1 // Copyright (c) Microsoft Corporation. All rights reserved. 2 // Licensed under the MIT License. 3 4 #ifndef __WEBAUTHN_H_ 5 #define __WEBAUTHN_H_ 6 7 #pragma once 8 9 #include <winapifamily.h> 10 11 #ifdef _MSC_VER 12 #pragma region Desktop Family or OneCore Family 13 #endif 14 #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM) 15 16 #ifdef __cplusplus 17 extern "C" { 18 #endif 19 20 #ifndef WINAPI 21 #define WINAPI __stdcall 22 #endif 23 24 #ifndef INITGUID 25 #define INITGUID 26 #include <guiddef.h> 27 #undef INITGUID 28 #else 29 #include <guiddef.h> 30 #endif 31 32 //+------------------------------------------------------------------------------------------ 33 // API Version Information. 34 // Caller should check for WebAuthNGetApiVersionNumber to check the presence of relevant APIs 35 // and features for their usage. 36 //------------------------------------------------------------------------------------------- 37 38 #define WEBAUTHN_API_VERSION_1 1 39 // WEBAUTHN_API_VERSION_1 : Baseline Version 40 // Data Structures and their sub versions: 41 // - WEBAUTHN_RP_ENTITY_INFORMATION : 1 42 // - WEBAUTHN_USER_ENTITY_INFORMATION : 1 43 // - WEBAUTHN_CLIENT_DATA : 1 44 // - WEBAUTHN_COSE_CREDENTIAL_PARAMETER : 1 45 // - WEBAUTHN_COSE_CREDENTIAL_PARAMETERS : Not Applicable 46 // - WEBAUTHN_CREDENTIAL : 1 47 // - WEBAUTHN_CREDENTIALS : Not Applicable 48 // - WEBAUTHN_CREDENTIAL_EX : 1 49 // - WEBAUTHN_CREDENTIAL_LIST : Not Applicable 50 // - WEBAUTHN_EXTENSION : Not Applicable 51 // - WEBAUTHN_EXTENSIONS : Not Applicable 52 // - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 3 53 // - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 4 54 // - WEBAUTHN_COMMON_ATTESTATION : 1 55 // - WEBAUTHN_CREDENTIAL_ATTESTATION : 3 56 // - WEBAUTHN_ASSERTION : 1 57 // Extensions: 58 // - WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET 59 // APIs: 60 // - WebAuthNGetApiVersionNumber 61 // - WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable 62 // - WebAuthNAuthenticatorMakeCredential 63 // - WebAuthNAuthenticatorGetAssertion 64 // - WebAuthNFreeCredentialAttestation 65 // - WebAuthNFreeAssertion 66 // - WebAuthNGetCancellationId 67 // - WebAuthNCancelCurrentOperation 68 // - WebAuthNGetErrorName 69 // - WebAuthNGetW3CExceptionDOMError 70 71 #define WEBAUTHN_API_VERSION_2 2 72 // WEBAUTHN_API_VERSION_2 : Delta From WEBAUTHN_API_VERSION_1 73 // Added Extensions: 74 // - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT 75 // 76 77 #define WEBAUTHN_API_VERSION_3 3 78 // WEBAUTHN_API_VERSION_3 : Delta From WEBAUTHN_API_VERSION_2 79 // Data Structures and their sub versions: 80 // - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 4 81 // - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 5 82 // - WEBAUTHN_CREDENTIAL_ATTESTATION : 4 83 // - WEBAUTHN_ASSERTION : 2 84 // Added Extensions: 85 // - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB 86 // - WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH 87 // 88 89 #define WEBAUTHN_API_VERSION_4 4 90 // WEBAUTHN_API_VERSION_4 : Delta From WEBAUTHN_API_VERSION_3 91 // Data Structures and their sub versions: 92 // - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 5 93 // - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 6 94 // - WEBAUTHN_ASSERTION : 3 95 // APIs: 96 // - WebAuthNGetPlatformCredentialList 97 // - WebAuthNFreePlatformCredentialList 98 // 99 100 #define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_4 101 102 //+------------------------------------------------------------------------------------------ 103 // Information about an RP Entity 104 //------------------------------------------------------------------------------------------- 105 106 #define WEBAUTHN_RP_ENTITY_INFORMATION_CURRENT_VERSION 1 107 108 typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION { 109 // Version of this structure, to allow for modifications in the future. 110 // This field is required and should be set to CURRENT_VERSION above. 111 DWORD dwVersion; 112 113 // Identifier for the RP. This field is required. 114 PCWSTR pwszId; 115 116 // Contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site". 117 // This field is required. 118 PCWSTR pwszName; 119 120 // Optional URL pointing to RP's logo. 121 PCWSTR pwszIcon; 122 } WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION; 123 typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION; 124 125 //+------------------------------------------------------------------------------------------ 126 // Information about an User Entity 127 //------------------------------------------------------------------------------------------- 128 #define WEBAUTHN_MAX_USER_ID_LENGTH 64 129 130 #define WEBAUTHN_USER_ENTITY_INFORMATION_CURRENT_VERSION 1 131 132 typedef struct _WEBAUTHN_USER_ENTITY_INFORMATION { 133 // Version of this structure, to allow for modifications in the future. 