1c5e268c6Sopenharmony_ci/* 2c5e268c6Sopenharmony_ci * Copyright (c) 2022 Huawei Device Co., Ltd. 3c5e268c6Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4c5e268c6Sopenharmony_ci * you may not use this file except in compliance with the License. 5c5e268c6Sopenharmony_ci * You may obtain a copy of the License at 6c5e268c6Sopenharmony_ci * 7c5e268c6Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8c5e268c6Sopenharmony_ci * 9c5e268c6Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10c5e268c6Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11c5e268c6Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12c5e268c6Sopenharmony_ci * See the License for the specific language governing permissions and 13c5e268c6Sopenharmony_ci * limitations under the License. 14c5e268c6Sopenharmony_ci */ 15c5e268c6Sopenharmony_ci 16c5e268c6Sopenharmony_ci/** 17c5e268c6Sopenharmony_ci * @addtogroup HdfUserAuth 18c5e268c6Sopenharmony_ci * @{ 19c5e268c6Sopenharmony_ci * 20c5e268c6Sopenharmony_ci * @brief Provides APIs for the user_auth driver. 21c5e268c6Sopenharmony_ci * 22c5e268c6Sopenharmony_ci * The user_auth driver provides a unified interface for the user_auth service to access the user_auth driver. 23c5e268c6Sopenharmony_ci * After obtaining the user_auth driver proxy, the service can call related APIs to register executors, 24c5e268c6Sopenharmony_ci * manage credentials, and complete password and biometric authentication. 25c5e268c6Sopenharmony_ci * @since 3.2 26c5e268c6Sopenharmony_ci */ 27c5e268c6Sopenharmony_ci 28c5e268c6Sopenharmony_ci/** 29c5e268c6Sopenharmony_ci * @file IUserAuthInterface.idl 30c5e268c6Sopenharmony_ci * 31c5e268c6Sopenharmony_ci * @brief Declares the user_auth driver APIs, which can be used to register executors, 32c5e268c6Sopenharmony_ci * manage credentials, and complete password and biometric authentication. 33c5e268c6Sopenharmony_ci * 34c5e268c6Sopenharmony_ci * @since 3.2 35c5e268c6Sopenharmony_ci */ 36c5e268c6Sopenharmony_ci 37c5e268c6Sopenharmony_cipackage ohos.hdi.user_auth.v1_0; 38c5e268c6Sopenharmony_ci 39c5e268c6Sopenharmony_ciimport ohos.hdi.user_auth.v1_0.UserAuthTypes; 40c5e268c6Sopenharmony_ci 41c5e268c6Sopenharmony_ci/** 42c5e268c6Sopenharmony_ci * @brief Declares the APIs of the user_auth driver. 43c5e268c6Sopenharmony_ci * 44c5e268c6Sopenharmony_ci * @since 3.2 45c5e268c6Sopenharmony_ci * @version 1.0 46c5e268c6Sopenharmony_ci */ 47c5e268c6Sopenharmony_ciinterface IUserAuthInterface { 48c5e268c6Sopenharmony_ci /** 49c5e268c6Sopenharmony_ci * @brief Initializes the cache information of the user_auth driver. 50c5e268c6Sopenharmony_ci * 51c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 52c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 53c5e268c6Sopenharmony_ci */ 54c5e268c6Sopenharmony_ci Init(); 55c5e268c6Sopenharmony_ci /** 56c5e268c6Sopenharmony_ci * @brief Adds an authentication executor to obtain the authentication capability. 57c5e268c6Sopenharmony_ci * 58c5e268c6Sopenharmony_ci * @param info Indicates executor registration information. See {@link ExecutorRegisterInfo}. 59c5e268c6Sopenharmony_ci * @param index Indicates the executor index under the authentication framework. 60c5e268c6Sopenharmony_ci * @param publicKey Indicates the public key of the authentication framework. 61c5e268c6Sopenharmony_ci * @param templateIds Indicates template IDs enrolled by the executors. 62c5e268c6Sopenharmony_ci * 63c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 64c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 65c5e268c6Sopenharmony_ci */ 66c5e268c6Sopenharmony_ci AddExecutor([in] struct ExecutorRegisterInfo info, [out] unsigned long index, 67c5e268c6Sopenharmony_ci [out] unsigned char[] publicKey, [out] unsigned long[] templateIds); 68c5e268c6Sopenharmony_ci /** 69c5e268c6Sopenharmony_ci * @brief Deletes an executor. 70c5e268c6Sopenharmony_ci * 71c5e268c6Sopenharmony_ci * @param index Indicates the executor index under the authentication framework. 72c5e268c6Sopenharmony_ci * 73c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 74c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 75c5e268c6Sopenharmony_ci */ 76c5e268c6Sopenharmony_ci DeleteExecutor([in] unsigned long index); 77c5e268c6Sopenharmony_ci /** 78c5e268c6Sopenharmony_ci * @brief Opens a session for authentication credential management. 