diff --git a/pin_auth/bundle.json b/pin_auth/bundle.json
index bfb9cb4ceea35e4c7bdd1ec96a0e17b108ba7d1d..3c5efc232dc043f41e8d03416f1a3410d2d0e37d 100644
--- a/pin_auth/bundle.json
+++ b/pin_auth/bundle.json
@@ -35,14 +35,14 @@
},
"build":{
"sub_component":[
- "//drivers/interface/pin_auth/v2_1:pin_auth_idl_target"
+ "//drivers/interface/pin_auth/v3_0:pin_auth_idl_target"
],
"test":[
],
"inner_kits":[
{
- "name":"//drivers/interface/pin_auth/v2_1:libpin_auth_proxy_2.1",
+ "name":"//drivers/interface/pin_auth/v3_0:libpin_auth_proxy_3.0",
"header":{
"header_files":[
@@ -51,7 +51,7 @@
}
},
{
- "name":"//drivers/interface/pin_auth/v2_1:libpin_auth_stub_2.1",
+ "name":"//drivers/interface/pin_auth/v3_0:libpin_auth_stub_3.0",
"header":{
"header_files":[
@@ -60,7 +60,7 @@
}
},
{
- "name":"//drivers/interface/pin_auth/v2_1:pin_auth_idl_headers",
+ "name":"//drivers/interface/pin_auth/v3_0:pin_auth_idl_headers",
"header":{
"header_files":[
diff --git a/pin_auth/v3_0/BUILD.gn b/pin_auth/v3_0/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..b332167fed0a8ea68d33b7e0705e80ce16078aa8
--- /dev/null
+++ b/pin_auth/v3_0/BUILD.gn
@@ -0,0 +1,30 @@
+# Copyright (c) 2024 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/components/hdi/hdi.gni")
+import("../config.gni")
+
+hdi("pin_auth") {
+ module_name = "drivers_peripheral_pin_auth"
+ sources = [
+ "IAllInOneExecutor.idl",
+ "ICollector.idl",
+ "IExecutorCallback.idl",
+ "IPinAuthInterface.idl",
+ "IVerifier.idl",
+ "PinAuthTypes.idl",
+ ]
+ language = "cpp"
+ subsystem_name = "hdf"
+ part_name = "drivers_interface_pin_auth"
+}
diff --git a/pin_auth/v3_0/IAllInOneExecutor.idl b/pin_auth/v3_0/IAllInOneExecutor.idl
new file mode 100644
index 0000000000000000000000000000000000000000..f27941c82923488130837072b4aa490b7f54279d
--- /dev/null
+++ b/pin_auth/v3_0/IAllInOneExecutor.idl
@@ -0,0 +1,212 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @addtogroup HdfPinAuth
+ * @{
+ *
+ * @brief Provides APIs for the pin auth driver.
+ *
+ * The pin auth driver provides a unified interface for the pin auth service to access the pin auth driver.
+ * After obtaining the pin auth driver proxy, the service can call related APIs to obtain executors.
+ * After obtaining the pin auth executors, the service can call related APIs to get executor information, get
+ * template information, and enroll, authenticate, and delete templates, etc.
+ *
+ * @since 5.0
+ * @version 1.1
+ */
+
+/**
+ * @file IAllInOneExecutor.idl
+ *
+ * @brief Defines the APIs of the all-in-one executors. These APIs can be used to get executor information, get property,
+ * enroll, authenticate, and delete templates, etc.
+ *
+ * @since 5.0
+ * @version 1.1
+ */
+
+package ohos.hdi.pin_auth.v3_0;
+
+import ohos.hdi.pin_auth.v3_0.PinAuthTypes;
+import ohos.hdi.pin_auth.v3_0.IExecutorCallback;
+
+/**
+ * @brief Defines the APIs of the all-in-one executors. These APIs can be used to get executor information, get property,
+ * enroll, authenticate, and delete templates, etc.
+ *
+ * @since 5.0
+ * @version 1.1
+ */
+
+interface IAllInOneExecutor {
+ /**
+ * @brief Gets executor information.
+ *
+ * @param executorInfo Indicates executor information. See {@link ExecutorInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ GetExecutorInfo([out] struct ExecutorInfo executorInfo);
+ /**
+ * @brief Sends parameters to the driver when executor registration is finished.
+ *
+ * @param templateIdList Indicates the templates previously registered to the user auth framework.
+ * @param frameworkPublicKey Indicates the framework public key.
+ * @param extraInfo Indicates the extra information that is sent to the executors.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ OnRegisterFinish([in] unsigned long[] templateIdList, [in] unsigned char[] frameworkPublicKey,
+ [in] unsigned char[] extraInfo);
+ /**
+ * @brief Cancels an operation.
+ *
+ * @param scheduleId Indicates the schedule ID of the operation to cancel.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ Cancel([in] unsigned long scheduleId);
+ /**
+ * @brief Send message.
+ *
+ * @param scheduleId Indicates the schedule ID of the message.
+ * @param srcRole is the role of source.
+ * @param msg is the message content.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ SendMessage([in] unsigned long scheduleId, [in] int srcRole, [in] unsigned char[] msg);
+ /**
+ * @brief Sets pin data.
+ *
+ * @param scheduleId Indicates the schedule ID of enrollment.
+ * @param authSubType Indicates the pin sub type.
+ * @param data Indicates the pin data.
+ * @param resultCode Indicates the result code.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ SetData([in] unsigned long scheduleId, [in] unsigned long authSubType, [in] unsigned char[] data,
+ [in] int resultCode);
+ /**
+ * @brief Enrolls templates.
+ *
+ * @param scheduleId Indicates the schedule ID of enrollment.
+ * @param extraInfo Indicates the extra information of enrollment.
+ * @param callbackObj Indicates the callback object of enrollment. See {@link IExecutorCallback}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ Enroll([in] unsigned long scheduleId, [in] unsigned char[] extraInfo, [in] IExecutorCallback callbackObj);
+ /**
+ * @brief Authenticates templates.
+ *
+ * @param scheduleId Indicates the schedule ID of authentication.
+ * @param templateIdList Indicates the templates to authenticate.
+ * @param extraInfo Indicates the extra information of authentication.
+ * @param callbackObj Indicates the callback object of authentication. See {@link IExecutorCallback}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ Authenticate([in] unsigned long scheduleId, [in] unsigned long[] templateIdList, [in] unsigned char[] extraInfo,
+ [in] IExecutorCallback callbackObj);
+ /**
+ * @brief Deletes templates.
