commit 943b93999830c5a531292803c24d5342a8206733
parent 78fa1febc0781adb03fd3fa706d729270116bc50
Author: John M. Schanck <jschanck@mozilla.com>
Date: Thu, 23 Oct 2025 15:21:36 +0000
Bug 1995898 - update the windows webauthn header. r=keeler
This patch also adds a moz.yaml file so that future updates can be done
using `./mach vendor dom/webauthn/winwebauthn/moz.yaml`
Differential Revision: https://phabricator.services.mozilla.com/D269689
Diffstat:
4 files changed, 279 insertions(+), 343 deletions(-)
diff --git a/dom/webauthn/winwebauthn/.gitignore b/dom/webauthn/winwebauthn/.gitignore
@@ -1,330 +0,0 @@
-## Ignore Visual Studio temporary files, build results, and
-## files generated by popular Visual Studio add-ons.
-##
-## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
-
-# User-specific files
-*.suo
-*.user
-*.userosscache
-*.sln.docstates
-
-# User-specific files (MonoDevelop/Xamarin Studio)
-*.userprefs
-
-# Build results
-[Dd]ebug/
-[Dd]ebugPublic/
-[Rr]elease/
-[Rr]eleases/
-x64/
-x86/
-bld/
-[Bb]in/
-[Oo]bj/
-[Ll]og/
-
-# Visual Studio 2015/2017 cache/options directory
-.vs/
-# Uncomment if you have tasks that create the project's static files in wwwroot
-#wwwroot/
-
-# Visual Studio 2017 auto generated files
-Generated\ Files/
-
-# MSTest test Results
-[Tt]est[Rr]esult*/
-[Bb]uild[Ll]og.*
-
-# NUNIT
-*.VisualState.xml
-TestResult.xml
-
-# Build Results of an ATL Project
-[Dd]ebugPS/
-[Rr]eleasePS/
-dlldata.c
-
-# Benchmark Results
-BenchmarkDotNet.Artifacts/
-
-# .NET Core
-project.lock.json
-project.fragment.lock.json
-artifacts/
-**/Properties/launchSettings.json
-
-# StyleCop
-StyleCopReport.xml
-
-# Files built by Visual Studio
-*_i.c
-*_p.c
-*_i.h
-*.ilk
-*.meta
-*.obj
-*.iobj
-*.pch
-*.pdb
-*.ipdb
-*.pgc
-*.pgd
-*.rsp
-*.sbr
-*.tlb
-*.tli
-*.tlh
-*.tmp
-*.tmp_proj
-*.log
-*.vspscc
-*.vssscc
-.builds
-*.pidb
-*.svclog
-*.scc
-
-# Chutzpah Test files
-_Chutzpah*
-
-# Visual C++ cache files
-ipch/
-*.aps
-*.ncb
-*.opendb
-*.opensdf
-*.sdf
-*.cachefile
-*.VC.db
-*.VC.VC.opendb
-
-# Visual Studio profiler
-*.psess
-*.vsp
-*.vspx
-*.sap
-
-# Visual Studio Trace Files
-*.e2e
-
-# TFS 2012 Local Workspace
-$tf/
-
-# Guidance Automation Toolkit
-*.gpState
-
-# ReSharper is a .NET coding add-in
-_ReSharper*/
-*.[Rr]e[Ss]harper
-*.DotSettings.user
-
-# JustCode is a .NET coding add-in
-.JustCode
-
-# TeamCity is a build add-in
-_TeamCity*
-
-# DotCover is a Code Coverage Tool
-*.dotCover
-
-# AxoCover is a Code Coverage Tool
-.axoCover/*
-!.axoCover/settings.json
-
-# Visual Studio code coverage results
-*.coverage
-*.coveragexml
-
-# NCrunch
-_NCrunch_*
-.*crunch*.local.xml
-nCrunchTemp_*
-
-# MightyMoose
-*.mm.*
-AutoTest.Net/
-
-# Web workbench (sass)
-.sass-cache/
-
-# Installshield output folder
-[Ee]xpress/
-
-# DocProject is a documentation generator add-in
-DocProject/buildhelp/
-DocProject/Help/*.HxT
-DocProject/Help/*.HxC
-DocProject/Help/*.hhc
-DocProject/Help/*.hhk
-DocProject/Help/*.hhp
-DocProject/Help/Html2
-DocProject/Help/html
-
-# Click-Once directory
-publish/
-
-# Publish Web Output
-*.[Pp]ublish.xml
-*.azurePubxml
-# Note: Comment the next line if you want to checkin your web deploy settings,
-# but database connection strings (with potential passwords) will be unencrypted
-*.pubxml
-*.publishproj
-
-# Microsoft Azure Web App publish settings. Comment the next line if you want to
-# checkin your Azure Web App publish settings, but sensitive information contained
-# in these scripts will be unencrypted
-PublishScripts/
-
-# NuGet Packages
-*.nupkg
-# The packages folder can be ignored because of Package Restore
-**/[Pp]ackages/*
-# except build/, which is used as an MSBuild target.