79c5e268c6Sopenharmony_ci * 80c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 81c5e268c6Sopenharmony_ci * @param challenge Indicates the random number, which is used to generate an authentication token. 82c5e268c6Sopenharmony_ci * 83c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 84c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 85c5e268c6Sopenharmony_ci */ 86c5e268c6Sopenharmony_ci OpenSession([in] int userId, [out] unsigned char[] challenge); 87c5e268c6Sopenharmony_ci /** 88c5e268c6Sopenharmony_ci * @brief Closes the authentication credential management session. 89c5e268c6Sopenharmony_ci * 90c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 91c5e268c6Sopenharmony_ci * 92c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 93c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 94c5e268c6Sopenharmony_ci */ 95c5e268c6Sopenharmony_ci CloseSession([in] int userId); 96c5e268c6Sopenharmony_ci /** 97c5e268c6Sopenharmony_ci * @brief Begins the enrollment of authentication credentials. 98c5e268c6Sopenharmony_ci * If the authentication type is PIN, this method updates the existing PIN credential. 99c5e268c6Sopenharmony_ci * 100c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 101c5e268c6Sopenharmony_ci * @param authToken Indicates the authentication token of the user password. 102c5e268c6Sopenharmony_ci * @param param Indicates input parameters. See {@link EnrollParam}. 103c5e268c6Sopenharmony_ci * @param info Indicates scheduling information. See {@link ScheduleInfo}. 104c5e268c6Sopenharmony_ci * 105c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 106c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 107c5e268c6Sopenharmony_ci * 108c5e268c6Sopenharmony_ci * @deprecated 109c5e268c6Sopenharmony_ci */ 110c5e268c6Sopenharmony_ci BeginEnrollment([in] int userId, [in] unsigned char[] authToken, [in] struct EnrollParam param, 111c5e268c6Sopenharmony_ci [out] struct ScheduleInfo info); 112c5e268c6Sopenharmony_ci /** 113c5e268c6Sopenharmony_ci * @brief Updates the enrollment result and completes the enrollment. 114c5e268c6Sopenharmony_ci * 115c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 116c5e268c6Sopenharmony_ci * @param scheduleResult Indicates the enrollment result issued by the executor. 117c5e268c6Sopenharmony_ci * @param info Indicates the enrollment result. See {@link EnrollResultInfo}. 118c5e268c6Sopenharmony_ci * 119c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 120c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 121c5e268c6Sopenharmony_ci */ 122c5e268c6Sopenharmony_ci UpdateEnrollmentResult([in] int userId, [in] unsigned char[] scheduleResult, [out] struct EnrollResultInfo info); 123c5e268c6Sopenharmony_ci /** 124c5e268c6Sopenharmony_ci * @brief Cancels an enrollment. 125c5e268c6Sopenharmony_ci * 126c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 127c5e268c6Sopenharmony_ci * 128c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 129c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 130c5e268c6Sopenharmony_ci */ 131c5e268c6Sopenharmony_ci CancelEnrollment([in] int userId); 132c5e268c6Sopenharmony_ci /** 133c5e268c6Sopenharmony_ci * @brief Deletes credential information. 134c5e268c6Sopenharmony_ci * 135c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 136c5e268c6Sopenharmony_ci * @param credentialId Indicates the credential index. 137c5e268c6Sopenharmony_ci * @param authToken Indicates the authentication token of the user password. 138c5e268c6Sopenharmony_ci * @param info Indicates the credential information to delete. See {@link CredentialInfo}. 139c5e268c6Sopenharmony_ci * 140c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 141c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 142c5e268c6Sopenharmony_ci */ 143c5e268c6Sopenharmony_ci DeleteCredential([in] int userId, [in] unsigned long credentialId, [in] unsigned char[] authToken, 144c5e268c6Sopenharmony_ci [out] struct CredentialInfo info); 145c5e268c6Sopenharmony_ci /** 146c5e268c6Sopenharmony_ci * @brief Obtains credential information. 147c5e268c6Sopenharmony_ci * 148c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 149c5e268c6Sopenharmony_ci * @param authType Indicates the authentication type. See {@link AuthType}. 150c5e268c6Sopenharmony_ci * @param infos Indicates credential information. See {@link CredentialInfo}. 