+ *
+ * @param templateId Indicates the templates to delete.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ Delete([in] unsigned long templateId);
+ /**
+ * @brief Get property.
+ *
+ * @param templateIdList Indicates the templates to process.
+ * @param propertyTypes Indicates the property types to get. See {@link GetPropertyType}.
+ * @param property Indicates property. See {@link Property}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ GetProperty([in] unsigned long[] templateIdList, [in] int[] propertyTypes, [out] struct Property property);
+ /**
+ * @brief Sends a command to the driver.
+ *
+ * @param commandId Indicates the command ID. See {@link CommandId}.
+ * @param extraInfo Indicates the extra information of the command.
+ * @param callbackObj Indicates the callback object of the command. See {@link IExecutorCallback}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ SendCommand([in] int commandId, [in] unsigned char[] extraInfo, [in] IExecutorCallback callbackObj);
+ /**
+ * @brief Abandon tempalte.
+ *
+ * @param scheduleId Indicates the schedule ID of abandon.
+ * @param templateId Indicates the template to abandon.
+ * @param extraInfo Indicates the extra information of abandon.
+ * @param callbackObj Indicates the callback object of abandon. See {@link IExecutorCallback}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 6.0
+ * @version 1.0
+ */
+ Abandon([in] unsigned long scheduleId, [in] unsigned long templateId, [in] unsigned char[] extraInfo,
+ [in] IExecutorCallback callbackObj);
+}
+
+/** @} */
\ No newline at end of file
diff --git a/pin_auth/v3_0/ICollector.idl b/pin_auth/v3_0/ICollector.idl
new file mode 100644
index 0000000000000000000000000000000000000000..8737ed29c77715e0f823d47ab06c846b1f96ae63
--- /dev/null
+++ b/pin_auth/v3_0/ICollector.idl
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @addtogroup HdfPinAuth
+ * @{
+ *
+ * @brief Provides APIs for the pin auth driver.
+ *
+ * The pin auth driver provides a unified interface for the pin auth service to access the pin auth driver.
+ * After obtaining the pin auth driver proxy, the service can call related APIs to obtain executors.
+ * After obtaining the pin auth executors, the service can call related APIs to get executor information, get
+ * template information, and enroll, authenticate, and delete templates, etc.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+
+/**
+ * @file ICollector.idl
+ *
+ * @brief Defines the APIs of the collectors. These APIs can be used to get executor information,
+ * cancel, collect data, and send message, etc.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+
+package ohos.hdi.pin_auth.v3_0;
+
+import ohos.hdi.pin_auth.v3_0.PinAuthTypes;
+import ohos.hdi.pin_auth.v3_0.IExecutorCallback;
+
+/**
+ * @brief Defines the APIs of the collectors. These APIs can be used to get executor information,
+ * cancel, collect data, and send message, etc.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+
+interface ICollector {
+ /**
+ * @brief Gets executor information.
+ *
+ * @param executorInfo Indicates executor information. See {@link ExecutorInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ GetExecutorInfo([out] struct ExecutorInfo executorInfo);
+ /**
+ * @brief Sends parameters to the driver when executor registration is finished.
+ *
+ * @param templateIdList Indicates the templates previously registered to the user auth framework.
+ * @param frameworkPublicKey Indicates the framework public key.
+ * @param extraInfo Indicates the extra information that is sent to the executors.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ */
+ OnRegisterFinish([in] unsigned long[] templateIdList, [in] unsigned char[] frameworkPublicKey, [in] unsigned char[] extraInfo);
+ /**
+ * @brief Cancels an operation.
+ *
+ * @param scheduleId Indicates the schedule ID of the operation to cancel.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ Cancel([in] unsigned long scheduleId);
+ /**
+ * @brief Send message.
+ *
+ * @param scheduleId Indicates the schedule ID of the message.
+ * @param srcRole is the role of source.
+ * @param msg is the message content.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ SendMessage([in] unsigned long scheduleId, [in] int srcRole, [in] unsigned char[] msg);
+ /**
+ * @brief Sets pin data.
+ *
+ * @param scheduleId Indicates the schedule ID of enrollment.
+ * @param authSubType Indicates the pin sub type.
+ * @param data Indicates the pin data.
+ * @param resultCode Indicates the result code.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ SetData([in] unsigned long scheduleId, [in] unsigned long authSubType, [in] unsigned char[] data,
+ [in] int resultCode);
+ /**
+ * @brief Collect template data.
+ *
+ * @param scheduleId Indicates the schedule ID of collection.
+ * @param extraInfo Indicates the extra information of collection.
+ * @param callbackObj Indicates the callback object of authentication. See {@link IExecutorCallback}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ Collect([in] unsigned long scheduleId, [in] unsigned char[] extraInfo,
+ [in] IExecutorCallback callbackObj);
+}
+/** @} */
\ No newline at end of file
diff --git a/pin_auth/v3_0/IExecutorCallback.idl b/pin_auth/v3_0/IExecutorCallback.idl
new file mode 100644
index 0000000000000000000000000000000000000000..ddfa446e05582783cef492199e6861d6e7bc769d
--- /dev/null
+++ b/pin_auth/v3_0/IExecutorCallback.idl
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @addtogroup HdfPinAuth
+ * @{
+ *
+ * @brief Provides APIs for the pin auth driver.
+ *
+ * The pin auth driver provides a unified interface for the pin auth service to access the pin auth driver.
+ * After obtaining the pin auth driver proxy, the service can call related APIs to obtain executors.
+ * After obtaining the pin auth executors, the service can call related APIs to get executor information, get
+ * template information, and enroll, authenticate, and delete templates, etc.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+
+/**
+ * @file IExecutorCallback.idl
+ *
+ * @brief Defines the callback for an async API, which can be used to report operation results or
+ * get information of the async API.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+
+package ohos.hdi.pin_auth.v3_0;
+
+import ohos.hdi.pin_auth.v3_0.PinAuthTypes;
+
+/**
+ * @brief Defines the callback for an async API, which can be used to report operation results or
+ * get information of the async API. See {@link IExecutor}.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+[callback] interface IExecutorCallback {
+ /**
+ * @brief Defines the function for reporting operation results.
+ *
+ * @param result Indicates the result code.
+ * @param extraInfo Indicates extra information to report.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ OnResult([in] int result, [in] unsigned char[] extraInfo);
+ /**
+ * @brief Defines the function for reporting information in process.