-!**/[Pp]ackages/build/
-# Uncomment if necessary however generally it will be regenerated when needed
-#!**/[Pp]ackages/repositories.config
-# NuGet v3's project.json files produces more ignorable files
-*.nuget.props
-*.nuget.targets
-
-# Microsoft Azure Build Output
-csx/
-*.build.csdef
-
-# Microsoft Azure Emulator
-ecf/
-rcf/
-
-# Windows Store app package directories and files
-AppPackages/
-BundleArtifacts/
-Package.StoreAssociation.xml
-_pkginfo.txt
-*.appx
-
-# Visual Studio cache files
-# files ending in .cache can be ignored
-*.[Cc]ache
-# but keep track of directories ending in .cache
-!*.[Cc]ache/
-
-# Others
-ClientBin/
-~$*
-*~
-*.dbmdl
-*.dbproj.schemaview
-*.jfm
-*.pfx
-*.publishsettings
-orleans.codegen.cs
-
-# Including strong name files can present a security risk
-# (https://github.com/github/gitignore/pull/2483#issue-259490424)
-#*.snk
-
-# Since there are multiple workflows, uncomment next line to ignore bower_components
-# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
-#bower_components/
-
-# RIA/Silverlight projects
-Generated_Code/
-
-# Backup & report files from converting an old project file
-# to a newer Visual Studio version. Backup files are not needed,
-# because we have git ;-)
-_UpgradeReport_Files/
-Backup*/
-UpgradeLog*.XML
-UpgradeLog*.htm
-ServiceFabricBackup/
-*.rptproj.bak
-
-# SQL Server files
-*.mdf
-*.ldf
-*.ndf
-
-# Business Intelligence projects
-*.rdl.data
-*.bim.layout
-*.bim_*.settings
-*.rptproj.rsuser
-
-# Microsoft Fakes
-FakesAssemblies/
-
-# GhostDoc plugin setting file
-*.GhostDoc.xml
-
-# Node.js Tools for Visual Studio
-.ntvs_analysis.dat
-node_modules/
-
-# Visual Studio 6 build log
-*.plg
-
-# Visual Studio 6 workspace options file
-*.opt
-
-# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
-*.vbw
-
-# Visual Studio LightSwitch build output
-**/*.HTMLClient/GeneratedArtifacts
-**/*.DesktopClient/GeneratedArtifacts
-**/*.DesktopClient/ModelManifest.xml
-**/*.Server/GeneratedArtifacts
-**/*.Server/ModelManifest.xml
-_Pvt_Extensions
-
-# Paket dependency manager
-.paket/paket.exe
-paket-files/
-
-# FAKE - F# Make
-.fake/
-
-# JetBrains Rider
-.idea/
-*.sln.iml
-
-# CodeRush
-.cr/
-
-# Python Tools for Visual Studio (PTVS)
-__pycache__/
-*.pyc
-
-# Cake - Uncomment if you are using it
-# tools/**
-# !tools/packages.config
-
-# Tabs Studio
-*.tss
-
-# Telerik's JustMock configuration file
-*.jmconfig
-
-# BizTalk build output
-*.btp.cs
-*.btm.cs
-*.odx.cs
-*.xsd.cs
-
-# OpenCover UI analysis results
-OpenCover/
-
-# Azure Stream Analytics local run output
-ASALocalRun/
-
-# MSBuild Binary and Structured Log
-*.binlog
-
-# NVidia Nsight GPU debugger configuration file
-*.nvuser
-
-# MFractors (Xamarin productivity tool) working folder
-.mfractor/
diff --git a/dom/webauthn/winwebauthn/README.md b/dom/webauthn/winwebauthn/README.md
@@ -1,16 +1,20 @@
# Description
-This project includes Win32 headers for communicating to Windows Hello and external secruity keys as part of WebAuthn and CTAP specification.
