From 9ce9f9bb65c8208929e4697bda49f2c95da3c43c Mon Sep 17 00:00:00 2001 From: Isaiah Inuwa Date: Wed, 5 Nov 2025 22:39:25 -0600 Subject: [PATCH] Remove duplicate headers --- .../{stable => }/pluginauthenticator.idl | 0 .../include/stable/pluginauthenticator.h | 263 ---- .../include/stable/webauthn.h | 1381 ----------------- .../include/stable/webauthnplugin.h | 588 ------- 4 files changed, 2232 deletions(-) rename apps/desktop/desktop_native/windows_plugin_authenticator/include/{stable => }/pluginauthenticator.idl (100%) delete mode 100644 apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/pluginauthenticator.h delete mode 100644 apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/webauthn.h delete mode 100644 apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/webauthnplugin.h diff --git a/apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/pluginauthenticator.idl b/apps/desktop/desktop_native/windows_plugin_authenticator/include/pluginauthenticator.idl similarity index 100% rename from apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/pluginauthenticator.idl rename to apps/desktop/desktop_native/windows_plugin_authenticator/include/pluginauthenticator.idl diff --git a/apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/pluginauthenticator.h b/apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/pluginauthenticator.h deleted file mode 100644 index edb3ffd4f00..00000000000 --- a/apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/pluginauthenticator.h +++ /dev/null @@ -1,263 +0,0 @@ - - -/* this ALWAYS GENERATED file contains the definitions for the interfaces */ - - - /* File created by MIDL compiler version 8.01.0628 */ -/* @@MIDL_FILE_HEADING( ) */ - - - -/* verify that the version is high enough to compile this file*/ -#ifndef __REQUIRED_RPCNDR_H_VERSION__ -#define __REQUIRED_RPCNDR_H_VERSION__ 501 -#endif - -/* verify that the version is high enough to compile this file*/ -#ifndef __REQUIRED_RPCSAL_H_VERSION__ -#define __REQUIRED_RPCSAL_H_VERSION__ 100 -#endif - -#include "rpc.h" -#include "rpcndr.h" - -#ifndef __RPCNDR_H_VERSION__ -#error this stub requires an updated version of -#endif /* __RPCNDR_H_VERSION__ */ - -#ifndef COM_NO_WINDOWS_H -#include "windows.h" -#include "ole2.h" -#endif /*COM_NO_WINDOWS_H*/ - -#ifndef __pluginauthenticator_h__ -#define __pluginauthenticator_h__ - -#if defined(_MSC_VER) && (_MSC_VER >= 1020) -#pragma once -#endif - -#ifndef DECLSPEC_XFGVIRT -#if defined(_CONTROL_FLOW_GUARD_XFG) -#define DECLSPEC_XFGVIRT(base, func) __declspec(xfg_virtual(base, func)) -#else -#define DECLSPEC_XFGVIRT(base, func) -#endif -#endif - -/* Forward Declarations */ - -#ifndef __IPluginAuthenticator_FWD_DEFINED__ -#define __IPluginAuthenticator_FWD_DEFINED__ -typedef interface IPluginAuthenticator IPluginAuthenticator; - -#endif /* __IPluginAuthenticator_FWD_DEFINED__ */ - - -/* header files for imported files */ -#include "oaidl.h" - -#ifdef __cplusplus -extern "C"{ -#endif - - -/* interface __MIDL_itf_pluginauthenticator_0000_0000 */ -/* [local] */ - -typedef -enum _WEBAUTHN_PLUGIN_REQUEST_TYPE - { - WEBAUTHN_PLUGIN_REQUEST_TYPE_CTAP2_CBOR = 0x1 - } WEBAUTHN_PLUGIN_REQUEST_TYPE; - -typedef struct _WEBAUTHN_PLUGIN_OPERATION_REQUEST - { - HWND hWnd; - GUID transactionId; - DWORD cbRequestSignature; - /* [size_is] */ byte *pbRequestSignature; - WEBAUTHN_PLUGIN_REQUEST_TYPE requestType; - DWORD cbEncodedRequest; - /* [size_is] */ byte *pbEncodedRequest; - } WEBAUTHN_PLUGIN_OPERATION_REQUEST; - -typedef struct _WEBAUTHN_PLUGIN_OPERATION_REQUEST *PWEBAUTHN_PLUGIN_OPERATION_REQUEST; - -typedef const WEBAUTHN_PLUGIN_OPERATION_REQUEST *PCWEBAUTHN_PLUGIN_OPERATION_REQUEST; - -typedef struct _WEBAUTHN_PLUGIN_OPERATION_RESPONSE - { - DWORD cbEncodedResponse; - /* [size_is] */ byte *pbEncodedResponse; - } WEBAUTHN_PLUGIN_OPERATION_RESPONSE; - -typedef struct _WEBAUTHN_PLUGIN_OPERATION_RESPONSE *PWEBAUTHN_PLUGIN_OPERATION_RESPONSE; - -typedef const WEBAUTHN_PLUGIN_OPERATION_RESPONSE *PCWEBAUTHN_PLUGIN_OPERATION_RESPONSE; - -typedef struct _WEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST - { - GUID transactionId; - DWORD cbRequestSignature; - /* [size_is] */ byte *pbRequestSignature; - } WEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST; - -typedef struct _WEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST *PWEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST; - -typedef const WEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST *PCWEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST; - -typedef -enum _PLUGIN_LOCK_STATUS - { - PluginLocked = 0, - PluginUnlocked = ( PluginLocked + 1 ) - } PLUGIN_LOCK_STATUS; - - - -extern RPC_IF_HANDLE __MIDL_itf_pluginauthenticator_0000_0000_v0_0_c_ifspec; -extern RPC_IF_HANDLE __MIDL_itf_pluginauthenticator_0000_0000_v0_0_s_ifspec; - -#ifndef __IPluginAuthenticator_INTERFACE_DEFINED__ -#define __IPluginAuthenticator_INTERFACE_DEFINED__ - -/* interface IPluginAuthenticator */ -/* [ref][version][uuid][object] */ - - -EXTERN_C const IID IID_IPluginAuthenticator; - -#if defined(__cplusplus) && !defined(CINTERFACE) - - MIDL_INTERFACE("d26bcf6f-b54c-43ff-9f06-d5bf148625f7") - IPluginAuthenticator : public IUnknown - { - public: - virtual HRESULT STDMETHODCALLTYPE MakeCredential( - /* [in] */ __RPC__in PCWEBAUTHN_PLUGIN_OPERATION_REQUEST request, - /* [retval][out] */ __RPC__out PWEBAUTHN_PLUGIN_OPERATION_RESPONSE response) = 0; - - virtual HRESULT STDMETHODCALLTYPE GetAssertion( - /* [in] */ __RPC__in PCWEBAUTHN_PLUGIN_OPERATION_REQUEST request, - /* [retval][out] */ __RPC__out PWEBAUTHN_PLUGIN_OPERATION_RESPONSE response) = 0; - - virtual HRESULT STDMETHODCALLTYPE CancelOperation( - /* [in] */ __RPC__in PCWEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST request) = 0; - - virtual HRESULT STDMETHODCALLTYPE GetLockStatus( - /* [retval][out] */ __RPC__out PLUGIN_LOCK_STATUS *lockStatus) = 0; - - }; - - -#else /* C style interface */ - - typedef struct IPluginAuthenticatorVtbl - { - BEGIN_INTERFACE - - DECLSPEC_XFGVIRT(IUnknown, QueryInterface) - HRESULT ( STDMETHODCALLTYPE *QueryInterface )( - __RPC__in IPluginAuthenticator * This, - /* [in] */ __RPC__in REFIID riid, - /* [annotation][iid_is][out] */ - _COM_Outptr_ void **ppvObject); - - DECLSPEC_XFGVIRT(IUnknown, AddRef) - ULONG ( STDMETHODCALLTYPE *AddRef )( - __RPC__in IPluginAuthenticator * This); - - DECLSPEC_XFGVIRT(IUnknown, Release) - ULONG ( STDMETHODCALLTYPE *Release )( - __RPC__in IPluginAuthenticator * This); - - DECLSPEC_XFGVIRT(IPluginAuthenticator, MakeCredential) - HRESULT ( STDMETHODCALLTYPE *MakeCredential )( - __RPC__in IPluginAuthenticator * This, - /* [in] */ __RPC__in PCWEBAUTHN_PLUGIN_OPERATION_REQUEST request, - /* [retval][out] */ __RPC__out PWEBAUTHN_PLUGIN_OPERATION_RESPONSE response); - - DECLSPEC_XFGVIRT(IPluginAuthenticator, GetAssertion) - HRESULT ( STDMETHODCALLTYPE *GetAssertion )( - __RPC__in IPluginAuthenticator * This, - /* [in] */ __RPC__in PCWEBAUTHN_PLUGIN_OPERATION_REQUEST request, - /* [retval][out] */ __RPC__out PWEBAUTHN_PLUGIN_OPERATION_RESPONSE response); - - DECLSPEC_XFGVIRT(IPluginAuthenticator, CancelOperation) - HRESULT ( STDMETHODCALLTYPE *CancelOperation )( - __RPC__in IPluginAuthenticator * This, - /* [in] */ __RPC__in PCWEBAUTHN_PLUGIN_CANCEL_OPERATION_REQUEST request); - - DECLSPEC_XFGVIRT(IPluginAuthenticator, GetLockStatus) - HRESULT ( STDMETHODCALLTYPE *GetLockStatus )( - __RPC__in IPluginAuthenticator * This, - /* [retval][out] */ __RPC__out PLUGIN_LOCK_STATUS *lockStatus); - - END_INTERFACE - } IPluginAuthenticatorVtbl; - - interface IPluginAuthenticator - { - CONST_VTBL struct IPluginAuthenticatorVtbl *lpVtbl; - }; - - - -#ifdef COBJMACROS - - -#define IPluginAuthenticator_QueryInterface(This,riid,ppvObject) \ - ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) ) - -#define IPluginAuthenticator_AddRef(This) \ - ( (This)->lpVtbl -> AddRef(This) ) - -#define IPluginAuthenticator_Release(This) \ - ( (This)->lpVtbl -> Release(This) ) - - -#define IPluginAuthenticator_MakeCredential(This,request,response) \ - ( (This)->lpVtbl -> MakeCredential(This,request,response) ) - -#define IPluginAuthenticator_GetAssertion(This,request,response) \ - ( (This)->lpVtbl -> GetAssertion(This,request,response) ) - -#define IPluginAuthenticator_CancelOperation(This,request) \ - ( (This)->lpVtbl -> CancelOperation(This,request) ) - -#define IPluginAuthenticator_GetLockStatus(This,lockStatus) \ - ( (This)->lpVtbl -> GetLockStatus(This,lockStatus) ) - -#endif /* COBJMACROS */ - - -#endif /* C style interface */ - - - - -#endif /* __IPluginAuthenticator_INTERFACE_DEFINED__ */ - - -/* Additional Prototypes for ALL interfaces */ - -unsigned long __RPC_USER HWND_UserSize( __RPC__in unsigned long *, unsigned long , __RPC__in HWND * ); -unsigned char * __RPC_USER HWND_UserMarshal( __RPC__in unsigned long *, __RPC__inout_xcount(0) unsigned char *, __RPC__in HWND * ); -unsigned char * __RPC_USER HWND_UserUnmarshal(__RPC__in unsigned long *, __RPC__in_xcount(0) unsigned char *, __RPC__out HWND * ); -void __RPC_USER HWND_UserFree( __RPC__in unsigned long *, __RPC__in HWND * ); - -unsigned long __RPC_USER HWND_UserSize64( __RPC__in unsigned long *, unsigned long , __RPC__in HWND * ); -unsigned char * __RPC_USER HWND_UserMarshal64( __RPC__in unsigned long *, __RPC__inout_xcount(0) unsigned char *, __RPC__in HWND * ); -unsigned char * __RPC_USER HWND_UserUnmarshal64(__RPC__in unsigned long *, __RPC__in_xcount(0) unsigned char *, __RPC__out HWND * ); -void __RPC_USER HWND_UserFree64( __RPC__in unsigned long *, __RPC__in HWND * ); - -/* end of Additional Prototypes */ - -#ifdef __cplusplus -} -#endif - -#endif - - diff --git a/apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/webauthn.h b/apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/webauthn.h deleted file mode 100644 index b5eaca30f1c..00000000000 --- a/apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/webauthn.h +++ /dev/null @@ -1,1381 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -#ifndef __WEBAUTHN_H_ -#define __WEBAUTHN_H_ - -#pragma once - -#include - -#pragma region Desktop Family or OneCore Family -#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM) - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef WINAPI -#define WINAPI __stdcall -#endif - -#ifndef INITGUID -#define INITGUID -#include -#undef INITGUID -#else -#include -#endif - -//+------------------------------------------------------------------------------------------ -// API Version Information. -// Caller should check for WebAuthNGetApiVersionNumber to check the presence of relevant APIs -// and features for their usage. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_API_VERSION_1 1 -// WEBAUTHN_API_VERSION_1 : Baseline Version -// Data Structures and their sub versions: -// - WEBAUTHN_RP_ENTITY_INFORMATION : 1 -// - WEBAUTHN_USER_ENTITY_INFORMATION : 1 -// - WEBAUTHN_CLIENT_DATA : 1 -// - WEBAUTHN_COSE_CREDENTIAL_PARAMETER : 1 -// - WEBAUTHN_COSE_CREDENTIAL_PARAMETERS : Not Applicable -// - WEBAUTHN_CREDENTIAL : 1 -// - WEBAUTHN_CREDENTIALS : Not Applicable -// - WEBAUTHN_CREDENTIAL_EX : 1 -// - WEBAUTHN_CREDENTIAL_LIST : Not Applicable -// - WEBAUTHN_EXTENSION : Not Applicable -// - WEBAUTHN_EXTENSIONS : Not Applicable -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 3 -// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 4 -// - WEBAUTHN_COMMON_ATTESTATION : 1 -// - WEBAUTHN_CREDENTIAL_ATTESTATION : 3 -// - WEBAUTHN_ASSERTION : 1 -// Extensions: -// - WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET -// APIs: -// - WebAuthNGetApiVersionNumber -// - WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable -// - WebAuthNAuthenticatorMakeCredential -// - WebAuthNAuthenticatorGetAssertion -// - WebAuthNFreeCredentialAttestation -// - WebAuthNFreeAssertion -// - WebAuthNGetCancellationId -// - WebAuthNCancelCurrentOperation -// - WebAuthNGetErrorName -// - WebAuthNGetW3CExceptionDOMError -// Transports: -// - WEBAUTHN_CTAP_TRANSPORT_USB -// - WEBAUTHN_CTAP_TRANSPORT_NFC -// - WEBAUTHN_CTAP_TRANSPORT_BLE -// - WEBAUTHN_CTAP_TRANSPORT_INTERNAL - -#define WEBAUTHN_API_VERSION_2 2 -// WEBAUTHN_API_VERSION_2 : Delta From WEBAUTHN_API_VERSION_1 -// Added Extensions: -// - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT -// - -#define WEBAUTHN_API_VERSION_3 3 -// WEBAUTHN_API_VERSION_3 : Delta From WEBAUTHN_API_VERSION_2 -// Data Structures and their sub versions: -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 4 -// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 5 -// - WEBAUTHN_CREDENTIAL_ATTESTATION : 4 -// - WEBAUTHN_ASSERTION : 2 -// Added Extensions: -// - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB -// - WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH -// - -#define WEBAUTHN_API_VERSION_4 4 -// WEBAUTHN_API_VERSION_4 : Delta From WEBAUTHN_API_VERSION_3 -// Data Structures and their sub versions: -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 5 -// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 6 -// - WEBAUTHN_ASSERTION : 3 -// - WEBAUTHN_GET_CREDENTIALS_OPTIONS : 1 -// - WEBAUTHN_CREDENTIAL_DETAILS : 1 -// APIs: -// - WebAuthNGetPlatformCredentialList -// - WebAuthNFreePlatformCredentialList -// - WebAuthNDeletePlatformCredential -// - -#define WEBAUTHN_API_VERSION_5 5 -// WEBAUTHN_API_VERSION_5 : Delta From WEBAUTHN_API_VERSION_4 -// Data Structures and their sub versions: -// - WEBAUTHN_CREDENTIAL_DETAILS : 2 -// Extension Changes: -// - Enabled LARGE_BLOB Support -// - -#define WEBAUTHN_API_VERSION_6 6 -// WEBAUTHN_API_VERSION_6 : Delta From WEBAUTHN_API_VERSION_5 -// Data Structures and their sub versions: -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 6 -// - WEBAUTHN_CREDENTIAL_ATTESTATION : 5 -// - WEBAUTHN_ASSERTION : 4 -// Transports: -// - WEBAUTHN_CTAP_TRANSPORT_HYBRID - -#define WEBAUTHN_API_VERSION_7 7 -// WEBAUTHN_API_VERSION_7 : Delta From WEBAUTHN_API_VERSION_6 -// Data Structures and their sub versions: -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 7 -// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 7 -// - WEBAUTHN_CREDENTIAL_ATTESTATION : 6 -// - WEBAUTHN_ASSERTION : 5 - -#define WEBAUTHN_API_VERSION_8 8 -// WEBAUTHN_API_VERSION_8 : Delta From WEBAUTHN_API_VERSION_7 -// Data Structures and their sub versions: -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 8 -// - WEBAUTHN_CREDENTIAL_DETAILS : 3 -// - WEBAUTHN_CREDENTIAL_ATTESTATION : 7 -// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 8 -// - -#define WEBAUTHN_API_VERSION_9 9 -// WEBAUTHN_API_VERSION_9 : Delta From WEBAUTHN_API_VERSION_8 -// Data Structures and their sub versions: -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 9 -// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 9 -// - WEBAUTHN_ASSERTION : 6 -// - WEBAUTHN_CREDENTIAL_DETAILS : 4 -// - WEBAUTHN_CREDENTIAL_ATTESTATION : 8 -// - WEBAUTHN_AUTHENTICATOR_DETAILS : 1 -// - WEBAUTHN_AUTHENTICATOR_DETAILS_LIST : Not Applicable -// APIs: -// - WebAuthNGetAuthenticatorList -// - WebAuthNFreeAuthenticatorList - -#define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_9 - -//+------------------------------------------------------------------------------------------ -// Information about an RP Entity -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_RP_ENTITY_INFORMATION_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION { - // Version of this structure, to allow for modifications in the future. - // This field is required and should be set to CURRENT_VERSION above. - DWORD dwVersion; - - // Identifier for the RP. This field is required. - PCWSTR pwszId; - - // Contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site". - // This field is required. - PCWSTR pwszName; - - // Optional URL pointing to RP's logo. - PCWSTR pwszIcon; -} WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION; -typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION; - -//+------------------------------------------------------------------------------------------ -// Information about an User Entity -//------------------------------------------------------------------------------------------- -#define WEBAUTHN_MAX_USER_ID_LENGTH 64 - -#define WEBAUTHN_USER_ENTITY_INFORMATION_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_USER_ENTITY_INFORMATION { - // Version of this structure, to allow for modifications in the future. - // This field is required and should be set to CURRENT_VERSION above. - DWORD dwVersion; - - // Identifier for the User. This field is required. - DWORD cbId; - _Field_size_bytes_(cbId) - PBYTE pbId; - - // Contains a detailed name for this account, such as "john.p.smith@example.com". - PCWSTR pwszName; - - // Optional URL that can be used to retrieve an image containing the user's current avatar, - // or a data URI that contains the image data. - PCWSTR pwszIcon; - - // For User: Contains the friendly name associated with the user account by the Relying Party, such as "John P. Smith". - PCWSTR pwszDisplayName; -} WEBAUTHN_USER_ENTITY_INFORMATION, *PWEBAUTHN_USER_ENTITY_INFORMATION; -typedef const WEBAUTHN_USER_ENTITY_INFORMATION *PCWEBAUTHN_USER_ENTITY_INFORMATION; - -//+------------------------------------------------------------------------------------------ -// Information about client data. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_HASH_ALGORITHM_SHA_256 L"SHA-256" -#define WEBAUTHN_HASH_ALGORITHM_SHA_384 L"SHA-384" -#define WEBAUTHN_HASH_ALGORITHM_SHA_512 L"SHA-512" - -#define WEBAUTHN_CLIENT_DATA_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_CLIENT_DATA { - // Version of this structure, to allow for modifications in the future. - // This field is required and should be set to CURRENT_VERSION above. - DWORD dwVersion; - - // Size of the pbClientDataJSON field. - DWORD cbClientDataJSON; - // UTF-8 encoded JSON serialization of the client data. - _Field_size_bytes_(cbClientDataJSON) - PBYTE pbClientDataJSON; - - // Hash algorithm ID used to hash the pbClientDataJSON field. - LPCWSTR pwszHashAlgId; -} WEBAUTHN_CLIENT_DATA, *PWEBAUTHN_CLIENT_DATA; -typedef const WEBAUTHN_CLIENT_DATA *PCWEBAUTHN_CLIENT_DATA; - -//+------------------------------------------------------------------------------------------ -// Information about credential parameters. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY L"public-key" - -#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256 -7 -#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384 -35 -#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512 -36 - -#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256 -257 -#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384 -258 -#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512 -259 - -#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256 -37 -#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384 -38 -#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512 -39 - -#define WEBAUTHN_COSE_CREDENTIAL_PARAMETER_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETER { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Well-known credential type specifying a credential to create. - LPCWSTR pwszCredentialType; - - // Well-known COSE algorithm specifying the algorithm to use for the credential. - LONG lAlg; -} WEBAUTHN_COSE_CREDENTIAL_PARAMETER, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETER; -typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETER *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETER; - -typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETERS { - DWORD cCredentialParameters; - _Field_size_(cCredentialParameters) - PWEBAUTHN_COSE_CREDENTIAL_PARAMETER pCredentialParameters; -} WEBAUTHN_COSE_CREDENTIAL_PARAMETERS, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETERS; -typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS; - -//+------------------------------------------------------------------------------------------ -// Information about credential. -//------------------------------------------------------------------------------------------- -#define WEBAUTHN_CREDENTIAL_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_CREDENTIAL { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Size of pbID. - DWORD cbId; - // Unique ID for this particular credential. - _Field_size_bytes_(cbId) - PBYTE pbId; - - // Well-known credential type specifying what this particular credential is. - LPCWSTR pwszCredentialType; -} WEBAUTHN_CREDENTIAL, *PWEBAUTHN_CREDENTIAL; -typedef const WEBAUTHN_CREDENTIAL *PCWEBAUTHN_CREDENTIAL; - -typedef struct _WEBAUTHN_CREDENTIALS { - DWORD cCredentials; - _Field_size_(cCredentials) - PWEBAUTHN_CREDENTIAL pCredentials; -} WEBAUTHN_CREDENTIALS, *PWEBAUTHN_CREDENTIALS; -typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS; - -//+------------------------------------------------------------------------------------------ -// Information about credential with extra information, such as, dwTransports -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_CTAP_TRANSPORT_USB 0x00000001 -#define WEBAUTHN_CTAP_TRANSPORT_NFC 0x00000002 -#define WEBAUTHN_CTAP_TRANSPORT_BLE 0x00000004 -#define WEBAUTHN_CTAP_TRANSPORT_TEST 0x00000008 -#define WEBAUTHN_CTAP_TRANSPORT_INTERNAL 0x00000010 -#define WEBAUTHN_CTAP_TRANSPORT_HYBRID 0x00000020 -#define WEBAUTHN_CTAP_TRANSPORT_SMART_CARD 0x00000040 -#define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK 0x0000007F - -#define WEBAUTHN_CTAP_TRANSPORT_USB_STRING "usb" -#define WEBAUTHN_CTAP_TRANSPORT_NFC_STRING "nfc" -#define WEBAUTHN_CTAP_TRANSPORT_BLE_STRING "ble" -#define WEBAUTHN_CTAP_TRANSPORT_SMART_CARD_STRING "smart-card" -#define WEBAUTHN_CTAP_TRANSPORT_HYBRID_STRING "hybrid" -#define WEBAUTHN_CTAP_TRANSPORT_INTERNAL_STRING "internal" - -#define WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_CREDENTIAL_EX { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Size of pbID. - DWORD cbId; - // Unique ID for this particular credential. - _Field_size_bytes_(cbId) - PBYTE pbId; - - // Well-known credential type specifying what this particular credential is. - LPCWSTR pwszCredentialType; - - // Transports. 0 implies no transport restrictions. - DWORD dwTransports; -} WEBAUTHN_CREDENTIAL_EX, *PWEBAUTHN_CREDENTIAL_EX; -typedef const WEBAUTHN_CREDENTIAL_EX *PCWEBAUTHN_CREDENTIAL_EX; - -//+------------------------------------------------------------------------------------------ -// Information about credential list with extra information -//------------------------------------------------------------------------------------------- - -typedef struct _WEBAUTHN_CREDENTIAL_LIST { - DWORD cCredentials; - _Field_size_(cCredentials) - PWEBAUTHN_CREDENTIAL_EX *ppCredentials; -} WEBAUTHN_CREDENTIAL_LIST, *PWEBAUTHN_CREDENTIAL_LIST; -typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST; - -//+------------------------------------------------------------------------------------------ -// Information about linked devices -//------------------------------------------------------------------------------------------- - -#define CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_VERSION_1 1 -#define CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_CURRENT_VERSION CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_VERSION_1 - -// Deprecated -typedef struct _CTAPCBOR_HYBRID_STORAGE_LINKED_DATA -{ - // Version - DWORD dwVersion; - - // Contact Id - DWORD cbContactId; - _Field_size_bytes_(cbContactId) - PBYTE pbContactId; - - // Link Id - DWORD cbLinkId; - _Field_size_bytes_(cbLinkId) - PBYTE pbLinkId; - - // Link secret - DWORD cbLinkSecret; - _Field_size_bytes_(cbLinkSecret) - PBYTE pbLinkSecret; - - // Authenticator Public Key - DWORD cbPublicKey; - _Field_size_bytes_(cbPublicKey) - PBYTE pbPublicKey; - - // Authenticator Name - PCWSTR pwszAuthenticatorName; - - // Tunnel server domain - WORD wEncodedTunnelServerDomain; -} CTAPCBOR_HYBRID_STORAGE_LINKED_DATA, *PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA; -typedef const CTAPCBOR_HYBRID_STORAGE_LINKED_DATA *PCCTAPCBOR_HYBRID_STORAGE_LINKED_DATA; - -//+------------------------------------------------------------------------------------------ -// Authenticator Information for WebAuthNGetAuthenticatorList API -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS_VERSION_1 1 -#define WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS_VERSION_1 - -typedef struct _WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - -} WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS; -typedef const WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS; - -#define WEBAUTHN_AUTHENTICATOR_DETAILS_VERSION_1 1 -#define WEBAUTHN_AUTHENTICATOR_DETAILS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_DETAILS_VERSION_1 - -typedef struct _WEBAUTHN_AUTHENTICATOR_DETAILS { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Authenticator ID - DWORD cbAuthenticatorId; - _Field_size_bytes_(cbAuthenticatorId) - PBYTE pbAuthenticatorId; - - // Authenticator Name - PCWSTR pwszAuthenticatorName; - - // Authenticator logo (expected to be in SVG format) - DWORD cbAuthenticatorLogo; - _Field_size_bytes_(cbAuthenticatorLogo) - PBYTE pbAuthenticatorLogo; - - // Is the authenticator currently locked? When locked, this authenticator's credentials - // might not be present or updated in WebAuthNGetPlatformCredentialList. - BOOL bLocked; - -} WEBAUTHN_AUTHENTICATOR_DETAILS, *PWEBAUTHN_AUTHENTICATOR_DETAILS; -typedef const WEBAUTHN_AUTHENTICATOR_DETAILS *PCWEBAUTHN_AUTHENTICATOR_DETAILS; - -typedef struct _WEBAUTHN_AUTHENTICATOR_DETAILS_LIST { - // Authenticator Details - DWORD cAuthenticatorDetails; - _Field_size_(cAuthenticatorDetails) - PWEBAUTHN_AUTHENTICATOR_DETAILS *ppAuthenticatorDetails; - -} WEBAUTHN_AUTHENTICATOR_DETAILS_LIST, *PWEBAUTHN_AUTHENTICATOR_DETAILS_LIST; -typedef const WEBAUTHN_AUTHENTICATOR_DETAILS_LIST *PCWEBAUTHN_AUTHENTICATOR_DETAILS_LIST; - -//+------------------------------------------------------------------------------------------ -// Credential Information for WebAuthNGetPlatformCredentialList API -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_1 1 -#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2 2 -#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_3 3 -#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_4 4 -#define WEBAUTHN_CREDENTIAL_DETAILS_CURRENT_VERSION WEBAUTHN_CREDENTIAL_DETAILS_VERSION_4 - -typedef struct _WEBAUTHN_CREDENTIAL_DETAILS { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Size of pbCredentialID. - DWORD cbCredentialID; - _Field_size_bytes_(cbCredentialID) - PBYTE pbCredentialID; - - // RP Info - PWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation; - - // User Info - PWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation; - - // Removable or not. - BOOL bRemovable; - - // - // The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2 - // - - // Backed Up or not. - BOOL bBackedUp; - - // - // The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_3 - // - PCWSTR pwszAuthenticatorName; - - // The logo is expected to be in the svg format - DWORD cbAuthenticatorLogo; - _Field_size_bytes_(cbAuthenticatorLogo) - PBYTE pbAuthenticatorLogo; - - // ThirdPartyPayment Credential or not. - BOOL bThirdPartyPayment; - - // - // The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_4 - // - - // Applicable Transports - DWORD dwTransports; - -} WEBAUTHN_CREDENTIAL_DETAILS, *PWEBAUTHN_CREDENTIAL_DETAILS; -typedef const WEBAUTHN_CREDENTIAL_DETAILS *PCWEBAUTHN_CREDENTIAL_DETAILS; - -typedef struct _WEBAUTHN_CREDENTIAL_DETAILS_LIST { - DWORD cCredentialDetails; - _Field_size_(cCredentialDetails) - PWEBAUTHN_CREDENTIAL_DETAILS *ppCredentialDetails; -} WEBAUTHN_CREDENTIAL_DETAILS_LIST, *PWEBAUTHN_CREDENTIAL_DETAILS_LIST; -typedef const WEBAUTHN_CREDENTIAL_DETAILS_LIST *PCWEBAUTHN_CREDENTIAL_DETAILS_LIST; - -#define WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1 1 -#define WEBAUTHN_GET_CREDENTIALS_OPTIONS_CURRENT_VERSION WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1 - -typedef struct _WEBAUTHN_GET_CREDENTIALS_OPTIONS { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Optional. - LPCWSTR pwszRpId; - - // Optional. BrowserInPrivate Mode. Defaulting to FALSE. - BOOL bBrowserInPrivateMode; -} WEBAUTHN_GET_CREDENTIALS_OPTIONS, *PWEBAUTHN_GET_CREDENTIALS_OPTIONS; -typedef const WEBAUTHN_GET_CREDENTIALS_OPTIONS *PCWEBAUTHN_GET_CREDENTIALS_OPTIONS; - -//+------------------------------------------------------------------------------------------ -// PRF values. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH 32 - -// SALT values below by default are converted into RAW Hmac-Secret values as per PRF extension. -// - SHA-256(UTF8Encode("WebAuthn PRF") || 0x00 || Value) -// -// Set WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG in dwFlags in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, -// if caller wants to provide RAW Hmac-Secret SALT values directly. In that case, -// values if provided MUST be of WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH size. - -typedef struct _WEBAUTHN_HMAC_SECRET_SALT { - // Size of pbFirst. - DWORD cbFirst; - _Field_size_bytes_(cbFirst) - PBYTE pbFirst; // Required - - // Size of pbSecond. - DWORD cbSecond; - _Field_size_bytes_(cbSecond) - PBYTE pbSecond; -} WEBAUTHN_HMAC_SECRET_SALT, *PWEBAUTHN_HMAC_SECRET_SALT; -typedef const WEBAUTHN_HMAC_SECRET_SALT *PCWEBAUTHN_HMAC_SECRET_SALT; - -typedef struct _WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT { - // Size of pbCredID. - DWORD cbCredID; - _Field_size_bytes_(cbCredID) - PBYTE pbCredID; // Required - - // PRF Values for above credential - PWEBAUTHN_HMAC_SECRET_SALT pHmacSecretSalt; // Required -} WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT, *PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT; -typedef const WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT *PCWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT; - -typedef struct _WEBAUTHN_HMAC_SECRET_SALT_VALUES { - PWEBAUTHN_HMAC_SECRET_SALT pGlobalHmacSalt; - - DWORD cCredWithHmacSecretSaltList; - _Field_size_(cCredWithHmacSecretSaltList) - PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT pCredWithHmacSecretSaltList; -} WEBAUTHN_HMAC_SECRET_SALT_VALUES, *PWEBAUTHN_HMAC_SECRET_SALT_VALUES; -typedef const WEBAUTHN_HMAC_SECRET_SALT_VALUES *PCWEBAUTHN_HMAC_SECRET_SALT_VALUES; - -//+------------------------------------------------------------------------------------------ -// Hmac-Secret extension -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET L"hmac-secret" -// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET -// MakeCredential Input Type: BOOL. -// - pvExtension must point to a BOOL with the value TRUE. -// - cbExtension must contain the sizeof(BOOL). -// MakeCredential Output Type: BOOL. -// - pvExtension will point to a BOOL with the value TRUE if credential -// was successfully created with HMAC_SECRET. -// - cbExtension will contain the sizeof(BOOL). -// GetAssertion Input Type: Not Supported -// GetAssertion Output Type: Not Supported - -//+------------------------------------------------------------------------------------------ -// credProtect extension -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_USER_VERIFICATION_ANY 0 -#define WEBAUTHN_USER_VERIFICATION_OPTIONAL 1 -#define WEBAUTHN_USER_VERIFICATION_OPTIONAL_WITH_CREDENTIAL_ID_LIST 2 -#define WEBAUTHN_USER_VERIFICATION_REQUIRED 3 - -typedef struct _WEBAUTHN_CRED_PROTECT_EXTENSION_IN { - // One of the above WEBAUTHN_USER_VERIFICATION_* values - DWORD dwCredProtect; - // Set the following to TRUE to require authenticator support for the credProtect extension - BOOL bRequireCredProtect; -} WEBAUTHN_CRED_PROTECT_EXTENSION_IN, *PWEBAUTHN_CRED_PROTECT_EXTENSION_IN; -typedef const WEBAUTHN_CRED_PROTECT_EXTENSION_IN *PCWEBAUTHN_CRED_PROTECT_EXTENSION_IN; - - -#define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT L"credProtect" -// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT -// MakeCredential Input Type: WEBAUTHN_CRED_PROTECT_EXTENSION_IN. -// - pvExtension must point to a WEBAUTHN_CRED_PROTECT_EXTENSION_IN struct -// - cbExtension will contain the sizeof(WEBAUTHN_CRED_PROTECT_EXTENSION_IN). -// MakeCredential Output Type: DWORD. -// - pvExtension will point to a DWORD with one of the above WEBAUTHN_USER_VERIFICATION_* values -// if credential was successfully created with CRED_PROTECT. -// - cbExtension will contain the sizeof(DWORD). -// GetAssertion Input Type: Not Supported -// GetAssertion Output Type: Not Supported - -//+------------------------------------------------------------------------------------------ -// credBlob extension -//------------------------------------------------------------------------------------------- - -typedef struct _WEBAUTHN_CRED_BLOB_EXTENSION { - // Size of pbCredBlob. - DWORD cbCredBlob; - _Field_size_bytes_(cbCredBlob) - PBYTE pbCredBlob; -} WEBAUTHN_CRED_BLOB_EXTENSION, *PWEBAUTHN_CRED_BLOB_EXTENSION; -typedef const WEBAUTHN_CRED_BLOB_EXTENSION *PCWEBAUTHN_CRED_BLOB_EXTENSION; - - -#define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB L"credBlob" -// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB -// MakeCredential Input Type: WEBAUTHN_CRED_BLOB_EXTENSION. -// - pvExtension must point to a WEBAUTHN_CRED_BLOB_EXTENSION struct -// - cbExtension must contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION). -// MakeCredential Output Type: BOOL. -// - pvExtension will point to a BOOL with the value TRUE if credBlob was successfully created -// - cbExtension will contain the sizeof(BOOL). -// GetAssertion Input Type: BOOL. -// - pvExtension must point to a BOOL with the value TRUE to request the credBlob. -// - cbExtension must contain the sizeof(BOOL). -// GetAssertion Output Type: WEBAUTHN_CRED_BLOB_EXTENSION. -// - pvExtension will point to a WEBAUTHN_CRED_BLOB_EXTENSION struct if the authenticator -// returns the credBlob in the signed extensions -// - cbExtension will contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION). - -//+------------------------------------------------------------------------------------------ -// minPinLength extension -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH L"minPinLength" -// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH -// MakeCredential Input Type: BOOL. -// - pvExtension must point to a BOOL with the value TRUE to request the minPinLength. -// - cbExtension must contain the sizeof(BOOL). -// MakeCredential Output Type: DWORD. -// - pvExtension will point to a DWORD with the minimum pin length if returned by the authenticator -// - cbExtension will contain the sizeof(DWORD). -// GetAssertion Input Type: Not Supported -// GetAssertion Output Type: Not Supported - -//+------------------------------------------------------------------------------------------ -// Information about Extensions. -//------------------------------------------------------------------------------------------- -typedef struct _WEBAUTHN_EXTENSION { - LPCWSTR pwszExtensionIdentifier; - DWORD cbExtension; - PVOID pvExtension; -} WEBAUTHN_EXTENSION, *PWEBAUTHN_EXTENSION; -typedef const WEBAUTHN_EXTENSION *PCWEBAUTHN_EXTENSION; - -typedef struct _WEBAUTHN_EXTENSIONS { - DWORD cExtensions; - _Field_size_(cExtensions) - PWEBAUTHN_EXTENSION pExtensions; -} WEBAUTHN_EXTENSIONS, *PWEBAUTHN_EXTENSIONS; -typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS; - -//+------------------------------------------------------------------------------------------ -// Options. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY 0 -#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM 1 -#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM 2 -#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2 3 - -#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY 0 -#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED 1 -#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED 2 -#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED 3 - -#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ANY 0 -#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE 1 -#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT 2 -#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT 3 - -#define WEBAUTHN_ENTERPRISE_ATTESTATION_NONE 0 -#define WEBAUTHN_ENTERPRISE_ATTESTATION_VENDOR_FACILITATED 1 -#define WEBAUTHN_ENTERPRISE_ATTESTATION_PLATFORM_MANAGED 2 - -#define WEBAUTHN_LARGE_BLOB_SUPPORT_NONE 0 -#define WEBAUTHN_LARGE_BLOB_SUPPORT_REQUIRED 1 -#define WEBAUTHN_LARGE_BLOB_SUPPORT_PREFERRED 2 - -#define WEBAUTHN_CREDENTIAL_HINT_SECURITY_KEY L"security-key" -#define WEBAUTHN_CREDENTIAL_HINT_CLIENT_DEVICE L"client-device" -#define WEBAUTHN_CREDENTIAL_HINT_HYBRID L"hybrid" - -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1 1 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 2 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 3 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 4 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 5 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6 6 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7 7 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_8 8 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_9 9 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_9 - -typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Time that the operation is expected to complete within. - // This is used as guidance, and can be overridden by the platform. - DWORD dwTimeoutMilliseconds; - - // Credentials used for exclusion. - WEBAUTHN_CREDENTIALS CredentialList; - - // Optional extensions to parse when