+ *
+ * @param tip Indicates tip code. See {@link FaceTipsCode}.
+ * @param extraInfo Indicates extra information to report.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ OnTip([in] int tip, [in] unsigned char[] extraInfo);
+ /**
+ * @brief Defines the function for getting pin data.
+ *
+ * @param algoParameter is the parameter of the algorithm.
+ * @param authSubType Indicates the pin sub type.
+ * @param algoVersion is the version of the algorithm.
+ * @param challenge is challenge.
+ * @param complexityReg Indicates the complexity reg.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ OnGetData([in] unsigned char[] algoParameter, [in] unsigned long authSubType, [in] unsigned int algoVersion,
+ [in] unsigned char[] challenge, [in] String complexityReg);
+ /**
+ * @brief Defines the function for reporting message.
+ *
+ * @param destRole is the role of destination.
+ * @param msg is the message content.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ OnMessage([in] int destRole, [in] unsigned char[] msg);
+}
+/** @} */
\ No newline at end of file
diff --git a/pin_auth/v3_0/IPinAuthInterface.idl b/pin_auth/v3_0/IPinAuthInterface.idl
new file mode 100644
index 0000000000000000000000000000000000000000..5bae69d8c0f579cd0af459807d56dac0ee63b1e6
--- /dev/null
+++ b/pin_auth/v3_0/IPinAuthInterface.idl
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @addtogroup HdfPinAuth
+ * @{
+ *
+ * @brief Provides APIs for the pin auth driver.
+ *
+ * The pin auth driver provides a unified interface for the pin auth service to access the pin auth driver.
+ * After obtaining the pin auth driver proxy, the service can call related APIs to obtain executors.
+ * After obtaining the pin auth executors, the service can call related APIs to get executor information, get
+ * template information, and enroll, authenticate, and delete templates, etc.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+
+/**
+ * @file IPinAuthInterface.idl
+ *
+ * @brief Defines the API for getting the executor list of the pin auth driver.
+ * of driver.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+
+package ohos.hdi.pin_auth.v3_0;
+
+import ohos.hdi.pin_auth.v3_0.IAllInOneExecutor;
+import ohos.hdi.pin_auth.v3_0.ICollector;
+import ohos.hdi.pin_auth.v3_0.IVerifier;
+
+/**
+ * @brief Defines the API for getting the executor list of the pin auth driver.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+interface IPinAuthInterface {
+ /**
+ * @brief Obtains the executor list of the driver.
+ *
+ * @param allInOneExecutors Indicates the all-in-one executor list of the driver.
+ * See {@link IAllInOneExecutor}.
+ * @param verifiers Indicates the verifier list of the driver. See {@link IVerifier}.
+ * @param collectors Indicates the collector list of the driver. See {@link ICollector}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ GetExecutorList([out] IAllInOneExecutor[] allInOneExecutors, [out] IVerifier[] verifiers,
+ [out] ICollector[] collectors);
+}
+/** @} */
\ No newline at end of file
diff --git a/pin_auth/v3_0/IVerifier.idl b/pin_auth/v3_0/IVerifier.idl
new file mode 100644
index 0000000000000000000000000000000000000000..eba8bcfa1cf241ace2884496a5bdef7899202a5a
--- /dev/null
+++ b/pin_auth/v3_0/IVerifier.idl
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @addtogroup HdfPinAuth
+ * @{
+ *
+ * @brief Provides APIs for the pin auth driver.
+ *
+ * The pin auth driver provides a unified interface for the pin auth service to access the pin auth driver.
+ * After obtaining the pin auth driver proxy, the service can call related APIs to obtain executors.
+ * After obtaining the pin auth executors, the service can call related APIs to get executor information, get
+ * template information, and enroll, authenticate, and delete templates, etc.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+
+/**
+ * @file IVerifier.idl
+ *
+ * @brief Defines the APIs of the verifiers. These APIs can be used to get executor information,
+ * cancel, authenticate, and send message, etc.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+
+package ohos.hdi.pin_auth.v3_0;
+
+import ohos.hdi.pin_auth.v3_0.PinAuthTypes;
+import ohos.hdi.pin_auth.v3_0.IExecutorCallback;
+
+/**
+ * @brief Defines the APIs of the verifiers. These APIs can be used to get executor information,
+ * cancel, authenticate, and send message, etc.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+
+interface IVerifier {
+ /**
+ * @brief Gets executor information.
+ *
+ * @param executorInfo Indicates executor information. See {@link ExecutorInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ GetExecutorInfo([out] struct ExecutorInfo executorInfo);
+ /**
+ * @brief Sends parameters to the driver when executor registration is finished.
+ *
+ * @param templateIdList Indicates the templates previously registered to the user auth framework.
+ * @param frameworkPublicKey Indicates the framework public key.
+ * @param extraInfo Indicates the extra information that is sent to the executors.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ OnRegisterFinish([in] unsigned long[] templateIdList, [in] unsigned char[] frameworkPublicKey,
+ [in] unsigned char[] extraInfo);
+ /**
+ * @brief Cancels an operation.
+ *
+ * @param scheduleId Indicates the schedule ID of the operation to cancel.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ Cancel([in] unsigned long scheduleId);
+ /**
+ * @brief Send message.
+ *
+ * @param scheduleId Indicates the schedule ID of the message.
+ * @param srcRole is the role of source.
+ * @param msg is the message content.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ SendMessage([in] unsigned long scheduleId, [in] int srcRole, [in] unsigned char[] msg);
+ /**
+ * @brief Authenticates templates.
+ *
+ * @param scheduleId Indicates the schedule ID of authentication.
+ * @param templateIdList Indicates the templates to authenticate.
+ * @param extraInfo Indicates the extra information of authentication.
+ * @param callbackObj Indicates the callback object of authentication. See {@link IExecutorCallback}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ Authenticate([in] unsigned long scheduleId, [in] unsigned long[] templateIdList, [in] unsigned char[] extraInfo,
+ [in] IExecutorCallback callbackObj);
+ /**
+ * @brief Notify collector ready.