+## WebAuthn Specification APIs
-For more details about the standards, please follow these links:
-* WebAuthn: https://w3c.github.io/webauthn/
-* CTAP: https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html
+Win32 APIs for performing operations corresponding to WebAuthn (https://w3c.github.io/webauthn) specification are present in following files.
+- webauthn.h
+## Plugin Passkey Authenticators Implementation APIs/Interfaces
+
+APIs, interfaces and helper functions for passkey plugin authenticator implementators are present in following files
+- pluginauthenticator.idl
+- pluginauthenticator.h
+- webauthnplugin.h
# Having Issues?
If you have any issues in adopting these APIs or need some clarification, please contact fido-dev@microsoft.com.
-
# Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a
diff --git a/dom/webauthn/winwebauthn/moz.yaml b/dom/webauthn/winwebauthn/moz.yaml
@@ -0,0 +1,26 @@
+schema: 1
+
+bugzilla:
+ product: Core
+ component: "DOM: Web Authentication"
+
+origin:
+ name: Microsoft WebAuthn
+ description: Win32 APIs for WebAuthn
+ url: https://github.com/microsoft/webauthn
+
+ release: 9108981ca80b3c6788fa598708dcf3cb10220ad7
+ revision: 9108981ca80b3c6788fa598708dcf3cb10220ad7
+
+ license: MIT
+
+vendoring:
+ url: https://github.com/microsoft/webauthn
+ source-hosting: github
+ vendor-directory: dom/webauthn/winwebauthn
+ exclude:
+ - "**"
+ include:
+ - LICENSE
+ - README.md
+ - webauthn.h
diff --git a/dom/webauthn/winwebauthn/webauthn.h b/dom/webauthn/winwebauthn/webauthn.h
@@ -95,6 +95,7 @@ extern "C" {
// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 5
// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 6
// - WEBAUTHN_ASSERTION : 3
+// - WEBAUTHN_GET_CREDENTIALS_OPTIONS : 1
// - WEBAUTHN_CREDENTIAL_DETAILS : 1
// APIs:
// - WebAuthNGetPlatformCredentialList
@@ -127,7 +128,30 @@ extern "C" {
// - WEBAUTHN_CREDENTIAL_ATTESTATION : 6
// - WEBAUTHN_ASSERTION : 5
-#define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_7
+#define WEBAUTHN_API_VERSION_8 8
+// WEBAUTHN_API_VERSION_8 : Delta From WEBAUTHN_API_VERSION_7
+// Data Structures and their sub versions:
+// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 8
+// - WEBAUTHN_CREDENTIAL_DETAILS : 3
+// - WEBAUTHN_CREDENTIAL_ATTESTATION : 7
+// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 8
+//
+
+#define WEBAUTHN_API_VERSION_9 9
+// WEBAUTHN_API_VERSION_9 : Delta From WEBAUTHN_API_VERSION_8
+// Data Structures and their sub versions:
+// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 9
+// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 9
+// - WEBAUTHN_ASSERTION : 6
+// - WEBAUTHN_CREDENTIAL_DETAILS : 4
+// - WEBAUTHN_CREDENTIAL_ATTESTATION : 8
+// - WEBAUTHN_AUTHENTICATOR_DETAILS : 1
+// - WEBAUTHN_AUTHENTICATOR_DETAILS_LIST : Not Applicable
+// APIs:
+// - WebAuthNGetAuthenticatorList
+// - WebAuthNFreeAuthenticatorList
+
+#define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_9
//+------------------------------------------------------------------------------------------
// Information about an RP Entity
@@ -147,7 +171,7 @@ typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION {
// This field is required.
PCWSTR pwszName;
- // Optional URL pointing to RP's logo.
+ // Optional URL pointing to RP's logo.
