From fd0c3e37b5e8498d8bc59e190faef9fa9498ddb7 Mon Sep 17 00:00:00 2001 From: Isaiah Inuwa Date: Wed, 13 Aug 2025 15:52:56 -0500 Subject: [PATCH 1/2] Delete unused files --- contrib/output.bin | Bin 764 -> 0 bytes contrib/private-key1.pem | 5 - contrib/private-key1.pk8 | Bin 138 -> 0 bytes contrib/rsa-2048-private-key.pk8 | Bin 1218 -> 0 bytes contrib/webauthn.h | 1054 ------------------------------ 5 files changed, 1059 deletions(-) delete mode 100644 contrib/output.bin delete mode 100644 contrib/private-key1.pem delete mode 100644 contrib/private-key1.pk8 delete mode 100644 contrib/rsa-2048-private-key.pk8 delete mode 100644 contrib/webauthn.h diff --git a/contrib/output.bin b/contrib/output.bin deleted file mode 100644 index 75b1fa4ee8537c0401d544fbd53fcda8e9331425..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 764 zcmZ3SoR(XXR*;ySotl!KSW*&Pl3TJkIWZ?)Ex9-|J;KAljY*MV)w%@c)@gHRUHEy5 ziTnNjw>N%hb*#^>xl&qv!|~^ZkSw5*$6^h?cASuiFPizCU6?_E+m`p~GM<&Yxulv; zT#(-OI3u~jG`TU7@vcD=<4qv0UBJx5$i&3RXu!+HsnzDu_MMlJk(-slAiFNPyHZ^9VX6mLz8=IHwksWTt@>rW(kJ^BS5Pm>ZfH7?~It7(|Klniv}Z z1&j<#Ele$<=-`4#17S9Hpr_B-GBL7ofEmn;?95IKEWL?!sV4*aQuZ88w>qJfKJ%81 zh+Bq^YLA=!|N9a5Fa5I1G4Bq(KK00w`@bD$zP;Y2ue^Fa6Z4iG6Qvh~&7AU(aj~j_ zvH=g!>$1X(jQ?4f3>bh`aci?NvM@G1l>r7f3kx$7GY49rGrKbwxG*UsE+~?aWUloP zUSGCT)O4%KN}nZ7$tML1PCON{5%>@|ok@X1YvmlC2eOOTuUmGpCNlopq`%WO_K99u zTf0e=wej_m$c#i_jJPD0Bt|SLS@vp@@X0y)C7V?!d47$2@tzpHG=*=>dH8rAyeW(xk#es^#(*G;7eg>L4usoynN fQew*w=PVQCcosaf>szyC^XvDPb37-#Vu%9(CMp3r diff --git a/contrib/private-key1.pem b/contrib/private-key1.pem deleted file mode 100644 index fcc70341..00000000 --- a/contrib/private-key1.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgvSL6iJrE/p7tzGm8 -bObQUF7KNtbo5F8bRGqGlE0Sr5ShRANCAATsE56JjHBJ8V9XKH+6drjNtnFHKHsv -zpkR/2vuwZMK2YsDdpX3KARkXXfDbKYRCOZTmYr2gymD6+85nEmS6gBe ------END PRIVATE KEY----- \ No newline at end of file diff --git a/contrib/private-key1.pk8 b/contrib/private-key1.pk8 deleted file mode 100644 index 3e0e34b0101c44c6d36103288bb6bb054c6fbd34..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 138 zcmV;50CoQ`frkPC05B5<2P%e0&OHJF1_&yKNX|V20S5$aFlzz<0R$kuBKnA$#QvV` z%xS!A=Fm`H$~M;MwFWL+d<7Ns{USUJr;mi2wiq diff --git a/contrib/rsa-2048-private-key.pk8 b/contrib/rsa-2048-private-key.pk8 deleted file mode 100644 index 0519483967cddd86b0fcce02ee1488baa8fb9da2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0H}N{S3Exh zfZL^((G7fZws)#``5Xit-@9}(>sXkDklH&N{I6p*wV7h=YnWLa0?^z%Z)gojnJ|~p zeUtB4^V&*x-uGs5`XE<1B6#u`Ne118WF&7vu;_PZI$tNS>1IAgLklDk)Ep$k8GwGZ z)L#l1y>ZN>{4*wu6z)v-eoJr$>@3@rM=hne;z9g*R`B6gCS2hJCx009Dm0RRc< za5P(+duhkQIGU)}^69W8i?mRMA9~A--3JlryCv7?)lVwKL*pQrbj~>0U;8 zO_h;}#O=k`wOn^GomRCdMo3q|x!*v|K}UXzX0Hnau97K2=>$TT)2$D3M{wswVs#&g zydRQtA>dLC27;2H&h7P9WwcL*prWaM!-xEX>z<6D5UV_uNU=`(=F{(=H3bZ048Xb= z*@NHU`zY~(LJ+AEHf}f32HR})H{WQ7@aiRIOy`q*FVg=B8?+C`84RyWab6u^9urjfdJ5~1!aAn6Yq_boTfx>H&`2jm;tDU*hJ33 zqW|DNE#l7!aRi55kV`W<$t(;C;(|)hv7|4Mqn~A$dQYy5%JlbZYoO5Q4}&R&JP&n0 z{h2Aoj)~yL$Z4B)<^Sn)_x-J4T{vT_IuCjxxe1if(BMLN%`?haL?HR#HRvTm0sR7j zfdI3?_dK?=6>d(`^8l85r{TT8WXEz%3Yf%^x9H|vI_fq7rtuA@Fe&0d? zZNPWAXr3Ip_kmlQ|CVYET5SZ3D?5YmhQjyJP~xEw`#PoM1CcN7&xG`t#VSWq3Pp@h zQSGZ@B7V)AMb29}%aEP%w20aZJAr%?YhMC^fMOCx;{hAjK*8vXs+RcpQw0qQxTVgb7Fg5kH!&C#bd%m65F9b^@&!TR!+dt_&@AbW5qB@^Jq*cD zm|mYky - -#pragma region Desktop Family or OneCore Family -#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM) - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef WINAPI -#define WINAPI __stdcall -#endif - -#ifndef INITGUID -#define INITGUID -#include -#undef INITGUID -#else -#include -#endif - -//+------------------------------------------------------------------------------------------ -// API Version Information. -// Caller should check for WebAuthNGetApiVersionNumber to check the presence of relevant APIs -// and features for their usage. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_API_VERSION_1 1 -// WEBAUTHN_API_VERSION_1 : Baseline Version -// Data Structures and their sub versions: -// - WEBAUTHN_RP_ENTITY_INFORMATION : 1 -// - WEBAUTHN_USER_ENTITY_INFORMATION : 1 -// - WEBAUTHN_CLIENT_DATA : 1 -// - WEBAUTHN_COSE_CREDENTIAL_PARAMETER : 1 -// - WEBAUTHN_COSE_CREDENTIAL_PARAMETERS : Not Applicable -// - WEBAUTHN_CREDENTIAL : 1 -// - WEBAUTHN_CREDENTIALS : Not Applicable -// - WEBAUTHN_CREDENTIAL_EX : 1 -// - WEBAUTHN_CREDENTIAL_LIST : Not Applicable -// - WEBAUTHN_EXTENSION : Not Applicable -// - WEBAUTHN_EXTENSIONS : Not Applicable -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 3 -// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 4 -// - WEBAUTHN_COMMON_ATTESTATION : 1 -// - WEBAUTHN_CREDENTIAL_ATTESTATION : 3 -// - WEBAUTHN_ASSERTION : 1 -// Extensions: -// - WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET -// APIs: -// - WebAuthNGetApiVersionNumber -// - WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable -// - WebAuthNAuthenticatorMakeCredential -// - WebAuthNAuthenticatorGetAssertion -// - WebAuthNFreeCredentialAttestation -// - WebAuthNFreeAssertion -// - WebAuthNGetCancellationId -// - WebAuthNCancelCurrentOperation -// - WebAuthNGetErrorName -// - WebAuthNGetW3CExceptionDOMError -// Transports: -// - WEBAUTHN_CTAP_TRANSPORT_USB -// - WEBAUTHN_CTAP_TRANSPORT_NFC -// - WEBAUTHN_CTAP_TRANSPORT_BLE -// - WEBAUTHN_CTAP_TRANSPORT_INTERNAL - -#define WEBAUTHN_API_VERSION_2 2 -// WEBAUTHN_API_VERSION_2 : Delta From WEBAUTHN_API_VERSION_1 -// Added Extensions: -// - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT -// - -#define WEBAUTHN_API_VERSION_3 3 -// WEBAUTHN_API_VERSION_3 : Delta From WEBAUTHN_API_VERSION_2 -// Data Structures and their sub versions: -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 4 -// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 5 -// - WEBAUTHN_CREDENTIAL_ATTESTATION : 4 -// - WEBAUTHN_ASSERTION : 2 -// Added Extensions: -// - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB -// - WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH -// - -#define WEBAUTHN_API_VERSION_4 4 -// WEBAUTHN_API_VERSION_4 : Delta From WEBAUTHN_API_VERSION_3 -// Data Structures and their sub versions: -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 5 -// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 6 -// - WEBAUTHN_ASSERTION : 3 -// - WEBAUTHN_CREDENTIAL_DETAILS : 1 -// APIs: -// - WebAuthNGetPlatformCredentialList -// - WebAuthNFreePlatformCredentialList -// - WebAuthNDeletePlatformCredential -// - -#define WEBAUTHN_API_VERSION_5 5 -// WEBAUTHN_API_VERSION_5 : Delta From WEBAUTHN_API_VERSION_4 -// Data Structures and their sub versions: -// - WEBAUTHN_CREDENTIAL_DETAILS : 2 -// Extension Changes: -// - Enabled LARGE_BLOB Support -// - -#define WEBAUTHN_API_VERSION_6 6 -// WEBAUTHN_API_VERSION_6 : Delta From WEBAUTHN_API_VERSION_5 -// Data Structures and their sub versions: -// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 6 -// - WEBAUTHN_CREDENTIAL_ATTESTATION : 5 -// - WEBAUTHN_ASSERTION : 4 -// Transports: -// - WEBAUTHN_CTAP_TRANSPORT_HYBRID - -#define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_6 - -//+------------------------------------------------------------------------------------------ -// Information about an RP Entity -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_RP_ENTITY_INFORMATION_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION { - // Version of this structure, to allow for modifications in the future. - // This field is required and should be set to CURRENT_VERSION above. - DWORD dwVersion; - - // Identifier for the RP. This field is required. - PCWSTR pwszId; - - // Contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site". - // This field is required. - PCWSTR pwszName; - - // Optional URL pointing to RP's logo. - PCWSTR pwszIcon; -} WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION; -typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION; - -//+------------------------------------------------------------------------------------------ -// Information about an User Entity -//------------------------------------------------------------------------------------------- -#define WEBAUTHN_MAX_USER_ID_LENGTH 64 - -#define WEBAUTHN_USER_ENTITY_INFORMATION_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_USER_ENTITY_INFORMATION { - // Version of this structure, to allow for modifications in the future. - // This field is required and should be set to CURRENT_VERSION above. - DWORD dwVersion; - - // Identifier for the User. This field is required. - DWORD cbId; - _Field_size_bytes_(cbId) - PBYTE pbId; - - // Contains a detailed name for this account, such as "john.p.smith@example.com". - PCWSTR pwszName; - - // Optional URL that can be used to retrieve an image containing the user's current avatar, - // or a data URI that contains the image data. - PCWSTR pwszIcon; - - // For User: Contains the friendly name associated with the user account by the Relying Party, such as "John P. Smith". - PCWSTR pwszDisplayName; -} WEBAUTHN_USER_ENTITY_INFORMATION, *PWEBAUTHN_USER_ENTITY_INFORMATION; -typedef const WEBAUTHN_USER_ENTITY_INFORMATION *PCWEBAUTHN_USER_ENTITY_INFORMATION; - -//+------------------------------------------------------------------------------------------ -// Information about client data. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_HASH_ALGORITHM_SHA_256 L"SHA-256" -#define WEBAUTHN_HASH_ALGORITHM_SHA_384 L"SHA-384" -#define WEBAUTHN_HASH_ALGORITHM_SHA_512 L"SHA-512" - -#define WEBAUTHN_CLIENT_DATA_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_CLIENT_DATA { - // Version of this structure, to allow for modifications in the future. - // This field is required and should be set to CURRENT_VERSION above. - DWORD dwVersion; - - // Size of the pbClientDataJSON field. - DWORD cbClientDataJSON; - // UTF-8 encoded JSON serialization of the client data. - _Field_size_bytes_(cbClientDataJSON) - PBYTE pbClientDataJSON; - - // Hash algorithm ID used to hash the pbClientDataJSON field. - LPCWSTR pwszHashAlgId; -} WEBAUTHN_CLIENT_DATA, *PWEBAUTHN_CLIENT_DATA; -typedef const WEBAUTHN_CLIENT_DATA *PCWEBAUTHN_CLIENT_DATA; - -//+------------------------------------------------------------------------------------------ -// Information about credential parameters. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY L"public-key" - -#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256 -7 -#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384 -35 -#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512 -36 - -#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256 -257 -#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384 -258 -#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512 -259 - -#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256 -37 -#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384 -38 -#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512 -39 - -#define WEBAUTHN_COSE_CREDENTIAL_PARAMETER_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETER { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Well-known credential type specifying a credential to create. - LPCWSTR pwszCredentialType; - - // Well-known COSE algorithm specifying the algorithm to use for the credential. - LONG lAlg; -} WEBAUTHN_COSE_CREDENTIAL_PARAMETER, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETER; -typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETER *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETER; - -typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETERS { - DWORD cCredentialParameters; - _Field_size_(cCredentialParameters) - PWEBAUTHN_COSE_CREDENTIAL_PARAMETER pCredentialParameters; -} WEBAUTHN_COSE_CREDENTIAL_PARAMETERS, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETERS; -typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS; - -//+------------------------------------------------------------------------------------------ -// Information about credential. -//------------------------------------------------------------------------------------------- -#define WEBAUTHN_CREDENTIAL_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_CREDENTIAL { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Size of pbID. - DWORD cbId; - // Unique ID for this particular credential. - _Field_size_bytes_(cbId) - PBYTE pbId; - - // Well-known credential type specifying what this particular credential is. - LPCWSTR pwszCredentialType; -} WEBAUTHN_CREDENTIAL, *PWEBAUTHN_CREDENTIAL; -typedef const WEBAUTHN_CREDENTIAL *PCWEBAUTHN_CREDENTIAL; - -typedef struct _WEBAUTHN_CREDENTIALS { - DWORD cCredentials; - _Field_size_(cCredentials) - PWEBAUTHN_CREDENTIAL pCredentials; -} WEBAUTHN_CREDENTIALS, *PWEBAUTHN_CREDENTIALS; -typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS; - -//+------------------------------------------------------------------------------------------ -// Information about credential with extra information, such as, dwTransports -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_CTAP_TRANSPORT_USB 0x00000001 -#define WEBAUTHN_CTAP_TRANSPORT_NFC 0x00000002 -#define WEBAUTHN_CTAP_TRANSPORT_BLE 0x00000004 -#define WEBAUTHN_CTAP_TRANSPORT_TEST 0x00000008 -#define WEBAUTHN_CTAP_TRANSPORT_INTERNAL 0x00000010 -#define WEBAUTHN_CTAP_TRANSPORT_HYBRID 0x00000020 -#define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK 0x0000002F - -#define WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_CREDENTIAL_EX { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Size of pbID. - DWORD cbId; - // Unique ID for this particular credential. - _Field_size_bytes_(cbId) - PBYTE pbId; - - // Well-known credential type specifying what this particular credential is. - LPCWSTR pwszCredentialType; - - // Transports. 0 implies no transport restrictions. - DWORD dwTransports; -} WEBAUTHN_CREDENTIAL_EX, *PWEBAUTHN_CREDENTIAL_EX; -typedef const WEBAUTHN_CREDENTIAL_EX *PCWEBAUTHN_CREDENTIAL_EX; - -//+------------------------------------------------------------------------------------------ -// Information about credential list with extra information -//------------------------------------------------------------------------------------------- - -typedef struct _WEBAUTHN_CREDENTIAL_LIST { - DWORD cCredentials; - _Field_size_(cCredentials) - PWEBAUTHN_CREDENTIAL_EX *ppCredentials; -} WEBAUTHN_CREDENTIAL_LIST, *PWEBAUTHN_CREDENTIAL_LIST; -typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST; - -//+------------------------------------------------------------------------------------------ -// Credential Information for WebAuthNGetPlatformCredentialList API -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_1 1 -#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2 2 -#define WEBAUTHN_CREDENTIAL_DETAILS_CURRENT_VERSION WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2 - -typedef struct _WEBAUTHN_CREDENTIAL_DETAILS { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Size of pbCredentialID. - DWORD cbCredentialID; - _Field_size_bytes_(cbCredentialID) - PBYTE pbCredentialID; - - // RP Info - PWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation; - - // User Info - PWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation; - - // Removable or not. - BOOL bRemovable; - - // - // The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2 - // - - // Backed