third_party: add microsoft_webauthn

This imports https://github.com/Microsoft/webauthn into //third_party. Bug: 898718 Change-Id: I71da8a1528475e5c287f2f2dbf549f8b9414a8da Reviewed-on: https://chromium-review.googlesource.com/c/1320202Reviewed-by: Justin Schuh <jschuh@chromium.org> Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Martin Kreichgauer <martinkr@google.com> Cr-Commit-Position: refs/heads/master@{#605860}

third_party: add microsoft_webauthn
This imports https://github.com/Microsoft/webauthn into //third_party. Bug: 898718 Change-Id: I71da8a1528475e5c287f2f2dbf549f8b9414a8da Reviewed-on: https://chromium-review.googlesource.com/c/1320202Reviewed-by: Justin Schuh <jschuh@chromium.org> Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Martin Kreichgauer <martinkr@google.com> Cr-Commit-Position: refs/heads/master@{#605860}
fbc2df94 · Martin Kreichgauer · Commit Bot · cb0454d5 · fbc2df94 · fbc2df94
Commit fbc2df94 authored Nov 06, 2018 by Martin Kreichgauer Committed by Commit Bot Nov 06, 2018
6 changed files
--- a/third_party/microsoft_webauthn/.gitignore
+++ b/third_party/microsoft_webauthn/.gitignore
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
+# User-specific files
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+# Visual Studio 2015/2017 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+# NUNIT
+*.VisualState.xml
+TestResult.xml
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+# Benchmark Results
+BenchmarkDotNet.Artifacts/
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+**/Properties/launchSettings.json
+# StyleCop
+StyleCopReport.xml
+# Files built by Visual Studio
+*_i.c
+*_p.c
+*_i.h
+*.ilk
+*.meta
+*.obj
+*.iobj
+*.pch
+*.pdb
+*.ipdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+# Chutzpah Test files
+_Chutzpah*
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+# Visual Studio Trace Files
+*.e2e
+# TFS 2012 Local Workspace
+$tf/
+# Guidance Automation Toolkit
+*.gpState
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+# JustCode is a .NET coding add-in
+.JustCode
+# TeamCity is a build add-in
+_TeamCity*
+# DotCover is a Code Coverage Tool
+*.dotCover
+# AxoCover is a Code Coverage Tool
+.axoCover/*
+!.axoCover/settings.json
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+# Web workbench (sass)
+.sass-cache/
+# Installshield output folder
+[Ee]xpress/
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+# Click-Once directory
+publish/
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# Note: Comment the next line if you want to checkin your web deploy settings,
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+# NuGet Packages
+*.nupkg
+# The packages folder can be ignored because of Package Restore
+**/[Pp]ackages/*
+# except build/, which is used as an MSBuild target.
+!**/[Pp]ackages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/[Pp]ackages/repositories.config
+# NuGet v3's project.json files produces more ignorable files
+*.nuget.props
+*.nuget.targets
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+# Microsoft Azure Emulator
+ecf/
+rcf/
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+*.appx
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!*.[Cc]ache/
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.jfm
+*.pfx
+*.publishsettings
+orleans.codegen.cs
+# Including strong name files can present a security risk 
+# (https://github.com/github/gitignore/pull/2483#issue-259490424)
+#*.snk
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+# RIA/Silverlight projects
+Generated_Code/
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+ServiceFabricBackup/
+*.rptproj.bak
+# SQL Server files
+*.mdf
+*.ldf
+*.ndf
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+*.rptproj.rsuser
+# Microsoft Fakes
+FakesAssemblies/
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+node_modules/
+# Visual Studio 6 build log
+*.plg
+# Visual Studio 6 workspace options file
+*.opt
+# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
+*.vbw
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+# FAKE - F# Make
+.fake/
+# JetBrains Rider
+.idea/
+*.sln.iml
+# CodeRush
+.cr/
+# Python Tools for Visual Studio (PTVS)
+__pycache__/
+*.pyc
+# Cake - Uncomment if you are using it
+# tools/**
+# !tools/packages.config
+# Tabs Studio
+*.tss
+# Telerik's JustMock configuration file
+*.jmconfig
+# BizTalk build output
+*.btp.cs
+*.btm.cs
+*.odx.cs
+*.xsd.cs
+# OpenCover UI analysis results
+OpenCover/
+# Azure Stream Analytics local run output 
+ASALocalRun/
+# MSBuild Binary and Structured Log
+*.binlog
+# NVidia Nsight GPU debugger configuration file
+*.nvuser
+# MFractors (Xamarin productivity tool) working folder 
+.mfractor/
--- a/third_party/microsoft_webauthn/LICENSE
+++ b/third_party/microsoft_webauthn/LICENSE
+    MIT License
+    Copyright (c) Microsoft Corporation. All rights reserved.
