| // Copyright 2022 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| library fuchsia.identity.ctap; |
| |
| /// Used to supply additional Relying Party attributes when creating a new |
| /// credential. |
| type PublicKeyCredentialRpEntity = table { |
| /// The Relying Party Identifier of type text string. |
| 1: id vector<byte>:MAX_RP_ID_SIZE; |
| }; |
| |
| type MakeCredentialOptions = table { |
| /// Instructs the authenticator to require user consent to complete the |
| /// operation. Platforms MAY send the "up" option key to CTAP2.1 |
| /// authenticators, and its value MUST be true if present. The value false |
| /// will cause a CTAP2_ERR_INVALID_OPTION response regardless of |
| /// authenticator version. |
| 1: user_presence bool; |
| |
| /// Specifies whether this credential is to be discoverable or not. |
| 2: resident_key bool; |
| }; |
| |
| type MakeCredentialParams = table { |
| /// Byte string of a hash of the ClientData contextual binding specified by |
| /// host. |
| 1: client_data_hash vector<byte>:MAX_CLIENT_HASH_SIZE; |
| |
| /// A data structure describing a Relying Party with which the new public |
| /// key credential will be associated. |
| 2: relying_party PublicKeyCredentialRpEntity; |
| |
| /// A data structure describing the user account to which the new public |
| /// key credential will be associated at the RP. |
| 3: user PublicKeyCredentialUserEntity; |
| |
| /// A list of supported algorithms for credential generation, as specified |
| /// in by the WebAuthn Specification. The array is ordered from most |
| /// preferred to least preferred and MUST NOT include duplicate entries. |
| 4: public_key_cred_params vector<PublicKeyCredentialParameters>:MAX_SUPPORTED_ALGORITHMS_COUNT; |
| |
| // The following are optional fields in the CTAP Specification: |
| |
| /// An array of PublicKeyCredentialDescriptor structures. Authenticators |
| /// will return an error if the authenticator already contains one of the |
| /// credentials enumerated in this array. |
| 5: exclude_list vector<PublicKeyCredentialDescriptor>:MAX_DESCRIPTOR_COUNT; |
| |
| /// Parameters to influence authenticator operation. May be authenticator |
| /// specific. |
| 6: extensions vector<ExtensionEntry>:MAX_EXTENSION_COUNT; |
| |
| /// Parameters to influence authenticator operation. |
| 7: options MakeCredentialOptions; |
| |
| /// The result of calling authenticate(pinUvAuthToken, clientDataHash). |
| 8: pin_uv_auth_param vector<byte>:MAX_SIGNATURE_SIZE; |
| |
| /// PIN/UV protocol version chosen by the platform. |
| 9: pin_uv_auth_protocol uint32; |
| |
| /// An authenticator supporting this enterprise attestation feature is |
| /// enterprise attestation capable and signals its support via the ep |
| /// Option ID in the authenticatorGetInfo command response. |
| 10: enterprise_attestation uint32; |
| }; |
| |
| type MakeCredentialResponse = table { |
| /// The attestation statement format identifier. |
| 1: format string:MAX_FORMAT_SIZE; |
| |
| /// The authenticator data object. |
| 2: authenticator_data vector<byte>:MAX_AUTHENTICATOR_DATA_SIZE; |
| |
| /// The attestation statement. A CBOR Map, the structure of which depends |
| /// on the attestation statement format identifier. |
| 3: attestation_statement vector<byte>:MAX_ATTESTATION_SIZE; |
| |
| // The following are optional fields in the CTAP Specification: |
| |
| /// Indicates whether an enterprise attestation was returned for this |
| /// credential. If epAtt is absent or present and set to false, then an |
| /// enterprise attestation was not returned. If epAtt is present and set to |
| /// true, then an enterprise attestation was returned. |
| 4: enterprise_attestation bool; |
| |
| /// Contains the largeBlobKey for the credential, if requested with the |
| /// largeBlobKey extension. |
| 5: large_blob_key vector<byte>:MAX_LARGE_BLOB_KEY_SIZE; |
| }; |