151c5e268c6Sopenharmony_ci * 152c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 153c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 154c5e268c6Sopenharmony_ci */ 155c5e268c6Sopenharmony_ci GetCredential([in] int userId, [in] enum AuthType authType, [out] struct CredentialInfo[] infos); 156c5e268c6Sopenharmony_ci /** 157c5e268c6Sopenharmony_ci * @brief Obtains user information. 158c5e268c6Sopenharmony_ci * 159c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 160c5e268c6Sopenharmony_ci * @param secureUid Indicates the secure user ID. 161c5e268c6Sopenharmony_ci * @param pinSubType Indicates the sub type of PIN authentication. See {@link PinSubType}. 162c5e268c6Sopenharmony_ci * @param infos Indicates enrolled information. See {@link EnrolledInfo}. 163c5e268c6Sopenharmony_ci * 164c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 165c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 166c5e268c6Sopenharmony_ci */ 167c5e268c6Sopenharmony_ci GetUserInfo([in] int userId, [out] unsigned long secureUid, [out] enum PinSubType pinSubType, 168c5e268c6Sopenharmony_ci [out] struct EnrolledInfo[] infos); 169c5e268c6Sopenharmony_ci /** 170c5e268c6Sopenharmony_ci * @brief Deletes a pin and a user from the IAM subsystem. 171c5e268c6Sopenharmony_ci * 172c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 173c5e268c6Sopenharmony_ci * @param authToken Indicates the authentication token of the user password. 174c5e268c6Sopenharmony_ci * @param deletedInfos Indicates the credential information to delete. See {@link CredentialInfo}. 175c5e268c6Sopenharmony_ci * 176c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 177c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 178c5e268c6Sopenharmony_ci */ 179c5e268c6Sopenharmony_ci DeleteUser([in] int userId, [in] unsigned char[] authToken, [out] struct CredentialInfo[] deletedInfos); 180c5e268c6Sopenharmony_ci /** 181c5e268c6Sopenharmony_ci * @brief Forcibly deletes a user. 182c5e268c6Sopenharmony_ci * 183c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 184c5e268c6Sopenharmony_ci * @param deletedInfos Indicates the credential information to delete. See {@link CredentialInfo}. 185c5e268c6Sopenharmony_ci * 186c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 187c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 188c5e268c6Sopenharmony_ci */ 189c5e268c6Sopenharmony_ci EnforceDeleteUser([in] int userId, [out] struct CredentialInfo[] deletedInfos); 190c5e268c6Sopenharmony_ci /** 191c5e268c6Sopenharmony_ci * @brief Begins authentication, and generates the authentication solution. 192c5e268c6Sopenharmony_ci * 193c5e268c6Sopenharmony_ci * @param contextId Indicates the context index. 194c5e268c6Sopenharmony_ci * @param param Indicates input parameters. See {@link AuthSolution}. 195c5e268c6Sopenharmony_ci * @param scheduleInfos Indicates scheduling information. See {@link ScheduleInfo}. 196c5e268c6Sopenharmony_ci * 197c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 198c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 199c5e268c6Sopenharmony_ci * 200c5e268c6Sopenharmony_ci * @deprecated 201c5e268c6Sopenharmony_ci */ 202c5e268c6Sopenharmony_ci BeginAuthentication([in] unsigned long contextId, [in] struct AuthSolution param, 203c5e268c6Sopenharmony_ci [out] struct ScheduleInfo[] scheduleInfos); 204c5e268c6Sopenharmony_ci /** 205c5e268c6Sopenharmony_ci * @brief Updates the authentication result, and evaluates the result of the authentication solution. 206c5e268c6Sopenharmony_ci * 207c5e268c6Sopenharmony_ci * @param contextId Indicates the context index. 208c5e268c6Sopenharmony_ci * @param scheduleResult Indicates the authentication result issued by the executor. 209c5e268c6Sopenharmony_ci * @param info Indicates authentication result information. See {@link AuthResultInfo}. 210c5e268c6Sopenharmony_ci * 211c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 212c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 213c5e268c6Sopenharmony_ci */ 214c5e268c6Sopenharmony_ci UpdateAuthenticationResult([in] unsigned long contextId, [in] unsigned char[] scheduleResult, 215c5e268c6Sopenharmony_ci [out] struct AuthResultInfo info); 216c5e268c6Sopenharmony_ci /** 217c5e268c6Sopenharmony_ci * @brief Cancels authentication. 218c5e268c6Sopenharmony_ci * 219c5e268c6Sopenharmony_ci * @param contextId Indicates the context index. 