PCWSTR pwszIcon;
} WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION;
typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION;
@@ -283,7 +307,15 @@ typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS;
#define WEBAUTHN_CTAP_TRANSPORT_TEST 0x00000008
#define WEBAUTHN_CTAP_TRANSPORT_INTERNAL 0x00000010
#define WEBAUTHN_CTAP_TRANSPORT_HYBRID 0x00000020
-#define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK 0x0000003F
+#define WEBAUTHN_CTAP_TRANSPORT_SMART_CARD 0x00000040
+#define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK 0x0000007F
+
+#define WEBAUTHN_CTAP_TRANSPORT_USB_STRING "usb"
+#define WEBAUTHN_CTAP_TRANSPORT_NFC_STRING "nfc"
+#define WEBAUTHN_CTAP_TRANSPORT_BLE_STRING "ble"
+#define WEBAUTHN_CTAP_TRANSPORT_SMART_CARD_STRING "smart-card"
+#define WEBAUTHN_CTAP_TRANSPORT_HYBRID_STRING "hybrid"
+#define WEBAUTHN_CTAP_TRANSPORT_INTERNAL_STRING "internal"
#define WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION 1
@@ -323,6 +355,7 @@ typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST;
#define CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_VERSION_1 1
#define CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_CURRENT_VERSION CTAPCBOR_HYBRID_STORAGE_LINKED_DATA_VERSION_1
+// Deprecated
typedef struct _CTAPCBOR_HYBRID_STORAGE_LINKED_DATA
{
// Version
@@ -357,12 +390,64 @@ typedef struct _CTAPCBOR_HYBRID_STORAGE_LINKED_DATA
typedef const CTAPCBOR_HYBRID_STORAGE_LINKED_DATA *PCCTAPCBOR_HYBRID_STORAGE_LINKED_DATA;
//+------------------------------------------------------------------------------------------
+// Authenticator Information for WebAuthNGetAuthenticatorList API
+//-------------------------------------------------------------------------------------------
+
+#define WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS_VERSION_1 1
+#define WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS_VERSION_1
+
+typedef struct _WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS {
+ // Version of this structure, to allow for modifications in the future.
+ DWORD dwVersion;
+
+} WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS;
+typedef const WEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS;
+
+#define WEBAUTHN_AUTHENTICATOR_DETAILS_VERSION_1 1
+#define WEBAUTHN_AUTHENTICATOR_DETAILS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_DETAILS_VERSION_1
+
+typedef struct _WEBAUTHN_AUTHENTICATOR_DETAILS {
+ // Version of this structure, to allow for modifications in the future.
+ DWORD dwVersion;
+
+ // Authenticator ID
+ DWORD cbAuthenticatorId;
+ _Field_size_bytes_(cbAuthenticatorId)
+ PBYTE pbAuthenticatorId;
+
+ // Authenticator Name
+ PCWSTR pwszAuthenticatorName;
+
+ // Authenticator logo (expected to be in SVG format)
+ DWORD cbAuthenticatorLogo;
+ _Field_size_bytes_(cbAuthenticatorLogo)
+ PBYTE pbAuthenticatorLogo;
+
+ // Is the authenticator currently locked? When locked, this authenticator's credentials
+ // might not be present or updated in WebAuthNGetPlatformCredentialList.
+ BOOL bLocked;
+
+} WEBAUTHN_AUTHENTICATOR_DETAILS, *PWEBAUTHN_AUTHENTICATOR_DETAILS;
+typedef const WEBAUTHN_AUTHENTICATOR_DETAILS *PCWEBAUTHN_AUTHENTICATOR_DETAILS;
+
+typedef struct _WEBAUTHN_AUTHENTICATOR_DETAILS_LIST {
+ // Authenticator Details
+ DWORD cAuthenticatorDetails;
+ _Field_size_(cAuthenticatorDetails)
+ PWEBAUTHN_AUTHENTICATOR_DETAILS *ppAuthenticatorDetails;
+
+} WEBAUTHN_AUTHENTICATOR_DETAILS_LIST, *PWEBAUTHN_AUTHENTICATOR_DETAILS_LIST;
+typedef const WEBAUTHN_AUTHENTICATOR_DETAILS_LIST *PCWEBAUTHN_AUTHENTICATOR_DETAILS_LIST;
+
+//+------------------------------------------------------------------------------------------
// Credential Information for WebAuthNGetPlatformCredentialList API
//-------------------------------------------------------------------------------------------
#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_1 1
#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2 2
-#define WEBAUTHN_CREDENTIAL_DETAILS_CURRENT_VERSION WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2
+#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_3 3
+#define WEBAUTHN_CREDENTIAL_DETAILS_VERSION_4 4
+#define WEBAUTHN_CREDENTIAL_DETAILS_CURRENT_VERSION WEBAUTHN_CREDENTIAL_DETAILS_VERSION_4
typedef struct _WEBAUTHN_CREDENTIAL_DETAILS {
// Version of this structure, to allow for modifications in the future.
@@ -388,6 +473,27 @@ typedef struct _WEBAUTHN_CREDENTIAL_DETAILS {
// Backed Up or not.
