION_DECODE_NONE 0
#define WEBAUTHN_ATTESTATION_DECODE_COMMON 1
// WEBAUTHN_ATTESTATION_DECODE_COMMON supports format types
// L"packed"
// L"fido-u2f"
#define WEBAUTHN_ATTESTATION_VER_TPM_2_0 L"2.0"
typedef struct _WEBAUTHN_X5C {
// Length of X.509 encoded certificate
DWORD cbData;
// X.509 encoded certificate bytes
_Field_size_bytes_(cbData)
PBYTE pbData;
} WEBAUTHN_X5C, *PWEBAUTHN_X5C;
// Supports either Self or Full Basic Attestation
// Note, new fields will be added to the following data structure to
// support additional attestation format types, such as, TPM.
// When fields are added, the dwVersion will be incremented.
//
// Therefore, your code must make the following check:
// "if (dwVersion >= WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION)"
#define WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION 1
typedef struct _WEBAUTHN_COMMON_ATTESTATION {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Hash and Padding Algorithm
//
// The following won't be set for "fido-u2f" which assumes "ES256".
PCWSTR pwszAlg;
LONG lAlg; // COSE algorithm
// Signature that was generated for this attestation.
DWORD cbSignature;
_Field_size_bytes_(cbSignature)
PBYTE pbSignature;
// Following is set for Full Basic Attestation. If not, set then, this is Self Attestation.
// Array of X.509 DER encoded certificates. The first certificate is the signer, leaf certificate.
DWORD cX5c;
_Field_size_(cX5c)
PWEBAUTHN_X5C pX5c;
// Following are also set for tpm
PCWSTR pwszVer; // L"2.0"
DWORD cbCertInfo;
_Field_size_bytes_(cbCertInfo)
PBYTE pbCertInfo;
DWORD cbPubArea;
_Field_size_bytes_(cbPubArea)
PBYTE pbPubArea;
} WEBAUTHN_COMMON_ATTESTATION, *PWEBAUTHN_COMMON_ATTESTATION;
typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION;
#define WEBAUTHN_ATTESTATION_TYPE_PACKED L"packed"
#define WEBAUTHN_ATTESTATION_TYPE_U2F L"fido-u2f"
#define WEBAUTHN_ATTESTATION_TYPE_TPM L"tpm"
#define WEBAUTHN_ATTESTATION_TYPE_NONE L"none"
#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_1 1
#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 2
#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 3
#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 4
#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 5
#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6 6
#define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION \
WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6
typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Attestation format type
PCWSTR pwszFormatType;
// Size of cbAuthenticatorData.
DWORD cbAuthenticatorData;
// Authenticator data that was created for this credential.
_Field_size_bytes_(cbAuthenticatorData)
PBYTE pbAuthenticatorData;
// Size of CBOR encoded attestation information
//0 => encoded as CBOR null value.
DWORD cbAttestation;
//Encoded CBOR attestation information
_Field_size_bytes_(cbAttestation)
PBYTE pbAttestation;
DWORD dwAttestationDecodeType;
// Following depends on the dwAttestationDecodeType
// WEBAUTHN_ATTESTATION_DECODE_NONE
// NULL - not able to decode the CBOR attestation information
// WEBAUTHN_ATTESTATION_DECODE_COMMON
// PWEBAUTHN_COMMON_ATTESTATION;
PVOID pvAttestationDecode;
// The CBOR encoded Attestation Object to be returned to the RP.
DWORD cbAttestationObject;
_Field_size_bytes_(cbAttestationObject)
PBYTE pbAttestationObject;
// The CredentialId bytes extracted from the Authenticator Data.
// Used by Edge to return to the RP.
DWORD cbCredentialId;
_Field_size_bytes_(cbCredentialId)
PBYTE pbCredentialId;
//
// Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2
//
WEBAUTHN_EXTENSIONS Extensions;
//
// Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3
//
// One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to
// the transport that was used.
DWORD dwUsedTransport;
//
// Following fields have been added in
// WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4
//
BOOL bEpAtt;
BOOL bLargeBlobSupported;
BOOL bResidentKey;
//
// Following fields have been added in
// WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5
//
BOOL bPrfEnabled;
//
// Following fields have been added in
// WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6
//
DWORD cbUnsignedExtensionOutputs;
_Field_size_bytes_(cbUnsignedExtensionOutputs) PBYTE
pbUnsignedExtensionOutputs;
} WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION;
typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION;
//+------------------------------------------------------------------------------------------
// authenticatorGetAssertion output.
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NONE 0
#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_SUCCESS 1
#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_SUPPORTED 2
#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_DATA 3
#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_PARAMETER 4
#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_FOUND 5
#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_MULTIPLE_CREDENTIALS 6
#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_LACK_OF_SPACE 7
#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_PLATFORM_ERROR 8
#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_AUTHENTICATOR_ERROR 9
#define WEBAUTHN_ASSERTION_VERSION_1 1
#define WEBAUTHN_ASSERTION_VERSION_2 2
#define WEBAUTHN_ASSERTION_VERSION_3 3
#define WEBAUTHN_ASSERTION_VERSION_4 4
#define WEBAUTHN_ASSERTION_VERSION_5 5
#define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_5
typedef struct _WEBAUTHN_ASSERTION {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Size of cbAuthenticatorData.