performing the operation. - WEBAUTHN_EXTENSIONS Extensions; - - // Optional. Platform vs Cross-Platform Authenticators. - DWORD dwAuthenticatorAttachment; - - // Optional. Require key to be resident or not. Defaulting to FALSE. - BOOL bRequireResidentKey; - - // User Verification Requirement. - DWORD dwUserVerificationRequirement; - - // Attestation Conveyance Preference. - DWORD dwAttestationConveyancePreference; - - // Reserved for future Use - DWORD dwFlags; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 - // - - // Cancellation Id - Optional - See WebAuthNGetCancellationId - GUID *pCancellationId; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 - // - - // Exclude Credential List. If present, "CredentialList" will be ignored. - PWEBAUTHN_CREDENTIAL_LIST pExcludeCredentialList; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 - // - - // Enterprise Attestation - DWORD dwEnterpriseAttestation; - - // Large Blob Support: none, required or preferred - // - // NTE_INVALID_PARAMETER when large blob required or preferred and - // bRequireResidentKey isn't set to TRUE - DWORD dwLargeBlobSupport; - - // Optional. Prefer key to be resident. Defaulting to FALSE. When TRUE, - // overrides the above bRequireResidentKey. - BOOL bPreferResidentKey; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 - // - - // Optional. BrowserInPrivate Mode. Defaulting to FALSE. - BOOL bBrowserInPrivateMode; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6 - // - - // Enable PRF - BOOL bEnablePrf; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7 - // - - // Deprecated - // Optional. Linked Device Connection Info. - PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA pLinkedDevice; - - // Size of pbJsonExt - DWORD cbJsonExt; - _Field_size_bytes_(cbJsonExt) - PBYTE pbJsonExt; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_8 - // - - // PRF extension "eval" values which will be converted into HMAC-SECRET values according to WebAuthn Spec. - // Set WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG in dwFlags above, if caller wants to provide RAW Hmac-Secret SALT values directly. - // In that case, values provided MUST be of WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH size. - PWEBAUTHN_HMAC_SECRET_SALT pPRFGlobalEval; - - // PublicKeyCredentialHints (https://w3c.github.io/webauthn/#enum-hints) - DWORD cCredentialHints; - _Field_size_(cCredentialHints) - LPCWSTR *ppwszCredentialHints; - - // Enable ThirdPartyPayment - BOOL bThirdPartyPayment; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_9 - // - - // Web Origin. For Remote Web App scenario. - PCWSTR pwszRemoteWebOrigin; - - // UTF-8 encoded JSON serialization of the PublicKeyCredentialCreationOptions. - DWORD cbPublicKeyCredentialCreationOptionsJSON; - _Field_size_bytes_(cbPublicKeyCredentialCreationOptionsJSON) - PBYTE pbPublicKeyCredentialCreationOptionsJSON; - - // Authenticator ID got from WebAuthNGetAuthenticatorList API. - DWORD cbAuthenticatorId; - _Field_size_bytes_(cbAuthenticatorId) - PBYTE pbAuthenticatorId; - -} WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS; -typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS; - -#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_NONE 0 -#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_GET 1 -#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_SET 2 -#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_DELETE 3 - -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_1 1 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 2 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 3 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 4 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 5 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 6 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7 7 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_8 8 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_9 9 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_9 - -/* - Information about flags. -*/ - -#define WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG 0x00100000 - -typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Time that the operation is expected to complete within. - // This is used as guidance, and can be overridden by the platform. - DWORD dwTimeoutMilliseconds; - - // Allowed Credentials List. - WEBAUTHN_CREDENTIALS CredentialList; - - // Optional extensions to parse when performing the operation. - WEBAUTHN_EXTENSIONS Extensions; - - // Optional. Platform vs Cross-Platform Authenticators. - DWORD dwAuthenticatorAttachment; - - // User Verification Requirement. - DWORD dwUserVerificationRequirement; - - // Flags - DWORD dwFlags; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 - // - - // Optional identifier for the U2F AppId. Converted to UTF8 before being hashed. Not lower cased. - PCWSTR pwszU2fAppId; - - // If the following is non-NULL, then, set to TRUE if the above pwszU2fAppid was used instead of - // PCWSTR pwszRpId; - BOOL *pbU2fAppId; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 - // - - // Cancellation Id - Optional - See WebAuthNGetCancellationId - GUID *pCancellationId; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 - // - - // Allow Credential List. If present, "CredentialList" will be ignored. - PWEBAUTHN_CREDENTIAL_LIST pAllowCredentialList; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 - // - - DWORD dwCredLargeBlobOperation; - - // Size of pbCredLargeBlob - DWORD cbCredLargeBlob; - _Field_size_bytes_(cbCredLargeBlob) - PBYTE pbCredLargeBlob; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 - // - - // PRF values which will be converted into HMAC-SECRET values according to WebAuthn Spec. - PWEBAUTHN_HMAC_SECRET_SALT_VALUES pHmacSecretSaltValues; - - // Optional. BrowserInPrivate Mode. Defaulting to FALSE. - BOOL bBrowserInPrivateMode; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7 - // - - // Deprecated - // Optional. Linked Device Connection Info. - PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA pLinkedDevice; - - // Optional. Allowlist MUST contain 1 credential applicable for Hybrid transport. - BOOL bAutoFill; - - // Size of pbJsonExt - DWORD cbJsonExt; - _Field_size_bytes_(cbJsonExt) - PBYTE pbJsonExt; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_8 - // - - // PublicKeyCredentialHints (https://w3c.github.io/webauthn/#enum-hints) - DWORD cCredentialHints; - _Field_size_(cCredentialHints) - LPCWSTR *ppwszCredentialHints; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_9 - // - - // Web Origin. For Remote Web App scenario. - PCWSTR pwszRemoteWebOrigin; - - // UTF-8 encoded JSON serialization of the PublicKeyCredentialRequestOptions. - DWORD cbPublicKeyCredentialRequestOptionsJSON; - _Field_size_bytes_(cbPublicKeyCredentialRequestOptionsJSON) - PBYTE pbPublicKeyCredentialRequestOptionsJSON; - - // Authenticator ID got from WebAuthNGetAuthenticatorList API. - DWORD cbAuthenticatorId; - _Field_size_bytes_(cbAuthenticatorId) - PBYTE pbAuthenticatorId; - -} WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS; -typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS; - - -//+------------------------------------------------------------------------------------------ -// Attestation Info. -// -//------------------------------------------------------------------------------------------- -#define WEBAUTHN_ATTESTATION_DECODE_NONE 0 -#define WEBAUTHN_ATTESTATION_DECODE_COMMON 1 -// WEBAUTHN_ATTESTATION_DECODE_COMMON supports format types -// L"packed" -// L"fido-u2f" - -#define WEBAUTHN_ATTESTATION_VER_TPM_2_0 L"2.0" - -typedef struct _WEBAUTHN_X5C { - // Length of X.509 encoded certificate - DWORD cbData; - // X.509 encoded certificate bytes - _Field_size_bytes_(cbData) - PBYTE pbData; -} WEBAUTHN_X5C, *PWEBAUTHN_X5C; - -// Supports either Self or Full Basic Attestation - -// Note, new fields will be added to the following data structure to -// support additional attestation format types, such as, TPM. -// When fields are added, the dwVersion will be incremented. -// -// Therefore, your code must make the following check: -// "if (dwVersion >= WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION)" - -#define WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_COMMON_ATTESTATION { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Hash and Padding Algorithm - // - // The following won't be set for "fido-u2f" which assumes "ES256". - PCWSTR pwszAlg; - LONG lAlg; // COSE algorithm - - // Signature that was generated for this attestation. - DWORD cbSignature; - _Field_size_bytes_(cbSignature) - PBYTE pbSignature; - - // Following is set for Full Basic Attestation. If not, set then, this is Self Attestation. - // Array of X.509 DER encoded certificates. The first certificate is the signer, leaf certificate. - DWORD cX5c; - _Field_size_(cX5c) - PWEBAUTHN_X5C pX5c; - - // Following are also set for tpm - PCWSTR pwszVer; // L"2.0" - DWORD cbCertInfo; - _Field_size_bytes_(cbCertInfo) - PBYTE pbCertInfo; - DWORD cbPubArea; - _Field_size_bytes_(cbPubArea) - PBYTE pbPubArea; -} WEBAUTHN_COMMON_ATTESTATION, *PWEBAUTHN_COMMON_ATTESTATION; -typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION; - -#define WEBAUTHN_ATTESTATION_TYPE_PACKED L"packed" -#define WEBAUTHN_ATTESTATION_TYPE_U2F L"fido-u2f" -#define WEBAUTHN_ATTESTATION_TYPE_TPM L"tpm" -#define WEBAUTHN_ATTESTATION_TYPE_NONE