+ *
+ * @param scheduleId Indicates the schedule ID of the message.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ NotifyCollectorReady([in] unsigned long scheduleId);
+}
+/** @} */
\ No newline at end of file
diff --git a/pin_auth/v3_0/PinAuthTypes.idl b/pin_auth/v3_0/PinAuthTypes.idl
new file mode 100644
index 0000000000000000000000000000000000000000..bcee672674632fb678eb38fef19a97190b317eeb
--- /dev/null
+++ b/pin_auth/v3_0/PinAuthTypes.idl
@@ -0,0 +1,167 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @addtogroup HdfPinAuth
+ * @{
+ *
+ * @brief Provides APIs for the pin auth driver.
+ *
+ * The pin auth driver provides a unified interface for the pin auth service to access the pin auth driver.
+ * After obtaining the pin auth driver proxy, the service can call related APIs to obtain executors.
+ * After obtaining the pin auth executors, the service can call related APIs to get executor information, get
+ * template information, and enroll, authenticate, and delete templates, etc.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+
+/**
+ * @fiPinTypes.idl
+ *
+ * @brief Defines the enumeration and data structure of the pin auth driver, including AuthType, ExecutorRole,
+ * ExecutorSecureLevel,
+ * CommandId, ResultCode, ExecutorInfo, and TemplateInfo.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+
+package ohos.hdi.pin_auth.v3_0;
+
+/**
+ * @brief Enumerates the credential types for authentication.
+ *
+ * @since 3.2
+ * @version 1.1
+ */
+enum AuthType : int {
+ /**< Indicates that the authentication type is PIN. */
+ PIN = 1,
+ /**< Indicates that the authentication type is face. */
+ FACE = 2,
+ /**< Indicates that the authentication type is fingerprint. */
+ FINGERPRINT = 4,
+ /**< Indicates that the authentication type is recovery key. */
+ RECOVERY_KEY = 8,
+ /**< Indicates that the authentication type is private pin. */
+ PRIVATE_PIN = 16,
+};
+
+/**
+ * @brief Enumerates executor roles.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+enum ExecutorRole : int {
+ /**< Indicates that the executor role is scheduler. */
+ SCHEDULER = 0,
+ /**< Indicates that the executor role is collector. */
+ COLLECTOR = 1,
+ /**< Indicates that the executor role is verifier. */
+ VERIFIER = 2,
+ /**< Indicates that the executor role is the combination of collector and verifier. */
+ ALL_IN_ONE = 3,
+};
+
+/**
+ * @brief Enumerates executor secure levels.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+enum ExecutorSecureLevel : int {
+ /**< Indicates that the executor secure level is ESL0. */
+ ESL0 = 0,
+ /**< Indicates that the executor secure level is ESL1. */
+ ESL1 = 1,
+ /**< Indicates that the executor secure level is ESL2. */
+ ESL2 = 2,
+ /**< Indicates that the executor secure level is ESL3. */
+ ESL3 = 3,
+};
+
+/**
+ * @brief Indicates executor information.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+struct ExecutorInfo {
+ /**< Indicates the sensor ID, which must be unique within the driver. */
+ unsigned short sensorId;
+ /**< Indicates the executor matcher. */
+ unsigned int executorMatcher;
+ /**< Indicates the executor role. See @{ExecutorRole}. */
+ int executorRole;
+ /**< Indicates the auth type. See @{AuthType}. */
+ int authType;
+ /**< Indicates the executor secure level. See @{ExecutorSecureLevel}. */
+ int esl;
+ /**< Indicates the public key of the executor. */
+ unsigned char[] publicKey;
+ /**< Indicates extra information. */
+ unsigned char[] extraInfo;
+ /**< Indicates the max acl of template. */
+ unsigned int maxTemplateAcl;
+};
+
+/**
+ * @brief Enumerates get Property types.
+ *
+ * @since 4.0
+ * @version 2.0
+ */
+enum GetPropertyType : int {
+ /**< Indicates that the property to get is auth sub type. */
+ AUTH_SUB_TYPE = 1,
+ /**< Indicates that the property to get is lockout duration. */
+ LOCKOUT_DURATION = 2,
+ /**< Indicates that the property to get is remain attempts. */
+ REMAIN_ATTEMPTS = 3,
+ /**< Indicates that the property to get is lockout duration after next fail. */
+ NEXT_FAIL_LOCKOUT_DURATION = 6
+};
+
+/**
+ * @brief Indicates executor property.
+ *
+ * @since 4.0
+ * @version 2.0
+ */
+struct Property {
+ /**< Indicates auth sub type. */
+ unsigned long authSubType;
+ /**< Indicates lockout duration. */
+ int lockoutDuration;
+ /**< Indicates remain attempts. */
+ int remainAttempts;
+ /**< Indicates next fail lockout duration. */
+ int nextFailLockoutDuration;
+};
+
+/**
+ * @brief Enumerates command IDs.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+enum CommandId : int {
+ /**< The vendor may add a custom command ID after this. */
+ VENDOR_COMMAND_BEGIN = 10000
+};
+
+/** @} */
\ No newline at end of file
diff --git a/user_auth/bundle.json b/user_auth/bundle.json
index be38876309be1f1aa4074303622ae6dbaea7171c..b467145dd6dcc09e3f6083afec11fbc1a6d31ec9 100644
--- a/user_auth/bundle.json
+++ b/user_auth/bundle.json
@@ -35,14 +35,14 @@
},
"build":{
"sub_component":[
- "//drivers/interface/user_auth/v3_0:user_auth_idl_target"
+ "//drivers/interface/user_auth/v4_0:user_auth_idl_target"
],
"test":[
],
"inner_kits":[
{
- "name":"//drivers/interface/user_auth/v3_0:libuser_auth_proxy_3.0",
+ "name":"//drivers/interface/user_auth/v4_0:libuser_auth_proxy_4.0",
"header":{
"header_files":[
@@ -51,7 +51,7 @@
}
},
{
- "name":"//drivers/interface/user_auth/v3_0:user_auth_idl_headers",
+ "name":"//drivers/interface/user_auth/v4_0:user_auth_idl_headers",
"header":{
"header_files":[
@@ -60,7 +60,7 @@
}
},
{
- "name":"//drivers/interface/user_auth/v3_0:libuser_auth_stub_3.0",
+ "name":"//drivers/interface/user_auth/v4_0:libuser_auth_stub_4.0",
"header":{
"header_files":[
diff --git a/user_auth/v4_0/BUILD.gn b/user_auth/v4_0/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..093bd01bfe2ac20c01de3c9c5e1ee17a9aaa18d5
--- /dev/null
+++ b/user_auth/v4_0/BUILD.gn
@@ -0,0 +1,27 @@
+# Copyright (c) 2024 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/components/hdi/hdi.gni")
+import("../config.gni")
+
+hdi("user_auth") {
+ module_name = "drivers_peripheral_user_auth"
+ sources = [
+ "IMessageCallback.idl",
+ "IUserAuthInterface.idl",
+ "UserAuthTypes.idl",
+ ]
+ language = "cpp"
+ subsystem_name = "hdf"
+ part_name = "drivers_interface_user_auth"
+}
diff --git a/user_auth/v4_0/IMessageCallback.idl b/user_auth/v4_0/IMessageCallback.idl
new file mode 100644
index 0000000000000000000000000000000000000000..36a9c56d0d11ced262f62852e291bb02dacd0881
--- /dev/null
+++ b/user_auth/v4_0/IMessageCallback.idl
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @addtogroup HdfUserAuth
+ * @{
+ *
+ * @brief Provides APIs for the user_auth driver.
