master
1/**
2 * This file has no copyright assigned and is placed in the Public Domain.
3 * This file is part of the mingw-w64 runtime package.
4 * No warranty is given; refer to the file DISCLAIMER.PD within this package.
5 */
6
7#ifndef _WEBAUTHN_H_
8#define _WEBAUTHN_H_
9
10#include <winapifamily.h>
11
12#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
13
14#ifdef __cplusplus
15extern "C" {
16#endif
17
18#ifndef WINAPI
19#if defined(_ARM_)
20#define WINAPI
21#else
22#define WINAPI __stdcall
23#endif
24#endif
25
26#ifndef INITGUID
27#define INITGUID
28#include <guiddef.h>
29#undef INITGUID
30#else
31#include <guiddef.h>
32#endif
33
34#define WEBAUTHN_API_VERSION_1 1
35#define WEBAUTHN_API_VERSION_2 2
36#define WEBAUTHN_API_VERSION_3 3
37#define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_3
38
39#define WEBAUTHN_RP_ENTITY_INFORMATION_CURRENT_VERSION 1
40
41typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION {
42 DWORD dwVersion;
43 PCWSTR pwszId;
44 PCWSTR pwszName;
45 PCWSTR pwszIcon;
46} WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION;
47typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION;
48
49#define WEBAUTHN_MAX_USER_ID_LENGTH 64
50
51#define WEBAUTHN_USER_ENTITY_INFORMATION_CURRENT_VERSION 1
52
53typedef struct _WEBAUTHN_USER_ENTITY_INFORMATION {
54 DWORD dwVersion;
55 DWORD cbId;
56 PBYTE pbId;
57 PCWSTR pwszName;
58 PCWSTR pwszIcon;
59 PCWSTR pwszDisplayName;
60} WEBAUTHN_USER_ENTITY_INFORMATION, *PWEBAUTHN_USER_ENTITY_INFORMATION;
61typedef const WEBAUTHN_USER_ENTITY_INFORMATION *PCWEBAUTHN_USER_ENTITY_INFORMATION;
62
63#define WEBAUTHN_HASH_ALGORITHM_SHA_256 L"SHA-256"
64#define WEBAUTHN_HASH_ALGORITHM_SHA_384 L"SHA-384"
65#define WEBAUTHN_HASH_ALGORITHM_SHA_512 L"SHA-512"
66
67#define WEBAUTHN_CLIENT_DATA_CURRENT_VERSION 1
68
69typedef struct _WEBAUTHN_CLIENT_DATA {
70 DWORD dwVersion;
71 DWORD cbClientDataJSON;
72 PBYTE pbClientDataJSON;
73 LPCWSTR pwszHashAlgId;
74} WEBAUTHN_CLIENT_DATA, *PWEBAUTHN_CLIENT_DATA;
75typedef const WEBAUTHN_CLIENT_DATA *PCWEBAUTHN_CLIENT_DATA;
76
77#define WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY L"public-key"
78
79#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256 -7
80#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384 -35
81#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512 -36
82
83#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256 -257
84#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384 -258
85#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512 -259
86
87#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256 -37
88#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384 -38
89#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512 -39
90
91#define WEBAUTHN_COSE_CREDENTIAL_PARAMETER_CURRENT_VERSION 1
92
93typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETER {
94 DWORD dwVersion;
95 LPCWSTR pwszCredentialType;
96 LONG lAlg;
97} WEBAUTHN_COSE_CREDENTIAL_PARAMETER, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETER;
98typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETER *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETER;
99
100typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETERS {
101 DWORD cCredentialParameters;
102 PWEBAUTHN_COSE_CREDENTIAL_PARAMETER pCredentialParameters;
103} WEBAUTHN_COSE_CREDENTIAL_PARAMETERS, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETERS;
104typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS;
105
106#define WEBAUTHN_CREDENTIAL_CURRENT_VERSION 1
107
108typedef struct _WEBAUTHN_CREDENTIAL {
109 DWORD dwVersion;
110 DWORD cbId;
111 PBYTE pbId;