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE
--- a/third_party/microsoft_webauthn/OWNERS
+++ b/third_party/microsoft_webauthn/OWNERS
+file://device/fido/OWNERS
--- a/third_party/microsoft_webauthn/README.chromium
+++ b/third_party/microsoft_webauthn/README.chromium
+Name: Headers for the Windows 10 WebAuthn API (webauthn.dll)
+Short Name: Windows webauthn.h
+URL: https://github.com/Microsoft/webauthn/
+Version: 0
+Revision: 72ffeb914cba9fc5363b116f0ce7febc9d81e7d9
+License: MIT
+License File: LICENSE
+Security Critical: no
+Description:
+This project contains a header file (webauthn.h) for the native Windows 10
+WebAuthn API (webauthn.dll). While the API is already shipping with Windows 10
+Insider Preview builds (as of November 2018), the corresponding header file has
+not yet been released into a Windows SDK that Chromium can depend on. We
+therefore include the header via this open source repository for the time
+being.
+Local Modifications: none
--- a/third_party/microsoft_webauthn/README.md
+++ b/third_party/microsoft_webauthn/README.md
+# Description
+This project includes Win32 headers for communicating to Windows Hello and external secruity keys as part of WebAuthN and CTAP specification.
+For more details about the standards, please follow these links:
+* WebAuthN: https://w3c.github.io/webauthn/
+* CTAP: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
+# Having Issues?
+If you have any issues in adopting these APIs or need some clarification, please contact [FIDO OS Security Group](FIDOSEC@microsoft.com)
+# Contributing
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
+the rights to use your contribution. For details, visit https://cla.microsoft.com.
+When you submit a pull request, a CLA-bot will automatically determine whether you need to provide
+a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
+provided by the bot. You will only need to do this once across all repos using our CLA.
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
--- a/third_party/microsoft_webauthn/webauthn.h
+++ b/third_party/microsoft_webauthn/webauthn.h
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+#pragma once
+#include <winapifamily.h>
+#pragma region Desktop Family or OneCore Family
+#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM)
+#ifdef __cplusplus
+extern "C" {
+#endif
+#ifndef WINAPI
+#define WINAPI __stdcall
+#endif
+#ifndef INITGUID
+#define INITGUID
+#include <guiddef.h>
+#undef INITGUID
+#else
+#include <guiddef.h>
+#endif
+//+------------------------------------------------------------------------------------------
+// Information about an RP Entity
+//-------------------------------------------------------------------------------------------
+#define WEBAUTHN_RP_ENTITY_INFORMATION_CURRENT_VERSION          1
+typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION {
+    // Version of this structure, to allow for modifications in the future.
+    // This field is required and should be set to CURRENT_VERSION above.
+    DWORD dwVersion;
+    // Identifier for the RP. This field is required.
+    PCWSTR pwszId;
+    // Contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site".
+    // This field is required.
+    PCWSTR pwszName;
+    // Optional URL pointing to RP's logo. 
+    PCWSTR pwszIcon;
+} WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION;
+typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION;
+//+------------------------------------------------------------------------------------------
+// Information about an User Entity
+//-------------------------------------------------------------------------------------------
+#define WEBAUTHN_MAX_USER_ID_LENGTH                             64
+#define WEBAUTHN_USER_ENTITY_INFORMATION_CURRENT_VERSION        1
+typedef struct _WEBAUTHN_USER_ENTITY_INFORMATION {
+    // Version of this structure, to allow for modifications in the future.
+    // This field is required and should be set to CURRENT_VERSION above.
+    DWORD dwVersion;
+    // Identifier for the User. This field is required.
+    DWORD cbId;
+    _Field_size_bytes_(cbId)
+    PBYTE pbId;
+    // Contains a detailed name for this account, such as "john.p.smith@example.com".
+    PCWSTR pwszName;
+    // Optional URL that can be used to retrieve an image containing the user's current avatar,
+    // or a data URI that contains the image data.
