sdk/fidl/fuchsia.identity.ctap/make_credential.fidl - fuchsia - Git at Google

 // Copyright 2022 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 library fuchsia.identity.ctap;

 /// Used to supply additional Relying Party attributes when creating a new
 /// credential.
 type PublicKeyCredentialRpEntity = table {
     /// The Relying Party Identifier of type text string.
     1: id vector<byte>:MAX_RP_ID_SIZE;
 };

 type MakeCredentialOptions = table {
     /// Instructs the authenticator to require user consent to complete the
     /// operation. Platforms MAY send the "up" option key to CTAP2.1
     /// authenticators, and its value MUST be true if present. The value false
     /// will cause a CTAP2_ERR_INVALID_OPTION response regardless of
     /// authenticator version.
     1: user_presence bool;

     /// Specifies whether this credential is to be discoverable or not.
     2: resident_key bool;
 };

 type MakeCredentialParams = table {
     /// Byte string of a hash of the ClientData contextual binding specified by
     /// host.
     1: client_data_hash vector<byte>:MAX_CLIENT_HASH_SIZE;

     /// A data structure describing a Relying Party with which the new public
     /// key credential will be associated.
     2: relying_party PublicKeyCredentialRpEntity;

     /// A data structure describing the user account to which the new public
     /// key credential will be associated at the RP.
     3: user PublicKeyCredentialUserEntity;

     /// A list of supported algorithms for credential generation, as specified
     /// in by the WebAuthn Specification. The array is ordered from most
     /// preferred to least preferred and MUST NOT include duplicate entries.
     4: public_key_cred_params vector<PublicKeyCredentialParameters>:MAX_SUPPORTED_ALGORITHMS_COUNT;

     // The following are optional fields in the CTAP Specification:

     /// An array of PublicKeyCredentialDescriptor structures. Authenticators
     /// will return an error if the authenticator already contains one of the
     /// credentials enumerated in this array.
     5: exclude_list vector<PublicKeyCredentialDescriptor>:MAX_DESCRIPTOR_COUNT;

     /// Parameters to influence authenticator operation. May be authenticator
     /// specific.
     6: extensions vector<ExtensionEntry>:MAX_EXTENSION_COUNT;

     /// Parameters to influence authenticator operation.
     7: options MakeCredentialOptions;

     /// The result of calling authenticate(pinUvAuthToken, clientDataHash).
     8: pin_uv_auth_param vector<byte>:MAX_SIGNATURE_SIZE;

     /// PIN/UV protocol version chosen by the platform.
     9: pin_uv_auth_protocol uint32;

     /// An authenticator supporting this enterprise attestation feature is
     /// enterprise attestation capable and signals its support via the ep
     /// Option ID in the authenticatorGetInfo command response.
     10: enterprise_attestation uint32;
 };

 type MakeCredentialResponse = table {
     /// The attestation statement format identifier.
     1: format string:MAX_FORMAT_SIZE;

     /// The authenticator data object.
     2: authenticator_data vector<byte>:MAX_AUTHENTICATOR_DATA_SIZE;

     /// The attestation statement. A CBOR Map, the structure of which depends
     /// on the attestation statement format identifier.
     3: attestation_statement vector<byte>:MAX_ATTESTATION_SIZE;

     // The following are optional fields in the CTAP Specification:

     /// Indicates whether an enterprise attestation was returned for this
     /// credential. If epAtt is absent or present and set to false, then an
     /// enterprise attestation was not returned. If epAtt is present and set to
     /// true, then an enterprise attestation was returned.
     4: enterprise_attestation bool;

     /// Contains the largeBlobKey for the credential, if requested with the
     /// largeBlobKey extension.
     5: large_blob_key vector<byte>:MAX_LARGE_BLOB_KEY_SIZE;
 };
	// Copyright 2022 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.
	library fuchsia.identity.ctap;

	/// Used to supply additional Relying Party attributes when creating a new
	/// credential.
	type PublicKeyCredentialRpEntity = table {
	/// The Relying Party Identifier of type text string.
	1: id vector<byte>:MAX_RP_ID_SIZE;
	};

	type MakeCredentialOptions = table {
	/// Instructs the authenticator to require user consent to complete the
	/// operation. Platforms MAY send the "up" option key to CTAP2.1
	/// authenticators, and its value MUST be true if present. The value false
	/// will cause a CTAP2_ERR_INVALID_OPTION response regardless of
	/// authenticator version.
	1: user_presence bool;

	/// Specifies whether this credential is to be discoverable or not.
	2: resident_key bool;
	};

	type MakeCredentialParams = table {
	/// Byte string of a hash of the ClientData contextual binding specified by
	/// host.
	1: client_data_hash vector<byte>:MAX_CLIENT_HASH_SIZE;

	/// A data structure describing a Relying Party with which the new public
	/// key credential will be associated.
	2: relying_party PublicKeyCredentialRpEntity;

	/// A data structure describing the user account to which the new public
	/// key credential will be associated at the RP.
	3: user PublicKeyCredentialUserEntity;

	/// A list of supported algorithms for credential generation, as specified
	/// in by the WebAuthn Specification. The array is ordered from most
	/// preferred to least preferred and MUST NOT include duplicate entries.
	4: public_key_cred_params vector<PublicKeyCredentialParameters>:MAX_SUPPORTED_ALGORITHMS_COUNT;

	// The following are optional fields in the CTAP Specification:

	/// An array of PublicKeyCredentialDescriptor structures. Authenticators
	/// will return an error if the authenticator already contains one of the
	/// credentials enumerated in this array.
	5: exclude_list vector<PublicKeyCredentialDescriptor>:MAX_DESCRIPTOR_COUNT;

	/// Parameters to influence authenticator operation. May be authenticator
	/// specific.
	6: extensions vector<ExtensionEntry>:MAX_EXTENSION_COUNT;

	/// Parameters to influence authenticator operation.
	7: options MakeCredentialOptions;

	/// The result of calling authenticate(pinUvAuthToken, clientDataHash).
	8: pin_uv_auth_param vector<byte>:MAX_SIGNATURE_SIZE;

	/// PIN/UV protocol version chosen by the platform.
	9: pin_uv_auth_protocol uint32;

	/// An authenticator supporting this enterprise attestation feature is
	/// enterprise attestation capable and signals its support via the ep
	/// Option ID in the authenticatorGetInfo command response.
	10: enterprise_attestation uint32;
	};

	type MakeCredentialResponse = table {
	/// The attestation statement format identifier.
	1: format string:MAX_FORMAT_SIZE;

	/// The authenticator data object.
	2: authenticator_data vector<byte>:MAX_AUTHENTICATOR_DATA_SIZE;

	/// The attestation statement. A CBOR Map, the structure of which depends
	/// on the attestation statement format identifier.
	3: attestation_statement vector<byte>:MAX_ATTESTATION_SIZE;

	// The following are optional fields in the CTAP Specification:

	/// Indicates whether an enterprise attestation was returned for this
	/// credential. If epAtt is absent or present and set to false, then an
	/// enterprise attestation was not returned. If epAtt is present and set to
	/// true, then an enterprise attestation was returned.
	4: enterprise_attestation bool;

	/// Contains the largeBlobKey for the credential, if requested with the
	/// largeBlobKey extension.
	5: large_blob_key vector<byte>:MAX_LARGE_BLOB_KEY_SIZE;
	};