112 LPCWSTR pwszCredentialType;
113} WEBAUTHN_CREDENTIAL, *PWEBAUTHN_CREDENTIAL;
114typedef const WEBAUTHN_CREDENTIAL *PCWEBAUTHN_CREDENTIAL;
115
116typedef struct _WEBAUTHN_CREDENTIALS {
117 DWORD cCredentials;
118 PWEBAUTHN_CREDENTIAL pCredentials;
119} WEBAUTHN_CREDENTIALS, *PWEBAUTHN_CREDENTIALS;
120typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS;
121
122#define WEBAUTHN_CTAP_TRANSPORT_USB 0x00000001
123#define WEBAUTHN_CTAP_TRANSPORT_NFC 0x00000002
124#define WEBAUTHN_CTAP_TRANSPORT_BLE 0x00000004
125#define WEBAUTHN_CTAP_TRANSPORT_TEST 0x00000008
126#define WEBAUTHN_CTAP_TRANSPORT_INTERNAL 0x00000010
127#define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK 0x0000001F
128
129#define WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION 1
130
131typedef struct _WEBAUTHN_CREDENTIAL_EX {
132 DWORD dwVersion;
133 DWORD cbId;
134 PBYTE pbId;
135 LPCWSTR pwszCredentialType;
136 DWORD dwTransports;
137} WEBAUTHN_CREDENTIAL_EX, *PWEBAUTHN_CREDENTIAL_EX;
138typedef const WEBAUTHN_CREDENTIAL_EX *PCWEBAUTHN_CREDENTIAL_EX;
139
140typedef struct _WEBAUTHN_CREDENTIAL_LIST {
141 DWORD cCredentials;
142 PWEBAUTHN_CREDENTIAL_EX *ppCredentials;
143} WEBAUTHN_CREDENTIAL_LIST, *PWEBAUTHN_CREDENTIAL_LIST;
144typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST;
145
146#define WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET L"hmac-secret"
147
148#define WEBAUTHN_USER_VERIFICATION_ANY 0
149#define WEBAUTHN_USER_VERIFICATION_OPTIONAL 1
150#define WEBAUTHN_USER_VERIFICATION_OPTIONAL_WITH_CREDENTIAL_ID_LIST 2
151#define WEBAUTHN_USER_VERIFICATION_REQUIRED 3
152
153typedef struct _WEBAUTHN_CRED_PROTECT_EXTENSION_IN {
154 DWORD dwCredProtect;
155 WINBOOL bRequireCredProtect;
156} WEBAUTHN_CRED_PROTECT_EXTENSION_IN, *PWEBAUTHN_CRED_PROTECT_EXTENSION_IN;
157typedef const WEBAUTHN_CRED_PROTECT_EXTENSION_IN *PCWEBAUTHN_CRED_PROTECT_EXTENSION_IN;
158
159#define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT L"credProtect"
160
161typedef struct _WEBAUTHN_CRED_BLOB_EXTENSION {
162 DWORD cbCredBlob;
163 PBYTE pbCredBlob;
164} WEBAUTHN_CRED_BLOB_EXTENSION, *PWEBAUTHN_CRED_BLOB_EXTENSION;
165typedef const WEBAUTHN_CRED_BLOB_EXTENSION *PCWEBAUTHN_CRED_BLOB_EXTENSION;
166
167#define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB L"credBlob"
168
169#define WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH L"minPinLength"
170
171typedef struct _WEBAUTHN_EXTENSION {
172 LPCWSTR pwszExtensionIdentifier;
173 DWORD cbExtension;
174 PVOID pvExtension;
175} WEBAUTHN_EXTENSION, *PWEBAUTHN_EXTENSION;
176typedef const WEBAUTHN_EXTENSION *PCWEBAUTHN_EXTENSION;
177
178typedef struct _WEBAUTHN_EXTENSIONS {
179 DWORD cExtensions;
180 PWEBAUTHN_EXTENSION pExtensions;
181} WEBAUTHN_EXTENSIONS, *PWEBAUTHN_EXTENSIONS;
182typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS;
183
184#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY 0
185#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM 1
186#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM 2
187#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2 3
188
189#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY 0
190#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED 1
191#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED 2
192#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED 3
193
194#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ANY 0
195#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE 1
196#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT 2
197#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT 3
198
199#define WEBAUTHN_ENTERPRISE_ATTESTATION_NONE 0
