From 41e6f931cda80d7c1fccb192bb29bc8c4524fb26 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Fri, 3 Nov 2023 10:11:00 +0900 Subject: [PATCH] Split webauthn-types.h from webauthn.h --- include/CMakeLists.txt | 1 + include/webauthn-hal.h | 2 +- include/webauthn-types.h | 568 +++++++++++++++++++++++++++++++++++++++++++++++ include/webauthn.h | 530 +------------------------------------------ packaging/webauthn.spec | 10 +- 5 files changed, 577 insertions(+), 534 deletions(-) create mode 100644 include/webauthn-types.h diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 9b11598..e8ef82d 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -1,5 +1,6 @@ INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/webauthn.h + ${CMAKE_CURRENT_SOURCE_DIR}/webauthn-types.h ${CMAKE_CURRENT_SOURCE_DIR}/webauthn-hal.h DESTINATION ${INCLUDEDIR} ) diff --git a/include/webauthn-hal.h b/include/webauthn-hal.h index 59c11cb..20a74cc 100644 --- a/include/webauthn-hal.h +++ b/include/webauthn-hal.h @@ -24,7 +24,7 @@ extern "C" { #endif -#include "webauthn.h" +#include "webauthn-types.h" /** * @brief Library path of the plugin implemenation for hybrid transport diff --git a/include/webauthn-types.h b/include/webauthn-types.h new file mode 100644 index 0000000..be7f158 --- /dev/null +++ b/include/webauthn-types.h @@ -0,0 +1,568 @@ +/* + * Copyright (c) 2023 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * @file webauthn.h + * @version 1.0 + * @brief Public APIs of WebAuthn module. +*/ +#ifndef __WEBAUTHN_TYPES__ +#define __WEBAUTHN_TYPES__ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include + + +/** + * @addtogroup CAPI_WEBAUTHN_MODULE + * @{ + */ + +#define WATUH_API_VERSION_NUMBER 0x00000001 + +/** + * @brief WebAuthn Errors. + * @since_tizen 9.0 + */ +typedef enum { + WAUTHN_ERROR_NONE = 0x00, /**< Successful */ + WAUTHN_ERROR_UNKNOWN = -0x01, /**< Unknown error */ + WAUTHN_ERROR_INVALID_PARAMETER = -0x02, /**< Invalid function parameter */ + WAUTHN_ERROR_PERMISSION_DENIED = -0x03, /**< Permission denied */ + WAUTHN_ERROR_NOT_SUPPORTED = -0x04, /**< Not supported operation */ + WAUTHN_ERROR_NOT_ALLOWED = -0x05, /**< Not allowed in the current context */ + WAUTHN_ERROR_INVALID_STATE = -0x06, /**< Invalid State */ + WAUTHN_ERROR_ENCODING_FAILED = -0x07, /**< Encoding operation failed */ +} wauthn_error_e; + +/** + * @brief WebAuthn authenticator transports. + * + * @since_tizen 9.0 + * @remarks Multiple transport values can be combined using bit-wise operation. + */ +typedef enum __wauthn_authenticator_transport { + WAUTHN_TRANSPORT_NONE = 0x00000000, + WAUTHN_TRANSPORT_USB = 0x00000001, /**< "usb" */ + WAUTHN_TRANSPORT_NFC = 0x00000002, /**< "nfc" */ + WAUTHN_TRANSPORT_BLE = 0x00000004, /**< "ble" */ + WAUTHN_TRANSPORT_SMARTCARD = 0x00000008, /**< "smart-card" */ + WAUTHN_TRANSPORT_HYBRID = 0x00000010, /**< "hybrid" */ + WAUTHN_TRANSPORT_INTERNAL = 0x00000020, /**< "internal" */ +} wauthn_authenticator_transport_e; + +/** + * @brief WebAuthn hash algorithms. + * Currently one hash algorithm is used, namely "SHA-256". + * @since_tizen 9.0 + */ +typedef enum __wauthn_hash_algorithm { + WAUTHN_HASH_ALGORITHM_SHA_256 = 1, /**< "SHA-256" */ +} wauthn_hash_algorithm_e; + +/** + * @brief WebAuthn COSE(CBOR Object Signing and Encryption) algorithms. + * @since_tizen 9.0 + */ +typedef enum __wauthn_cose_algorithm { + WAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256 = -7, /**< "ES256" */ + WAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384 = -35, /**< "ES384" */ + WAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512 = -36, /**< "ES512" */ + WAUTHN_COSE_ALGORITHM_EDDSA = -8, /**< "EdDSA" */ + WAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256 = -37, /**< "PS256" */ + WAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384 = -38, /**< "PS384" */ + WAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512 = -39, /**< "PS512" */ + WAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256 = -257, /**< "RS256" */ + WAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384 = -258, /**< "RS384" */ + WAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512 = -259, /**< "RS512" */ +} wauthn_cose_algorithm_e; + +/** + * @brief WebAuthn attestation preference. + * @since_tizen 9.0 + */ +typedef enum __wauthn_attestation_pref { + ap_none = 0, /**< none */ + ap_indirect = 1, /**< "indirect" */ + ap_direct = 2, /**< "direct" */ + ap_enterprise = 3, /**< "enterprise" */ +} wauthn_attestation_pref_e; + +/** + * @brief WebAuthn public key credential hint value. + * @since_tizen 9.0 + */ +typedef enum __wauthn_pubkey_cred_hint { + pch_none = 0, /**< none */ + pch_security_key = 1, /**< "security-key" */ + pch_client_device = 2, /**< "client-device" */ + pch_hybrid = 3, /**< "hybrid" */ +} wauthn_pubkey_cred_hint_e; + +/** + * @brief WebAuthn user verification requirement value. + * @since_tizen 9.0 + */ +typedef enum __wauthn_user_verification_requirement { + uvr_none = 0, /**< none */ + uvr_required = 1, /**< "required" */ + uvr_preferred = 2, /**< "preferred" */ + uvr_discouraged = 3, /**< "discouraged" */ +} wauthn_user_verification_requirement_e; + +/** + * @brief WebAuthn resident key requirement value + * @since_tizen 9.0 + */ +typedef enum __wauthn_resident_key_requirement { + rkr_none = 0, /**< none */ + rkr_discouraged = 1, /**< "discouraged" */ + rkr_preferred = 2, /**< "preferred" */ + rkr_required = 3, /**< "required" */ +} wauthn_resident_key_requirement_e; + +/** + * @brief WebAuthn authentication attachment value + * @since_tizen 9.0 + */ +typedef enum __wauthn_authenticator_attachment { + aa_none = 0, /**< none */ + aa_platform = 1, /**< "platform" */ + aa_cross_platform = 2, /**< "cross-platform" */ +} wauthn_authenticator_attachment_e; + +/** + * @brief WebAuthn credential type. + * Currently one credential type is defined, namely "public-key". + * @since_tizen 9.0 + */ +typedef enum __wauthn_pubkey_cred_type { + pct_public_key = 1, /**< public-key */ +} wauthn_pubkey_cred_type_e; + +/** + * @brief Returns stringified name of return code. + * + * @since_tizen 9.0 + * + * @param[in] error Item alias to be removed + * + * @return @c stringified name of return code. + */ +const char * wauthn_error_to_string(int error); + +/** + * @brief The structure for binary buffer used in this CAPI. + * @since_tizen 9.0 + */ +typedef struct __wauthn_buffer { + unsigned char *data; /**< Byte array containing binary data */ + size_t size; /**< The size of the binary data */ +} wauthn_buffer_s; + +/** + * @brief The structure for response of wauthn_make_credential. + * @since_tizen 9.0 + * @see wauthn_make_credential() + * @see #wauthn_pubkey_credential_attestaion_s + * @see #wauthn_cose_algorithm_e + */ +typedef struct __wauthn_authenticator_attestation_response { + wauthn_buffer_s *client_data_json; + wauthn_buffer_s *attestation_object; /**< The CBOR encoded Attestation Object to be returned to the RP */ + unsigned int transports; + wauthn_buffer_s *authenticator_data; + wauthn_buffer_s *subject_pubkey_info; + wauthn_cose_algorithm_e pubkey_alg; +} wauthn_authenticator_attestation_response_s; + +/** + * @brief The structure for response of wauthn_get_assersion. + * @since_tizen 9.0 + * @see wauthn_get_assersion() + * @see #wauthn_pubkey_credential_assertion_s + */ +typedef struct __wauthn_authenticator_assertion_response { + wauthn_buffer_s *client_data_json; + wauthn_buffer_s *authenticator_data; + wauthn_buffer_s *signature; + wauthn_buffer_s *user_handle; + wauthn_buffer_s *attestation_object; +} wauthn_authenticator_assertion_response_s; + +/** + * @brief The structure for an origin. + * @since_tizen 9.0 + * @remarks https://html.spec.whatwg.org/multipage/browsers.html#concept-origin + */ +typedef struct __wauthn_origin { + char *scheme; + char *host; + int port; + char *domain; +} wauthn_origin_s; + +/** + * @brief The structure for a RP entity. + * @since_tizen 9.0 + */ +typedef struct __wauthn_rp_entity { + char *name; /**< The name of RP */ + char *id; /**< The RPID */ +} wauthn_rp_entity_s; + +#define WEBAUTHN_MAX_USER_ID_LENGTH 64 + +/** + * @brief The structure for a user entity. + * @since_tizen 9.0 + */ +typedef struct __wauthn_user_entity { + char *name; + wauthn_buffer_s *id; /**< The ID of the user account. An ID is a byte sequence with a maximum size of + 64 bytes, and is not meant to be displayed to the user */ + char *display_name; /**< A human-palatable name for the user account, intended only for display */ +} wauthn_user_entity_s; + + +/** + * @brief The structure for a parameter for credential generation. + * @since_tizen 9.0 + * @see #wauthn_cose_algorithm_e + */ +typedef struct __wauthn_pubkey_cred_param { + wauthn_pubkey_cred_type_e type; /**< Well-known credential type specifying a credential to create */ + wauthn_cose_algorithm_e alg; /**< Well-known COSE algorithm specifying the algorithm to use for the credential */ +} wauthn_pubkey_cred_param_s; + +/** + * @brief The list structure for parameters for credential generation. + * @since_tizen 9.0 + * @see #wauthn_pubkey_cred_param_s + */ +typedef struct __wauthn_pubkey_cred_params { + size_t size; + wauthn_pubkey_cred_param_s *params; +} wauthn_pubkey_cred_params_s; + +/** + * @brief The structure for a publickey credential descriptor. + * @since_tizen 9.0 + * @see #wauthn_pubkey_cred_descriptor_s + */ +typedef struct __wauthn_pubkey_cred_descriptor { + wauthn_pubkey_cred_type_e type; + wauthn_buffer_s *id; + unsigned int transports; +} wauthn_pubkey_cred_descriptor_s; + +/** + * @brief The list structure for publickey credential descriptors. + * @since_tizen 9.0 + * @see #wauthn_pubkey_cred_descriptor_s + */ +typedef struct __wauthn_pubkey_cred_descriptors { + size_t size; + wauthn_pubkey_cred_descriptor_s *transports; +} wauthn_pubkey_cred_descriptors_s; + +/** + * @brief The structure for an authentication extension. + * @since_tizen 9.0 + * @see #wauthn_authentication_ext_s + */ +typedef struct __wauthn_authentication_ext { + wauthn_buffer_s *extension_id; /**< + Extension Identifier defined in the following registry. + https://www.iana.org/assignments/webauthn/webauthn.xhtml#webauthn-extension-ids. */ + wauthn_buffer_s *extension_value; /**< + Extension value */ +} wauthn_authentication_ext_s; + +/** + * @brief The list structure for authentication extensions. + * @since_tizen 9.0 + * @see #wauthn_authentication_ext_s + */ +typedef struct __wauthn_authentication_exts { + size_t size; + wauthn_authentication_ext_s *extensions; +} wauthn_authentication_exts_s; + +/** + * @brief The structure for an