+    PCWSTR pwszIcon;
+    // For User: Contains the friendly name associated with the user account by the Relying Party, such as "John P. Smith".
+    PCWSTR pwszDisplayName;
+} WEBAUTHN_USER_ENTITY_INFORMATION, *PWEBAUTHN_USER_ENTITY_INFORMATION;
+typedef const WEBAUTHN_USER_ENTITY_INFORMATION *PCWEBAUTHN_USER_ENTITY_INFORMATION;
+//+------------------------------------------------------------------------------------------
+// Information about client data.
+//-------------------------------------------------------------------------------------------
+#define WEBAUTHN_HASH_ALGORITHM_SHA_256                         L"SHA-256"
+#define WEBAUTHN_HASH_ALGORITHM_SHA_384                         L"SHA-384"
+#define WEBAUTHN_HASH_ALGORITHM_SHA_512                         L"SHA-512"
+#define WEBAUTHN_CLIENT_DATA_CURRENT_VERSION                    1
+typedef struct _WEBAUTHN_CLIENT_DATA {
+    // Version of this structure, to allow for modifications in the future.
+    // This field is required and should be set to CURRENT_VERSION above.
+    DWORD dwVersion;
+    // Size of the pbClientDataJSON field.
+    DWORD cbClientDataJSON;
+    // UTF-8 encoded JSON serialization of the client data.
+    _Field_size_bytes_(cbClientDataJSON)
+    PBYTE pbClientDataJSON;
+    // Hash algorithm ID used to hash the pbClientDataJSON field.
+    LPCWSTR pwszHashAlgId;
+} WEBAUTHN_CLIENT_DATA, *PWEBAUTHN_CLIENT_DATA;
+typedef const WEBAUTHN_CLIENT_DATA *PCWEBAUTHN_CLIENT_DATA;
+//+------------------------------------------------------------------------------------------
+// Information about credential parameters.
+//-------------------------------------------------------------------------------------------
+#define WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY                         L"public-key"
+#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256             -7
+#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384             -35
+#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512             -36
+#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256      -257
+#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384      -258
+#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512      -259
+#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256                -37
+#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384                -38
+#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512                -39
+#define WEBAUTHN_COSE_CREDENTIAL_PARAMETER_CURRENT_VERSION          1
+typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETER {
+    // Version of this structure, to allow for modifications in the future.
+    DWORD dwVersion;
+    // Well-known credential type specifying a credential to create.
+    LPCWSTR pwszCredentialType;
+    // Well-known COSE algorithm specifying the algorithm to use for the credential.
+    LONG lAlg;
+} WEBAUTHN_COSE_CREDENTIAL_PARAMETER, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETER;
+typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETER *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETER;
+typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETERS {
+    DWORD cCredentialParameters;
+    _Field_size_(cCredentialParameters)
+    PWEBAUTHN_COSE_CREDENTIAL_PARAMETER pCredentialParameters;
+} WEBAUTHN_COSE_CREDENTIAL_PARAMETERS, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETERS;
+typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS;
+//+------------------------------------------------------------------------------------------
+// Information about credential.
+//-------------------------------------------------------------------------------------------
+#define WEBAUTHN_CREDENTIAL_CURRENT_VERSION                         1
+typedef struct _WEBAUTHN_CREDENTIAL {
+    // Version of this structure, to allow for modifications in the future.
+    DWORD dwVersion;
+    // Size of pbID.
+    DWORD cbId;
+    // Unique ID for this particular credential.
+    _Field_size_bytes_(cbId)
+    PBYTE pbId;
+    // Well-known credential type specifying what this particular credential is.
+    LPCWSTR pwszCredentialType;
+} WEBAUTHN_CREDENTIAL, *PWEBAUTHN_CREDENTIAL;
+typedef const WEBAUTHN_CREDENTIAL *PCWEBAUTHN_CREDENTIAL;
+typedef struct _WEBAUTHN_CREDENTIALS {
+    DWORD cCredentials;
+    _Field_size_(cCredentials)
+    PWEBAUTHN_CREDENTIAL pCredentials;
+} WEBAUTHN_CREDENTIALS, *PWEBAUTHN_CREDENTIALS;
+typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS;
+//+------------------------------------------------------------------------------------------
+// Hmac-Secret extension
+//-------------------------------------------------------------------------------------------
+#define WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET                  L"hmac-secret"
+// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET
+// MakeCredential Input Type:   BOOL.