BOOL bBackedUp;
+
+ //
+ // The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_3
+ //
+ PCWSTR pwszAuthenticatorName;
+
+ // The logo is expected to be in the svg format
+ DWORD cbAuthenticatorLogo;
+ _Field_size_bytes_(cbAuthenticatorLogo)
+ PBYTE pbAuthenticatorLogo;
+
+ // ThirdPartyPayment Credential or not.
+ BOOL bThirdPartyPayment;
+
+ //
+ // The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_4
+ //
+
+ // Applicable Transports
+ DWORD dwTransports;
+
} WEBAUTHN_CREDENTIAL_DETAILS, *PWEBAUTHN_CREDENTIAL_DETAILS;
typedef const WEBAUTHN_CREDENTIAL_DETAILS *PCWEBAUTHN_CREDENTIAL_DETAILS;
@@ -593,6 +699,10 @@ typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS;
#define WEBAUTHN_LARGE_BLOB_SUPPORT_REQUIRED 1
#define WEBAUTHN_LARGE_BLOB_SUPPORT_PREFERRED 2
+#define WEBAUTHN_CREDENTIAL_HINT_SECURITY_KEY L"security-key"
+#define WEBAUTHN_CREDENTIAL_HINT_CLIENT_DEVICE L"client-device"
+#define WEBAUTHN_CREDENTIAL_HINT_HYBRID L"hybrid"
+
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1 1
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 2
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 3
@@ -600,7 +710,9 @@ typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS;
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 5
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_6 6
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7 7
-#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7
+#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_8 8
+#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_9 9
+#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_9
typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
// Version of this structure, to allow for modifications in the future.
@@ -680,6 +792,7 @@ typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
// The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_7
//
+ // Deprecated
// Optional. Linked Device Connection Info.
PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA pLinkedDevice;
@@ -687,6 +800,41 @@ typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
DWORD cbJsonExt;
_Field_size_bytes_(cbJsonExt)
PBYTE pbJsonExt;
+
+ //
+ // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_8
+ //
+
+ // PRF extension "eval" values which will be converted into HMAC-SECRET values according to WebAuthn Spec.
+ // Set WEBAUTHN_AUTHENTICATOR_HMAC_SECRET_VALUES_FLAG in dwFlags above, if caller wants to provide RAW Hmac-Secret SALT values directly.
+ // In that case, values provided MUST be of WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH size.
+ PWEBAUTHN_HMAC_SECRET_SALT pPRFGlobalEval;
+
+ // PublicKeyCredentialHints (https://w3c.github.io/webauthn/#enum-hints)
+ DWORD cCredentialHints;
+ _Field_size_(cCredentialHints)
+ LPCWSTR *ppwszCredentialHints;
+
+ // Enable ThirdPartyPayment
+ BOOL bThirdPartyPayment;
+
+ //
+ // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_9
+ //
+
+ // Web Origin. For Remote Web App scenario.
+ PCWSTR pwszRemoteWebOrigin;
+
+ // UTF-8 encoded JSON serialization of the PublicKeyCredentialCreationOptions.
+ DWORD cbPublicKeyCredentialCreationOptionsJSON;
+ _Field_size_bytes_(cbPublicKeyCredentialCreationOptionsJSON)
+ PBYTE pbPublicKeyCredentialCreationOptionsJSON;
+
+ // Authenticator ID got from WebAuthNGetAuthenticatorList API.
+ DWORD cbAuthenticatorId;
+ _Field_size_bytes_(cbAuthenticatorId)
+ PBYTE pbAuthenticatorId;
+
} WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
@@ -702,7 +850,9 @@ typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENT
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 5
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 6
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7 7
-#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7
+#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_8 8
+#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_9 9
+#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_9
/*
Information about flags.
@@ -783,6 +933,7 @@ typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
// The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_7
//
+ // Deprecated
// Optional. Linked Device Connection Info.
PCTAPCBOR_HYBRID_STORAGE_LINKED_DATA pLinkedDevice;
@@ -793,6 +944,33 @@ typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
DWORD cbJsonExt;
_Field_size_bytes_(cbJsonExt)
PBYTE pbJsonExt;
+
+ //
+ // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_8
+ //
+
+ // PublicKeyCredentialHints (https://w3c.github.io/webauthn/#enum-hints)
+ DWORD cCredentialHints;
+ _Field_size_(cCredentialHints)
+ LPCWSTR *ppwszCredentialHints;
+
+ //
+ // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_9
+ //
+
+ // Web Origin. For Remote Web App scenario.