200#define WEBAUTHN_ENTERPRISE_ATTESTATION_VENDOR_FACILITATED 1
201#define WEBAUTHN_ENTERPRISE_ATTESTATION_PLATFORM_MANAGED 2
202
203#define WEBAUTHN_LARGE_BLOB_SUPPORT_NONE 0
204#define WEBAUTHN_LARGE_BLOB_SUPPORT_REQUIRED 1
205#define WEBAUTHN_LARGE_BLOB_SUPPORT_PREFERRED 2
206
207#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1 1
208#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 2
209#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 3
210#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 4
211#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4
212
213typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
214 DWORD dwVersion;
215 DWORD dwTimeoutMilliseconds;
216 WEBAUTHN_CREDENTIALS CredentialList;
217 WEBAUTHN_EXTENSIONS Extensions;
218 DWORD dwAuthenticatorAttachment;
219 WINBOOL bRequireResidentKey;
220 DWORD dwUserVerificationRequirement;
221 DWORD dwAttestationConveyancePreference;
222 DWORD dwFlags;
223 GUID *pCancellationId;
224 PWEBAUTHN_CREDENTIAL_LIST pExcludeCredentialList;
225 DWORD dwEnterpriseAttestation;
226 DWORD dwLargeBlobSupport;
227 WINBOOL bPreferResidentKey;
228} WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
229typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
230
231#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_NONE 0
232#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_GET 1
233#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_SET 2
234#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_DELETE 3
235
236#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_1 1
237#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 2
238#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 3
239#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 4
240#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 5
241#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5
242
243typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
244 DWORD dwVersion;
245 DWORD dwTimeoutMilliseconds;
246 WEBAUTHN_CREDENTIALS CredentialList;
247 WEBAUTHN_EXTENSIONS Extensions;
248 DWORD dwAuthenticatorAttachment;
249 DWORD dwUserVerificationRequirement;
250 DWORD dwFlags;
251 PCWSTR pwszU2fAppId;
252 WINBOOL *pbU2fAppId;
253 GUID *pCancellationId;
254 PWEBAUTHN_CREDENTIAL_LIST pAllowCredentialList;
255 DWORD dwCredLargeBlobOperation;
256 DWORD cbCredLargeBlob;
257 PBYTE pbCredLargeBlob;
258} WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
259typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
260
261#define WEBAUTHN_ATTESTATION_DECODE_NONE 0
262#define WEBAUTHN_ATTESTATION_DECODE_COMMON 1
263
264#define WEBAUTHN_ATTESTATION_VER_TPM_2_0 L"2.0"
265
266typedef struct _WEBAUTHN_X5C {
267 DWORD cbData;
268 PBYTE pbData;
269} WEBAUTHN_X5C, *PWEBAUTHN_X5C;
270
271#define WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION 1
272
273typedef struct _WEBAUTHN_COMMON_ATTESTATION {
274 DWORD dwVersion;
275 PCWSTR pwszAlg;
276 LONG lAlg;
277 DWORD cbSignature;
278 PBYTE pbSignature;
279 DWORD cX5c;
280 PWEBAUTHN_X5C pX5c;
281 PCWSTR pwszVer;
282 DWORD cbCertInfo;
283 PBYTE pbCertInfo;
284 DWORD cbPubArea;
285 PBYTE pbPubArea;
286} WEBAUTHN_COMMON_ATTESTATION, *PWEBAUTHN_COMMON_ATTESTATION;
287typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION;
288
289#define WEBAUTHN_ATTESTATION_TYPE_PACKED L"packed"
290#define WEBAUTHN_ATTESTATION_TYPE_U2F L"fido-u2f"
291#define WEBAUTHN_ATTESTATION_TYPE_TPM L"tpm"
292#define WEBAUTHN_ATTESTATION_TYPE_NONE L"none"
293
294#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_1 1
295#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 2