+//      - pvExtension must point to a BOOL with the value TRUE.
+//      - cbExtension must contain the sizeof(BOOL).
+// MakeCredential Output Type:  BOOL.
+//      - pvExtension will point to a BOOL with the value TRUE if credential
+//        was successfully created with HMAC_SECRET.
+//      - cbExtension will contain the sizeof(BOOL).
+// GetAssertion Input Type:     Not Supported
+// GetAssertion Output Type:    Not Supported
+//+------------------------------------------------------------------------------------------
+// Information about Extensions.
+//-------------------------------------------------------------------------------------------
+typedef struct _WEBAUTHN_EXTENSION {
+    LPCWSTR pwszExtensionIdentifier;
+    DWORD cbExtension;
+    PVOID pvExtension;
+} WEBAUTHN_EXTENSION, *PWEBAUTHN_EXTENSION;
+typedef const WEBAUTHN_EXTENSION *PCWEBAUTHN_EXTENSION;
+typedef struct _WEBAUTHN_EXTENSIONS {
+    DWORD cExtensions;
+    _Field_size_(cExtensions)
+    PWEBAUTHN_EXTENSION pExtensions;
+} WEBAUTHN_EXTENSIONS, *PWEBAUTHN_EXTENSIONS;
+typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS;
+//+------------------------------------------------------------------------------------------
+// Options.
+//-------------------------------------------------------------------------------------------
+#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY                               0
+#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM                          1
+#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM                    2
+#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2             3
+#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY                          0
+#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED                     1
+#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED                    2
+#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED                  3
+#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ANY                      0
+#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE                     1
+#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT                 2
+#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT                   3
+#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1            1
+#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2            2
+#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION      WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2
+typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
+    // Version of this structure, to allow for modifications in the future.
+    DWORD dwVersion;
+    // Time that the operation is expected to complete within.
+    // This is used as guidance, and can be overridden by the platform.
+    DWORD dwTimeoutMilliseconds;
+    // Credentials used for exclusion.
+    WEBAUTHN_CREDENTIALS CredentialList;
+    // Optional extensions to parse when performing the operation.
+    WEBAUTHN_EXTENSIONS Extensions;
+    // Optional. Platform vs Cross-Platform Authenticators.
+    DWORD dwAuthenticatorAttachment;
+    // Optional. Require key to be resident or not. Defaulting to FALSE;
+    BOOL bRequireResidentKey;
+    // User Verification Requirement.
+    DWORD dwUserVerificationRequirement;
+    // Attestation Conveyance Preference.
+    DWORD dwAttestationConveyancePreference;
+    // Reserved for future Use
+    DWORD dwFlags;
+    //
+    // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2
+    //
+    // Cancellation Id - Optional - See WebAuthNGetCancellationId
+    GUID *pCancellationId;
+} WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
+typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
+#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_1          1
+#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2          2
+#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3          3
+#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION    WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3
+typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
+    // Version of this structure, to allow for modifications in the future.
+    DWORD dwVersion;
+    // Time that the operation is expected to complete within.
+    // This is used as guidance, and can be overridden by the platform.
+    DWORD dwTimeoutMilliseconds;
+    // Allowed Credentials List.
+    WEBAUTHN_CREDENTIALS CredentialList;
+    // Optional extensions to parse when performing the operation.
+    WEBAUTHN_EXTENSIONS Extensions;
+    // Optional. Platform vs Cross-Platform Authenticators.
+    DWORD dwAuthenticatorAttachment;
+    // User Verification Requirement.
+    DWORD dwUserVerificationRequirement;
+    // Reserved for future Use
+    DWORD dwFlags;
+    //
+    // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2
+    //
+    // Optional identifier for the U2F AppId. Converted to UTF8 before being hashed. Not lower cased.
+    PCWSTR pwszU2fAppId;
+    // If the following is non-NULL, then, set to TRUE if the above pwszU2fAppid was used instead of
+    // PCWSTR pwszRpId;
+    BOOL *pbU2fAppId;
+    //
+    // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3
+    //
+    // Cancellation Id - Optional - See WebAuthNGetCancellationId
+    GUID *pCancellationId;
+} WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS,  *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
+typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS  *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
+//+------------------------------------------------------------------------------------------
+// Attestation Info.