134 // This field is required and should be set to CURRENT_VERSION above. 135 DWORD dwVersion; 136 137 // Identifier for the User. This field is required. 138 DWORD cbId; 139 _Field_size_bytes_(cbId) 140 PBYTE pbId; 141 142 // Contains a detailed name for this account, such as "john.p.smith@example.com". 143 PCWSTR pwszName; 144 145 // Optional URL that can be used to retrieve an image containing the user's current avatar, 146 // or a data URI that contains the image data. 147 PCWSTR pwszIcon; 148 149 // For User: Contains the friendly name associated with the user account by the Relying Party, such as "John P. Smith". 150 PCWSTR pwszDisplayName; 151 } WEBAUTHN_USER_ENTITY_INFORMATION, *PWEBAUTHN_USER_ENTITY_INFORMATION; 152 typedef const WEBAUTHN_USER_ENTITY_INFORMATION *PCWEBAUTHN_USER_ENTITY_INFORMATION; 153 154 //+------------------------------------------------------------------------------------------ 155 // Information about client data. 156 //------------------------------------------------------------------------------------------- 157 158 #define WEBAUTHN_HASH_ALGORITHM_SHA_256 L"SHA-256" 159 #define WEBAUTHN_HASH_ALGORITHM_SHA_384 L"SHA-384" 160 #define WEBAUTHN_HASH_ALGORITHM_SHA_512 L"SHA-512" 161 162 #define WEBAUTHN_CLIENT_DATA_CURRENT_VERSION 1 163 164 typedef struct _WEBAUTHN_CLIENT_DATA { 165 // Version of this structure, to allow for modifications in the future. 166 // This field is required and should be set to CURRENT_VERSION above. 167 DWORD dwVersion; 168 169 // Size of the pbClientDataJSON field. 170 DWORD cbClientDataJSON; 171 // UTF-8 encoded JSON serialization of the client data. 172 _Field_size_bytes_(cbClientDataJSON) 173 PBYTE pbClientDataJSON; 174 175 // Hash algorithm ID used to hash the pbClientDataJSON field. 176 LPCWSTR pwszHashAlgId; 177 } WEBAUTHN_CLIENT_DATA, *PWEBAUTHN_CLIENT_DATA; 178 typedef const WEBAUTHN_CLIENT_DATA *PCWEBAUTHN_CLIENT_DATA; 179 180 //+------------------------------------------------------------------------------------------ 181 // Information about credential parameters. 182 //------------------------------------------------------------------------------------------- 183 184 #define WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY L"public-key" 185 186 #define WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256 -7 187 #define WEBAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384 -35 188 #define WEBAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512 -36 189 190 #define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256 -257 191 #define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384 -258 192 #define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512 -259 193 194 #define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256 -37 195 #define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384 -38 196 #define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512 -39 197 198 #define WEBAUTHN_COSE_CREDENTIAL_PARAMETER_CURRENT_VERSION 1 199 200 typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETER { 201 // Version of this structure, to allow for modifications in the future. 202 DWORD dwVersion; 203 204 // Well-known credential type specifying a credential to create. 205 LPCWSTR pwszCredentialType; 206 207 // Well-known COSE algorithm specifying the algorithm to use for the credential. 208 LONG lAlg; 209 } WEBAUTHN_COSE_CREDENTIAL_PARAMETER, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETER; 210 typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETER *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETER; 211 212 typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETERS { 213 DWORD cCredentialParameters; 214 _Field_size_(cCredentialParameters) 215 PWEBAUTHN_COSE_CREDENTIAL_PARAMETER pCredentialParameters; 216 } WEBAUTHN_COSE_CREDENTIAL_PARAMETERS, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETERS; 217 typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS; 218 219 //+------------------------------------------------------------------------------------------ 220 // Information about credential. 221 //------------------------------------------------------------------------------------------- 222 #define WEBAUTHN_CREDENTIAL_CURRENT_VERSION 1 223 224 typedef struct _WEBAUTHN_CREDENTIAL { 225 // Version of this structure, to allow for modifications in the future. 226 DWORD dwVersion; 227 228 // Size of pbID. 229 DWORD cbId; 230 // Unique ID for this particular credential. 