+ *
+ * The user_auth driver provides a unified interface for the user_auth service to access the user_auth driver.
+ * After obtaining the user_auth driver proxy, the service can call related APIs to register executors,
+ * manage credentials, and complete password and biometric authentication.
+ * @since 5.0
+ * @version 1.0
+ */
+
+/**
+ * @file IMessageCallback.idl
+ *
+ * @brief Defines the callback for an async API, which can be used to send message to framework.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+
+package ohos.hdi.user_auth.v4_0;
+
+/**
+ * @brief Defines the callback for an async API, which can be used to send message to framework.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+[callback] interface IMessageCallback {
+ /**
+ * @brief Defines the function for reporting message.
+ *
+ * @param scheduleId Indicates the schedule ID of the message.
+ * @param destRole is the role of destination.
+ * @param msg is the message content.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ */
+ OnMessage([in] unsigned long scheduleId, [in] int destRole, [in] unsigned char[] msg);
+}
+/** @} */
\ No newline at end of file
diff --git a/user_auth/v4_0/IUserAuthInterface.idl b/user_auth/v4_0/IUserAuthInterface.idl
new file mode 100644
index 0000000000000000000000000000000000000000..568296522f4c8d731445c30af9c0bd8957bfb961
--- /dev/null
+++ b/user_auth/v4_0/IUserAuthInterface.idl
@@ -0,0 +1,571 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @addtogroup HdfUserAuth
+ * @{
+ *
+ * @brief Provides APIs for the user_auth driver.
+ *
+ * The user_auth driver provides a unified interface for the user_auth service to access the user_auth driver.
+ * After obtaining the user_auth driver proxy, the service can call related APIs to register executors,
+ * manage credentials, and complete password and biometric authentication.
+ * @since 3.2
+ * @version 1.0
+ */
+
+/**
+ * @file IUserAuthInterface.idl
+ *
+ * @brief Declares the user_auth driver APIs, which can be used to register executors,
+ * manage credentials, and complete password and biometric authentication.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+
+package ohos.hdi.user_auth.v4_0;
+
+import ohos.hdi.user_auth.v4_0.UserAuthTypes;
+import ohos.hdi.user_auth.v4_0.IMessageCallback;
+
+/**
+ * @brief Declares the APIs of the user_auth driver.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+interface IUserAuthInterface {
+ /**
+ * @brief Initializes the cache information of the user_auth driver.
+ *
+ * @param deviceUdid Indicates the device udid.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ Init([in] String deviceUdid);
+ /**
+ * @brief Adds an authentication executor to obtain the authentication capability.
+ *
+ * @param info Indicates executor registration information. See {@link ExecutorRegisterInfo}.
+ * @param index Indicates the executor index under the authentication framework.
+ * @param publicKey Indicates the public key of the authentication framework.
+ * @param templateIds Indicates template IDs enrolled by the executors.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ AddExecutor([in] struct ExecutorRegisterInfo info, [out] unsigned long index,
+ [out] unsigned char[] publicKey, [out] unsigned long[] templateIds);
+ /**
+ * @brief Deletes an executor.
+ *
+ * @param index Indicates the executor index under the authentication framework.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ DeleteExecutor([in] unsigned long index);
+ /**
+ * @brief Opens a session for authentication credential management.
+ *
+ * @param userId Indicates the user ID.
+ * @param challenge Indicates the random number, which is used to generate an authentication token.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ OpenSession([in] int userId, [out] unsigned char[] challenge);
+ /**
+ * @brief Closes the authentication credential management session.
+ *
+ * @param userId Indicates the user ID.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ CloseSession([in] int userId);
+ /**
+ * @brief Updates the enrollment result and completes the enrollment.
+ *
+ * @param userId Indicates the user ID.
+ * @param scheduleResult Indicates the enrollment result issued by the executor.
+ * @param info Indicates the enrollment result. See {@link EnrollResultInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ UpdateEnrollmentResult([in] int userId, [in] unsigned char[] scheduleResult, [out] struct EnrollResultInfo info);
+ /**
+ * @brief Cancels an enrollment.
+ *
+ * @param userId Indicates the user ID.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ CancelEnrollment([in] int userId);
+ /**
+ * @brief Deletes credential information.
+ *
+ * @param userId Indicates the user ID.
+ * @param credentialId Indicates the credential index.
+ * @param authToken Indicates the authentication token of the user password.
+ * @param info Indicates the credential information to delete. See {@link CredentialInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ DeleteCredential([in] int userId, [in] unsigned long credentialId, [in] unsigned char[] authToken,
+ [out] struct CredentialInfo info);
+ /**
+ * @brief Obtains credential information.
+ *
+ * @param userId Indicates the user ID.
+ * @param authType Indicates the authentication type. See {@link AuthType}.
+ * @param infos Indicates credential information. See {@link CredentialInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ GetCredential([in] int userId, [in] int authType, [out] struct CredentialInfo[] infos);
+ /**
+ * @brief Obtains user information.
+ *
+ * @param userId Indicates the user ID.
+ * @param secureUid Indicates the secure user ID.
+ * @param pinSubType Indicates the sub type of PIN authentication. See {@link PinSubType}.
+ * @param infos Indicates enrolled information. See {@link EnrolledInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ GetUserInfo([in] int userId, [out] unsigned long secureUid, [out] int pinSubType,
+ [out] struct EnrolledInfo[] infos);
+ /**
+ * @brief Deletes a pin and a user from the IAM subsystem.
+ *
+ * @param userId Indicates the user ID.