220c5e268c6Sopenharmony_ci * 221c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 222c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 223c5e268c6Sopenharmony_ci */ 224c5e268c6Sopenharmony_ci CancelAuthentication([in] unsigned long contextId); 225c5e268c6Sopenharmony_ci /** 226c5e268c6Sopenharmony_ci * @brief Begins identification, and generates the identification solution. 227c5e268c6Sopenharmony_ci * 228c5e268c6Sopenharmony_ci * @param contextId Indicates the context index. 229c5e268c6Sopenharmony_ci * @param authType Indicates the identification type. See @{AuthType}. 230c5e268c6Sopenharmony_ci * @param challenge Indicates the identification challenge. 231c5e268c6Sopenharmony_ci * @param executorSensorHint Indicates the executor sensor hint. 232c5e268c6Sopenharmony_ci * The value <b>0</b> indicates that no value is specified. 233c5e268c6Sopenharmony_ci * @param scheduleInfo Indicates scheduling information. See {@link ScheduleInfo}. 234c5e268c6Sopenharmony_ci * 235c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 236c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 237c5e268c6Sopenharmony_ci * 238c5e268c6Sopenharmony_ci * @deprecated 239c5e268c6Sopenharmony_ci */ 240c5e268c6Sopenharmony_ci BeginIdentification([in] unsigned long contextId, [in] enum AuthType authType, [in] unsigned char[] challenge, 241c5e268c6Sopenharmony_ci [in] unsigned int executorSensorHint, [out] struct ScheduleInfo scheduleInfo); 242c5e268c6Sopenharmony_ci /** 243c5e268c6Sopenharmony_ci * @brief Updates the identification result, and evaluates the result of the identification solution. 244c5e268c6Sopenharmony_ci * 245c5e268c6Sopenharmony_ci * @param contextId Indicates the context index. 246c5e268c6Sopenharmony_ci * @param scheduleResult Indicates the identification result issued by the executor. 247c5e268c6Sopenharmony_ci * @param info Indicates identification result information. See {@link IdentifyResultInfo}. 248c5e268c6Sopenharmony_ci * 249c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 250c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 251c5e268c6Sopenharmony_ci */ 252c5e268c6Sopenharmony_ci UpdateIdentificationResult([in] unsigned long contextId, [in] unsigned char[] scheduleResult, 253c5e268c6Sopenharmony_ci [out] struct IdentifyResultInfo info); 254c5e268c6Sopenharmony_ci /** 255c5e268c6Sopenharmony_ci * @brief Cancels identification. 256c5e268c6Sopenharmony_ci * 257c5e268c6Sopenharmony_ci * @param contextId Indicates the context index. 258c5e268c6Sopenharmony_ci * 259c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 260c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 261c5e268c6Sopenharmony_ci */ 262c5e268c6Sopenharmony_ci CancelIdentification([in] unsigned long contextId); 263c5e268c6Sopenharmony_ci /** 264c5e268c6Sopenharmony_ci * @brief Obtains the trust level of the current authentication type. 265c5e268c6Sopenharmony_ci * 266c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 267c5e268c6Sopenharmony_ci * @param authType Indicates the authentication type. See {@link AuthType}. 268c5e268c6Sopenharmony_ci * @param authTrustLevel Indicates the authentication trust level. 269c5e268c6Sopenharmony_ci * 270c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 271c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 272c5e268c6Sopenharmony_ci */ 273c5e268c6Sopenharmony_ci GetAuthTrustLevel([in] int userId, [in] enum AuthType authType, [out] unsigned int authTrustLevel); 274c5e268c6Sopenharmony_ci /** 275c5e268c6Sopenharmony_ci * @brief Obtains the valid authentication methods under the current authentication trust level. 276c5e268c6Sopenharmony_ci * 277c5e268c6Sopenharmony_ci * @param userId Indicates the user ID. 278c5e268c6Sopenharmony_ci * @param authTypes Indicates the authentication types to be filtered. See {@link AuthType}. 279c5e268c6Sopenharmony_ci * @param authTrustLevel Indicates the authentication trust level. 280c5e268c6Sopenharmony_ci * @param validTypes Indicates the valid authentication types. See {@link AuthType}. 281c5e268c6Sopenharmony_ci * 282c5e268c6Sopenharmony_ci * @return Returns <b>0</b> if the operation is successful. 283c5e268c6Sopenharmony_ci * @return Returns a non-zero value if the operation fails. 284c5e268c6Sopenharmony_ci */ 285c5e268c6Sopenharmony_ci GetValidSolution([in] int userId, [in] enum AuthType[] authTypes, [in] unsigned int authTrustLevel, 286c5e268c6Sopenharmony_ci [out] enum AuthType[] validTypes); 287c5e268c6Sopenharmony_ci} 288c5e268c6Sopenharmony_ci/** @} */ 289