231 _Field_size_bytes_(cbId) 232 PBYTE pbId; 233 234 // Well-known credential type specifying what this particular credential is. 235 LPCWSTR pwszCredentialType; 236 } WEBAUTHN_CREDENTIAL, *PWEBAUTHN_CREDENTIAL; 237 typedef const WEBAUTHN_CREDENTIAL *PCWEBAUTHN_CREDENTIAL; 238 239 typedef struct _WEBAUTHN_CREDENTIALS { 240 DWORD cCredentials; 241 _Field_size_(cCredentials) 242 PWEBAUTHN_CREDENTIAL pCredentials; 243 } WEBAUTHN_CREDENTIALS, *PWEBAUTHN_CREDENTIALS; 244 typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS; 245 246 //+------------------------------------------------------------------------------------------ 247 // Information about credential with extra information, such as, dwTransports 248 //------------------------------------------------------------------------------------------- 249 250 #define WEBAUTHN_CTAP_TRANSPORT_USB 0x00000001 251 #define WEBAUTHN_CTAP_TRANSPORT_NFC 0x00000002 252 #define WEBAUTHN_CTAP_TRANSPORT_BLE 0x00000004 253 #define WEBAUTHN_CTAP_TRANSPORT_TEST 0x00000008 254 #define WEBAUTHN_CTAP_TRANSPORT_INTERNAL 0x00000010 255 #define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK 0x0000001F 256 257 #define WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION 1 258 259 typedef struct _WEBAUTHN_CREDENTIAL_EX { 260 // Version of this structure, to allow for modifications in the future. 261 DWORD dwVersion; 262 263 // Size of pbID. 264 DWORD cbId; 265 // Unique ID for this particular credential. 266 _Field_size_bytes_(cbId) 267 PBYTE pbId; 268 269 // Well-known credential type specifying what this particular credential is. 270 LPCWSTR pwszCredentialType; 271 272 // Transports. 0 implies no transport restrictions. 273 DWORD dwTransports; 274 } WEBAUTHN_CREDENTIAL_EX, *PWEBAUTHN_CREDENTIAL_EX; 275 typedef const WEBAUTHN_CREDENTIAL_EX *PCWEBAUTHN_CREDENTIAL_EX; 276 277 //+------------------------------------------------------------------------------------------ 278 // Information about credential list with extra information 279 //------------------------------------------------------------------------------------------- 280 281 typedef struct _WEBAUTHN_CREDENTIAL_LIST { 282 DWORD cCredentials; 283 _Field_size_(cCredentials) 284 PWEBAUTHN_CREDENTIAL_EX *ppCredentials; 285 } WEBAUTHN_CREDENTIAL_LIST, *PWEBAUTHN_CREDENTIAL_LIST; 286 typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST; 287 288 //+------------------------------------------------------------------------------------------ 289 // Credential Information for WebAuthNGetPlatformCredentialList API 290 //------------------------------------------------------------------------------------------- 291 292 #define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_1 1 293 #define WEBAUTHN_CREDENTIAL_DETAILS_CURRENT_VERSION WEBAUTHN_CREDENTIAL_DETAILS_VERSION_1 294 295 typedef struct _WEBAUTHN_CREDENTIAL_DETAILS { 296 // Version of this structure, to allow for modifications in the future. 297 DWORD dwVersion; 298 299 // Size of pbCredentialID. 300 DWORD cbCredentialID; 301 _Field_size_bytes_(cbCredentialID) 302 PBYTE pbCredentialID; 303 304 // RP Info 305 PWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation; 306 307 // User Info 308 PWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation; 309 } WEBAUTHN_CREDENTIAL_DETAILS, *PWEBAUTHN_CREDENTIAL_DETAILS; 310 typedef const WEBAUTHN_CREDENTIAL_DETAILS *PCWEBAUTHN_CREDENTIAL_DETAILS; 311 312 typedef struct _WEBAUTHN_CREDENTIAL_DETAILS_LIST { 313 DWORD cCredentialDetails; 314 _Field_size_(cCredentialDetails) 315 PWEBAUTHN_CREDENTIAL_DETAILS *ppCredentialDetails; 316 } WEBAUTHN_CREDENTIAL_DETAILS_LIST, *PWEBAUTHN_CREDENTIAL_DETAILS_LIST; 317 typedef const WEBAUTHN_CREDENTIAL_DETAILS_LIST *PCWEBAUTHN_CREDENTIAL_DETAILS_LIST; 318 319 #define WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1 1 320 #define WEBAUTHN_GET_CREDENTIALS_OPTIONS_CURRENT_VERSION WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1 321 322 typedef struct _WEBAUTHN_GET_CREDENTIALS_OPTIONS { 323 // Version of this structure, to allow for modifications in the future. 324 DWORD dwVersion; 325 326 // RPID 327 LPCWSTR pwszRpId; 328 329 // Optional. BrowserInPrivate Mode. Defaulting to FALSE. 330 BOOL bBrowserInPrivateMode; 331 } WEBAUTHN_GET_CREDENTIALS_OPTIONS, *PWEBAUTHN_GET_CREDENTIALS_OPTIONS; 332 typedef const WEBAUTHN_GET_CREDENTIALS_OPTIONS *PCWEBAUTHN_GET_CREDENTIALS_OPTIONS; 333 334 //+------------------------------------------------------------------------------------------ 335 // PRF values. 336 //------------------------------------------------------------------------------------------- 337 338 #define WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH 32 339 340 // SALT values below by default are converted into RAW Hmac-Secret values as per PRF extension. 341 // - SHA-256(UTF8Encode("WebAuthn PRF") || 0x00 || Value) 342 // 343 // Set WEBAUTHN_CTAP_HMAC_SECRET_VALUES_FLAG in dwFlags in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, 344 // if caller wants to provide RAW Hmac-Secret SALT values directly. In that case, 345 // values if provided MUST be of WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH size. 346 347 typedef struct _WEBAUTHN_HMAC_SECRET_SALT { 348 // Size of pbFirst. 