+ * @param authToken Indicates the authentication token of the user password.
+ * @param deletedInfos Indicates the credential information to delete. See {@link CredentialInfo}.
+ * @param rootSecret protection key for the user file key.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ DeleteUser([in] int userId, [in] unsigned char[] authToken, [out] struct CredentialInfo[] deletedInfos,
+ [out] unsigned char[] rootSecret);
+ /**
+ * @brief Forcibly deletes a user.
+ *
+ * @param userId Indicates the user ID.
+ * @param deletedInfos Indicates the credential information to delete. See {@link CredentialInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ EnforceDeleteUser([in] int userId, [out] struct CredentialInfo[] deletedInfos);
+ /**
+ * @brief Updates the authentication result, and evaluates the result of the authentication solution.
+ *
+ * @param contextId Indicates the context index.
+ * @param scheduleResult Indicates the authentication result issued by the executor.
+ * @param info Indicates authentication result information. See {@link AuthResultInfo}.
+ * @param enrolledState EnrolledID information.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ UpdateAuthenticationResult([in] unsigned long contextId, [in] unsigned char[] scheduleResult,
+ [out] struct AuthResultInfo info, [out] EnrolledState enrolledState);
+ /**
+ * @brief Cancels authentication.
+ *
+ * @param contextId Indicates the context index.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ CancelAuthentication([in] unsigned long contextId);
+ /**
+ * @brief Updates the identification result, and evaluates the result of the identification solution.
+ *
+ * @param contextId Indicates the context index.
+ * @param scheduleResult Indicates the identification result issued by the executor.
+ * @param info Indicates identification result information. See {@link IdentifyResultInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ UpdateIdentificationResult([in] unsigned long contextId, [in] unsigned char[] scheduleResult,
+ [out] struct IdentifyResultInfo info);
+ /**
+ * @brief Cancels identification.
+ *
+ * @param contextId Indicates the context index.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+ CancelIdentification([in] unsigned long contextId);
+ /**
+ * @brief Check whether the authentication capability is avaliable.
+ *
+ * @param userId Indicates the user ID.
+ * @param authType Indicates the authentication type. See {@link AuthType}.
+ * @param authTrustLevel Indicates the authentication trust level.
+ * @param checkResult Indicates check result.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ GetAvailableStatus([in] int userId, [in] int authType, [in] unsigned int authTrustLevel, [out] int checkResult);
+ /**
+ * @brief Obtains the valid authentication methods under the current authentication trust level.
+ *
+ * @param userId Indicates the user ID.
+ * @param authTypes Indicates the authentication types to be filtered. See {@link AuthType}.
+ * @param authTrustLevel Indicates the authentication trust level.
+ * @param validTypes Indicates the valid authentication types. See {@link AuthType}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ GetValidSolution([in] int userId, [in] int[] authTypes, [in] unsigned int authTrustLevel,
+ [out] int[] validTypes);
+ /**
+ * @brief Begins authentication, and generates the authentication solution.
+ *
+ * @param contextId Indicates the context index.
+ * @param param Indicates input parameters. See {@link AuthParam}.
+ * @param scheduleInfos Indicates scheduling information. See {@link ScheduleInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ BeginAuthentication([in] unsigned long contextId, [in] struct AuthParam param,
+ [out] struct ScheduleInfo[] scheduleInfos);
+ /**
+ * @brief Begins the enrollment of authentication credentials.
+ * If the authentication type is PIN, this method updates the existing PIN credential.
+ *
+ * @param userId Indicates the user ID.
+ * @param authToken Indicates the authentication token of the user password.
+ * @param param Indicates input parameters. See {@link EnrollParam}.
+ * @param info Indicates scheduling information. See {@link ScheduleInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ BeginEnrollment([in] unsigned char[] authToken, [in] struct EnrollParam param,
+ [out] struct ScheduleInfo info);
+ /**
+ * @brief Begins identification, and generates the identification solution.
+ *
+ * @param contextId Indicates the context index.
+ * @param authType Indicates the identification type. See @{AuthType}.
+ * @param challenge Indicates the identification challenge.
+ * @param executorSensorHint Indicates the executor sensor hint.
+ * The value 0 indicates that no value is specified.
+ * @param scheduleInfo Indicates scheduling information. See {@link ScheduleInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+ BeginIdentification([in] unsigned long contextId, [in] int authType, [in] unsigned char[] challenge,
+ [in] unsigned int executorSensorHint, [out] struct ScheduleInfo scheduleInfo);
+ /**
+ * @brief Get all enrolled user information.
+ *
+ * @param userInfos List of all userInfo. See @{UserInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 4.0
+ * @version 1.0
+ */
+ GetAllUserInfo([out] UserInfo[] userInfos);
+ /**
+ * @brief Get all credential of enrolled users.
+ *
+ * @param userInfos List of all users. See @{ExtUserInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 4.0
+ * @version 1.0
+ */
+ GetAllExtUserInfo([out] ExtUserInfo[] userInfos);
+
+ /**
+ * @brief Querying EnrolledId information.
+ *
+ * @param userId Indicates the user ID.
+ * @param authType Indicates the identification type. See @{AuthType}.
+ * @param enrolledState Enrolled state.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ GetEnrolledState([in] int userId, [in] int authType, [out] struct EnrolledState enrolledState);
+
+ /**
+ * @brief Check if unlock result can be reused and return token.
+ *
+ * @param info Request information of reused unLock result. See {@link ReuseUnlockParam}.
+ * @param reuseInfo Reuse unlock info. See {@link ReuseUnlockInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ CheckReuseUnlockResult([in] struct ReuseUnlockParam reuseParam, [out] ReuseUnlockInfo reuseInfo);
+ /**
+ * @brief Send message.
+ *
+ * @param scheduleId Indicates the schedule ID of the message.
+ * @param srcRole is the role of source. See {@link ExecutorRole}.
+ * @param msg is the message content.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ SendMessage([in] unsigned long scheduleId, [in] int srcRole, [in] unsigned char[] msg);
+ /**
+ * @brief Register message callback.
+ *
+ * @param messageCallback Indicates the message callback. See {@link IMessageCallback}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ RegisterMessageCallback([in] IMessageCallback messageCallback);
+ /**
+ * @brief Prepare remote auth.
+ *
+ * @param remoteUdid Indicates the remote device udid.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ PrepareRemoteAuth([in] String remoteUdid);
+ /**
+ * @brief Get local schedule from message.
