xref: /freebsd/contrib/libfido2/src/webauthn.h (revision 2e3507c25e42292b45a5482e116d278f5515d04d)
1 // Copyright (c) Microsoft Corporation. All rights reserved.
2 // Licensed under the MIT License.
3 
4 #ifndef __WEBAUTHN_H_
5 #define __WEBAUTHN_H_
6 
7 #pragma once
8 
9 #include <winapifamily.h>
10 
11 #ifdef _MSC_VER
12 #pragma region Desktop Family or OneCore Family
13 #endif
14 #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM)
15 
16 #ifdef __cplusplus
17 extern "C" {
18 #endif
19 
20 #ifndef WINAPI
21 #define WINAPI __stdcall
22 #endif
23 
24 #ifndef INITGUID
25 #define INITGUID
26 #include <guiddef.h>
27 #undef INITGUID
28 #else
29 #include <guiddef.h>
30 #endif
31 
32 //+------------------------------------------------------------------------------------------
33 // API Version Information.
34 // Caller should check for WebAuthNGetApiVersionNumber to check the presence of relevant APIs
35 // and features for their usage.
36 //-------------------------------------------------------------------------------------------
37 
38 #define WEBAUTHN_API_VERSION_1          1
39 // WEBAUTHN_API_VERSION_1 : Baseline Version
40 //      Data Structures and their sub versions:
41 //          - WEBAUTHN_RP_ENTITY_INFORMATION                    :   1
42 //          - WEBAUTHN_USER_ENTITY_INFORMATION                  :   1
43 //          - WEBAUTHN_CLIENT_DATA                              :   1
44 //          - WEBAUTHN_COSE_CREDENTIAL_PARAMETER                :   1
45 //          - WEBAUTHN_COSE_CREDENTIAL_PARAMETERS               :   Not Applicable
46 //          - WEBAUTHN_CREDENTIAL                               :   1
47 //          - WEBAUTHN_CREDENTIALS                              :   Not Applicable
48 //          - WEBAUTHN_CREDENTIAL_EX                            :   1
49 //          - WEBAUTHN_CREDENTIAL_LIST                          :   Not Applicable
50 //          - WEBAUTHN_EXTENSION                                :   Not Applicable
51 //          - WEBAUTHN_EXTENSIONS                               :   Not Applicable
52 //          - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS    :   3
53 //          - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS      :   4
54 //          - WEBAUTHN_COMMON_ATTESTATION                       :   1
55 //          - WEBAUTHN_CREDENTIAL_ATTESTATION                   :   3
56 //          - WEBAUTHN_ASSERTION                                :   1
57 //      Extensions:
58 //          - WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET
59 //      APIs:
60 //          - WebAuthNGetApiVersionNumber
61 //          - WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable
62 //          - WebAuthNAuthenticatorMakeCredential
63 //          - WebAuthNAuthenticatorGetAssertion
64 //          - WebAuthNFreeCredentialAttestation
65 //          - WebAuthNFreeAssertion
66 //          - WebAuthNGetCancellationId
67 //          - WebAuthNCancelCurrentOperation
68 //          - WebAuthNGetErrorName
69 //          - WebAuthNGetW3CExceptionDOMError
70 
71 #define WEBAUTHN_API_VERSION_2          2
72 // WEBAUTHN_API_VERSION_2 : Delta From WEBAUTHN_API_VERSION_1
73 //      Added Extensions:
74 //          - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT
75 //
76 
77 #define WEBAUTHN_API_VERSION_3          3
78 // WEBAUTHN_API_VERSION_3 : Delta From WEBAUTHN_API_VERSION_2
79 //      Data Structures and their sub versions:
80 //          - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS    :   4
81 //          - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS      :   5
82 //          - WEBAUTHN_CREDENTIAL_ATTESTATION                   :   4
83 //          - WEBAUTHN_ASSERTION                                :   2
84 //      Added Extensions:
85 //          - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB
86 //          - WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH
87 //
88 
89 #define WEBAUTHN_API_VERSION_4          4
90 // WEBAUTHN_API_VERSION_4 : Delta From WEBAUTHN_API_VERSION_3
91 //      Data Structures and their sub versions:
92 //          - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS    :   5
93 //          - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS      :   6
94 //          - WEBAUTHN_ASSERTION                                :   3
95 //      APIs:
96 //          - WebAuthNGetPlatformCredentialList
97 //          - WebAuthNFreePlatformCredentialList
98 //
99 
100 #define WEBAUTHN_API_CURRENT_VERSION    WEBAUTHN_API_VERSION_4
101 
102 //+------------------------------------------------------------------------------------------
103 // Information about an RP Entity
104 //-------------------------------------------------------------------------------------------
105 
106 #define WEBAUTHN_RP_ENTITY_INFORMATION_CURRENT_VERSION          1
107 
108 typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION {
109     // Version of this structure, to allow for modifications in the future.
110     // This field is required and should be set to CURRENT_VERSION above.
111     DWORD dwVersion;
112 
113     // Identifier for the RP. This field is required.
114     PCWSTR pwszId;
115 
116     // Contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site".
117     // This field is required.
118     PCWSTR pwszName;
119 
120     // Optional URL pointing to RP's logo.