+ PCWSTR pwszRemoteWebOrigin;
+
+ // UTF-8 encoded JSON serialization of the PublicKeyCredentialRequestOptions.
+ DWORD cbPublicKeyCredentialRequestOptionsJSON;
+ _Field_size_bytes_(cbPublicKeyCredentialRequestOptionsJSON)
+ PBYTE pbPublicKeyCredentialRequestOptionsJSON;
+
+ // Authenticator ID got from WebAuthNGetAuthenticatorList API.
+ DWORD cbAuthenticatorId;
+ _Field_size_bytes_(cbAuthenticatorId)
+ PBYTE pbAuthenticatorId;
+
} WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
@@ -871,7 +1049,9 @@ typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION;
#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 4
#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_5 5
#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6 6
-#define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_6
+#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_7 7
+#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_8 8
+#define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_8
typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION {
// Version of this structure, to allow for modifications in the future.
@@ -947,6 +1127,34 @@ typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION {
DWORD cbUnsignedExtensionOutputs;
_Field_size_bytes_(cbUnsignedExtensionOutputs)
PBYTE pbUnsignedExtensionOutputs;
+
+ //
+ // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_7
+ //
+
+ PWEBAUTHN_HMAC_SECRET_SALT pHmacSecret;
+
+ // ThirdPartyPayment Credential or not.
+ BOOL bThirdPartyPayment;
+
+ //
+ // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_8
+ //
+
+ // Multiple WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to
+ // the transports that are supported.
+ DWORD dwTransports;
+
+ // UTF-8 encoded JSON serialization of the client data.
+ DWORD cbClientDataJSON;
+ _Field_size_bytes_(cbClientDataJSON)
+ PBYTE pbClientDataJSON;
+
+ // UTF-8 encoded JSON serialization of the RegistrationResponse.
+ DWORD cbRegistrationResponseJSON;
+ _Field_size_bytes_(cbRegistrationResponseJSON)
+ PBYTE pbRegistrationResponseJSON;
+
} WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION;
typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION;
@@ -971,7 +1179,8 @@ typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION
#define WEBAUTHN_ASSERTION_VERSION_3 3
#define WEBAUTHN_ASSERTION_VERSION_4 4
#define WEBAUTHN_ASSERTION_VERSION_5 5
-#define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_5
+#define WEBAUTHN_ASSERTION_VERSION_6 6
+#define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_6
typedef struct _WEBAUTHN_ASSERTION {
// Version of this structure, to allow for modifications in the future.
@@ -1032,6 +1241,21 @@ typedef struct _WEBAUTHN_ASSERTION {
DWORD cbUnsignedExtensionOutputs;
_Field_size_bytes_(cbUnsignedExtensionOutputs)
PBYTE pbUnsignedExtensionOutputs;
+
+ //
+ // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_6
+ //
+
+ // UTF-8 encoded JSON serialization of the client data.
+ DWORD cbClientDataJSON;
+ _Field_size_bytes_(cbClientDataJSON)
+ PBYTE pbClientDataJSON;
+
+ // UTF-8 encoded JSON serialization of the AuthenticationResponse.
+ DWORD cbAuthenticationResponseJSON;
+ _Field_size_bytes_(cbAuthenticationResponseJSON)
+ PBYTE pbAuthenticationResponseJSON;
+
} WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION;
typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION;
@@ -1109,6 +1333,18 @@ WebAuthNDeletePlatformCredential(
_In_reads_bytes_(cbCredentialId) const BYTE *pbCredentialId
);
+// Returns NTE_NOT_FOUND when authenticator details are not found.
+HRESULT
+WINAPI
+WebAuthNGetAuthenticatorList(
+ _In_opt_ PCWEBAUTHN_AUTHENTICATOR_DETAILS_OPTIONS pWebAuthNGetAuthenticatorListOptions,
+ _Outptr_result_maybenull_ PWEBAUTHN_AUTHENTICATOR_DETAILS_LIST* ppAuthenticatorDetailsList);
+
+void
+WINAPI
+WebAuthNFreeAuthenticatorList(
+ _In_ PWEBAUTHN_AUTHENTICATOR_DETAILS_LIST pAuthenticatorDetailsList);
+
//
// Returns the following Error Names:
// L"Success" - S_OK