349 DWORD cbFirst; 350 _Field_size_bytes_(cbFirst) 351 PBYTE pbFirst; // Required 352 353 // Size of pbSecond. 354 DWORD cbSecond; 355 _Field_size_bytes_(cbSecond) 356 PBYTE pbSecond; 357 } WEBAUTHN_HMAC_SECRET_SALT, *PWEBAUTHN_HMAC_SECRET_SALT; 358 typedef const WEBAUTHN_HMAC_SECRET_SALT *PCWEBAUTHN_HMAC_SECRET_SALT; 359 360 typedef struct _WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT { 361 // Size of pbCredID. 362 DWORD cbCredID; 363 _Field_size_bytes_(cbCredID) 364 PBYTE pbCredID; // Required 365 366 // PRF Values for above credential 367 PWEBAUTHN_HMAC_SECRET_SALT pHmacSecretSalt; // Required 368 } WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT, *PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT; 369 typedef const WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT *PCWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT; 370 371 typedef struct _WEBAUTHN_HMAC_SECRET_SALT_VALUES { 372 PWEBAUTHN_HMAC_SECRET_SALT pGlobalHmacSalt; 373 374 DWORD cCredWithHmacSecretSaltList; 375 _Field_size_(cCredWithHmacSecretSaltList) 376 PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT pCredWithHmacSecretSaltList; 377 } WEBAUTHN_HMAC_SECRET_SALT_VALUES, *PWEBAUTHN_HMAC_SECRET_SALT_VALUES; 378 typedef const WEBAUTHN_HMAC_SECRET_SALT_VALUES *PCWEBAUTHN_HMAC_SECRET_SALT_VALUES; 379 380 //+------------------------------------------------------------------------------------------ 381 // Hmac-Secret extension 382 //------------------------------------------------------------------------------------------- 383 384 #define WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET L"hmac-secret" 385 // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET 386 // MakeCredential Input Type: BOOL. 387 // - pvExtension must point to a BOOL with the value TRUE. 388 // - cbExtension must contain the sizeof(BOOL). 389 // MakeCredential Output Type: BOOL. 390 // - pvExtension will point to a BOOL with the value TRUE if credential 391 // was successfully created with HMAC_SECRET. 392 // - cbExtension will contain the sizeof(BOOL). 393 // GetAssertion Input Type: Not Supported 394 // GetAssertion Output Type: Not Supported 395 396 //+------------------------------------------------------------------------------------------ 397 // credProtect extension 398 //------------------------------------------------------------------------------------------- 399 400 #define WEBAUTHN_USER_VERIFICATION_ANY 0 401 #define WEBAUTHN_USER_VERIFICATION_OPTIONAL 1 402 #define WEBAUTHN_USER_VERIFICATION_OPTIONAL_WITH_CREDENTIAL_ID_LIST 2 403 #define WEBAUTHN_USER_VERIFICATION_REQUIRED 3 404 405 typedef struct _WEBAUTHN_CRED_PROTECT_EXTENSION_IN { 406 // One of the above WEBAUTHN_USER_VERIFICATION_* values 407 DWORD dwCredProtect; 408 // Set the following to TRUE to require authenticator support for the credProtect extension 409 BOOL bRequireCredProtect; 410 } WEBAUTHN_CRED_PROTECT_EXTENSION_IN, *PWEBAUTHN_CRED_PROTECT_EXTENSION_IN; 411 typedef const WEBAUTHN_CRED_PROTECT_EXTENSION_IN *PCWEBAUTHN_CRED_PROTECT_EXTENSION_IN; 412 413 414 #define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT L"credProtect" 415 // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT 416 // MakeCredential Input Type: WEBAUTHN_CRED_PROTECT_EXTENSION_IN. 417 // - pvExtension must point to a WEBAUTHN_CRED_PROTECT_EXTENSION_IN struct 418 // - cbExtension will contain the sizeof(WEBAUTHN_CRED_PROTECT_EXTENSION_IN). 419 // MakeCredential Output Type: DWORD. 420 // - pvExtension will point to a DWORD with one of the above WEBAUTHN_USER_VERIFICATION_* values 421 // if credential was successfully created with CRED_PROTECT. 422 // - cbExtension will contain the sizeof(DWORD). 423 // GetAssertion Input Type: Not Supported 424 // GetAssertion Output Type: Not Supported 425 426 //+------------------------------------------------------------------------------------------ 427 // credBlob extension 428 //------------------------------------------------------------------------------------------- 429 430 typedef struct _WEBAUTHN_CRED_BLOB_EXTENSION { 431 // Size of pbCredBlob. 432 DWORD cbCredBlob; 433 _Field_size_bytes_(cbCredBlob) 434 PBYTE pbCredBlob; 435 } WEBAUTHN_CRED_BLOB_EXTENSION, *PWEBAUTHN_CRED_BLOB_EXTENSION; 436 typedef const WEBAUTHN_CRED_BLOB_EXTENSION *PCWEBAUTHN_CRED_BLOB_EXTENSION; 437 438 439 #define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB L"credBlob" 440 // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB 441 // MakeCredential Input Type: WEBAUTHN_CRED_BLOB_EXTENSION. 442 // - pvExtension must point to a WEBAUTHN_CRED_BLOB_EXTENSION struct 443 // - cbExtension must contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION). 