authenticator selection criteria. + * @since_tizen 9.0 + * @see #wauthn_authenticator_attachment_e + * @see #wauthn_resident_key_requirement_e + * @see #wauthn_user_verification_requirement_e + */ +typedef struct __wauthn_authenticator_sel_cri { + wauthn_authenticator_attachment_e attachment; + wauthn_resident_key_requirement_e resident_key; + bool require_resident_key; + wauthn_user_verification_requirement_e user_verification; +} wauthn_authenticator_sel_cri_s; + +/** + * @brief The list structure for publickey credential hints. + * @since_tizen 9.0 + * @see #wauthn_pubkey_cred_hint_e + */ +typedef struct __wauthn_pubkey_cred_hints { + size_t size; + wauthn_pubkey_cred_hint_e *hints; +} wauthn_pubkey_cred_hints_s; + +/** + * @brief The structure for a linked device data. + * @since_tizen 9.0 + */ +typedef struct __wauthn_hybrid_linked_data { + wauthn_buffer_s *contact_id; // cbor:"1" + wauthn_buffer_s *link_id; // cbor:"2" + wauthn_buffer_s *link_secret; // cbor:"3" + wauthn_buffer_s *authenticator_pubkey; // cbor:"4" + wauthn_buffer_s *authenticator_name; // cbor:"5" + wauthn_buffer_s *signature; // cbor:"6" + wauthn_buffer_s *auth_pubkey; + wauthn_buffer_s *tunnel_server_domain; +} wauthn_hybrid_linked_data_s; + +/** + * @brief The list structure for attestation formats. + * @since_tizen 9.0 + */ +typedef struct __wauthn_attestation_formats { + size_t size; + wauthn_buffer_s *attestation_formats; +} wauthn_attestation_formats_s; + +/** + * @brief The structure for a make credential option. + * @since_tizen 9.0 + * @see wauthn_make_credential() + * @see #wauthn_rp_entity_s + * @see #wauthn_user_entity_s + * @see #wauthn_pubkey_cred_params_s + * @see #wauthn_pubkey_cred_descriptors_s + * @see #wauthn_authenticator_sel_cri_s + * @see #wauthn_pubkey_cred_hints_s + * @see #wauthn_attestation_pref_e + * @see #wauthn_attestation_formats_s + * @see #wauthn_authentication_exts_s + * @see #wauthn_hybrid_linked_data_s + */ +typedef struct __wauthn_pubkey_cred_creation_options { + wauthn_rp_entity_s *rp; /**< This member contains a name and + an identifier for the Relying Party + responsible for the request */ + wauthn_user_entity_s *user; /**< This member contains names and + an identifier for the user account + performing the registration */ + wauthn_buffer_s *challenge; /**< This member specifies a challenge + that the authenticator signs, + along with other data, when producing + an attestation object for the newly + created credential */ + wauthn_pubkey_cred_params_s *pubkey_cred_params; /**< This member lists the key types and + signature algorithms the Relying Party + supports, ordered from most preferred + to least preferred */ + unsigned long timeout; /**< This member specifies a time, in milliseconds, + that the Relying Party is willing to wait for the call to complete. + This is treated as a hint, and MAY be overridden by the client. + The value, '0', means no timeout is set. (optional) */ + wauthn_pubkey_cred_descriptors_s *exclude_credentials; /**< The Relying Party SHOULD use + this member to list any existing + credentials mapped to this user + account (as identified by user.id) + (optional) */ + wauthn_authenticator_sel_cri_s *authenticator_selection; /**< The Relying Party MAY use + this member to specify capabilities + and settings that the authenticator + MUST or SHOULD satisfy to participate + in this operation (optional)*/ + wauthn_pubkey_cred_hints_s *hints; /**< + This member contains zero or more elements from #wauthn_pubkey_cred_hint_e to + guide the user agent in interacting with the user. (optional)*/ + wauthn_attestation_pref_e attestion; /**< + The Relying Party MAY use this member to specify a preference regarding attestation + conveyance. The default value is #ap_none (optional) */ + wauthn_attestation_formats_s *attestation_formats; /**< + The Relying Party MAY use this member to specify a preference regarding the attestation + statement format used by the authenticator. The default value is the empty list, which + indicates no preference (optional) */ + wauthn_authentication_exts_s *extensions; /**< The Relying Party MAY use this member to provide + client extension inputs requesting additional processing by the client and authenticator.(optional) */ + wauthn_hybrid_linked_data_s *linked_device; /**< Linked Device Connection Info (optional) */ +} wauthn_pubkey_cred_creation_options_s; + +/** + * @brief The structure for a get assertion option. + * @since_tizen 9.0 + * @see wauthn_get_assertion() + * @see #wauthn_pubkey_cred_descriptors_s + * @see #wauthn_user_verification_requirement_e + * @see #wauthn_pubkey_cred_hints_s + * @see #wauthn_attestation_pref_e + * @see #wauthn_attestation_formats_s + * @see #wauthn_authentication_exts_s + * @see #wauthn_hybrid_linked_data_s + */ +typedef struct __wauthn_pubkey_cred_request_options { + wauthn_buffer_s *challenge; /**< This member specifies a challenge that the authenticator signs, + along with other data, when producing an authentication assertion */ + unsigned long timeout; /**< This member specifies a time, in milliseconds, + that the Relying Party is willing to wait for the call to complete. + The value, '0', means no timeout is set. (optional)*/ + char *rpId; /**< This member specifies the RP ID claimed by the Relying Party (optional)*/ + wauthn_pubkey_cred_descriptors_s *allow_credentials; /**< This member is used by the client + to find authenticators eligible for this + authentication ceremony (optional)*/ + wauthn_user_verification_requirement_e user_verification; /**< + This member specifies the Relying Party's requirements regarding + user verification for the wauthn_get_assertion() operation. + The default value is #uvr_preferred (optional) */ + wauthn_pubkey_cred_hints_s *hints; /**< + This member contains zero or more elements from #wauthn_pubkey_cred_hint_e to + guide the user agent in interacting with the user. (optional)*/ + wauthn_attestation_pref_e attestion; /**< + The Relying Party MAY use this member to specify a preference regarding + attestation conveyance. The default value is #ap_none (optional)*/ + wauthn_attestation_formats_s *attestation_formats; /**< + The Relying Party MAY use this member to specify a preference regarding the attestation + statement format used by the authenticator. The default value is the empty list, which + indicates no preference (optional) */ + wauthn_authentication_exts_s *extensions; /**< + The Relying Party MAY use this member to provide client extension inputs requesting + additional processing by the client and authenticator.(optional) */ + wauthn_hybrid_linked_data_s *linked_device; /**< Linked Device Connection Info (optional) */ +} wauthn_pubkey_cred_request_options_s; + +/** + * @brief The structure for a publickey_credential response for wauthn_make_credential(). + * @since_tizen 9.0 + * @see wauthn_make_credential() + * @see #wauthn_authenticator_attestation_response_s + * @see #wauthn_authenticator_attachment_e + * @see #wauthn_authentication_exts_s + * @see #wauthn_hybrid_linked_data_s + */ +typedef struct __wauthn_pubkey_credential_attestaion { + wauthn_buffer_s *id; + wauthn_pubkey_cred_type_e type; + wauthn_buffer_s *rawId; + wauthn_authenticator_attestation_response_s *response; + wauthn_authenticator_attachment_e authenticator_attachment; + wauthn_authentication_exts_s *extensions; + bool is_conditional_mediation_available; + wauthn_buffer_s *json_data; + wauthn_hybrid_linked_data_s *linked_device; +} wauthn_pubkey_credential_attestaion_s; + +/** + * @brief The structure for a publickey_credential response for wauthn_get_assertion(). + * @since_tizen 9.0 + * @see wauthn_get_assertion() + * @see #wauthn_authenticator_assertion_response_s + * @see #wauthn_authenticator_attachment_e + * @see #wauthn_authentication_exts_s + * @see #wauthn_hybrid_linked_data_s + */ +typedef struct __wauthn_pubkey_credential_assertion { + wauthn_buffer_s *id; + wauthn_pubkey_cred_type_e type; + wauthn_buffer_s *rawId; + wauthn_authenticator_assertion_response_s *response; + wauthn_authenticator_attachment_e authenticator_attachment; + wauthn_authentication_exts_s *extensions; + bool is_conditional_mediation_available; + wauthn_buffer_s *json_data; + wauthn_hybrid_linked_data_s *linked_device; +} wauthn_pubkey_credential_assertion_s; + +/** + * @brief The structure for a client data json. + * @since_tizen 9.0 + * @see #wauthn_hash_algorithm_e + */ +typedef struct __wauthn_client_data { + wauthn_buffer_s *client_data_json;// UTF-8 encoded JSON serialization of the client data + wauthn_hash_algorithm_e hash_alg; // Hash algorithm used to hash the client_data_json field +} wauthn_client_data_s; + +/** + * @brief Invoked when a QR Code need to be displayed. + * @remarks If the request does not need to display a QR code + * then this callback function won't be invoked, + * @since_tizen 9.0 + * @param[in] qrcode The QR code payload + * @see #wauthn_mc_callbacks_s() + * @see #wauthn_ga_callbacks_s() + */ +typedef void wauthn_cb_display_qrcode(const unsigned char *qrcode); + +/** + * @brief Invoked when the response for the make credential request need to be returned. + * @since_tizen 9.0 + * @param[in] pubkey_cred The publickey credential contains response data + * @see #wauthn_mc_callbacks_s + * @see #wauthn_pubkey_credential_attestaion_s + */ +typedef void wauthn_cb_mc_on_response(const wauthn_pubkey_credential_attestaion_s *pubkey_cred); + +/** + * @brief Invoked when the response for the get assertion request need to be returned. + * @since_tizen 9.0 + * @param[in] pubkey_cred The publickey credential contains response data + * @see #wauthn_ga_callbacks_s + * @see #wauthn_pubkey_credential_assertion_s + */ +typedef void wauthn_cb_ga_on_response(const wauthn_pubkey_credential_assertion_s *pubkey_cred); + +/** + * @brief The structure for callback function list used to make credential. + * @since_tizen 9.0 + * @see wauthn_make_credential() + * @see wauthn_cb_display_qrcode() + * @see wauthn_cb_mc_on_response() + */ +typedef struct __wauthn_mc_callbacks { + wauthn_cb_display_qrcode *qrcode_callback; + wauthn_cb_mc_on_response *response_callback; +} wauthn_mc_callbacks_s; + +/** + * @brief The structure for callback function list used to get assertion. + * @since_tizen 9.0 + * @see wauthn_get_assertion() + * @see wauthn_cb_display_qrcode() + * @see wauthn_cb_ga_on_response() + */ +typedef struct __wauthn_ga_callbacks { + wauthn_cb_display_qrcode *qrcode_callback; + wauthn_cb_ga_on_response *response_callback; +} wauthn_ga_callbacks_s; + + +#ifdef __cplusplus +} +#endif + +#endif /* __WEBAUTHN_TYPES__ */ diff --git a/include/webauthn.h b/include/webauthn.h index 88308be..187a6b8 100644 --- a/include/webauthn.h +++ b/include/webauthn.h @@ -29,144 +29,13 @@ extern "C" { #include +#include "webauthn-types.h" + /** * @addtogroup CAPI_WEBAUTHN_MODULE * @{ */ -#define WATUH_API_VERSION_NUMBER 0x00000001 - -/** - * @brief WebAuthn Errors. - * @since_tizen 9.0 - */ -typedef enum { - WAUTHN_ERROR_NONE = 0x00, /**< Successful */ - WAUTHN_ERROR_UNKNOWN = -0x01, /**< Unknown error */ - WAUTHN_ERROR_INVALID_PARAMETER = -0x02, /**< Invalid function parameter */ - WAUTHN_ERROR_PERMISSION_DENIED = -0x03, /**< Permission denied */ - WAUTHN_ERROR_NOT_SUPPORTED = -0x04, /**< Not supported operation */ - WAUTHN_ERROR_NOT_ALLOWED = -0x05, /**< Not allowed in the current context */ - WAUTHN_ERROR_INVALID_STATE = -0x06, /**< Invalid State */ - WAUTHN_ERROR_ENCODING_FAILED = -0x07, /**< Encoding operation failed */ -} wauthn_error_e; - -/** - * @brief WebAuthn authenticator transports. * - * @since_tizen 9.0 - * @remarks Multiple transport values can be combined using bit-wise operation. - */ -typedef enum __wauthn_authenticator_transport { - WAUTHN_TRANSPORT_NONE = 0x00000000, - WAUTHN_TRANSPORT_USB = 0x00000001, /**< "usb" */ - WAUTHN_TRANSPORT_NFC = 0x00000002, /**< "nfc" */ - WAUTHN_TRANSPORT_BLE = 0x00000004, /**< "ble" */ - WAUTHN_TRANSPORT_SMARTCARD = 0x00000008, /**< "smart-card" */ - WAUTHN_TRANSPORT_HYBRID = 0x00000010, /**< "hybrid" */ - WAUTHN_TRANSPORT_INTERNAL = 0x00000020, /**< "internal" */ -} wauthn_authenticator_transport_e; - -/** - * @brief WebAuthn hash algorithms. - * Currently one hash algorithm is used, namely "SHA-256". - * @since_tizen 9.0 - */ -typedef enum __wauthn_hash_algorithm { - WAUTHN_HASH_ALGORITHM_SHA_256 = 1, /**< "SHA-256" */ -} wauthn_hash_algorithm_e; - -/** - * @brief WebAuthn COSE(CBOR Object Signing and Encryption) algorithms. - * @since_tizen 9.0 - */ -typedef enum __wauthn_cose_algorithm { - WAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256 = -7, /**< "ES256" */ - WAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384 = -35, /**< "ES384" */ - WAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512 = -36, /**< "ES512" */ - WAUTHN_COSE_ALGORITHM_EDDSA = -8, /**< "EdDSA" */ - WAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256 = -37, /**< "PS256" */ - WAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384 = -38, /**< "PS384" */ - WAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512 = -39, /**< "PS512" */ - WAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256 = -257, /**< "RS256" */ - WAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384 = -258, /**< "RS384" */ - WAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512 = -259, /**< "RS512" */ -} wauthn_cose_algorithm_e; - -/** - * @brief WebAuthn attestation preference. - * @since_tizen 9.0 - */ -typedef enum __wauthn_attestation_pref { - ap_none = 0, /**< none */ - ap_indirect = 1, /**< "indirect" */ - ap_direct = 2, /**< "direct" */ - ap_enterprise = 3, /**< "enterprise" */ -} wauthn_attestation_pref_e; - -/** - * @brief WebAuthn public key credential hint value. - * @since_tizen 9.0 - */ -typedef enum __wauthn_pubkey_cred_hint { - pch_none = 0, /**< none */ - pch_security_key = 1, /**< "security-key" */ - pch_client_device = 2, /**< "client-device" */ - pch_hybrid = 3, /**< "hybrid" */ -} wauthn_pubkey_cred_hint_e; - -/** - * @brief WebAuthn user verification requirement value. - * @since_tizen 9.0 - */ -typedef enum __wauthn_user_verification_requirement { - uvr_none = 0, /**< none */ - uvr_required = 1, /**< "required" */ - uvr_preferred = 2, /**< "preferred" */ - uvr_discouraged = 3, /**< "discouraged" */ -} wauthn_user_verification_requirement_e; - -/** - * @brief WebAuthn resident key requirement value - * @since_tizen 9.0 - */ -typedef enum __wauthn_resident_key_requirement { - rkr_none = 0, /**< none */ - rkr_discouraged = 1, /**< "discouraged" */ - rkr_preferred = 2, /**< "preferred" */ - rkr_required = 3, /**< "required" */ -} wauthn_resident_key_requirement_e; - -/** - * @brief WebAuthn authentication attachment value - * @since_tizen 9.0 - */ -typedef enum __wauthn_authenticator_attachment { - aa_none = 0, /**< none */ - aa_platform = 1, /**< "platform" */ - aa_cross_platform = 2, /**< "cross-platform" */ -} wauthn_authenticator_attachment_e; - -/** - * @brief WebAuthn credential type. - * Currently one credential type is defined, namely "public-key". - * @since_tizen 9.0 - */ -typedef enum __wauthn_pubkey_cred_type { - pct_public_key = 1, /**< public-key */ -} wauthn_pubkey_cred_type_e; - -/** - * @brief Returns stringified name of return code. - * - * @since_tizen 9.0 - * - * @param[in] error Item alias to be removed - * - * @return @c stringified name of return code. - */ -const char * wauthn_error_to_string(int error); - - /** * @brief Set API version that the caller uses. * @@ -184,7 +53,6 @@ const char * wauthn_error_to_string(int error); */ int wauthn_set_api_version(int api_version_number); - /** * @brief Get information on authenticator types that the client platform supports. * @@ -209,400 +77,6 @@ int wauthn_set_api_version(int api_version_number); */ int wauthn_supported_authenticators(unsigned int *supported); - -/** - * @brief The structure