Up or not. - BOOL bBackedUp; -} WEBAUTHN_CREDENTIAL_DETAILS, *PWEBAUTHN_CREDENTIAL_DETAILS; -typedef const WEBAUTHN_CREDENTIAL_DETAILS *PCWEBAUTHN_CREDENTIAL_DETAILS; - -typedef struct _WEBAUTHN_CREDENTIAL_DETAILS_LIST { - DWORD cCredentialDetails; - _Field_size_(cCredentialDetails) - PWEBAUTHN_CREDENTIAL_DETAILS *ppCredentialDetails; -} WEBAUTHN_CREDENTIAL_DETAILS_LIST, *PWEBAUTHN_CREDENTIAL_DETAILS_LIST; -typedef const WEBAUTHN_CREDENTIAL_DETAILS_LIST *PCWEBAUTHN_CREDENTIAL_DETAILS_LIST; - -#define WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1 1 -#define WEBAUTHN_GET_CREDENTIALS_OPTIONS_CURRENT_VERSION WEBAUTHN_GET_CREDENTIALS_OPTIONS_VERSION_1 - -typedef struct _WEBAUTHN_GET_CREDENTIALS_OPTIONS { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Optional. - LPCWSTR pwszRpId; - - // Optional. BrowserInPrivate Mode. Defaulting to FALSE. - BOOL bBrowserInPrivateMode; -} WEBAUTHN_GET_CREDENTIALS_OPTIONS, *PWEBAUTHN_GET_CREDENTIALS_OPTIONS; -typedef const WEBAUTHN_GET_CREDENTIALS_OPTIONS *PCWEBAUTHN_GET_CREDENTIALS_OPTIONS; - -//+------------------------------------------------------------------------------------------ -// PRF values. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH 32 - -// SALT values below by default are converted into RAW Hmac-Secret values as per PRF extension. -// - SHA-256(UTF8Encode("WebAuthn PRF") || 0x00 || Value) -// -// Set WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG in dwFlags in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, -// if caller wants to provide RAW Hmac-Secret SALT values directly. In that case, -// values if provided MUST be of WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH size. - -typedef struct _WEBAUTHN_HMAC_SECRET_SALT { - // Size of pbFirst. - DWORD cbFirst; - _Field_size_bytes_(cbFirst) - PBYTE pbFirst; // Required - - // Size of pbSecond. - DWORD cbSecond; - _Field_size_bytes_(cbSecond) - PBYTE pbSecond; -} WEBAUTHN_HMAC_SECRET_SALT, *PWEBAUTHN_HMAC_SECRET_SALT; -typedef const WEBAUTHN_HMAC_SECRET_SALT *PCWEBAUTHN_HMAC_SECRET_SALT; - -typedef struct _WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT { - // Size of pbCredID. - DWORD cbCredID; - _Field_size_bytes_(cbCredID) - PBYTE pbCredID; // Required - - // PRF Values for above credential - PWEBAUTHN_HMAC_SECRET_SALT pHmacSecretSalt; // Required -} WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT, *PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT; -typedef const WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT *PCWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT; - -typedef struct _WEBAUTHN_HMAC_SECRET_SALT_VALUES { - PWEBAUTHN_HMAC_SECRET_SALT pGlobalHmacSalt; - - DWORD cCredWithHmacSecretSaltList; - _Field_size_(cCredWithHmacSecretSaltList) - PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT pCredWithHmacSecretSaltList; -} WEBAUTHN_HMAC_SECRET_SALT_VALUES, *PWEBAUTHN_HMAC_SECRET_SALT_VALUES; -typedef const WEBAUTHN_HMAC_SECRET_SALT_VALUES *PCWEBAUTHN_HMAC_SECRET_SALT_VALUES; - -//+------------------------------------------------------------------------------------------ -// Hmac-Secret extension -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET L"hmac-secret" -// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET -// MakeCredential Input Type: BOOL. -// - pvExtension must point to a BOOL with the value TRUE. -// - cbExtension must contain the sizeof(BOOL). -// MakeCredential Output Type: BOOL. -// - pvExtension will point to a BOOL with the value TRUE if credential -// was successfully created with HMAC_SECRET. -// - cbExtension will contain the sizeof(BOOL). -// GetAssertion Input Type: Not Supported -// GetAssertion Output Type: Not Supported - -//+------------------------------------------------------------------------------------------ -// credProtect extension -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_USER_VERIFICATION_ANY 0 -#define WEBAUTHN_USER_VERIFICATION_OPTIONAL 1 -#define WEBAUTHN_USER_VERIFICATION_OPTIONAL_WITH_CREDENTIAL_ID_LIST 2 -#define WEBAUTHN_USER_VERIFICATION_REQUIRED 3 - -typedef struct _WEBAUTHN_CRED_PROTECT_EXTENSION_IN { - // One of the above WEBAUTHN_USER_VERIFICATION_* values - DWORD dwCredProtect; - // Set the following to TRUE to require authenticator support for the credProtect extension - BOOL bRequireCredProtect; -} WEBAUTHN_CRED_PROTECT_EXTENSION_IN, *PWEBAUTHN_CRED_PROTECT_EXTENSION_IN; -typedef const WEBAUTHN_CRED_PROTECT_EXTENSION_IN *PCWEBAUTHN_CRED_PROTECT_EXTENSION_IN; - - -#define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT L"credProtect" -// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT -// MakeCredential Input Type: WEBAUTHN_CRED_PROTECT_EXTENSION_IN. -// - pvExtension must point to a WEBAUTHN_CRED_PROTECT_EXTENSION_IN struct -// - cbExtension will contain the sizeof(WEBAUTHN_CRED_PROTECT_EXTENSION_IN). -// MakeCredential Output Type: DWORD. -// - pvExtension will point to a DWORD with one of the above WEBAUTHN_USER_VERIFICATION_* values -// if credential was successfully created with CRED_PROTECT. -// - cbExtension will contain