+//
+//-------------------------------------------------------------------------------------------
+#define WEBAUTHN_ATTESTATION_DECODE_NONE                                0
+#define WEBAUTHN_ATTESTATION_DECODE_COMMON                              1
+// WEBAUTHN_ATTESTATION_DECODE_COMMON supports format types
+//  L"packed"
+//  L"fido-u2f"
+#define WEBAUTHN_ATTESTATION_VER_TPM_2_0   L"2.0"
+typedef struct _WEBAUTHN_X5C {
+    // Length of X.509 encoded certificate
+    DWORD cbData;
+    // X.509 encoded certificate bytes
+    _Field_size_bytes_(cbData)
+    PBYTE pbData;
+} WEBAUTHN_X5C, *PWEBAUTHN_X5C;
+// Supports either Self or Full Basic Attestation
+// Note, new fields will be added to the following data structure to
+// support additional attestation format types, such as, TPM.
+// When fields are added, the dwVersion will be incremented.
+//
+// Therefore, your code must make the following check:
+//  "if (dwVersion >= WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION)"
+#define WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION                     1
+typedef struct _WEBAUTHN_COMMON_ATTESTATION {
+    // Version of this structure, to allow for modifications in the future.
+    DWORD dwVersion;
+    // Hash and Padding Algorithm
+    //
+    // The following won't be set for "fido-u2f" which assumes "ES256".
+    PCWSTR pwszAlg;
+    LONG lAlg;      // COSE algorithm
+    // Signature that was generated for this attestation.
+    DWORD cbSignature;
+    _Field_size_bytes_(cbSignature)
+    PBYTE pbSignature;
+    // Following is set for Full Basic Attestation. If not, set then, this is Self Attestation.
+    // Array of X.509 DER encoded certificates. The first certificate is the signer, leaf certificate.
+    DWORD cX5c;
+    _Field_size_(cX5c)
+    PWEBAUTHN_X5C pX5c;
+    // Following are also set for tpm
+    PCWSTR pwszVer; // L"2.0"
+    DWORD cbCertInfo;
+    _Field_size_bytes_(cbCertInfo)
+    PBYTE pbCertInfo;
+    DWORD cbPubArea;
+    _Field_size_bytes_(cbPubArea)
+    PBYTE pbPubArea;
+} WEBAUTHN_COMMON_ATTESTATION, *PWEBAUTHN_COMMON_ATTESTATION;
+typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION;
+#define WEBAUTHN_ATTESTATION_TYPE_PACKED                                L"packed"
+#define WEBAUTHN_ATTESTATION_TYPE_U2F                                   L"fido-u2f"
+#define WEBAUTHN_ATTESTATION_TYPE_TPM                                   L"tpm"
+#define WEBAUTHN_ATTESTATION_TYPE_NONE                                  L"none"
+#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_1               1
+#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2               2
+#define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION         WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2
+typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION {
+    // Version of this structure, to allow for modifications in the future.
+    DWORD dwVersion;
+    // Attestation format type
+    PCWSTR pwszFormatType;
+    // Size of cbAuthenticatorData.
+    DWORD cbAuthenticatorData;
+    // Authenticator data that was created for this credential.
+    _Field_size_bytes_(cbAuthenticatorData)
+    PBYTE pbAuthenticatorData;
+    // Size of CBOR encoded attestation information
+    //0 => encoded as CBOR null value.
+    DWORD cbAttestation;
+    //Encoded CBOR attestation information
+    _Field_size_bytes_(cbAttestation)
+    PBYTE pbAttestation;
+    DWORD dwAttestationDecodeType;
+    // Following depends on the dwAttestationDecodeType
+    //  WEBAUTHN_ATTESTATION_DECODE_NONE
+    //      NULL - not able to decode the CBOR attestation information
+    //  WEBAUTHN_ATTESTATION_DECODE_COMMON
+    //      PWEBAUTHN_COMMON_ATTESTATION;
+    PVOID pvAttestationDecode;
+    // The CBOR encoded Attestation Object to be returned to the RP.
+    DWORD cbAttestationObject;
+    _Field_size_bytes_(cbAttestationObject)
+    PBYTE pbAttestationObject;
+    // The CredentialId bytes extracted from the Authenticator Data.
+    // Used by Edge to return to the RP.
+    DWORD cbCredentialId;
+    _Field_size_bytes_(cbCredentialId)
+    PBYTE pbCredentialId;
+    //
+    // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2
+    //
+    WEBAUTHN_EXTENSIONS Extensions;
+} WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION;
+typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION;
+//+------------------------------------------------------------------------------------------
+// authenticatorGetAssertion output.