296#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 3
297#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 4
298#define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4
299
300typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION {
301 DWORD dwVersion;
302 PCWSTR pwszFormatType;
303 DWORD cbAuthenticatorData;
304 PBYTE pbAuthenticatorData;
305 DWORD cbAttestation;
306 PBYTE pbAttestation;
307 DWORD dwAttestationDecodeType;
308 PVOID pvAttestationDecode;
309 DWORD cbAttestationObject;
310 PBYTE pbAttestationObject;
311 DWORD cbCredentialId;
312 PBYTE pbCredentialId;
313 WEBAUTHN_EXTENSIONS Extensions;
314 DWORD dwUsedTransport;
315 WINBOOL bEpAtt;
316 WINBOOL bLargeBlobSupported;
317 WINBOOL bResidentKey;
318} WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION;
319typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION;
320
321#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NONE 0
322#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_SUCCESS 1
323#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_SUPPORTED 2
324#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_DATA 3
325#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_PARAMETER 4
326#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_FOUND 5
327#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_MULTIPLE_CREDENTIALS 6
328#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_LACK_OF_SPACE 7
329#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_PLATFORM_ERROR 8
330#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_AUTHENTICATOR_ERROR 9
331
332#define WEBAUTHN_ASSERTION_VERSION_1 1
333#define WEBAUTHN_ASSERTION_VERSION_2 2
334#define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_2
335
336typedef struct _WEBAUTHN_ASSERTION {
337 DWORD dwVersion;
338 DWORD cbAuthenticatorData;
339 PBYTE pbAuthenticatorData;
340 DWORD cbSignature;
341 PBYTE pbSignature;
342 WEBAUTHN_CREDENTIAL Credential;
343 DWORD cbUserId;
344 PBYTE pbUserId;
345 WEBAUTHN_EXTENSIONS Extensions;
346 DWORD cbCredLargeBlob;
347 PBYTE pbCredLargeBlob;
348 DWORD dwCredLargeBlobStatus;
349} WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION;
350typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION;
351
352DWORD WINAPI WebAuthNGetApiVersionNumber(void);
353HRESULT WINAPI WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable(WINBOOL *pbIsUserVerifyingPlatformAuthenticatorAvailable);
354HRESULT WINAPI WebAuthNAuthenticatorMakeCredential(HWND hWnd, PCWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation, PCWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation, PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS pPubKeyCredParams, PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS pWebAuthNMakeCredentialOptions, PWEBAUTHN_CREDENTIAL_ATTESTATION *ppWebAuthNCredentialAttestation);
355HRESULT WINAPI WebAuthNAuthenticatorGetAssertion(HWND hWnd, LPCWSTR pwszRpId, PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS pWebAuthNGetAssertionOptions, PWEBAUTHN_ASSERTION *ppWebAuthNAssertion);
356void WINAPI WebAuthNFreeCredentialAttestation(PWEBAUTHN_CREDENTIAL_ATTESTATION pWebAuthNCredentialAttestation);
357void WINAPI WebAuthNFreeAssertion(PWEBAUTHN_ASSERTION pWebAuthNAssertion);
358HRESULT WINAPI WebAuthNGetCancellationId(GUID* pCancellationId);
359HRESULT WINAPI WebAuthNCancelCurrentOperation(const GUID* pCancellationId);
360PCWSTR WINAPI WebAuthNGetErrorName(HRESULT hr);
361HRESULT WINAPI WebAuthNGetW3CExceptionDOMError(HRESULT hr);
362
363#ifdef __cplusplus
364}
365#endif
366
367#endif /* WINAPI_FAMILY_PARTITION */
368
369#endif /* _WEBAUTHN_H_ */