444 // MakeCredential Output Type: BOOL. 445 // - pvExtension will point to a BOOL with the value TRUE if credBlob was successfully created 446 // - cbExtension will contain the sizeof(BOOL). 447 // GetAssertion Input Type: BOOL. 448 // - pvExtension must point to a BOOL with the value TRUE to request the credBlob. 449 // - cbExtension must contain the sizeof(BOOL). 450 // GetAssertion Output Type: WEBAUTHN_CRED_BLOB_EXTENSION. 451 // - pvExtension will point to a WEBAUTHN_CRED_BLOB_EXTENSION struct if the authenticator 452 // returns the credBlob in the signed extensions 453 // - cbExtension will contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION). 454 455 //+------------------------------------------------------------------------------------------ 456 // minPinLength extension 457 //------------------------------------------------------------------------------------------- 458 459 #define WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH L"minPinLength" 460 // Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH 461 // MakeCredential Input Type: BOOL. 462 // - pvExtension must point to a BOOL with the value TRUE to request the minPinLength. 463 // - cbExtension must contain the sizeof(BOOL). 464 // MakeCredential Output Type: DWORD. 465 // - pvExtension will point to a DWORD with the minimum pin length if returned by the authenticator 466 // - cbExtension will contain the sizeof(DWORD). 467 // GetAssertion Input Type: Not Supported 468 // GetAssertion Output Type: Not Supported 469 470 //+------------------------------------------------------------------------------------------ 471 // Information about Extensions. 472 //------------------------------------------------------------------------------------------- 473 typedef struct _WEBAUTHN_EXTENSION { 474 LPCWSTR pwszExtensionIdentifier; 475 DWORD cbExtension; 476 PVOID pvExtension; 477 } WEBAUTHN_EXTENSION, *PWEBAUTHN_EXTENSION; 478 typedef const WEBAUTHN_EXTENSION *PCWEBAUTHN_EXTENSION; 479 480 typedef struct _WEBAUTHN_EXTENSIONS { 481 DWORD cExtensions; 482 _Field_size_(cExtensions) 483 PWEBAUTHN_EXTENSION pExtensions; 484 } WEBAUTHN_EXTENSIONS, *PWEBAUTHN_EXTENSIONS; 485 typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS; 486 487 //+------------------------------------------------------------------------------------------ 488 // Options. 489 //------------------------------------------------------------------------------------------- 490 491 #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY 0 492 #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM 1 493 #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM 2 494 #define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2 3 495 496 #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY 0 497 #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED 1 498 #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED 2 499 #define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED 3 500 501 #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ANY 0 502 #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE 1 503 #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT 2 504 #define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT 3 505 506 #define WEBAUTHN_ENTERPRISE_ATTESTATION_NONE 0 507 #define WEBAUTHN_ENTERPRISE_ATTESTATION_VENDOR_FACILITATED 1 508 #define WEBAUTHN_ENTERPRISE_ATTESTATION_PLATFORM_MANAGED 2 509 510 #define WEBAUTHN_LARGE_BLOB_SUPPORT_NONE 0 511 #define WEBAUTHN_LARGE_BLOB_SUPPORT_REQUIRED 1 512 #define WEBAUTHN_LARGE_BLOB_SUPPORT_PREFERRED 2 513 514 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1 1 515 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 2 516 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 3 517 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 4 518 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 5 519 #define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 520 521 typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS { 522 // Version of this structure, to allow for modifications in the future. 523 DWORD dwVersion; 524 525 // Time that the operation is expected to complete within. 526 // This is used as guidance, and can be overridden by the platform. 527 DWORD dwTimeoutMilliseconds; 528 529 // Credentials used for exclusion. 530 WEBAUTHN_CREDENTIALS CredentialList; 531 532 // Optional extensions to parse when performing the operation. 533 WEBAUTHN_EXTENSIONS Extensions; 534 535 // Optional. Platform vs Cross-Platform Authenticators. 536 DWORD dwAuthenticatorAttachment; 537 538 // Optional. Require key to be resident or not. Defaulting to FALSE. 539 BOOL bRequireResidentKey; 540 541 // User Verification Requirement. 542 DWORD dwUserVerificationRequirement; 543 544 // Attestation Conveyance Preference. 