for binary buffer used in this CAPI. - * @since_tizen 9.0 - */ -typedef struct __wauthn_buffer { - unsigned char *data; /**< Byte array containing binary data */ - size_t size; /**< The size of the binary data */ -} wauthn_buffer_s; - -/** - * @brief The structure for response of wauthn_make_credential. - * @since_tizen 9.0 - * @see wauthn_make_credential() - * @see #wauthn_pubkey_credential_attestaion_s - * @see #wauthn_cose_algorithm_e - */ -typedef struct __wauthn_authenticator_attestation_response { - wauthn_buffer_s *client_data_json; - wauthn_buffer_s *attestation_object; /**< The CBOR encoded Attestation Object to be returned to the RP */ - unsigned int transports; - wauthn_buffer_s *authenticator_data; - wauthn_buffer_s *subject_pubkey_info; - wauthn_cose_algorithm_e pubkey_alg; -} wauthn_authenticator_attestation_response_s; - -/** - * @brief The structure for response of wauthn_get_assersion. - * @since_tizen 9.0 - * @see wauthn_get_assersion() - * @see #wauthn_pubkey_credential_assertion_s - */ -typedef struct __wauthn_authenticator_assertion_response { - wauthn_buffer_s *client_data_json; - wauthn_buffer_s *authenticator_data; - wauthn_buffer_s *signature; - wauthn_buffer_s *user_handle; - wauthn_buffer_s *attestation_object; -} wauthn_authenticator_assertion_response_s; - -/** - * @brief The structure for an origin. - * @since_tizen 9.0 - * @remarks https://html.spec.whatwg.org/multipage/browsers.html#concept-origin - */ -typedef struct __wauthn_origin { - char *scheme; - char *host; - int port; - char *domain; -} wauthn_origin_s; - -/** - * @brief The structure for a RP entity. - * @since_tizen 9.0 - */ -typedef struct __wauthn_rp_entity { - char *name; /**< The name of RP */ - char *id; /**< The RPID */ -} wauthn_rp_entity_s; - -#define WEBAUTHN_MAX_USER_ID_LENGTH 64 - -/** - * @brief The structure for a user entity. - * @since_tizen 9.0 - */ -typedef struct __wauthn_user_entity { - char *name; - wauthn_buffer_s *id; /**< The ID of the user account. An ID is a byte sequence with a maximum size of - 64 bytes, and is not meant to be displayed to the user */ - char *display_name; /**< A human-palatable name for the user account, intended only for display */ -} wauthn_user_entity_s; - - -/** - * @brief The structure for a parameter for credential generation. - * @since_tizen 9.0 - * @see #wauthn_cose_algorithm_e - */ -typedef struct __wauthn_pubkey_cred_param { - wauthn_pubkey_cred_type_e type; /**< Well-known credential type specifying a credential to create */ - wauthn_cose_algorithm_e alg; /**< Well-known COSE algorithm specifying the algorithm to use for the credential */ -} wauthn_pubkey_cred_param_s; - -/** - * @brief The list structure for parameters for credential generation. - * @since_tizen 9.0 - * @see #wauthn_pubkey_cred_param_s - */ -typedef struct __wauthn_pubkey_cred_params { - size_t size; - wauthn_pubkey_cred_param_s *params; -} wauthn_pubkey_cred_params_s; - -/** - * @brief The structure for a publickey credential descriptor. - * @since_tizen 9.0 - * @see #wauthn_pubkey_cred_descriptor_s - */ -typedef struct __wauthn_pubkey_cred_descriptor { - wauthn_pubkey_cred_type_e type; - wauthn_buffer_s *id; - unsigned int transports; -} wauthn_pubkey_cred_descriptor_s; - -/** - * @brief The list structure for publickey credential descriptors. - * @since_tizen 9.0 - * @see #wauthn_pubkey_cred_descriptor_s - */ -typedef struct __wauthn_pubkey_cred_descriptors { - size_t size; - wauthn_pubkey_cred_descriptor_s *transports; -} wauthn_pubkey_cred_descriptors_s; - -/** - * @brief The structure for an authentication extension. - * @since_tizen 9.0 - * @see #wauthn_authentication_ext_s - */ -typedef struct __wauthn_authentication_ext { - wauthn_buffer_s *extension_id; /**< - Extension Identifier defined in the following registry. - https://www.iana.org/assignments/webauthn/webauthn.xhtml#webauthn-extension-ids. */ - wauthn_buffer_s *extension_value; /**< - Extension value */ -} wauthn_authentication_ext_s; - -/** - * @brief The list structure for authentication extensions. - * @since_tizen 9.0 - * @see #wauthn_authentication_ext_s - */ -typedef struct __wauthn_authentication_exts { - size_t size; - wauthn_authentication_ext_s *extensions; -} wauthn_authentication_exts_s; - -/** - * @brief The structure for an authenticator selection criteria. - * @since_tizen 9.0 - * @see #wauthn_authenticator_attachment_e - * @see #wauthn_resident_key_requirement_e - * @see #wauthn_user_verification_requirement_e - */ -typedef struct __wauthn_authenticator_sel_cri { - wauthn_authenticator_attachment_e attachment; - wauthn_resident_key_requirement_e resident_key; - bool require_resident_key; - wauthn_user_verification_requirement_e user_verification; -} wauthn_authenticator_sel_cri_s; - -/** - * @brief The list structure for publickey credential hints. - * @since_tizen 9.0 - * @see #wauthn_pubkey_cred_hint_e - */ -typedef struct __wauthn_pubkey_cred_hints { - size_t size; - wauthn_pubkey_cred_hint_e *hints; -} wauthn_pubkey_cred_hints_s; - -/** - * @brief The structure for a linked device data. - * @since_tizen 9.0 - */ -typedef struct __wauthn_hybrid_linked_data { - wauthn_buffer_s *contact_id; // cbor:"1" - wauthn_buffer_s *link_id; // cbor:"2" - wauthn_buffer_s *link_secret; // cbor:"3" - wauthn_buffer_s *authenticator_pubkey; // cbor:"4" - wauthn_buffer_s *authenticator_name; // cbor:"5" - wauthn_buffer_s *signature; // cbor:"6" - wauthn_buffer_s *auth_pubkey; - wauthn_buffer_s *tunnel_server_domain; -} wauthn_hybrid_linked_data_s; - -/** - * @brief The list structure for attestation formats. - * @since_tizen 9.0 - */ -typedef struct __wauthn_attestation_formats { - size_t size; - wauthn_buffer_s *attestation_formats; -} wauthn_attestation_formats_s; - -/** - * @brief The structure for a make credential option. - * @since_tizen 9.0 - * @see wauthn_make_credential() - * @see #wauthn_rp_entity_s - * @see #wauthn_user_entity_s - * @see #wauthn_pubkey_cred_params_s - * @see #wauthn_pubkey_cred_descriptors_s - * @see #wauthn_authenticator_sel_cri_s - * @see #wauthn_pubkey_cred_hints_s - * @see #wauthn_attestation_pref_e - * @see #wauthn_attestation_formats_s - * @see #wauthn_authentication_exts_s - * @see #wauthn_hybrid_linked_data_s - */ -typedef struct __wauthn_pubkey_cred_creation_options { - wauthn_rp_entity_s *rp; /**< This member contains a name and - an identifier for the Relying Party - responsible for the request */ - wauthn_user_entity_s *user; /**< This member contains names and - an identifier for the user account - performing the registration */ - wauthn_buffer_s *challenge; /**< This member specifies a challenge - that the authenticator signs, - along with other data, when producing - an attestation object for the newly - created credential */ - wauthn_pubkey_cred_params_s *pubkey_cred_params; /**< This member lists the key types and - signature algorithms the Relying Party - supports, ordered from most preferred - to least preferred */ - unsigned long timeout; /**< This member specifies a time, in milliseconds, - that the Relying Party is willing to wait for the call to complete. - This is treated as a hint, and MAY be overridden by the client. - The value, '0', means no timeout is set. (optional) */ - wauthn_pubkey_cred_descriptors_s *exclude_credentials; /**< The Relying Party SHOULD use - this member to list any existing - credentials mapped to this user - account (as identified by user.id) - (optional) */ - wauthn_authenticator_sel_cri_s *authenticator_selection; /**< The Relying Party MAY use - this member to specify capabilities - and settings that the authenticator - MUST or SHOULD satisfy to participate - in this operation (optional)*/ - wauthn_pubkey_cred_hints_s *hints; /**< - This member contains zero or more elements from #wauthn_pubkey_cred_hint_e to - guide the user agent in interacting with the user. (optional)*/ - wauthn_attestation_pref_e attestion; /**< - The Relying Party MAY use this member to specify a preference regarding attestation - conveyance. The default value is #ap_none (optional) */ - wauthn_attestation_formats_s *attestation_formats; /**< - The Relying Party MAY use this member to specify a preference regarding the attestation - statement format used by the authenticator. The default value is the empty list, which - indicates no preference (optional) */ - wauthn_authentication_exts_s *extensions; /**< The Relying Party MAY use this member to provide - client extension inputs requesting additional processing by the client and authenticator.(optional) */ - wauthn_hybrid_linked_data_s *linked_device; /**< Linked Device Connection Info (optional) */ -} wauthn_pubkey_cred_creation_options_s; - -/** - * @brief The structure for a get assertion option. - * @since_tizen 9.0 - * @see wauthn_get_assertion() - * @see #wauthn_pubkey_cred_descriptors_s - * @see #wauthn_user_verification_requirement_e - * @see #wauthn_pubkey_cred_hints_s - * @see #wauthn_attestation_pref_e - * @see #wauthn_attestation_formats_s - * @see #wauthn_authentication_exts_s - * @see #wauthn_hybrid_linked_data_s - */ -typedef struct __wauthn_pubkey_cred_request_options { - wauthn_buffer_s *challenge; /**< This member specifies a challenge that the authenticator signs, - along with other data, when producing an authentication assertion */ - unsigned long timeout; /**< This member specifies a time, in milliseconds, - that the Relying Party is willing to wait for the call to complete. - The value, '0', means no timeout is set. (optional)*/ - char *rpId; /**< This member specifies the RP ID claimed by the Relying Party (optional)*/ - wauthn_pubkey_cred_descriptors_s *allow_credentials; /**< This member is used by the client - to find authenticators eligible for this - authentication ceremony (optional)*/ - wauthn_user_verification_requirement_e user_verification; /**< - This member specifies the Relying Party's requirements regarding - user verification for the wauthn_get_assertion() operation. - The default value is #uvr_preferred (optional) */ - wauthn_pubkey_cred_hints_s *hints; /**< - This member contains zero or more elements from #wauthn_pubkey_cred_hint_e to - guide the user agent in interacting with the user. (optional)*/ - wauthn_attestation_pref_e attestion; /**< - The Relying Party MAY use this member to specify a preference regarding - attestation conveyance. The default value is #ap_none (optional)*/ - wauthn_attestation_formats_s *attestation_formats; /**< - The Relying Party MAY use this member to specify a preference regarding the attestation - statement format used by the authenticator. The default value is the empty list, which - indicates no preference (optional) */ - wauthn_authentication_exts_s *extensions; /**< - The Relying Party MAY use this member to provide client extension inputs requesting - additional processing by the client and authenticator.