121     PCWSTR pwszIcon;
122 } WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION;
123 typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION;
124 
125 //+------------------------------------------------------------------------------------------
126 // Information about an User Entity
127 //-------------------------------------------------------------------------------------------
128 #define WEBAUTHN_MAX_USER_ID_LENGTH                             64
129 
130 #define WEBAUTHN_USER_ENTITY_INFORMATION_CURRENT_VERSION        1
131 
132 typedef struct _WEBAUTHN_USER_ENTITY_INFORMATION {
133     // Version of this structure, to allow for modifications in the future.
134     // This field is required and should be set to CURRENT_VERSION above.
135     DWORD dwVersion;
136 
137     // Identifier for the User. This field is required.
138     DWORD cbId;
139     _Field_size_bytes_(cbId)
140     PBYTE pbId;
141 
142     // Contains a detailed name for this account, such as "john.p.smith@example.com".
143     PCWSTR pwszName;
144 
145     // Optional URL that can be used to retrieve an image containing the user's current avatar,
146     // or a data URI that contains the image data.
147     PCWSTR pwszIcon;
148 
149     // For User: Contains the friendly name associated with the user account by the Relying Party, such as "John P. Smith".
150     PCWSTR pwszDisplayName;
151 } WEBAUTHN_USER_ENTITY_INFORMATION, *PWEBAUTHN_USER_ENTITY_INFORMATION;
152 typedef const WEBAUTHN_USER_ENTITY_INFORMATION *PCWEBAUTHN_USER_ENTITY_INFORMATION;
153 
154 //+------------------------------------------------------------------------------------------
155 // Information about client data.
156 //-------------------------------------------------------------------------------------------
157 
158 #define WEBAUTHN_HASH_ALGORITHM_SHA_256                         L"SHA-256"
159 #define WEBAUTHN_HASH_ALGORITHM_SHA_384                         L"SHA-384"
160 #define WEBAUTHN_HASH_ALGORITHM_SHA_512                         L"SHA-512"
161 
162 #define WEBAUTHN_CLIENT_DATA_CURRENT_VERSION                    1
163 
164 typedef struct _WEBAUTHN_CLIENT_DATA {
165     // Version of this structure, to allow for modifications in the future.
166     // This field is required and should be set to CURRENT_VERSION above.
167     DWORD dwVersion;
168 
169     // Size of the pbClientDataJSON field.
170     DWORD cbClientDataJSON;
171     // UTF-8 encoded JSON serialization of the client data.
172     _Field_size_bytes_(cbClientDataJSON)
173     PBYTE pbClientDataJSON;
174 
175     // Hash algorithm ID used to hash the pbClientDataJSON field.
176     LPCWSTR pwszHashAlgId;
177 } WEBAUTHN_CLIENT_DATA, *PWEBAUTHN_CLIENT_DATA;
178 typedef const WEBAUTHN_CLIENT_DATA *PCWEBAUTHN_CLIENT_DATA;
179 
180 //+------------------------------------------------------------------------------------------
181 // Information about credential parameters.
182 //-------------------------------------------------------------------------------------------
183 
184 #define WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY                         L"public-key"
185 
186 #define WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256             -7
187 #define WEBAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384             -35
188 #define WEBAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512             -36
189 
190 #define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256      -257
191 #define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384      -258
192 #define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512      -259
193 
194 #define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256                -37
195 #define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384                -38
196 #define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512                -39
197 
198 #define WEBAUTHN_COSE_CREDENTIAL_PARAMETER_CURRENT_VERSION          1
199 
200 typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETER {
201     // Version of this structure, to allow for modifications in the future.
202     DWORD dwVersion;
203 
204     // Well-known credential type specifying a credential to create.
205     LPCWSTR pwszCredentialType;
206 
207     // Well-known COSE algorithm specifying the algorithm to use for the credential.
208     LONG lAlg;
209 } WEBAUTHN_COSE_CREDENTIAL_PARAMETER, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETER;
210 typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETER *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETER;
211 
212 typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETERS {
213     DWORD cCredentialParameters;
214     _Field_size_(cCredentialParameters)
215     PWEBAUTHN_COSE_CREDENTIAL_PARAMETER pCredentialParameters;
216 } WEBAUTHN_COSE_CREDENTIAL_PARAMETERS, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETERS;
217 typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS;
218 
219 //+------------------------------------------------------------------------------------------
220 // Information about credential.
221 //-------------------------------------------------------------------------------------------
222 #define WEBAUTHN_CREDENTIAL_CURRENT_VERSION                         1
223 
224 typedef struct _WEBAUTHN_CREDENTIAL {
225     // Version of this structure, to allow for modifications in the future.
226     DWORD dwVersion;
227 
228     // Size of pbID.
229     DWORD cbId;
230     // Unique ID for this particular credential.
231     _Field_size_bytes_(cbId)
232     PBYTE pbId;
233 
234     // Well-known credential type specifying what this particular credential is.