545 DWORD dwAttestationConveyancePreference; 546 547 // Reserved for future Use 548 DWORD dwFlags; 549 550 // 551 // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 552 // 553 554 // Cancellation Id - Optional - See WebAuthNGetCancellationId 555 GUID *pCancellationId; 556 557 // 558 // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 559 // 560 561 // Exclude Credential List. If present, "CredentialList" will be ignored. 562 PWEBAUTHN_CREDENTIAL_LIST pExcludeCredentialList; 563 564 // 565 // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 566 // 567 568 // Enterprise Attestation 569 DWORD dwEnterpriseAttestation; 570 571 // Large Blob Support: none, required or preferred 572 // 573 // NTE_INVALID_PARAMETER when large blob required or preferred and 574 // bRequireResidentKey isn't set to TRUE 575 DWORD dwLargeBlobSupport; 576 577 // Optional. Prefer key to be resident. Defaulting to FALSE. When TRUE, 578 // overrides the above bRequireResidentKey. 579 BOOL bPreferResidentKey; 580 581 // 582 // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 583 // 584 585 // Optional. BrowserInPrivate Mode. Defaulting to FALSE. 586 BOOL bBrowserInPrivateMode; 587 588 } WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS; 589 typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS; 590 591 #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_NONE 0 592 #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_GET 1 593 #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_SET 2 594 #define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_DELETE 3 595 596 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_1 1 597 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 2 598 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 3 599 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 4 600 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 5 601 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 6 602 #define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 603 604 /* 605 Information about flags. 606 */ 607 608 #define WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG 0x00100000 609 610 typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS { 611 // Version of this structure, to allow for modifications in the future. 612 DWORD dwVersion; 613 614 // Time that the operation is expected to complete within. 615 // This is used as guidance, and can be overridden by the platform. 616 DWORD dwTimeoutMilliseconds; 617 618 // Allowed Credentials List. 619 WEBAUTHN_CREDENTIALS CredentialList; 620 621 // Optional extensions to parse when performing the operation. 622 WEBAUTHN_EXTENSIONS Extensions; 623 624 // Optional. Platform vs Cross-Platform Authenticators. 625 DWORD dwAuthenticatorAttachment; 626 627 // User Verification Requirement. 628 DWORD dwUserVerificationRequirement; 629 630 // Flags 631 DWORD dwFlags; 632 633 // 634 // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 635 // 636 637 // Optional identifier for the U2F AppId. Converted to UTF8 before being hashed. Not lower cased. 638 PCWSTR pwszU2fAppId; 639 640 // If the following is non-NULL, then, set to TRUE if the above pwszU2fAppid was used instead of 641 // PCWSTR pwszRpId; 642 BOOL *pbU2fAppId; 643 644 // 645 // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 646 // 647 648 // Cancellation Id - Optional - See WebAuthNGetCancellationId 649 GUID *pCancellationId; 650 651 // 652 // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 653 // 654 655 // Allow Credential List. If present, "CredentialList" will be ignored. 656 PWEBAUTHN_CREDENTIAL_LIST pAllowCredentialList; 657 658 // 659 // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 660 // 661 662 DWORD dwCredLargeBlobOperation; 663 664 // Size of pbCredLargeBlob 665 DWORD cbCredLargeBlob; 666 _Field_size_bytes_(cbCredLargeBlob) 667 PBYTE pbCredLargeBlob; 668 669 // 670 // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 671 // 672 673 // PRF values which will be converted into HMAC-SECRET values according to WebAuthn Spec. 674 PWEBAUTHN_HMAC_SECRET_SALT_VALUES pHmacSecretSaltValues; 675 676 // Optional. BrowserInPrivate Mode. Defaulting to FALSE. 677 BOOL bBrowserInPrivateMode; 678 679 } WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS; 680 typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS; 681 682 683 //+------------------------------------------------------------------------------------------ 684 // Attestation Info. 685 // 686 //------------------------------------------------------------------------------------------- 687 #define WEBAUTHN_ATTESTATION_DECODE_NONE 0 688 #define WEBAUTHN_ATTESTATION_DECODE_COMMON 1 689 // WEBAUTHN_ATTESTATION_DECODE_COMMON supports format types 690 // L"packed" 691 // L"fido-u2f" 692 693 #define WEBAUTHN_ATTESTATION_VER_TPM_2_0 L"2.0" 694 695 typedef struct _WEBAUTHN_X5C { 696 // Length of X.509 encoded certificate 697 DWORD cbData; 698 // X.509 encoded certificate bytes 699 _Field_size_bytes_(cbData) 700 PBYTE pbData; 701 } WEBAUTHN_X5C, *PWEBAUTHN_X5C; 702 703 // Supports either Self or Full Basic Attestation 704 705 // Note, new fields will be added to the following data structure to 706 // support additional attestation format types, such as, TPM. 707 // When fields are added, the dwVersion will be incremented. 