+ *
+ * @param remoteUdid Indicates the remote device udid.
+ * @param message is message received.
+ * @param scheduleInfo is schedule info. See {@link ScheduleInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ GetLocalScheduleFromMessage([in] String remoteUdid, [in] unsigned char[] message, [out] ScheduleInfo scheduleInfo);
+ /**
+ * @brief Get signed executor info.
+ *
+ * @param authTypes Indicates the auth types. See @{AuthType}.
+ * @param executorRole Indicates the role of executor. See {@link ExecutorRole}.
+ * @param remoteUdid Indicates the remote device udid.
+ * @param signedExecutorInfo Indicates the signed executor info.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ GetSignedExecutorInfo([in] int[] authTypes, [in] int executorRole, [in] String remoteUdid,
+ [out] unsigned char[] signedExecutorInfo);
+ /**
+ * @brief Get auth result from message.
+ *
+ * @param remoteUdid Indicates the remote device udid.
+ * @param message is message received.
+ * @param authResultInfo Indicates authentication result information. See {@link AuthResultInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ GetAuthResultFromMessage([in] String remoteUdid, [in] unsigned char[] message, [out] struct AuthResultInfo authResultInfo);
+ /**
+ * @brief Set global config param.
+ *
+ * @param param The value of global config parameter. See @{GlobalConfigParam}.
+ * @return Return set result(0:success; other:failed).
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ SetGlobalConfigParam([in] GlobalConfigParam param);
+ /**
+ * @brief Obtains credential information.
+ *
+ * @param credentialId Indicates the credential ID.
+ * @param infos Indicates credential information. See {@link CredentialInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+ GetCredentialById([in] unsigned long credentialId, [out] struct CredentialInfo info);
+ /**
+ * @brief Verify token and return the plainText.
+ *
+ * @param tokenIn Token signed by userAuth.
+ * @param allowableDuration Allowable duration of token.
+ * @param tokenPlainOut Token plainText.
+ * @param rootSecret protection key for the user file key.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 5.1
+ * @version 1.0
+ */
+ VerifyAuthToken([in] unsigned char[] tokenIn, [in] unsigned long allowableDuration,
+ [out] struct UserAuthTokenPlain tokenPlainOut, [out] unsigned char[] rootSecret);
+ /**
+ * @brief Abandon credential information.
+ *
+ * @param userId Indicates the user ID.
+ * @param credentialId Indicates the credential index.
+ * @param authToken Indicates the authentication token of the user password.
+ * @param info Indicates scheduling information. See {@link ScheduleInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 6.0
+ * @version 1.0
+ */
+ AbandonCredential([in] int userId, [in] unsigned long credentialId, [in] unsigned char[] authToken,
+ [out] struct ScheduleInfo info);
+ /**
+ * @brief Updates the abandon result and completes the abandoned.
+ *
+ * @param userId Indicates the user ID.
+ * @param scheduleResult Indicates the abandon result issued by the executor.
+ * @param infos Indicates the credential information to delete. See {@link CredentialInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 6.0
+ * @version 1.0
+ */
+ UpdateAbandonResult([in] int userId, [in] unsigned char[] scheduleResult, [out] struct CredentialInfo[] infos);
+ /**
+ * @brief Clear expired credential.
+ *
+ * @param userIdss Indicates the user ID.
+ * @param infos Indicates the credential information to clear. See {@link CredentialInfo}.
+ *
+ * @return Returns 0 if the operation is successful.
+ * @return Returns a non-zero value if the operation fails.
+ *
+ * @since 6.0
+ * @version 1.0
+ */
+ ClearExpiredCredential([in] int[] userIds, [out] struct CredentialInfo[] infos);
+}
+/** @} */
diff --git a/user_auth/v4_0/UserAuthTypes.idl b/user_auth/v4_0/UserAuthTypes.idl
new file mode 100644
index 0000000000000000000000000000000000000000..2f4c0d03423cf03da78e98674e3dc51c9c50ab86
--- /dev/null
+++ b/user_auth/v4_0/UserAuthTypes.idl
@@ -0,0 +1,621 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+ /**
+ * @addtogroup HdfUserAuth
+ * @{
+ *
+ * @brief Provides APIs for the user_auth driver.
+ *
+ * The user_auth driver provides a unified interface for the user_auth service to access the user_auth driver.
+
+ *
+ * @since 4.0
+ * @version 1.0
+ */
+
+ /**
+ * @file UserAuthTypes.idl
+ *
+ * @brief Defines the enumeration values and data structures of the user_auth driver.
+ *
+ * @since 4.0
+ * @version 1.0
+ */
+
+package ohos.hdi.user_auth.v4_0;
+
+ /**
+ * @brief Enumerates the credential types for authentication.
+ *
+ * @since 3.2
+ * @version 3.0
+ */
+enum AuthType : int {
+ /**< All types. */
+ ALL = 0,
+ /**< PIN authentication. */
+ PIN = 1,
+ /**< Facial authentication. */
+ FACE = 2,
+ /**< Fingerprint authentication. */
+ FINGERPRINT = 4,
+ /**< Recovery key. */
+ RECOVERY_KEY = 8,
+ /** Private pin authentication. */
+ PRIVATE_PIN = 16,
+};
+
+/**
+ * @brief Enumerates executor roles.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+enum ExecutorRole : int {
+ /**< The executor acts as a collector. */
+ COLLECTOR = 1,
+ /**< The executor acts as a verifier. */
+ VERIFIER = 2,
+ /**< The executor acts as a collector and verifier. */
+ ALL_IN_ONE = 3,
+};
+
+/**
+ * @brief Enumerates executor security levels.
+ *
+ * @since 4.0
+ * @version 1.0
+ */
+enum ExecutorSecureLevel : int {
+ /**< ESL0. */
+ ESL0 = 0,
+ /**< ESL1. */
+ ESL1 = 1,
+ /**< ESL2. */
+ ESL2 = 2,
+ /**< ESL3. */
+ ESL3 = 3,
+};
+
+/**
+ * @brief Defines pin auth's subtype.
+ *
+ * @since 3.2
+ * @version 3.0
+ */
+enum PinSubType : int {
+ /**< Six digit pin. */
+ PIN_SIX = 10000,
+ /**< Digit pin. */
+ PIN_NUMBER = 10001,
+ /**< Mixing pin. */
+ PIN_MIX = 10002,
+ /**< Four digit pin. */
+ PIN_FOUR = 10003,
+ /**< Pattern. */
+ PATTERN = 10004,
+ /** Password protection question */
+ PIN_QUESTION = 10005,
+};
+
+/**
+ * Schedule mode.