DWORD cbAuthenticatorData;
// Authenticator data that was created for this assertion.
_Field_size_bytes_(cbAuthenticatorData)
PBYTE pbAuthenticatorData;
// Size of pbSignature.
DWORD cbSignature;
// Signature that was generated for this assertion.
_Field_size_bytes_(cbSignature)
PBYTE pbSignature;
// Credential that was used for this assertion.
WEBAUTHN_CREDENTIAL Credential;
// Size of User Id
DWORD cbUserId;
// UserId
_Field_size_bytes_(cbUserId)
PBYTE pbUserId;
//
// Following fields have been added in WEBAUTHN_ASSERTION_VERSION_2
//
WEBAUTHN_EXTENSIONS Extensions;
// Size of pbCredLargeBlob
DWORD cbCredLargeBlob;
_Field_size_bytes_(cbCredLargeBlob) PBYTE pbCredLargeBlob;
DWORD dwCredLargeBlobStatus;
//
// Following fields have been added in WEBAUTHN_ASSERTION_VERSION_3
//
PWEBAUTHN_HMAC_SECRET_SALT pHmacSecret;
//
// Following fields have been added in WEBAUTHN_ASSERTION_VERSION_4
//
// One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to
// the transport that was used.
DWORD dwUsedTransport;
//
// Following fields have been added in WEBAUTHN_ASSERTION_VERSION_5
//
DWORD cbUnsignedExtensionOutputs;
_Field_size_bytes_(cbUnsignedExtensionOutputs) PBYTE
pbUnsignedExtensionOutputs;
} WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION;
typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION;
//+------------------------------------------------------------------------------------------
// APIs.
//-------------------------------------------------------------------------------------------
DWORD
WINAPI
WebAuthNGetApiVersionNumber();
HRESULT
WINAPI
WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable(
_Out_ BOOL *pbIsUserVerifyingPlatformAuthenticatorAvailable);
HRESULT
WINAPI
WebAuthNAuthenticatorMakeCredential(
_In_ HWND hWnd,
_In_ PCWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation,
_In_ PCWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation,
_In_ PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS pPubKeyCredParams,
_In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData,
_In_opt_ PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS pWebAuthNMakeCredentialOptions,
_Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_ATTESTATION *ppWebAuthNCredentialAttestation);
HRESULT
WINAPI
WebAuthNAuthenticatorGetAssertion(
_In_ HWND hWnd,
_In_ LPCWSTR pwszRpId,
_In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData,
_In_opt_ PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS pWebAuthNGetAssertionOptions,
_Outptr_result_maybenull_ PWEBAUTHN_ASSERTION *ppWebAuthNAssertion);
void
WINAPI
WebAuthNFreeCredentialAttestation(
_In_opt_ PWEBAUTHN_CREDENTIAL_ATTESTATION pWebAuthNCredentialAttestation);
void
WINAPI
WebAuthNFreeAssertion(
_In_ PWEBAUTHN_ASSERTION pWebAuthNAssertion);
HRESULT
WINAPI
WebAuthNGetCancellationId(
_Out_ GUID* pCancellationId);
HRESULT
WINAPI
WebAuthNCancelCurrentOperation(
_In_ const GUID* pCancellationId);
// Returns NTE_NOT_FOUND when credentials are not found.
HRESULT
WINAPI
WebAuthNGetPlatformCredentialList(
_In_ PCWEBAUTHN_GET_CREDENTIALS_OPTIONS pGetCredentialsOptions,
_Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST*
ppCredentialDetailsList);
void WINAPI WebAuthNFreePlatformCredentialList(
_In_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST pCredentialDetailsList);
HRESULT
WINAPI
WebAuthNDeletePlatformCredential(_In_ DWORD cbCredentialId,
_In_reads_bytes_(cbCredentialId)
const BYTE* pbCredentialId);
//
// Returns the following Error Names:
// L"Success" - S_OK
// L"InvalidStateError" - NTE_EXISTS
// L"ConstraintError" - HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED),
// NTE_NOT_SUPPORTED,
// NTE_TOKEN_KEYSET_STORAGE_FULL
// L"NotSupportedError" - NTE_INVALID_PARAMETER
// L"NotAllowedError" - NTE_DEVICE_NOT_FOUND,
// NTE_NOT_FOUND,
// HRESULT_FROM_WIN32(ERROR_CANCELLED),
// NTE_USER_CANCELLED,
// HRESULT_FROM_WIN32(ERROR_TIMEOUT)
// L"UnknownError" - All other hr values
//
PCWSTR
WINAPI
WebAuthNGetErrorName(
_In_ HRESULT hr);
HRESULT
WINAPI
WebAuthNGetW3CExceptionDOMError(
_In_ HRESULT hr);
#ifdef __cplusplus
} // Balance extern "C" above
#endif
#endif // WINAPI_FAMILY_PARTITION
#pragma endregion
#endif // __WEBAUTHN_H_