708 // 709 // Therefore, your code must make the following check: 710 // "if (dwVersion >= WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION)" 711 712 #define WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION 1 713 714 typedef struct _WEBAUTHN_COMMON_ATTESTATION { 715 // Version of this structure, to allow for modifications in the future. 716 DWORD dwVersion; 717 718 // Hash and Padding Algorithm 719 // 720 // The following won't be set for "fido-u2f" which assumes "ES256". 721 PCWSTR pwszAlg; 722 LONG lAlg; // COSE algorithm 723 724 // Signature that was generated for this attestation. 725 DWORD cbSignature; 726 _Field_size_bytes_(cbSignature) 727 PBYTE pbSignature; 728 729 // Following is set for Full Basic Attestation. If not, set then, this is Self Attestation. 730 // Array of X.509 DER encoded certificates. The first certificate is the signer, leaf certificate. 731 DWORD cX5c; 732 _Field_size_(cX5c) 733 PWEBAUTHN_X5C pX5c; 734 735 // Following are also set for tpm 736 PCWSTR pwszVer; // L"2.0" 737 DWORD cbCertInfo; 738 _Field_size_bytes_(cbCertInfo) 739 PBYTE pbCertInfo; 740 DWORD cbPubArea; 741 _Field_size_bytes_(cbPubArea) 742 PBYTE pbPubArea; 743 } WEBAUTHN_COMMON_ATTESTATION, *PWEBAUTHN_COMMON_ATTESTATION; 744 typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION; 745 746 #define WEBAUTHN_ATTESTATION_TYPE_PACKED L"packed" 747 #define WEBAUTHN_ATTESTATION_TYPE_U2F L"fido-u2f" 748 #define WEBAUTHN_ATTESTATION_TYPE_TPM L"tpm" 749 #define WEBAUTHN_ATTESTATION_TYPE_NONE L"none" 750 751 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_1 1 752 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 2 753 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 3 754 #define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 4 755 #define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 756 757 typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION { 758 // Version of this structure, to allow for modifications in the future. 759 DWORD dwVersion; 760 761 // Attestation format type 762 PCWSTR pwszFormatType; 763 764 // Size of cbAuthenticatorData. 765 DWORD cbAuthenticatorData; 766 // Authenticator data that was created for this credential. 767 _Field_size_bytes_(cbAuthenticatorData) 768 PBYTE pbAuthenticatorData; 769 770 // Size of CBOR encoded attestation information 771 //0 => encoded as CBOR null value. 772 DWORD cbAttestation; 773 //Encoded CBOR attestation information 774 _Field_size_bytes_(cbAttestation) 775 PBYTE pbAttestation; 776 777 DWORD dwAttestationDecodeType; 778 // Following depends on the dwAttestationDecodeType 779 // WEBAUTHN_ATTESTATION_DECODE_NONE 780 // NULL - not able to decode the CBOR attestation information 781 // WEBAUTHN_ATTESTATION_DECODE_COMMON 782 // PWEBAUTHN_COMMON_ATTESTATION; 783 PVOID pvAttestationDecode; 784 785 // The CBOR encoded Attestation Object to be returned to the RP. 786 DWORD cbAttestationObject; 787 _Field_size_bytes_(cbAttestationObject) 788 PBYTE pbAttestationObject; 789 790 // The CredentialId bytes extracted from the Authenticator Data. 791 // Used by Edge to return to the RP. 792 DWORD cbCredentialId; 793 _Field_size_bytes_(cbCredentialId) 794 PBYTE pbCredentialId; 795 796 // 797 // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 798 // 799 800 WEBAUTHN_EXTENSIONS Extensions; 801 802 // 803 // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 804 // 805 806 // One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to 807 // the transport that was used. 808 DWORD dwUsedTransport; 809 810 // 811 // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 812 // 813 814 BOOL bEpAtt; 815 BOOL bLargeBlobSupported; 816 BOOL bResidentKey; 817 818 } WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION; 819 typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION; 820 821 822 //+------------------------------------------------------------------------------------------ 823 // authenticatorGetAssertion output. 