L"none" - -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_1 1 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 2 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 3 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 4 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 5 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6 6 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_7 7 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_8 8 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_8 - -typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Attestation format type - PCWSTR pwszFormatType; - - // Size of cbAuthenticatorData. - DWORD cbAuthenticatorData; - // Authenticator data that was created for this credential. - _Field_size_bytes_(cbAuthenticatorData) - PBYTE pbAuthenticatorData; - - // Size of CBOR encoded attestation information - //0 => encoded as CBOR null value. - DWORD cbAttestation; - //Encoded CBOR attestation information - _Field_size_bytes_(cbAttestation) - PBYTE pbAttestation; - - DWORD dwAttestationDecodeType; - // Following depends on the dwAttestationDecodeType - // WEBAUTHN_ATTESTATION_DECODE_NONE - // NULL - not able to decode the CBOR attestation information - // WEBAUTHN_ATTESTATION_DECODE_COMMON - // PWEBAUTHN_COMMON_ATTESTATION; - PVOID pvAttestationDecode; - - // The CBOR encoded Attestation Object to be returned to the RP. - DWORD cbAttestationObject; - _Field_size_bytes_(cbAttestationObject) - PBYTE pbAttestationObject; - - // The CredentialId bytes extracted from the Authenticator Data. - // Used by Edge to return to the RP. - DWORD cbCredentialId; - _Field_size_bytes_(cbCredentialId) - PBYTE pbCredentialId; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 - // - - WEBAUTHN_EXTENSIONS Extensions; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 - // - - // One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to - // the transport that was used. - DWORD dwUsedTransport; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 - // - - BOOL bEpAtt; - BOOL bLargeBlobSupported; - BOOL bResidentKey; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 - // - - BOOL bPrfEnabled; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6 - // - - DWORD cbUnsignedExtensionOutputs; - _Field_size_bytes_(cbUnsignedExtensionOutputs) - PBYTE pbUnsignedExtensionOutputs; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_7 - // - - PWEBAUTHN_HMAC_SECRET_SALT pHmacSecret; - - // ThirdPartyPayment Credential or not. - BOOL bThirdPartyPayment; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_8 - // - - // Multiple WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to - // the transports that are supported. - DWORD dwTransports; - - // UTF-8 encoded JSON serialization of the client data. - DWORD cbClientDataJSON; - _Field_size_bytes_(cbClientDataJSON) - PBYTE pbClientDataJSON; - - // UTF-8 encoded JSON serialization of the RegistrationResponse. - DWORD cbRegistrationResponseJSON; - _Field_size_bytes_(cbRegistrationResponseJSON) - PBYTE pbRegistrationResponseJSON; - -} WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION; -typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION; - - -//+------------------------------------------------------------------------------------------ -// authenticatorGetAssertion output. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NONE 0 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_SUCCESS 1 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_SUPPORTED 2 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_DATA 3 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_PARAMETER 4 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_FOUND 5 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_MULTIPLE_CREDENTIALS 6 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_LACK_OF_SPACE 7 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_PLATFORM_ERROR 8 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_AUTHENTICATOR_ERROR 9 - -#define WEBAUTHN_ASSERTION_VERSION_1 1 -#define WEBAUTHN_ASSERTION_VERSION_2 2 -#define WEBAUTHN_ASSERTION_VERSION_3 3 -#define WEBAUTHN_ASSERTION_VERSION_4 4 -#define WEBAUTHN_ASSERTION_VERSION_5 5 -#define WEBAUTHN_ASSERTION_VERSION_6 6 -#define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_6 - -typedef struct _WEBAUTHN_ASSERTION { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Size of cbAuthenticatorData. - DWORD cbAuthenticatorData; - // Authenticator data that was created for this assertion. - _Field_size_bytes_(cbAuthenticatorData) - PBYTE pbAuthenticatorData; - - // Size of pbSignature. - DWORD cbSignature; - // Signature that was generated for this assertion. - _Field_size_bytes_(cbSignature) - PBYTE pbSignature; - - // Credential that was used for this assertion. - WEBAUTHN_CREDENTIAL Credential; - - // Size of User Id - DWORD cbUserId; - // UserId - _Field_size_bytes_(cbUserId) - PBYTE pbUserId; - - // - // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_2 - // - - WEBAUTHN_EXTENSIONS Extensions; - - // Size of pbCredLargeBlob - DWORD cbCredLargeBlob; - _Field_size_bytes_(cbCredLargeBlob) - PBYTE pbCredLargeBlob; - - DWORD dwCredLargeBlobStatus; - - // - // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_3 - // - - PWEBAUTHN_HMAC_SECRET_SALT pHmacSecret; - - // - // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_4 - // - - // One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to - // the transport that was used. - DWORD dwUsedTransport; - - // - // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_5 - // - - DWORD cbUnsignedExtensionOutputs; - _Field_size_bytes_(cbUnsignedExtensionOutputs) - PBYTE pbUnsignedExtensionOutputs; - - // - // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_6 - // - - // UTF-8 encoded JSON serialization of the client data. - DWORD cbClientDataJSON; - _Field_size_bytes_(cbClientDataJSON) - PBYTE pbClientDataJSON; - - // UTF-8 encoded JSON serialization of the AuthenticationResponse. - DWORD cbAuthenticationResponseJSON; - _Field_size_bytes_(cbAuthenticationResponseJSON) - PBYTE pbAuthenticationResponseJSON; - -} WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION; -typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION; - -//+------------------------------------------------------------------------------------------ -// APIs. -//------------------------------------------------------------------------------------------- - -DWORD -WINAPI -WebAuthNGetApiVersionNumber(); - -HRESULT -WINAPI -WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable( - _Out_ BOOL *pbIsUserVerifyingPlatformAuthenticatorAvailable); - - -HRESULT -WINAPI -WebAuthNAuthenticatorMakeCredential( - _In_ HWND hWnd, - _In_ PCWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation, - _In_ PCWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation, - _In_ PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS pPubKeyCredParams, - _In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, - _In_opt_ PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS pWebAuthNMakeCredentialOptions, - _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_ATTESTATION *ppWebAuthNCredentialAttestation); - - -HRESULT -WINAPI -WebAuthNAuthenticatorGetAssertion( - _In_ HWND hWnd, - _In_ LPCWSTR pwszRpId, - _In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, - _In_opt_ PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS pWebAuthNGetAssertionOptions, - _Outptr_result_maybenull_ PWEBAUTHN_ASSERTION *ppWebAuthNAssertion); - -void -WINAPI -WebAuthNFreeCredentialAttestation( - _In_opt_ PWEBAUTHN_CREDENTIAL_ATTESTATION pWebAuthNCredentialAttestation); - -void -WINAPI -WebAuthNFreeAssertion( - _In_ PWEBAUTHN_ASSERTION pWebAuthNAssertion); - -HRESULT -WINAPI -WebAuthNGetCancellationId( - _Out_ GUID* pCancellationId); - -HRESULT -WINAPI -WebAuthNCancelCurrentOperation( - _In_ const GUID* pCancellationId); - -// Returns NTE_NOT_FOUND when credentials are not found. -HRESULT -WINAPI -WebAuthNGetPlatformCredentialList( - _In_ PCWEBAUTHN_GET_CREDENTIALS_OPTIONS pGetCredentialsOptions, - _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST *ppCredentialDetailsList); - -void -WINAPI -WebAuthNFreePlatformCredentialList( - _In_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST pCredentialDetailsList); - -HRESULT -WINAPI -WebAuthNDeletePlatformCredential( - _In_ DWORD cbCredentialId, - _In_reads_bytes_(cbCredentialId) const BYTE *pbCredentialId - ); - -// Returns NTE_NOT_FOUND when authenticator details are not found. -HRESULT -WINAPI -WebAuthNGetAuthenticatorList( - _In_opt_ PCWEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS pWebAuthNGetAuthenticatorListOptions, - _Outptr_result_maybenull_ PWEBAUTHN_AUTHENTICATOR_DETAILS_LIST* ppAuthenticatorDetailsList); - -void -WINAPI -WebAuthNFreeAuthenticatorList( - _In_ PWEBAUTHN_AUTHENTICATOR_DETAILS_LIST pAuthenticatorDetailsList); - -// -// Returns the following Error Names: -// L"Success" - S_OK -// L"InvalidStateError" - NTE_EXISTS -// L"ConstraintError" - HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED), -// NTE_NOT_SUPPORTED, -// NTE_TOKEN_KEYSET_STORAGE_FULL -// L"NotSupportedError" - NTE_INVALID_PARAMETER -// L"NotAllowedError" - NTE_DEVICE_NOT_FOUND, -// NTE_NOT_FOUND, -// HRESULT_FROM_WIN32(ERROR_CANCELLED), -// NTE_USER_CANCELLED, -// HRESULT_FROM_WIN32(ERROR_TIMEOUT) -// L"UnknownError" - All other hr values -// -PCWSTR -WINAPI -WebAuthNGetErrorName( - _In_ HRESULT hr); - -HRESULT -WINAPI -WebAuthNGetW3CExceptionDOMError( - _In_ HRESULT hr); - - -#ifdef __cplusplus -} // Balance extern "C" above -#endif - -#endif // WINAPI_FAMILY_PARTITION -#pragma endregion - -#endif // __WEBAUTHN_H_ diff --git a/apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/webauthnplugin.h b/apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/webauthnplugin.h deleted file mode 100644 index bffd2049187..00000000000 --- a/apps/desktop/desktop_native/windows_plugin_authenticator/include/stable/webauthnplugin.h +++ /dev/null @@ -1,588 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -#pragma once - -#include - -#pragma region Desktop Family or OneCore Family -#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM) - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef WINAPI -#define WINAPI __stdcall -#endif - -#ifndef INITGUID -#define INITGUID -#include -#undef INITGUID -#else -#include -#endif - -//+------------------------------------------------------------------------------------------ -// APIs. -//------------------------------------------------------------------------------------------- - -typedef enum _PLUGIN_AUTHENTICATOR_STATE -{ - AuthenticatorState_Disabled = 0, - AuthenticatorState_Enabled -} AUTHENTICATOR_STATE; - -HRESULT -WINAPI -WebAuthNPluginGetAuthenticatorState( - _In_ REFCLSID rclsid, - _Out_ AUTHENTICATOR_STATE* pluginAuthenticatorState -); - -// -// Plugin Authenticator API: WebAuthNAddPluginAuthenticator: Add Plugin Authenticator -// - -typedef struct _WEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_OPTIONS { - // Authenticator Name - LPCWSTR pwszAuthenticatorName; - - // Plugin COM ClsId - REFCLSID rclsid; - - // Plugin RPID (Optional. Required for a nested WebAuthN call originating from a plugin) - LPCWSTR pwszPluginRpId; - - // Plugin Authenticator Logo for the Light themes. base64 encoded SVG 1.1 (Optional) - LPCWSTR pwszLightThemeLogoSvg; - - // Plugin Authenticator Logo for the Dark themes. base64 encoded SVG 1.1 (Optional) - LPCWSTR pwszDarkThemeLogoSvg; - - // CTAP CBOR encoded authenticatorGetInfo - DWORD cbAuthenticatorInfo; - _Field_size_bytes_(cbAuthenticatorInfo) - const BYTE* pbAuthenticatorInfo; - - // List of supported RP IDs (Relying Party IDs). Should be 0/nullptr if all RPs are supported. - DWORD cSupportedRpIds; - const LPCWSTR* ppwszSupportedRpIds; - -} WEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_OPTIONS, *PWEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_OPTIONS; -typedef const WEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_OPTIONS *PCWEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_OPTIONS; - -typedef struct _WEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE { - // Plugin operation signing Public Key - Used to sign the request in PCWEBAUTHN_PLUGIN_OPERATION_REQUEST. Refer pluginauthenticator.h. - DWORD cbOpSignPubKey; - _Field_size_bytes_(cbOpSignPubKey) - PBYTE pbOpSignPubKey; - -} WEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE, *PWEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE; -typedef const WEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE *PCWEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE; - -HRESULT -WINAPI -WebAuthNPluginAddAuthenticator( - _In_ PCWEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_OPTIONS pPluginAddAuthenticatorOptions, - _Outptr_result_maybenull_ PWEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE* ppPluginAddAuthenticatorResponse); - -void -WINAPI -WebAuthNPluginFreeAddAuthenticatorResponse( - _In_opt_ PWEBAUTHN_PLUGIN_ADD_AUTHENTICATOR_RESPONSE pPluginAddAuthenticatorResponse); - -// -// Plugin Authenticator API: WebAuthNRemovePluginAuthenticator: Remove Plugin Authenticator -// - -HRESULT -WINAPI -WebAuthNPluginRemoveAuthenticator( - _In_ REFCLSID rclsid); - -// -// Plugin Authenticator API: WebAuthNPluginAuthenticatorUpdateDetails: Update Credential Metadata for Browser AutoFill Scenarios -// - -typedef struct _WEBAUTHN_PLUGIN_UPDATE_AUTHENTICATOR_DETAILS { - // Authenticator Name (Optional) - LPCWSTR pwszAuthenticatorName; - - // Plugin COM ClsId - REFCLSID rclsid; - - // New Plugin COM ClsId (Optional) - REFCLSID rclsidNew; - - // Plugin Authenticator Logo for the Light themes. base64 encoded SVG 1.1 (Optional) - LPCWSTR pwszLightThemeLogoSvg; - - // Plugin Authenticator Logo for the Dark themes. base64 encoded SVG 1.1 (Optional) - LPCWSTR pwszDarkThemeLogoSvg; - - // CTAP CBOR encoded authenticatorGetInfo - DWORD cbAuthenticatorInfo; - _Field_size_bytes_(cbAuthenticatorInfo) - const BYTE* pbAuthenticatorInfo; - - // List of supported RP IDs (Relying Party IDs). Should be 0/nullptr if all RPs are supported. - DWORD cSupportedRpIds; - const LPCWSTR* ppwszSupportedRpIds; - -} WEBAUTHN_PLUGIN_UPDATE_AUTHENTICATOR_DETAILS, *PWEBAUTHN_PLUGIN_UPDATE_AUTHENTICATOR_DETAILS; -typedef const WEBAUTHN_PLUGIN_UPDATE_AUTHENTICATOR_DETAILS *PCWEBAUTHN_PLUGIN_UPDATE_AUTHENTICATOR_DETAILS; - -HRESULT -WINAPI -WebAuthNPluginUpdateAuthenticatorDetails( - _In_ PCWEBAUTHN_PLUGIN_UPDATE_AUTHENTICATOR_DETAILS pPluginUpdateAuthenticatorDetails); - -// -// Plugin Authenticator API: WebAuthNPluginAuthenticatorAddCredentials: Add Credential Metadata for Browser AutoFill Scenarios -// - -typedef struct _WEBAUTHN_PLUGIN_CREDENTIAL_DETAILS { - // Size of pbCredentialId. - DWORD cbCredentialId; - - // Credential Identifier bytes. This field is required. - _Field_size_bytes_(cbCredentialId) - const BYTE* pbCredentialId; - - // Identifier for the RP. This field is required. - LPCWSTR pwszRpId; - - // Contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site". - // This field is required. - LPCWSTR pwszRpName; - - // Identifier for the User. This field is required. - DWORD cbUserId; - - // User Identifier bytes. This field is required. - _Field_size_bytes_(cbUserId) - const BYTE* pbUserId; - - // Contains a detailed name for this account, such as "john.p.smith@example.com". - LPCWSTR pwszUserName; - - // For User: Contains the friendly name associated with the user account such as "John P. Smith". - LPCWSTR pwszUserDisplayName; - -} WEBAUTHN_PLUGIN_CREDENTIAL_DETAILS, *PWEBAUTHN_PLUGIN_CREDENTIAL_DETAILS; -typedef const WEBAUTHN_PLUGIN_CREDENTIAL_DETAILS *PCWEBAUTHN_PLUGIN_CREDENTIAL_DETAILS; - -HRESULT -WINAPI -WebAuthNPluginAuthenticatorAddCredentials( - _In_ REFCLSID rclsid, - _In_ DWORD cCredentialDetails, - _In_reads_(cCredentialDetails) PCWEBAUTHN_PLUGIN_CREDENTIAL_DETAILS pCredentialDetails); - -// -// Plugin Authenticator API: WebAuthNPluginAuthenticatorRemoveCredentials: Remove Credential Metadata for Browser AutoFill Scenarios -// - -HRESULT -WINAPI -WebAuthNPluginAuthenticatorRemoveCredentials( - _In_ REFCLSID rclsid, - _In_ DWORD cCredentialDetails, - _In_reads_(cCredentialDetails) PCWEBAUTHN_PLUGIN_CREDENTIAL_DETAILS pCredentialDetails); - -// -// Plugin Authenticator API: WebAuthNPluginAuthenticatorRemoveCredentials: Remove All Credential Metadata for Browser AutoFill Scenarios -// - -HRESULT -WINAPI -WebAuthNPluginAuthenticatorRemoveAllCredentials( - _In_ REFCLSID rclsid); - -// -// Plugin Authenticator API: WebAuthNPluginAuthenticatorGetAllCredentials: Get All Credential Metadata cached for Browser AutoFill Scenarios -// - -HRESULT -WINAPI -WebAuthNPluginAuthenticatorGetAllCredentials( - _In_ REFCLSID rclsid, - _Out_ DWORD* pcCredentialDetails, - _Outptr_result_buffer_maybenull_(*pcCredentialDetails) PWEBAUTHN_PLUGIN_CREDENTIAL_DETAILS* ppCredentialDetailsArray); - -// -// Plugin Authenticator API: WebAuthNPluginAuthenticatorFreeCredentialDetailsList: Free Credential Metadata cached for Browser AutoFill Scenarios -// - -void -WINAPI -WebAuthNPluginAuthenticatorFreeCredentialDetailsArray( - _In_ DWORD cCredentialDetails, - _In_reads_(cCredentialDetails) PWEBAUTHN_PLUGIN_CREDENTIAL_DETAILS pCredentialDetailsArray); - -// -// Hello UV API for Plugin: WebAuthNPluginPerformUv: Perform Hello UV related operations -// - -typedef enum _WEBAUTHN_PLUGIN_PERFORM_UV_OPERATION_TYPE -{ - PerformUserVerification = 1, - GetUserVerificationCount, - GetPublicKey -} WEBAUTHN_PLUGIN_PERFORM_UV_OPERATION_TYPE; - -typedef struct _WEBAUTHN_PLUGIN_USER_VERIFICATION_REQUEST { - - // Windows handle of the top-level window displayed by the plugin and currently is in foreground as part of the ongoing webauthn operation. - HWND hwnd; - - // The webauthn transaction id from the WEBAUTHN_PLUGIN_OPERATION_REQUEST - REFGUID rguidTransactionId; - - // The username attached to the credential that is in use for this webauthn operation - LPCWSTR pwszUsername; - - // A text hint displayed on the windows hello prompt - LPCWSTR pwszDisplayHint; -} WEBAUTHN_PLUGIN_USER_VERIFICATION_REQUEST, *PWEBAUTHN_PLUGIN_USER_VERIFICATION_REQUEST; -typedef const WEBAUTHN_PLUGIN_USER_VERIFICATION_REQUEST *PCWEBAUTHN_PLUGIN_USER_VERIFICATION_REQUEST; - -HRESULT -WINAPI -WebAuthNPluginPerformUserVerification( - _In_ PCWEBAUTHN_PLUGIN_USER_VERIFICATION_REQUEST pPluginUserVerification, - _Out_ DWORD* pcbResponse, - _Outptr_result_bytebuffer_maybenull_(*pcbResponse) PBYTE* ppbResponse); - -void -WINAPI -WebAuthNPluginFreeUserVerificationResponse( - _In_opt_ PBYTE ppbResponse); - -HRESULT -WINAPI -WebAuthNPluginGetUserVerificationCount( - _In_ REFCLSID rclsid, - _Out_ DWORD* pdwVerificationCount); - -HRESULT -WINAPI -WebAuthNPluginGetUserVerificationPublicKey( - _In_ REFCLSID rclsid, - _Out_ DWORD* pcbPublicKey, - _Outptr_result_bytebuffer_(*pcbPublicKey) PBYTE* ppbPublicKey); // Free using WebAuthNPluginFreePublicKeyResponse - -HRESULT -WINAPI -WebAuthNPluginGetOperationSigningPublicKey( - _In_ REFCLSID rclsid, - _Out_ DWORD* pcbOpSignPubKey, - _Outptr_result_buffer_maybenull_(*pcbOpSignPubKey) PBYTE* ppbOpSignPubKey); // Free using WebAuthNPluginFreePublicKeyResponse - -void WINAPI WebAuthNPluginFreePublicKeyResponse( - _In_opt_ PBYTE pbOpSignPubKey); - -#define WEBAUTHN_CTAPCBOR_AUTHENTICATOR_OPTIONS_VERSION_1 1 -#define WEBAUTHN_CTAPCBOR_AUTHENTICATOR_OPTIONS_CURRENT_VERSION WEBAUTHN_CTAPCBOR_AUTHENTICATOR_OPTIONS_VERSION_1 -typedef struct _WEBAUTHN_CTAPCBOR_AUTHENTICATOR_OPTIONS { - //Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Following have following values: - // +1 - TRUE - // 0 - Not defined - // -1 - FALSE - //up: "true" | "false" - LONG lUp; - //uv: "true" | "false" - LONG lUv; - //rk: "true" | "false" - LONG lRequireResidentKey; -} WEBAUTHN_CTAPCBOR_AUTHENTICATOR_OPTIONS, *PWEBAUTHN_CTAPCBOR_AUTHENTICATOR_OPTIONS; -typedef const WEBAUTHN_CTAPCBOR_AUTHENTICATOR_OPTIONS *PCWEBAUTHN_CTAPCBOR_AUTHENTICATOR_OPTIONS; - -#define WEBAUTHN_CTAPCBOR_ECC_PUBLIC_KEY_VERSION_1 1 -#define WEBAUTHN_CTAPCBOR_ECC_PUBLIC_KEY_CURRENT_VERSION WEBAUTHN_CTAPCBOR_ECC_PUBLIC_KEY_VERSION_1 -typedef struct _WEBAUTHN_CTAPCBOR_ECC_PUBLIC_KEY { - //Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Key type - LONG lKty; - - // Hash Algorithm: ES256, ES384, ES512 - LONG lAlg; - - // Curve - LONG lCrv; - - //Size of "x" (X Coordinate) - DWORD cbX; - - //"x" (X Coordinate) data. Big Endian. - PBYTE pbX; - - //Size of "y" (Y Coordinate) - DWORD cbY; - - //"y" (Y Coordinate) data. Big Endian. - PBYTE pbY; -} WEBAUTHN_CTAPCBOR_ECC_PUBLIC_KEY, *PWEBAUTHN_CTAPCBOR_ECC_PUBLIC_KEY; -typedef const WEBAUTHN_CTAPCBOR_ECC_PUBLIC_KEY *PCWEBAUTHN_CTAPCBOR_ECC_PUBLIC_KEY; - -#define WEBAUTHN_CTAPCBOR_HMAC_SALT_EXTENSION_VERSION_1 1 -#define WEBAUTHN_CTAPCBOR_HMAC_SALT_EXTENSION_CURRENT_VERSION WEBAUTHN_CTAPCBOR_HMAC_SALT_EXTENSION_VERSION_1 -typedef struct _WEBAUTHN_CTAPCBOR_HMAC_SALT_EXTENSION { - //Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Platform's key agreement public key - PWEBAUTHN_CTAPCBOR_ECC_PUBLIC_KEY pKeyAgreement; - - DWORD cbEncryptedSalt; - PBYTE pbEncryptedSalt; - - DWORD cbSaltAuth; - PBYTE pbSaltAuth; -} WEBAUTHN_CTAPCBOR_HMAC_SALT_EXTENSION, *PWEBAUTHN_CTAPCBOR_HMAC_SALT_EXTENSION; -typedef const WEBAUTHN_CTAPCBOR_HMAC_SALT_EXTENSION *PCWEBAUTHN_CTAPCBOR_HMAC_SALT_EXTENSION; - -#define WEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST_VERSION_1 1 -#define WEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST_CURRENT_VERSION WEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST_VERSION_1 -typedef struct _WEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST { - //Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - //Input RP ID. Raw UTF8 bytes before conversion. - //These are the bytes to be hashed in the Authenticator Data. - DWORD cbRpId; - PBYTE pbRpId; - - //Client Data Hash - DWORD cbClientDataHash; - PBYTE pbClientDataHash; - - //RP Information - PCWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation; - - //User Information - PCWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation; - - // Crypto Parameters - WEBAUTHN_COSE_CREDENTIAL_PARAMETERS WebAuthNCredentialParameters; - - //Credentials used for exclusion - WEBAUTHN_CREDENTIAL_LIST CredentialList; - - //Optional extensions to parse when performing the operation. - DWORD cbCborExtensionsMap; - PBYTE pbCborExtensionsMap; - - // Authenticator Options (Optional) - PWEBAUTHN_CTAPCBOR_AUTHENTICATOR_OPTIONS pAuthenticatorOptions; - - // Pin Auth (Optional) - BOOL fEmptyPinAuth; // Zero length PinAuth is included in the request - DWORD cbPinAuth; - PBYTE pbPinAuth; - - //"hmac-secret": true extension - LONG lHmacSecretExt; - - // "hmac-secret-mc" extension - PWEBAUTHN_CTAPCBOR_HMAC_SALT_EXTENSION pHmacSecretMcExtension; - - //"prf" extension - LONG lPrfExt; - DWORD cbHmacSecretSaltValues; - PBYTE pbHmacSecretSaltValues; - - //"credProtect" extension. Nonzero if present - DWORD dwCredProtect; - - // Nonzero if present - DWORD dwPinProtocol; - - // Nonzero if present - DWORD dwEnterpriseAttestation; - - //"credBlob" extension. Nonzero if present - DWORD cbCredBlobExt; - PBYTE pbCredBlobExt; - - //"largeBlobKey": true extension - LONG lLargeBlobKeyExt; - - //"largeBlob": extension - DWORD dwLargeBlobSupport; - - //"minPinLength": true extension - LONG lMinPinLengthExt; - - // "json" extension. Nonzero if present - DWORD cbJsonExt; - PBYTE pbJsonExt; -} WEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST, *PWEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST; -typedef const WEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST *PCWEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST; - -_Success_(return == S_OK) -HRESULT -WINAPI -WebAuthNEncodeMakeCredentialResponse( - _In_ PCWEBAUTHN_CREDENTIAL_ATTESTATION pCredentialAttestation, - _Out_ DWORD* pcbResp, - _Outptr_result_buffer_maybenull_(*pcbResp) BYTE** ppbResp - ); - -_Success_(return == S_OK) -HRESULT -WINAPI -WebAuthNDecodeMakeCredentialRequest( - _In_ DWORD cbEncoded, - _In_reads_bytes_(cbEncoded) const BYTE* pbEncoded, - _Outptr_ PWEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST* ppMakeCredentialRequest - ); - -void -WINAPI -WebAuthNFreeDecodedMakeCredentialRequest( - _In_opt_ PWEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST pMakeCredentialRequest - ); - -#define WEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST_VERSION_1 1 -#define WEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST_CURRENT_VERSION WEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST_VERSION_1 -typedef struct _WEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST { - //Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - //RP ID. After UTF8 to Unicode conversion, - PCWSTR pwszRpId; - - //Input RP ID. Raw UTF8 bytes before conversion. - //These are the bytes to be hashed in the Authenticator Data. - DWORD cbRpId; - PBYTE pbRpId; - - //Client Data Hash - DWORD cbClientDataHash; - PBYTE pbClientDataHash; - - //Credentials used for inclusion - WEBAUTHN_CREDENTIAL_LIST CredentialList; - - //Optional extensions to parse when performing the operation. - DWORD cbCborExtensionsMap; - PBYTE pbCborExtensionsMap; - - // Authenticator Options (Optional) - PWEBAUTHN_CTAPCBOR_AUTHENTICATOR_OPTIONS pAuthenticatorOptions; - - // Pin Auth (Optional) - BOOL fEmptyPinAuth; // Zero length PinAuth is included in the request - DWORD cbPinAuth; - PBYTE pbPinAuth; - - // HMAC Salt Extension (Optional) - PWEBAUTHN_CTAPCBOR_HMAC_SALT_EXTENSION pHmacSaltExtension; - - // PRF Extension - DWORD cbHmacSecretSaltValues; - PBYTE pbHmacSecretSaltValues; - - DWORD dwPinProtocol; - - //"credBlob": true extension - LONG lCredBlobExt; - - //"largeBlobKey": true extension - LONG lLargeBlobKeyExt; - - //"largeBlob" extension - DWORD dwCredLargeBlobOperation; - DWORD cbCredLargeBlobCompressed; - PBYTE pbCredLargeBlobCompressed; - DWORD dwCredLargeBlobOriginalSize; - - // "json" extension. Nonzero if present - DWORD cbJsonExt; - PBYTE pbJsonExt; -} WEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST, *PWEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST; -typedef const WEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST *PCWEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST; - -_Success_(return == S_OK) -HRESULT -WINAPI -WebAuthNDecodeGetAssertionRequest( - _In_ DWORD cbEncoded, - _In_reads_bytes_(cbEncoded) const BYTE* pbEncoded, - _Outptr_ PWEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST* ppGetAssertionRequest - ); - -void -WINAPI -WebAuthNFreeDecodedGetAssertionRequest( - _In_opt_ PWEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST pGetAssertionRequest - ); - -typedef struct _WEBAUTHN_CTAPCBOR_GET_ASSERTION_RESPONSE { - // [1] credential (optional) - // [2] authenticatorData - // [3] signature - WEBAUTHN_ASSERTION WebAuthNAssertion; - - // [4] user (optional) - PCWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation; - - // [5] numberOfCredentials (optional) - DWORD dwNumberOfCredentials; - - // [6] userSelected (optional) - LONG lUserSelected; - - // [7] largeBlobKey (optional) - DWORD cbLargeBlobKey; - PBYTE pbLargeBlobKey; - - // [8] unsignedExtensionOutputs - DWORD cbUnsignedExtensionOutputs; - PBYTE pbUnsignedExtensionOutputs; -} WEBAUTHN_CTAPCBOR_GET_ASSERTION_RESPONSE, *PWEBAUTHN_CTAPCBOR_GET_ASSERTION_RESPONSE; -typedef const WEBAUTHN_CTAPCBOR_GET_ASSERTION_RESPONSE *PCWEBAUTHN_CTAPCBOR_GET_ASSERTION_RESPONSE; - -_Success_(return == S_OK) -HRESULT -WINAPI -WebAuthNEncodeGetAssertionResponse( - _In_ PCWEBAUTHN_CTAPCBOR_GET_ASSERTION_RESPONSE pGetAssertionResponse, - _Out_ DWORD* pcbResp, - _Outptr_result_buffer_maybenull_(*pcbResp) BYTE** ppbResp - ); - -typedef void (CALLBACK* WEBAUTHN_PLUGIN_STATUS_CHANGE_CALLBACK )(void* context); - -HRESULT -WINAPI -WebAuthNPluginRegisterStatusChangeCallback( - _In_ WEBAUTHN_PLUGIN_STATUS_CHANGE_CALLBACK callback, - _In_ void* context, - _In_ REFCLSID rclsid, - _Out_ DWORD* pdwRegister - ); - -HRESULT -WINAPI -WebAuthNPluginUnregisterStatusChangeCallback( - _In_ DWORD* pdwRegister - ); - - -#ifdef __cplusplus -} // Balance extern "C" above -#endif - -#endif // WINAPI_FAMILY_PARTITION -#pragma endregion - -