235     LPCWSTR pwszCredentialType;
236 } WEBAUTHN_CREDENTIAL, *PWEBAUTHN_CREDENTIAL;
237 typedef const WEBAUTHN_CREDENTIAL *PCWEBAUTHN_CREDENTIAL;
238 
239 typedef struct _WEBAUTHN_CREDENTIALS {
240     DWORD cCredentials;
241     _Field_size_(cCredentials)
242     PWEBAUTHN_CREDENTIAL pCredentials;
243 } WEBAUTHN_CREDENTIALS, *PWEBAUTHN_CREDENTIALS;
244 typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS;
245 
246 //+------------------------------------------------------------------------------------------
247 // Information about credential with extra information, such as, dwTransports
248 //-------------------------------------------------------------------------------------------
249 
250 #define WEBAUTHN_CTAP_TRANSPORT_USB         0x00000001
251 #define WEBAUTHN_CTAP_TRANSPORT_NFC         0x00000002
252 #define WEBAUTHN_CTAP_TRANSPORT_BLE         0x00000004
253 #define WEBAUTHN_CTAP_TRANSPORT_TEST        0x00000008
254 #define WEBAUTHN_CTAP_TRANSPORT_INTERNAL    0x00000010
255 #define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK  0x0000001F
256 
257 #define WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION                         1
258 
259 typedef struct _WEBAUTHN_CREDENTIAL_EX {
260     // Version of this structure, to allow for modifications in the future.
261     DWORD dwVersion;
262 
263     // Size of pbID.
264     DWORD cbId;
265     // Unique ID for this particular credential.
266     _Field_size_bytes_(cbId)
267     PBYTE pbId;
268 
269     // Well-known credential type specifying what this particular credential is.
270     LPCWSTR pwszCredentialType;
271 
272     // Transports. 0 implies no transport restrictions.
273     DWORD dwTransports;
274 } WEBAUTHN_CREDENTIAL_EX, *PWEBAUTHN_CREDENTIAL_EX;
275 typedef const WEBAUTHN_CREDENTIAL_EX *PCWEBAUTHN_CREDENTIAL_EX;
276 
277 //+------------------------------------------------------------------------------------------
278 // Information about credential list with extra information
279 //-------------------------------------------------------------------------------------------
280 
281 typedef struct _WEBAUTHN_CREDENTIAL_LIST {
282     DWORD cCredentials;
283     _Field_size_(cCredentials)
284     PWEBAUTHN_CREDENTIAL_EX *ppCredentials;
285 } WEBAUTHN_CREDENTIAL_LIST, *PWEBAUTHN_CREDENTIAL_LIST;
286 typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST;
287 
288 //+------------------------------------------------------------------------------------------
289 // Credential Information for WebAuthNGetPlatformCredentialList API
290 //-------------------------------------------------------------------------------------------
291 
292 #define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_1           1
293 #define WEBAUTHN_CREDENTIAL_DETAILS_CURRENT_VERSION     WEBAUTHN_CREDENTIAL_DETAILS_VERSION_1
294 
295 typedef struct _WEBAUTHN_CREDENTIAL_DETAILS {
296     // Version of this structure, to allow for modifications in the future.
297     DWORD dwVersion;
298 
299     // Size of pbCredentialID.
300     DWORD cbCredentialID;
301     _Field_size_bytes_(cbCredentialID)
302     PBYTE pbCredentialID;
303 
304     // RP Info
305     PWEBAUTHN_RP_ENTITY_INFORMATION     pRpInformation;
306 
307     // User Info
308     PWEBAUTHN_USER_ENTITY_INFORMATION   pUserInformation;
309 } WEBAUTHN_CREDENTIAL_DETAILS, *PWEBAUTHN_CREDENTIAL_DETAILS;
310 typedef const WEBAUTHN_CREDENTIAL_DETAILS *PCWEBAUTHN_CREDENTIAL_DETAILS;
311 
312 typedef struct _WEBAUTHN_CREDENTIAL_DETAILS_LIST {
313     DWORD cCredentialDetails;
314     _Field_size_(cCredentialDetails)
315     PWEBAUTHN_CREDENTIAL_DETAILS *ppCredentialDetails;
316 } WEBAUTHN_CREDENTIAL_DETAILS_LIST, *PWEBAUTHN_CREDENTIAL_DETAILS_LIST;
317 typedef const WEBAUTHN_CREDENTIAL_DETAILS_LIST *PCWEBAUTHN_CREDENTIAL_DETAILS_LIST;
318 
319 #define WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1          1
320 #define WEBAUTHN_GET_CREDENTIALS_OPTIONS_CURRENT_VERSION    WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1
321 
322 typedef struct _WEBAUTHN_GET_CREDENTIALS_OPTIONS {
323     // Version of this structure, to allow for modifications in the future.
324     DWORD dwVersion;
325 
326     // RPID
327     LPCWSTR pwszRpId;
328 
329     // Optional. BrowserInPrivate Mode. Defaulting to FALSE.
330     BOOL bBrowserInPrivateMode;
331 } WEBAUTHN_GET_CREDENTIALS_OPTIONS, *PWEBAUTHN_GET_CREDENTIALS_OPTIONS;
332 typedef const WEBAUTHN_GET_CREDENTIALS_OPTIONS *PCWEBAUTHN_GET_CREDENTIALS_OPTIONS;
333 
334 //+------------------------------------------------------------------------------------------
335 // PRF values.