the sizeof(DWORD). -// GetAssertion Input Type: Not Supported -// GetAssertion Output Type: Not Supported - -//+------------------------------------------------------------------------------------------ -// credBlob extension -//------------------------------------------------------------------------------------------- - -typedef struct _WEBAUTHN_CRED_BLOB_EXTENSION { - // Size of pbCredBlob. - DWORD cbCredBlob; - _Field_size_bytes_(cbCredBlob) - PBYTE pbCredBlob; -} WEBAUTHN_CRED_BLOB_EXTENSION, *PWEBAUTHN_CRED_BLOB_EXTENSION; -typedef const WEBAUTHN_CRED_BLOB_EXTENSION *PCWEBAUTHN_CRED_BLOB_EXTENSION; - - -#define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB L"credBlob" -// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB -// MakeCredential Input Type: WEBAUTHN_CRED_BLOB_EXTENSION. -// - pvExtension must point to a WEBAUTHN_CRED_BLOB_EXTENSION struct -// - cbExtension must contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION). -// MakeCredential Output Type: BOOL. -// - pvExtension will point to a BOOL with the value TRUE if credBlob was successfully created -// - cbExtension will contain the sizeof(BOOL). -// GetAssertion Input Type: BOOL. -// - pvExtension must point to a BOOL with the value TRUE to request the credBlob. -// - cbExtension must contain the sizeof(BOOL). -// GetAssertion Output Type: WEBAUTHN_CRED_BLOB_EXTENSION. -// - pvExtension will point to a WEBAUTHN_CRED_BLOB_EXTENSION struct if the authenticator -// returns the credBlob in the signed extensions -// - cbExtension will contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION). - -//+------------------------------------------------------------------------------------------ -// minPinLength extension -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH L"minPinLength" -// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH -// MakeCredential Input Type: BOOL. -// - pvExtension must point to a BOOL with the value TRUE to request the minPinLength. -// - cbExtension must contain the sizeof(BOOL). -// MakeCredential Output Type: DWORD. -// - pvExtension will point to a DWORD with the minimum pin length if returned by the authenticator -// - cbExtension will contain the sizeof(DWORD). -// GetAssertion Input Type: Not Supported -// GetAssertion Output Type: Not Supported - -//+------------------------------------------------------------------------------------------ -// Information about Extensions. -//------------------------------------------------------------------------------------------- -typedef struct _WEBAUTHN_EXTENSION { - LPCWSTR pwszExtensionIdentifier; - DWORD cbExtension; - PVOID pvExtension; -} WEBAUTHN_EXTENSION, *PWEBAUTHN_EXTENSION; -typedef const WEBAUTHN_EXTENSION *PCWEBAUTHN_EXTENSION; - -typedef struct _WEBAUTHN_EXTENSIONS { - DWORD cExtensions; - _Field_size_(cExtensions) - PWEBAUTHN_EXTENSION pExtensions; -} WEBAUTHN_EXTENSIONS, *PWEBAUTHN_EXTENSIONS; -typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS; - -//+------------------------------------------------------------------------------------------ -// Options. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY 0 -#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM 1 -#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM 2 -#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2 3 - -#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY 0 -#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED 1 -#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED 2 -#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED 3 - -#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ANY 0 -#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE 1 -#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT 2 -#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT 3 - -#define WEBAUTHN_ENTERPRISE_ATTESTATION_NONE 0 -#define WEBAUTHN_ENTERPRISE_ATTESTATION_VENDOR_FACILITATED 1 -#define WEBAUTHN_ENTERPRISE_ATTESTATION_PLATFORM_MANAGED 2 - -#define WEBAUTHN_LARGE_BLOB_SUPPORT_NONE 0 -#define WEBAUTHN_LARGE_BLOB_SUPPORT_REQUIRED 1 -#define WEBAUTHN_LARGE_BLOB_SUPPORT_PREFERRED 2 - -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1 1 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 2 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 3 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 4 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 5 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6 6 -#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6 - -typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Time that the operation is expected to complete within. - // This is used as guidance, and can be overridden by the platform. - DWORD dwTimeoutMilliseconds; - - // Credentials used for exclusion. - WEBAUTHN_CREDENTIALS CredentialList; - - // Optional extensions to parse when performing the operation. - WEBAUTHN_EXTENSIONS Extensions; - - // Optional. Platform vs Cross-Platform Authenticators. - DWORD dwAuthenticatorAttachment; - - // Optional. Require key to be resident or not. Defaulting to FALSE. - BOOL