(optional) */ - wauthn_hybrid_linked_data_s *linked_device; /**< Linked Device Connection Info (optional) */ -} wauthn_pubkey_cred_request_options_s; - -/** - * @brief The structure for a publickey_credential response for wauthn_make_credential(). - * @since_tizen 9.0 - * @see wauthn_make_credential() - * @see #wauthn_authenticator_attestation_response_s - * @see #wauthn_authenticator_attachment_e - * @see #wauthn_authentication_exts_s - * @see #wauthn_hybrid_linked_data_s - */ -typedef struct __wauthn_pubkey_credential_attestaion { - wauthn_buffer_s *id; - wauthn_pubkey_cred_type_e type; - wauthn_buffer_s *rawId; - wauthn_authenticator_attestation_response_s *response; - wauthn_authenticator_attachment_e authenticator_attachment; - wauthn_authentication_exts_s *extensions; - bool is_conditional_mediation_available; - wauthn_buffer_s *json_data; - wauthn_hybrid_linked_data_s *linked_device; -} wauthn_pubkey_credential_attestaion_s; - -/** - * @brief The structure for a publickey_credential response for wauthn_get_assertion(). - * @since_tizen 9.0 - * @see wauthn_get_assertion() - * @see #wauthn_authenticator_assertion_response_s - * @see #wauthn_authenticator_attachment_e - * @see #wauthn_authentication_exts_s - * @see #wauthn_hybrid_linked_data_s - */ -typedef struct __wauthn_pubkey_credential_assertion { - wauthn_buffer_s *id; - wauthn_pubkey_cred_type_e type; - wauthn_buffer_s *rawId; - wauthn_authenticator_assertion_response_s *response; - wauthn_authenticator_attachment_e authenticator_attachment; - wauthn_authentication_exts_s *extensions; - bool is_conditional_mediation_available; - wauthn_buffer_s *json_data; - wauthn_hybrid_linked_data_s *linked_device; -} wauthn_pubkey_credential_assertion_s; - -/** - * @brief The structure for a client data json. - * @since_tizen 9.0 - * @see #wauthn_hash_algorithm_e - */ -typedef struct __wauthn_client_data { - wauthn_buffer_s *client_data_json;// UTF-8 encoded JSON serialization of the client data - wauthn_hash_algorithm_e hash_alg; // Hash algorithm used to hash the client_data_json field -} wauthn_client_data_s; - -/** - * @brief Invoked when a QR Code need to be displayed. - * @remarks If the request does not need to display a QR code - * then this callback function won't be invoked, - * @since_tizen 9.0 - * @param[in] qrcode The QR code payload - * @see #wauthn_mc_callbacks_s() - * @see #wauthn_ga_callbacks_s() - */ -typedef void wauthn_cb_display_qrcode(const unsigned char *qrcode); - -/** - * @brief Invoked when the response for the make credential request need to be returned. - * @since_tizen 9.0 - * @param[in] pubkey_cred The publickey credential contains response data - * @see #wauthn_mc_callbacks_s - * @see #wauthn_pubkey_credential_attestaion_s - */ -typedef void wauthn_cb_mc_on_response(const wauthn_pubkey_credential_attestaion_s *pubkey_cred); - -/** - * @brief Invoked when the response for the get assertion request need to be returned. - * @since_tizen 9.0 - * @param[in] pubkey_cred The publickey credential contains response data - * @see #wauthn_ga_callbacks_s - * @see #wauthn_pubkey_credential_assertion_s - */ -typedef void wauthn_cb_ga_on_response(const wauthn_pubkey_credential_assertion_s *pubkey_cred); - -/** - * @brief The structure for callback function list used to make credential. - * @since_tizen 9.0 - * @see wauthn_make_credential() - * @see wauthn_cb_display_qrcode() - * @see wauthn_cb_mc_on_response() - */ -typedef struct __wauthn_mc_callbacks { - wauthn_cb_display_qrcode *qrcode_callback; - wauthn_cb_mc_on_response *response_callback; -} wauthn_mc_callbacks_s; - -/** - * @brief The structure for callback function list used to get assertion. - * @since_tizen 9.0 - * @see wauthn_get_assertion() - * @see wauthn_cb_display_qrcode() - * @see wauthn_cb_ga_on_response() - */ -typedef struct __wauthn_ga_callbacks { - wauthn_cb_display_qrcode *qrcode_callback; - wauthn_cb_ga_on_response *response_callback; -} wauthn_ga_callbacks_s; - /** * @brief Make a new web authentication credential and store it to authenticator. * diff --git a/packaging/webauthn.spec b/packaging/webauthn.spec index 8b03061..9b08d24 100644 --- a/packaging/webauthn.spec +++ b/packaging/webauthn.spec @@ -158,24 +158,24 @@ fi %files -n lib%{name}-common #%manifest %{_datadir}/%{name}-common.manifest %license LICENSE -%{_libdir}/lib%{name}-common.so.* +%{lib_dir}/lib%{name}-common.so.* %files -n lib%{name}-client #%manifest %{_datadir}/%{name}-client.manifest %license LICENSE -%{_libdir}/lib%{name}-client.so.* +%{lib_dir}/lib%{name}-client.so.* %files -n lib%{name}-client-devel #%manifest %{_datadir}/%{name}-client-devel.manifest %license LICENSE %{_includedir}/webauthn.h -%{_libdir}/pkgconfig/%{name}.pc -%{_libdir}/lib*.so +%{lib_dir}/pkgconfig/%{name}.pc +%{lib_dir}/lib*.so %files -n %{name}-hal-devel %license LICENSE %{_includedir}/webauthn*.h -%{_libdir}/pkgconfig/%{name}-hal.pc +%{lib_dir}/pkgconfig/%{name}-hal.pc %files -n %{name}-unit-test #%manifest %{name}-unit-test.manifest -- 2.7.4