336 //-------------------------------------------------------------------------------------------
337 
338 #define WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH    32
339 
340 // SALT values below by default are converted into RAW Hmac-Secret values as per PRF extension.
341 //   - SHA-256(UTF8Encode("WebAuthn PRF") || 0x00 || Value)
342 //
343 // Set WEBAUTHN_CTAP_HMAC_SECRET_VALUES_FLAG in dwFlags in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS,
344 //   if caller wants to provide RAW Hmac-Secret SALT values directly. In that case,
345 //   values if provided MUST be of WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH size.
346 
347 typedef struct _WEBAUTHN_HMAC_SECRET_SALT {
348     // Size of pbFirst.
349     DWORD cbFirst;
350     _Field_size_bytes_(cbFirst)
351     PBYTE pbFirst;                                  // Required
352 
353     // Size of pbSecond.
354     DWORD cbSecond;
355     _Field_size_bytes_(cbSecond)
356     PBYTE pbSecond;
357 } WEBAUTHN_HMAC_SECRET_SALT, *PWEBAUTHN_HMAC_SECRET_SALT;
358 typedef const WEBAUTHN_HMAC_SECRET_SALT *PCWEBAUTHN_HMAC_SECRET_SALT;
359 
360 typedef struct _WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT {
361     // Size of pbCredID.
362     DWORD cbCredID;
363     _Field_size_bytes_(cbCredID)
364     PBYTE pbCredID;                                 // Required
365 
366     // PRF Values for above credential
367     PWEBAUTHN_HMAC_SECRET_SALT pHmacSecretSalt;     // Required
368 } WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT, *PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT;
369 typedef const WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT *PCWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT;
370 
371 typedef struct _WEBAUTHN_HMAC_SECRET_SALT_VALUES {
372     PWEBAUTHN_HMAC_SECRET_SALT pGlobalHmacSalt;
373 
374     DWORD cCredWithHmacSecretSaltList;
375     _Field_size_(cCredWithHmacSecretSaltList)
376     PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT pCredWithHmacSecretSaltList;
377 } WEBAUTHN_HMAC_SECRET_SALT_VALUES, *PWEBAUTHN_HMAC_SECRET_SALT_VALUES;
378 typedef const WEBAUTHN_HMAC_SECRET_SALT_VALUES *PCWEBAUTHN_HMAC_SECRET_SALT_VALUES;
379 
380 //+------------------------------------------------------------------------------------------
381 // Hmac-Secret extension
382 //-------------------------------------------------------------------------------------------
383 
384 #define WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET                  L"hmac-secret"
385 // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET
386 // MakeCredential Input Type:   BOOL.
387 //      - pvExtension must point to a BOOL with the value TRUE.
388 //      - cbExtension must contain the sizeof(BOOL).
389 // MakeCredential Output Type:  BOOL.
390 //      - pvExtension will point to a BOOL with the value TRUE if credential
391 //        was successfully created with HMAC_SECRET.
392 //      - cbExtension will contain the sizeof(BOOL).
393 // GetAssertion Input Type:     Not Supported
394 // GetAssertion Output Type:    Not Supported
395 
396 //+------------------------------------------------------------------------------------------
397 //  credProtect  extension
398 //-------------------------------------------------------------------------------------------
399 
400 #define WEBAUTHN_USER_VERIFICATION_ANY                                          0
401 #define WEBAUTHN_USER_VERIFICATION_OPTIONAL                                     1
402 #define WEBAUTHN_USER_VERIFICATION_OPTIONAL_WITH_CREDENTIAL_ID_LIST             2
403 #define WEBAUTHN_USER_VERIFICATION_REQUIRED                                     3
404 
405 typedef struct _WEBAUTHN_CRED_PROTECT_EXTENSION_IN {
406     // One of the above WEBAUTHN_USER_VERIFICATION_* values
407     DWORD dwCredProtect;
408     // Set the following to TRUE to require authenticator support for the credProtect extension
409     BOOL bRequireCredProtect;
410 } WEBAUTHN_CRED_PROTECT_EXTENSION_IN, *PWEBAUTHN_CRED_PROTECT_EXTENSION_IN;
411 typedef const WEBAUTHN_CRED_PROTECT_EXTENSION_IN *PCWEBAUTHN_CRED_PROTECT_EXTENSION_IN;
412 
413 
414 #define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT                 L"credProtect"
415 // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT
416 // MakeCredential Input Type:   WEBAUTHN_CRED_PROTECT_EXTENSION_IN.
417 //      - pvExtension must point to a WEBAUTHN_CRED_PROTECT_EXTENSION_IN struct
418 //      - cbExtension will contain the sizeof(WEBAUTHN_CRED_PROTECT_EXTENSION_IN).
419 // MakeCredential Output Type:  DWORD.
420 //      - pvExtension will point to a DWORD with one of the above WEBAUTHN_USER_VERIFICATION_* values
421 //        if credential was successfully created with CRED_PROTECT.
422 //      - cbExtension will contain the sizeof(DWORD).
423 // GetAssertion Input Type:     Not Supported
424 // GetAssertion Output Type:    Not Supported
425 
426 //+------------------------------------------------------------------------------------------
427 //  credBlob  extension
428 //-------------------------------------------------------------------------------------------
429 
430 typedef struct _WEBAUTHN_CRED_BLOB_EXTENSION {
431     // Size of pbCredBlob.