bRequireResidentKey; - - // User Verification Requirement. - DWORD dwUserVerificationRequirement; - - // Attestation Conveyance Preference. - DWORD dwAttestationConveyancePreference; - - // Reserved for future Use - DWORD dwFlags; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 - // - - // Cancellation Id - Optional - See WebAuthNGetCancellationId - GUID *pCancellationId; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 - // - - // Exclude Credential List. If present, "CredentialList" will be ignored. - PWEBAUTHN_CREDENTIAL_LIST pExcludeCredentialList; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 - // - - // Enterprise Attestation - DWORD dwEnterpriseAttestation; - - // Large Blob Support: none, required or preferred - // - // NTE_INVALID_PARAMETER when large blob required or preferred and - // bRequireResidentKey isn't set to TRUE - DWORD dwLargeBlobSupport; - - // Optional. Prefer key to be resident. Defaulting to FALSE. When TRUE, - // overrides the above bRequireResidentKey. - BOOL bPreferResidentKey; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 - // - - // Optional. BrowserInPrivate Mode. Defaulting to FALSE. - BOOL bBrowserInPrivateMode; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6 - // - - // Enable PRF - BOOL bEnablePrf; - -} WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS; -typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS; - -#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_NONE 0 -#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_GET 1 -#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_SET 2 -#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_DELETE 3 - -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_1 1 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 2 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 3 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 4 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 5 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 6 -#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 - -/* - Information about flags. -*/ - -#define WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG 0x00100000 - -typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Time that the operation is expected to complete within. - // This is used as guidance, and can be overridden by the platform. - DWORD dwTimeoutMilliseconds; - - // Allowed Credentials List. - WEBAUTHN_CREDENTIALS CredentialList; - - // Optional extensions to parse when performing the operation. - WEBAUTHN_EXTENSIONS Extensions; - - // Optional. Platform vs Cross-Platform Authenticators. - DWORD dwAuthenticatorAttachment; - - // User Verification Requirement. - DWORD dwUserVerificationRequirement; - - // Flags - DWORD dwFlags; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 - // - - // Optional identifier for the U2F AppId. Converted to UTF8 before being hashed. Not lower cased. - PCWSTR pwszU2fAppId; - - // If the following is non-NULL, then, set to TRUE if the above pwszU2fAppid was used instead of - // PCWSTR pwszRpId; - BOOL *pbU2fAppId; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 - // - - // Cancellation Id - Optional - See WebAuthNGetCancellationId - GUID *pCancellationId; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 - // - - // Allow Credential List. If present, "CredentialList" will be ignored. - PWEBAUTHN_CREDENTIAL_LIST pAllowCredentialList; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 - // - - DWORD dwCredLargeBlobOperation; - - // Size of pbCredLargeBlob - DWORD cbCredLargeBlob; - _Field_size_bytes_(cbCredLargeBlob) - PBYTE pbCredLargeBlob; - - // - // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 - // - - // PRF values which will be converted into HMAC-SECRET values according to WebAuthn Spec. - PWEBAUTHN_HMAC_SECRET_SALT_VALUES pHmacSecretSaltValues; - - // Optional. BrowserInPrivate Mode. Defaulting to FALSE. - BOOL bBrowserInPrivateMode; - -} WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS; -typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS; - - -//+------------------------------------------------------------------------------------------ -// Attestation Info. -// -//------------------------------------------------------------------------------------------- -#define WEBAUTHN_ATTESTATION_DECODE_NONE 0 -#define WEBAUTHN_ATTESTATION_DECODE_COMMON 1 -// WEBAUTHN_ATTESTATION_DECODE_COMMON supports format types -// L"packed" -// L"fido-u2f" - -#define WEBAUTHN_ATTESTATION_VER_TPM_2_0 L"2.0" - -typedef struct _WEBAUTHN_X5C { - // Length of X.509 encoded certificate - DWORD cbData; - // X.509 encoded certificate bytes - _Field_size_bytes_(cbData) - PBYTE pbData; -} WEBAUTHN_X5C, *PWEBAUTHN_X5C; - -// Supports either Self or Full Basic Attestation - -// Note, new fields will be added to the following data structure to -// support additional attestation format types, such as, TPM. -// When fields are added, the dwVersion will be incremented. -// -// Therefore, your code must make the following check: -// "if (dwVersion >= WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION)" - -#define WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION 1 - -typedef struct _WEBAUTHN_COMMON_ATTESTATION { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Hash and Padding Algorithm - // - // The following won't be set for "fido-u2f" which assumes "ES256". - PCWSTR pwszAlg; - LONG lAlg; // COSE algorithm - - // Signature that was generated for this attestation. - DWORD cbSignature; - _Field_size_bytes_(cbSignature) - PBYTE pbSignature; - - // Following is set for Full Basic Attestation. If not, set then, this is Self Attestation. - // Array of X.509 DER encoded certificates. The first certificate is the signer, leaf certificate. - DWORD cX5c; - _Field_size_(cX5c) - PWEBAUTHN_X5C pX5c; - - // Following are also set for tpm - PCWSTR pwszVer; // L"2.0" - DWORD cbCertInfo; - _Field_size_bytes_(cbCertInfo) - PBYTE pbCertInfo; - DWORD cbPubArea; - _Field_size_bytes_(cbPubArea) - PBYTE pbPubArea; -} WEBAUTHN_COMMON_ATTESTATION, *PWEBAUTHN_COMMON_ATTESTATION; -typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION; - -#define WEBAUTHN_ATTESTATION_TYPE_PACKED L"packed" -#define WEBAUTHN_ATTESTATION_TYPE_U2F L"fido-u2f" -#define WEBAUTHN_ATTESTATION_TYPE_TPM L"tpm" -#define WEBAUTHN_ATTESTATION_TYPE_NONE L"none" - -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_1 1 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 2 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 3 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 4 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 5 -#define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 - -typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Attestation format type - PCWSTR pwszFormatType; - - // Size of cbAuthenticatorData. - DWORD cbAuthenticatorData; - // Authenticator data that was created for this credential. - _Field_size_bytes_(cbAuthenticatorData) - PBYTE pbAuthenticatorData; - - // Size of CBOR encoded attestation information - //0 => encoded as CBOR null value. - DWORD cbAttestation; - //Encoded CBOR attestation information - _Field_size_bytes_(cbAttestation) - PBYTE pbAttestation; - - DWORD dwAttestationDecodeType; - // Following depends on the dwAttestationDecodeType - // WEBAUTHN_ATTESTATION_DECODE_NONE - // NULL - not able to decode the CBOR attestation information - // WEBAUTHN_ATTESTATION_DECODE_COMMON - // PWEBAUTHN_COMMON_ATTESTATION; - PVOID pvAttestationDecode; - - // The CBOR encoded Attestation Object to be returned to the RP. - DWORD cbAttestationObject; - _Field_size_bytes_(cbAttestationObject) - PBYTE pbAttestationObject; - - // The CredentialId bytes extracted from the Authenticator Data. - // Used by Edge to return to the RP. - DWORD cbCredentialId; - _Field_size_bytes_(cbCredentialId) - PBYTE pbCredentialId; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 - // - - WEBAUTHN_EXTENSIONS Extensions; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 - // - - // One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to - // the transport that was used. - DWORD dwUsedTransport; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 - // - - BOOL bEpAtt; - BOOL bLargeBlobSupported; - BOOL bResidentKey; - - // - // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 - // - - BOOL bPrfEnabled; - -} WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION; -typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION; - - -//+------------------------------------------------------------------------------------------ -// authenticatorGetAssertion output. -//------------------------------------------------------------------------------------------- - -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NONE 0 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_SUCCESS 1 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_SUPPORTED 2 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_DATA 3 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_PARAMETER 4 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_FOUND 5 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_MULTIPLE_CREDENTIALS 6 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_LACK_OF_SPACE 7 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_PLATFORM_ERROR 8 -#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_AUTHENTICATOR_ERROR 9 - -#define WEBAUTHN_ASSERTION_VERSION_1 1 -#define WEBAUTHN_ASSERTION_VERSION_2 2 -#define WEBAUTHN_ASSERTION_VERSION_3 3 -#define WEBAUTHN_ASSERTION_VERSION_4 4 -#define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_4 - -typedef struct _WEBAUTHN_ASSERTION { - // Version of this structure, to allow for modifications in the future. - DWORD dwVersion; - - // Size of cbAuthenticatorData. - DWORD cbAuthenticatorData; - // Authenticator data that was created for this assertion. - _Field_size_bytes_(cbAuthenticatorData) - PBYTE pbAuthenticatorData; - - // Size of pbSignature. - DWORD cbSignature; - // Signature that was generated for this assertion. - _Field_size_bytes_(cbSignature) - PBYTE pbSignature; - - // Credential that was used for this assertion. - WEBAUTHN_CREDENTIAL