824 //------------------------------------------------------------------------------------------- 825 826 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NONE 0 827 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_SUCCESS 1 828 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_SUPPORTED 2 829 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_DATA 3 830 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_PARAMETER 4 831 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_FOUND 5 832 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_MULTIPLE_CREDENTIALS 6 833 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_LACK_OF_SPACE 7 834 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_PLATFORM_ERROR 8 835 #define WEBAUTHN_CRED_LARGE_BLOB_STATUS_AUTHENTICATOR_ERROR 9 836 837 #define WEBAUTHN_ASSERTION_VERSION_1 1 838 #define WEBAUTHN_ASSERTION_VERSION_2 2 839 #define WEBAUTHN_ASSERTION_VERSION_3 3 840 #define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_3 841 842 typedef struct _WEBAUTHN_ASSERTION { 843 // Version of this structure, to allow for modifications in the future. 844 DWORD dwVersion; 845 846 // Size of cbAuthenticatorData. 847 DWORD cbAuthenticatorData; 848 // Authenticator data that was created for this assertion. 849 _Field_size_bytes_(cbAuthenticatorData) 850 PBYTE pbAuthenticatorData; 851 852 // Size of pbSignature. 853 DWORD cbSignature; 854 // Signature that was generated for this assertion. 855 _Field_size_bytes_(cbSignature) 856 PBYTE pbSignature; 857 858 // Credential that was used for this assertion. 859 WEBAUTHN_CREDENTIAL Credential; 860 861 // Size of User Id 862 DWORD cbUserId; 863 // UserId 864 _Field_size_bytes_(cbUserId) 865 PBYTE pbUserId; 866 867 // 868 // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_2 869 // 870 871 WEBAUTHN_EXTENSIONS Extensions; 872 873 // Size of pbCredLargeBlob 874 DWORD cbCredLargeBlob; 875 _Field_size_bytes_(cbCredLargeBlob) 876 PBYTE pbCredLargeBlob; 877 878 DWORD dwCredLargeBlobStatus; 879 880 // 881 // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_3 882 // 883 884 PWEBAUTHN_HMAC_SECRET_SALT pHmacSecret; 885 886 } WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION; 887 typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION; 888 889 //+------------------------------------------------------------------------------------------ 890 // APIs. 891 //------------------------------------------------------------------------------------------- 892 893 DWORD 894 WINAPI 895 WebAuthNGetApiVersionNumber(); 896 897 HRESULT 898 WINAPI 899 WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable( 900 _Out_ BOOL *pbIsUserVerifyingPlatformAuthenticatorAvailable); 901 902 903 HRESULT 904 WINAPI 905 WebAuthNAuthenticatorMakeCredential( 906 _In_ HWND hWnd, 907 _In_ PCWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation, 908 _In_ PCWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation, 909 _In_ PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS pPubKeyCredParams, 910 _In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, 911 _In_opt_ PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS pWebAuthNMakeCredentialOptions, 912 _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_ATTESTATION *ppWebAuthNCredentialAttestation); 913 914 915 HRESULT 916 WINAPI 917 WebAuthNAuthenticatorGetAssertion( 918 _In_ HWND hWnd, 919 _In_ LPCWSTR pwszRpId, 920 _In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, 921 _In_opt_ PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS pWebAuthNGetAssertionOptions, 922 _Outptr_result_maybenull_ PWEBAUTHN_ASSERTION *ppWebAuthNAssertion); 923 924 void 925 WINAPI 926 WebAuthNFreeCredentialAttestation( 927 _In_opt_ PWEBAUTHN_CREDENTIAL_ATTESTATION pWebAuthNCredentialAttestation); 928 929 void 930 WINAPI 931 WebAuthNFreeAssertion( 932 _In_ PWEBAUTHN_ASSERTION pWebAuthNAssertion); 933 934 HRESULT 935 WINAPI 936 WebAuthNGetCancellationId( 937 _Out_ GUID* pCancellationId); 938 939 HRESULT 940 WINAPI 941 WebAuthNCancelCurrentOperation( 942 _In_ const GUID* pCancellationId); 943 944 HRESULT 945 WINAPI 946 WebAuthNGetPlatformCredentialList( 947 _In_ PCWEBAUTHN_GET_CREDENTIALS_OPTIONS pGetCredentialsOptions, 948 _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST *ppCredentialDetailsList); 949 950 void 951 WINAPI 952 WebAuthNFreePlatformCredentialList( 953 _In_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST pCredentialDetailsList); 954 955 // 956 // Returns the following Error Names: 957 // L"Success" - S_OK 958 // L"InvalidStateError" - NTE_EXISTS 959 // L"ConstraintError" - HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED), 960 // NTE_NOT_SUPPORTED, 961 // NTE_TOKEN_KEYSET_STORAGE_FULL 962 // L"NotSupportedError" - NTE_INVALID_PARAMETER 963 // L"NotAllowedError" - NTE_DEVICE_NOT_FOUND, 964 // NTE_NOT_FOUND, 965 // HRESULT_FROM_WIN32(ERROR_CANCELLED), 966 // NTE_USER_CANCELLED, 967 // HRESULT_FROM_WIN32(ERROR_TIMEOUT) 968 // L"UnknownError" - All other hr values 969 // 970 PCWSTR 971 WINAPI 972 WebAuthNGetErrorName( 973 _In_ HRESULT hr); 974 975 HRESULT 976 WINAPI 977 WebAuthNGetW3CExceptionDOMError( 978 _In_ HRESULT hr); 979 980 981 #ifdef __cplusplus 982 } // Balance extern "C" above 983 #endif 984 985 #endif // WINAPI_FAMILY_PARTITION 986 #ifdef _MSC_VER 987 #pragma endregion 988 #endif 989 990 #endif // __WEBAUTHN_H_ 991