432     DWORD cbCredBlob;
433     _Field_size_bytes_(cbCredBlob)
434     PBYTE pbCredBlob;
435 } WEBAUTHN_CRED_BLOB_EXTENSION, *PWEBAUTHN_CRED_BLOB_EXTENSION;
436 typedef const WEBAUTHN_CRED_BLOB_EXTENSION *PCWEBAUTHN_CRED_BLOB_EXTENSION;
437 
438 
439 #define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB                 L"credBlob"
440 // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB
441 // MakeCredential Input Type:   WEBAUTHN_CRED_BLOB_EXTENSION.
442 //      - pvExtension must point to a WEBAUTHN_CRED_BLOB_EXTENSION struct
443 //      - cbExtension must contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION).
444 // MakeCredential Output Type:  BOOL.
445 //      - pvExtension will point to a BOOL with the value TRUE if credBlob was successfully created
446 //      - cbExtension will contain the sizeof(BOOL).
447 // GetAssertion Input Type:     BOOL.
448 //      - pvExtension must point to a BOOL with the value TRUE to request the credBlob.
449 //      - cbExtension must contain the sizeof(BOOL).
450 // GetAssertion Output Type:    WEBAUTHN_CRED_BLOB_EXTENSION.
451 //      - pvExtension will point to a WEBAUTHN_CRED_BLOB_EXTENSION struct if the authenticator
452 //        returns the credBlob in the signed extensions
453 //      - cbExtension will contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION).
454 
455 //+------------------------------------------------------------------------------------------
456 //  minPinLength  extension
457 //-------------------------------------------------------------------------------------------
458 
459 #define WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH                 L"minPinLength"
460 // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH
461 // MakeCredential Input Type:   BOOL.
462 //      - pvExtension must point to a BOOL with the value TRUE to request the minPinLength.
463 //      - cbExtension must contain the sizeof(BOOL).
464 // MakeCredential Output Type:  DWORD.
465 //      - pvExtension will point to a DWORD with the minimum pin length if returned by the authenticator
466 //      - cbExtension will contain the sizeof(DWORD).
467 // GetAssertion Input Type:     Not Supported
468 // GetAssertion Output Type:    Not Supported
469 
470 //+------------------------------------------------------------------------------------------
471 // Information about Extensions.
472 //-------------------------------------------------------------------------------------------
473 typedef struct _WEBAUTHN_EXTENSION {
474     LPCWSTR pwszExtensionIdentifier;
475     DWORD cbExtension;
476     PVOID pvExtension;
477 } WEBAUTHN_EXTENSION, *PWEBAUTHN_EXTENSION;
478 typedef const WEBAUTHN_EXTENSION *PCWEBAUTHN_EXTENSION;
479 
480 typedef struct _WEBAUTHN_EXTENSIONS {
481     DWORD cExtensions;
482     _Field_size_(cExtensions)
483     PWEBAUTHN_EXTENSION pExtensions;
484 } WEBAUTHN_EXTENSIONS, *PWEBAUTHN_EXTENSIONS;
485 typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS;
486 
487 //+------------------------------------------------------------------------------------------
488 // Options.
489 //-------------------------------------------------------------------------------------------
490 
491 #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY                               0
492 #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM                          1
493 #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM                    2
494 #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2             3
495 
496 #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY                          0
497 #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED                     1
498 #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED                    2
499 #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED                  3
500 
501 #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ANY                      0
502 #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE                     1
503 #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT                 2
504 #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT                   3
505 
506 #define WEBAUTHN_ENTERPRISE_ATTESTATION_NONE                                0
507 #define WEBAUTHN_ENTERPRISE_ATTESTATION_VENDOR_FACILITATED                  1
508 #define WEBAUTHN_ENTERPRISE_ATTESTATION_PLATFORM_MANAGED                    2
509 
510 #define WEBAUTHN_LARGE_BLOB_SUPPORT_NONE                                    0
511 #define WEBAUTHN_LARGE_BLOB_SUPPORT_REQUIRED                                1
512 #define WEBAUTHN_LARGE_BLOB_SUPPORT_PREFERRED                               2
513 
514 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1            1
515 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2            2
516 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3            3
517 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4            4
518 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5            5
519 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION      WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5
520 
521 typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
522     // Version of this structure, to allow for modifications in the future.
523     DWORD dwVersion;
524 
525     // Time that the operation is expected to complete within.
526     // This is used as guidance, and can be overridden by the platform.
527     DWORD dwTimeoutMilliseconds;
528 
529     // Credentials used for exclusion.
530     WEBAUTHN_CREDENTIALS CredentialList;
531 
532     // Optional extensions to parse when performing the operation.
533     WEBAUTHN_EXTENSIONS Extensions;
534 
535     // Optional. Platform vs Cross-Platform Authenticators.
536     DWORD dwAuthenticatorAttachment;
537 
538     // Optional. Require key to be resident or not. Defaulting to FALSE.
539     BOOL bRequireResidentKey;
540 
541     // User Verification Requirement.
542     DWORD dwUserVerificationRequirement;
543 
544     // Attestation Conveyance Preference.