+//-------------------------------------------------------------------------------------------
+#define WEBAUTHN_ASSERTION_CURRENT_VERSION                              1
+typedef struct _WEBAUTHN_ASSERTION {
+    // Version of this structure, to allow for modifications in the future.
+    DWORD dwVersion;
+    // Size of cbAuthenticatorData.
+    DWORD cbAuthenticatorData;
+    // Authenticator data that was created for this assertion.
+    _Field_size_bytes_(cbAuthenticatorData)
+    PBYTE pbAuthenticatorData;
+    // Size of pbSignature.
+    DWORD cbSignature;
+    // Signature that was generated for this assertion.
+    _Field_size_bytes_(cbSignature)
+    PBYTE pbSignature;
+    // Credential that was used for this assertion.
+    WEBAUTHN_CREDENTIAL Credential;
+    // Size of User Id
+    DWORD cbUserId;
+    // UserId
+    _Field_size_bytes_(cbUserId)
+    PBYTE pbUserId;
+} WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION;
+typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION;
+//+------------------------------------------------------------------------------------------
+// APIs.
+//-------------------------------------------------------------------------------------------
+HRESULT
+WINAPI
+WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable(
+    _Out_ BOOL *pbIsUserVerifyingPlatformAuthenticatorAvailable);
+HRESULT
+WINAPI
+WebAuthNAuthenticatorMakeCredential(
+    _In_        HWND                                                hWnd,
+    _In_        PCWEBAUTHN_RP_ENTITY_INFORMATION                    pRpInformation,
+    _In_        PCWEBAUTHN_USER_ENTITY_INFORMATION                  pUserInformation,
+    _In_        PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS               pPubKeyCredParams,
+    _In_        PCWEBAUTHN_CLIENT_DATA                              pWebAuthNClientData,
+    _In_opt_    PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS    pWebAuthNMakeCredentialOptions,
+    _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_ATTESTATION      *ppWebAuthNCredentialAttestation);
+HRESULT
+WINAPI
+WebAuthNAuthenticatorGetAssertion(
+    _In_        HWND                                                hWnd,
+    _In_        LPCWSTR                                             pwszRpId,
+    _In_        PCWEBAUTHN_CLIENT_DATA                              pWebAuthNClientData,
+    _In_opt_    PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS      pWebAuthNGetAssertionOptions,
+    _Outptr_result_maybenull_ PWEBAUTHN_ASSERTION                   *ppWebAuthNAssertion);
+void
+WINAPI
+WebAuthNFreeCredentialAttestation(
+    _In_opt_ PWEBAUTHN_CREDENTIAL_ATTESTATION pWebAuthNCredentialAttestation);
+void
+WINAPI
+WebAuthNFreeAssertion(
+    _In_ PWEBAUTHN_ASSERTION pWebAuthNAssertion);
+HRESULT
+WINAPI
+WebAuthNGetCancellationId(
+    _Out_ GUID* pCancellationId);
+HRESULT
+WINAPI
+WebAuthNCancelCurrentOperation(
+    _In_ const GUID* pCancellationId);
+//
+// Returns the following Error Names:
+//  L"Success"              - S_OK
+//  L"InvalidStateError"    - NTE_EXISTS
+//  L"ConstraintError"      - HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED),
+//                            NTE_NOT_SUPPORTED,
+//                            NTE_TOKEN_KEYSET_STORAGE_FULL
+//  L"NotSupportedError"    - NTE_INVALID_PARAMETER
+//  L"NotAllowedError"      - NTE_DEVICE_NOT_FOUND,
+//                            NTE_NOT_FOUND,
+//                            HRESULT_FROM_WIN32(ERROR_CANCELLED),
+//                            NTE_USER_CANCELLED,
+//                            HRESULT_FROM_WIN32(ERROR_TIMEOUT)
+//  L"UnknownError"         - All other hr values
+//
+PCWSTR
+WINAPI
+WebAuthNGetErrorName(
+    _In_ HRESULT hr);
+HRESULT
+WINAPI
+WebAuthNGetW3CExceptionDOMError(
+    _In_ HRESULT hr);
+#ifdef __cplusplus
+}       // Balance extern "C" above
+#endif
+#endif // WINAPI_FAMILY_PARTITION
+#pragma endregion