Credential; - - // Size of User Id - DWORD cbUserId; - // UserId - _Field_size_bytes_(cbUserId) - PBYTE pbUserId; - - // - // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_2 - // - - WEBAUTHN_EXTENSIONS Extensions; - - // Size of pbCredLargeBlob - DWORD cbCredLargeBlob; - _Field_size_bytes_(cbCredLargeBlob) - PBYTE pbCredLargeBlob; - - DWORD dwCredLargeBlobStatus; - - // - // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_3 - // - - PWEBAUTHN_HMAC_SECRET_SALT pHmacSecret; - - // - // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_4 - // - - // One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to - // the transport that was used. - DWORD dwUsedTransport; - -} WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION; -typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION; - -//+------------------------------------------------------------------------------------------ -// APIs. -//------------------------------------------------------------------------------------------- - -DWORD -WINAPI -WebAuthNGetApiVersionNumber(); - -HRESULT -WINAPI -WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable( - _Out_ BOOL *pbIsUserVerifyingPlatformAuthenticatorAvailable); - - -HRESULT -WINAPI -WebAuthNAuthenticatorMakeCredential( - _In_ HWND hWnd, - _In_ PCWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation, - _In_ PCWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation, - _In_ PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS pPubKeyCredParams, - _In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, - _In_opt_ PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS pWebAuthNMakeCredentialOptions, - _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_ATTESTATION *ppWebAuthNCredentialAttestation); - - -HRESULT -WINAPI -WebAuthNAuthenticatorGetAssertion( - _In_ HWND hWnd, - _In_ LPCWSTR pwszRpId, - _In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, - _In_opt_ PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS pWebAuthNGetAssertionOptions, - _Outptr_result_maybenull_ PWEBAUTHN_ASSERTION *ppWebAuthNAssertion); - -void -WINAPI -WebAuthNFreeCredentialAttestation( - _In_opt_ PWEBAUTHN_CREDENTIAL_ATTESTATION pWebAuthNCredentialAttestation); - -void -WINAPI -WebAuthNFreeAssertion( - _In_ PWEBAUTHN_ASSERTION pWebAuthNAssertion); - -HRESULT -WINAPI -WebAuthNGetCancellationId( - _Out_ GUID* pCancellationId); - -HRESULT -WINAPI -WebAuthNCancelCurrentOperation( - _In_ const GUID* pCancellationId); - -// Returns NTE_NOT_FOUND when credentials are not found. -HRESULT -WINAPI -WebAuthNGetPlatformCredentialList( - _In_ PCWEBAUTHN_GET_CREDENTIALS_OPTIONS pGetCredentialsOptions, - _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST *ppCredentialDetailsList); - -void -WINAPI -WebAuthNFreePlatformCredentialList( - _In_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST pCredentialDetailsList); - -HRESULT -WINAPI -WebAuthNDeletePlatformCredential( - _In_ DWORD cbCredentialId, - _In_reads_bytes_(cbCredentialId) const BYTE *pbCredentialId - ); - -// -// Returns the following Error Names: -// L"Success" - S_OK -// L"InvalidStateError" - NTE_EXISTS -// L"ConstraintError" - HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED), -// NTE_NOT_SUPPORTED, -// NTE_TOKEN_KEYSET_STORAGE_FULL -// L"NotSupportedError" - NTE_INVALID_PARAMETER -// L"NotAllowedError" - NTE_DEVICE_NOT_FOUND, -// NTE_NOT_FOUND, -// HRESULT_FROM_WIN32(ERROR_CANCELLED), -// NTE_USER_CANCELLED, -// HRESULT_FROM_WIN32(ERROR_TIMEOUT) -// L"UnknownError" - All other hr values -// -PCWSTR -WINAPI -WebAuthNGetErrorName( - _In_ HRESULT hr); - -HRESULT -WINAPI -WebAuthNGetW3CExceptionDOMError( - _In_ HRESULT hr); - - -#ifdef __cplusplus -} // Balance extern "C" above -#endif - -#endif // WINAPI_FAMILY_PARTITION -#pragma endregion - -#endif // __WEBAUTHN_H_ From 307f5f6e5a6e920ae7d1c7ed5174f911126ee81a Mon Sep 17 00:00:00 2001 From: Isaiah Inuwa Date: Wed, 13 Aug 2025 15:52:56 -0500 Subject: [PATCH 2/2] Move historical docs to separate folder --- doc/{ => historical}/credential-landscape.odg | Bin doc/{ => historical}/design-doc.md | 0 doc/{ => historical}/ecosystem.md | 0 doc/{ => historical}/scenarios.md | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename doc/{ => historical}/credential-landscape.odg (100%) rename doc/{ => historical}/design-doc.md (100%) rename doc/{ => historical}/ecosystem.md (100%) rename doc/{ => historical}/scenarios.md (100%) diff --git a/doc/credential-landscape.odg b/doc/historical/credential-landscape.odg similarity index 100% rename from doc/credential-landscape.odg rename to doc/historical/credential-landscape.odg diff --git a/doc/design-doc.md b/doc/historical/design-doc.md similarity index 100% rename from doc/design-doc.md rename to doc/historical/design-doc.md diff --git a/doc/ecosystem.md b/doc/historical/ecosystem.md similarity index 100% rename from doc/ecosystem.md rename to doc/historical/ecosystem.md diff --git a/doc/scenarios.md b/doc/historical/scenarios.md similarity index 100% rename from doc/scenarios.md rename to doc/historical/scenarios.md