545     DWORD dwAttestationConveyancePreference;
546 
547     // Reserved for future Use
548     DWORD dwFlags;
549 
550     //
551     // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2
552     //
553 
554     // Cancellation Id - Optional - See WebAuthNGetCancellationId
555     GUID *pCancellationId;
556 
557     //
558     // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3
559     //
560 
561     // Exclude Credential List. If present, "CredentialList" will be ignored.
562     PWEBAUTHN_CREDENTIAL_LIST pExcludeCredentialList;
563 
564     //
565     // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4
566     //
567 
568     // Enterprise Attestation
569     DWORD dwEnterpriseAttestation;
570 
571     // Large Blob Support: none, required or preferred
572     //
573     // NTE_INVALID_PARAMETER when large blob required or preferred and
574     //   bRequireResidentKey isn't set to TRUE
575     DWORD dwLargeBlobSupport;
576 
577     // Optional. Prefer key to be resident. Defaulting to FALSE. When TRUE,
578     // overrides the above bRequireResidentKey.
579     BOOL bPreferResidentKey;
580 
581     //
582     // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5
583     //
584 
585     // Optional. BrowserInPrivate Mode. Defaulting to FALSE.
586     BOOL bBrowserInPrivateMode;
587 
588 } WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
589 typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
590 
591 #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_NONE         0
592 #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_GET          1
593 #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_SET          2
594 #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_DELETE       3
595 
596 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_1          1
597 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2          2
598 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3          3
599 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4          4
600 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5          5
601 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6          6
602 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION    WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6
603 
604 /*
605     Information about flags.
606 */
607 
608 #define WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG   0x00100000
609 
610 typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
611     // Version of this structure, to allow for modifications in the future.
612     DWORD dwVersion;
613 
614     // Time that the operation is expected to complete within.
615     // This is used as guidance, and can be overridden by the platform.
616     DWORD dwTimeoutMilliseconds;
617 
618     // Allowed Credentials List.
619     WEBAUTHN_CREDENTIALS CredentialList;
620 
621     // Optional extensions to parse when performing the operation.
622     WEBAUTHN_EXTENSIONS Extensions;
623 
624     // Optional. Platform vs Cross-Platform Authenticators.
625     DWORD dwAuthenticatorAttachment;
626 
627     // User Verification Requirement.
628     DWORD dwUserVerificationRequirement;
629 
630     // Flags
631     DWORD dwFlags;
632 
633     //
634     // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2
635     //
636 
637     // Optional identifier for the U2F AppId. Converted to UTF8 before being hashed. Not lower cased.
638     PCWSTR pwszU2fAppId;
639 
640     // If the following is non-NULL, then, set to TRUE if the above pwszU2fAppid was used instead of
641     // PCWSTR pwszRpId;
642     BOOL *pbU2fAppId;
643 
644     //
645     // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3
646     //
647 
648     // Cancellation Id - Optional - See WebAuthNGetCancellationId
649     GUID *pCancellationId;
650 
651     //
652     // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4
653     //
654 
655     // Allow Credential List. If present, "CredentialList" will be ignored.
656     PWEBAUTHN_CREDENTIAL_LIST pAllowCredentialList;
657 
658     //
659     // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5
660     //
661 
662     DWORD dwCredLargeBlobOperation;
663 
664     // Size of pbCredLargeBlob
665     DWORD cbCredLargeBlob;
666     _Field_size_bytes_(cbCredLargeBlob)
667     PBYTE pbCredLargeBlob;
668 
669     //
670     // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6
671     //
672 
673     // PRF values which will be converted into HMAC-SECRET values according to WebAuthn Spec.
674     PWEBAUTHN_HMAC_SECRET_SALT_VALUES pHmacSecretSaltValues;
675 
676     // Optional. BrowserInPrivate Mode. Defaulting to FALSE.
677     BOOL bBrowserInPrivateMode;
678 
679 } WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS,  *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
680 typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS  *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
681 
682 
683 //+------------------------------------------------------------------------------------------
684 // Attestation Info.
685 //
686 //-------------------------------------------------------------------------------------------
687 #define WEBAUTHN_ATTESTATION_DECODE_NONE                                0
688 #define WEBAUTHN_ATTESTATION_DECODE_COMMON                              1
689 // WEBAUTHN_ATTESTATION_DECODE_COMMON supports format types
690 //  L"packed"
691 //  L"fido-u2f"
692 
693 #define WEBAUTHN_ATTESTATION_VER_TPM_2_0   L"2.0"
694 
695 typedef struct _WEBAUTHN_X5C {
696     // Length of X.509 encoded certificate
697     DWORD cbData;
698     // X.509 encoded certificate bytes
699     _Field_size_bytes_(cbData)
700     PBYTE pbData;
701 } WEBAUTHN_X5C, *PWEBAUTHN_X5C;
702 
703 // Supports either Self or Full Basic Attestation
704 
705 // Note, new fields will be added to the following data structure to
706 // support additional attestation format types, such as, TPM.
707 // When fields are added, the dwVersion will be incremented.
708 //
709 // Therefore, your code must make the following check:
710 //  "if (dwVersion >= WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION)"
711 
712 #define WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION                     1
713 
714 typedef struct _WEBAUTHN_COMMON_ATTESTATION {
715     // Version of this structure, to allow for modifications in the future.
716     DWORD dwVersion;
717 
718     // Hash and Padding Algorithm
719     //
720     // The following won't be set for "fido-u2f" which assumes "ES256".
721     PCWSTR pwszAlg;
722     LONG lAlg;      // COSE algorithm
723 
724     // Signature that was generated for this attestation.
725     DWORD cbSignature;
726     _Field_size_bytes_(cbSignature)
727     PBYTE pbSignature;
728 
729     // Following is set for Full Basic Attestation. If not, set then, this is Self Attestation.
730     // Array of X.509 DER encoded certificates. The first certificate is the signer, leaf certificate.
731     DWORD cX5c;
732     _Field_size_(cX5c)
733     PWEBAUTHN_X5C pX5c;
734 
735     // Following are also set for tpm
736     PCWSTR pwszVer; // L"2.0"
737     DWORD cbCertInfo;
738     _Field_size_bytes_(cbCertInfo)
739     PBYTE pbCertInfo;
740     DWORD cbPubArea;
741     _Field_size_bytes_(cbPubArea)
742     PBYTE pbPubArea;
743 } WEBAUTHN_COMMON_ATTESTATION, *PWEBAUTHN_COMMON_ATTESTATION;
744 typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION;
745 
746 #define WEBAUTHN_ATTESTATION_TYPE_PACKED                                L"packed"
747 #define WEBAUTHN_ATTESTATION_TYPE_U2F                                   L"fido-u2f"
748 #define WEBAUTHN_ATTESTATION_TYPE_TPM                                   L"tpm"
749 #define WEBAUTHN_ATTESTATION_TYPE_NONE                                  L"none"
750 
751 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_1               1
752 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2               2
753 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3               3
754 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4               4
755 #define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION         WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4
756 
757 typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION {
758     // Version of this structure, to allow for modifications in the future.
759     DWORD dwVersion;
760 
761     // Attestation format type
762     PCWSTR pwszFormatType;
763 
764     // Size of cbAuthenticatorData.
765     DWORD cbAuthenticatorData;
766     // Authenticator data that was created for this credential.
767     _Field_size_bytes_(cbAuthenticatorData)
768     PBYTE pbAuthenticatorData;
769 
770     // Size of CBOR encoded attestation information
771     //0 => encoded as CBOR null value.
772     DWORD cbAttestation;
773     //Encoded CBOR attestation information
774     _Field_size_bytes_(cbAttestation)
775     PBYTE pbAttestation;
776 
777     DWORD dwAttestationDecodeType;
778     // Following depends on the dwAttestationDecodeType
779     //  WEBAUTHN_ATTESTATION_DECODE_NONE
780     //      NULL - not able to decode the CBOR attestation information
781     //  WEBAUTHN_ATTESTATION_DECODE_COMMON
782     //      PWEBAUTHN_COMMON_ATTESTATION;
783     PVOID pvAttestationDecode;
784 
785     // The CBOR encoded Attestation Object to be returned to the RP.
786     DWORD cbAttestationObject;
787     _Field_size_bytes_(cbAttestationObject)
788     PBYTE pbAttestationObject;
789 
790     // The CredentialId bytes extracted from the Authenticator Data.
791     // Used by Edge to return to the RP.
792     DWORD cbCredentialId;
793     _Field_size_bytes_(cbCredentialId)
794     PBYTE pbCredentialId;
795 
796     //
797     // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2
798     //
799 
800     WEBAUTHN_EXTENSIONS Extensions;
801 
802     //
803     // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3
804     //
805 
806     // One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to
807     // the transport that was used.
808     DWORD dwUsedTransport;
809 
810     //
811     // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4
812     //
813 
814     BOOL bEpAtt;
815     BOOL bLargeBlobSupported;
816     BOOL bResidentKey;
817 
818 } WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION;
819 typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION;
820 
821 
822 //+------------------------------------------------------------------------------------------
823 // authenticatorGetAssertion output.
824 //-------------------------------------------------------------------------------------------
825 
826 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NONE                    0
827 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_SUCCESS                 1
828 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_SUPPORTED           2
829 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_DATA            3
830 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_PARAMETER       4
831 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_FOUND               5
832 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_MULTIPLE_CREDENTIALS    6
833 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_LACK_OF_SPACE           7
834 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_PLATFORM_ERROR          8
835 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_AUTHENTICATOR_ERROR     9
836 
837 #define WEBAUTHN_ASSERTION_VERSION_1                            1
838 #define WEBAUTHN_ASSERTION_VERSION_2                            2
839 #define WEBAUTHN_ASSERTION_VERSION_3                            3
840 #define WEBAUTHN_ASSERTION_CURRENT_VERSION                      WEBAUTHN_ASSERTION_VERSION_3
841 
842 typedef struct _WEBAUTHN_ASSERTION {
843     // Version of this structure, to allow for modifications in the future.
844     DWORD dwVersion;
845 
846     // Size of cbAuthenticatorData.
847     DWORD cbAuthenticatorData;
848     // Authenticator data that was created for this assertion.
849     _Field_size_bytes_(cbAuthenticatorData)
850     PBYTE pbAuthenticatorData;
851 
852     // Size of pbSignature.
853     DWORD cbSignature;
854     // Signature that was generated for this assertion.
855     _Field_size_bytes_(cbSignature)
856     PBYTE pbSignature;
857 
858     // Credential that was used for this assertion.
859     WEBAUTHN_CREDENTIAL Credential;
860 
861     // Size of User Id
862     DWORD cbUserId;
863     // UserId
864     _Field_size_bytes_(cbUserId)
865     PBYTE pbUserId;
866 
867     //
868     // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_2
869     //
870 
871     WEBAUTHN_EXTENSIONS Extensions;
872 
873     // Size of pbCredLargeBlob
874     DWORD cbCredLargeBlob;
875     _Field_size_bytes_(cbCredLargeBlob)
876     PBYTE pbCredLargeBlob;
877 
878     DWORD dwCredLargeBlobStatus;
879 
880     //
881     // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_3
882     //
883 
884     PWEBAUTHN_HMAC_SECRET_SALT pHmacSecret;
885 
886 } WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION;
887 typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION;
888 
889 //+------------------------------------------------------------------------------------------
890 // APIs.
891 //-------------------------------------------------------------------------------------------
892 
893 DWORD
894 WINAPI
895 WebAuthNGetApiVersionNumber();
896 
897 HRESULT
898 WINAPI
899 WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable(
900     _Out_ BOOL *pbIsUserVerifyingPlatformAuthenticatorAvailable);
901 
902 
903 HRESULT
904 WINAPI
905 WebAuthNAuthenticatorMakeCredential(
906     _In_        HWND                                                hWnd,
907     _In_        PCWEBAUTHN_RP_ENTITY_INFORMATION                    pRpInformation,
908     _In_        PCWEBAUTHN_USER_ENTITY_INFORMATION                  pUserInformation,
909     _In_        PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS               pPubKeyCredParams,
910     _In_        PCWEBAUTHN_CLIENT_DATA                              pWebAuthNClientData,
911     _In_opt_    PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS    pWebAuthNMakeCredentialOptions,
912     _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_ATTESTATION      *ppWebAuthNCredentialAttestation);
913 
914 
915 HRESULT
916 WINAPI
917 WebAuthNAuthenticatorGetAssertion(
918     _In_        HWND                                                hWnd,
919     _In_        LPCWSTR                                             pwszRpId,
920     _In_        PCWEBAUTHN_CLIENT_DATA                              pWebAuthNClientData,
921     _In_opt_    PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS      pWebAuthNGetAssertionOptions,
922     _Outptr_result_maybenull_ PWEBAUTHN_ASSERTION                   *ppWebAuthNAssertion);
923 
924 void
925 WINAPI
926 WebAuthNFreeCredentialAttestation(
927     _In_opt_ PWEBAUTHN_CREDENTIAL_ATTESTATION pWebAuthNCredentialAttestation);
928 
929 void
930 WINAPI
931 WebAuthNFreeAssertion(
932     _In_ PWEBAUTHN_ASSERTION pWebAuthNAssertion);
933 
934 HRESULT
935 WINAPI
936 WebAuthNGetCancellationId(
937     _Out_ GUID* pCancellationId);
938 
939 HRESULT
940 WINAPI
941 WebAuthNCancelCurrentOperation(
942     _In_ const GUID* pCancellationId);
943 
944 HRESULT
945 WINAPI
946 WebAuthNGetPlatformCredentialList(
947     _In_    PCWEBAUTHN_GET_CREDENTIALS_OPTIONS                  pGetCredentialsOptions,
948     _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST *ppCredentialDetailsList);
949 
950 void
951 WINAPI
952 WebAuthNFreePlatformCredentialList(
953     _In_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST  pCredentialDetailsList);
954 
955 //
956 // Returns the following Error Names:
957 //  L"Success"              - S_OK
958 //  L"InvalidStateError"    - NTE_EXISTS
959 //  L"ConstraintError"      - HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED),
960 //                            NTE_NOT_SUPPORTED,
961 //                            NTE_TOKEN_KEYSET_STORAGE_FULL
962 //  L"NotSupportedError"    - NTE_INVALID_PARAMETER
963 //  L"NotAllowedError"      - NTE_DEVICE_NOT_FOUND,
964 //                            NTE_NOT_FOUND,
965 //                            HRESULT_FROM_WIN32(ERROR_CANCELLED),
966 //                            NTE_USER_CANCELLED,
967 //                            HRESULT_FROM_WIN32(ERROR_TIMEOUT)
968 //  L"UnknownError"         - All other hr values
969 //
970 PCWSTR
971 WINAPI
972 WebAuthNGetErrorName(
973     _In_ HRESULT hr);
974 
975 HRESULT
976 WINAPI
977 WebAuthNGetW3CExceptionDOMError(
978     _In_ HRESULT hr);
979 
980 
981 #ifdef __cplusplus
982 }       // Balance extern "C" above
983 #endif
984 
985 #endif // WINAPI_FAMILY_PARTITION
986 #ifdef _MSC_VER
987 #pragma endregion
988 #endif
989 
990 #endif // __WEBAUTHN_H_
991