+ *
+ * @since 3.2
+ * @version 1.0
+ */
+enum ScheduleMode : int {
+ /**< The schedule mode is enrollment. */
+ ENROLL = 0,
+ /**< The schedule mode is authentication. */
+ AUTH = 1,
+ /**< The schedule mode is identification. */
+ IDENTIFY = 2,
+};
+
+/**
+ * Auth intent.
+ *
+ * @since 5.0
+ * @version 2.0
+ */
+enum AuthIntent : int {
+ /**< The auth intent is default. */
+ DEFUALT = 0,
+ /**< The auth intent is unlock. */
+ UNLOCK = 1,
+ /**< The auth intent silent auth. */
+ SILENT_AUTH = 2,
+ /**< The auth intention is question auth. */
+ QUESTION_AUTH = 3,
+ /**< The auth intention is abandoned pin auth. */
+ ABANDONED_PIN_AUTH = 4,
+};
+
+/**
+ * @brief User type.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+enum UserType : int {
+ /**< main user. */
+ MAIN = 0,
+ /**< sub user. */
+ SUB = 1,
+ /**< private user. */
+ PRIVATE = 2,
+};
+
+/**
+ * @brief Reuse mode.
+ *
+ * @since 5.0
+ * @version 2.0
+ */
+enum ReuseMode : int {
+ /**< auth type relevant. */
+ AUTH_TYPE_RELEVANT = 1,
+ /**< auth type irrelevant. */
+ AUTH_TYPE_IRRELEVANT = 2,
+ /**< caller irrelevant and auth type relevant */
+ CALLER_IRRELEVANT_AUTH_TYPE_RELEVANT = 3,
+ /**< caller irrelevant and auth type irrelevant */
+ CALLER_IRRELEVANT_AUTH_TYPE_IRRELEVANT = 4,
+};
+
+/**
+ * @brief Defines executor registration information.
+ *
+ * @since 4.0
+ * @version 2.0
+ */
+struct ExecutorRegisterInfo {
+ /**< Authentication type. See @{AuthType}. */
+ int authType;
+ /**< Executor role. See @{ExecutorRole}. */
+ int executorRole;
+ /**< Executor sensor hint under the same authentication type, 0 is not allowed. */
+ unsigned int executorSensorHint;
+ /**< Executor matcher. */
+ unsigned int executorMatcher;
+ /**< Executor secure level. See @{ExecutorSecureLevel}. */
+ int esl;
+ /**< Indicates the max acl of template.*/
+ unsigned int maxTemplateAcl;
+ /**< Public key of the executor. */
+ unsigned char[] publicKey;
+ /**< Device udid. */
+ String deviceUdid;
+ /**< signed remote executor info. */
+ unsigned char[] signedRemoteExecutorInfo;
+};
+
+/**
+ * @brief Defines executor information.
+ *
+ * @since 4.0
+ * @version 1.0
+ */
+struct ExecutorInfo {
+ /**< Executor index under the authentication framework. */
+ unsigned long executorIndex;
+ /**< Executor registration information. See @{ExecutorRegisterInfo}. */
+ struct ExecutorRegisterInfo info;
+};
+
+/**
+ * @brief Defines executor messages.
+ *
+ * @since 4.0
+ * @version 1.0
+ */
+struct ExecutorSendMsg {
+ /**< Executor index under the authentication framework. */
+ unsigned long executorIndex;
+ /**< Indicates command ID. */
+ int commandId;
+ /**< Executor message to send. */
+ unsigned char[] msg;
+};
+
+/**
+ * @brief Defines authentication result information.
+ *
+ * @since 4.0
+ * @version 2.0
+ */
+struct AuthResultInfo {
+ /**< Authentication result. */
+ int result;
+ /**< Lockout duration, in millisecond. */
+ int lockoutDuration;
+ /**< Remaining authentication attempts before a lockout. */
+ int remainAttempts;
+ /**< Executor messages. See @{ExecutorSendMsg}. */
+ struct ExecutorSendMsg[] msgs;
+ /**< Authentication token. */
+ unsigned char[] token;
+ /**< Protection key for the user file key. */
+ unsigned char[] rootSecret;
+ /**< User ID. */
+ int userId;
+ /**< Credential ID. */
+ unsigned long credentialId;
+ /**< Pin expired info. */
+ long pinExpiredInfo;
+ /**< Remote auth result message. */
+ unsigned char[] remoteAuthResultMsg;
+ /**< Re-enroll flag. */
+ boolean reEnrollFlag;
+};
+
+/**
+ * @brief Defines identification result information.
+ *
+ * @since 4.0
+ * @version 1.0
+ */
+struct IdentifyResultInfo {
+ /**< iIdentification result. */
+ int result;
+ /**< User ID. */
+ int userId;
+ /**< Identification token. */
+ unsigned char[] token;
+};
+
+/**
+ * @brief Defines credential information.
+ *
+ * @since 4.0
+ * @version 2.0
+ */
+struct CredentialInfo {
+ /**< Credential ID. */
+ unsigned long credentialId;
+ /**< Executor index under the authentication framework. */
+ unsigned long executorIndex;
+ /**< Template ID. */
+ unsigned long templateId;
+ /**< Authentication type. See @{AuthType}. */
+ int authType;
+ /**< Executor matcher. */
+ unsigned int executorMatcher;
+ /**< Executor sensor hint under the same authentication type. 0 is not allowed. */
+ unsigned int executorSensorHint;
+ /**< Auth sub type. */
+ int authSubType;
+ /**< Credential abandon flag. */
+ boolean isAbandoned;
+ /**< Credential remained valid period. */
+ unsigned long validityPeriod;
+};
+
+/**
+ * @brief Defines credential enrollment information.
+ *
+ * @since 4.0
+ * @version 1.0
+ */
+struct EnrolledInfo {
+ /**< Enrollment ID. */
+ unsigned long enrolledId;
+ /**< Authentication type. See @{AuthType}. */
+ int authType;
+};
+
+/**
+ * @brief Defines enrollment result information.
+ *
+ * @since 4.0
+ * @version 1.0
+ */
+struct EnrollResultInfo {
+ /**< Credential ID. */
+ unsigned long credentialId;
+ /**< Old credential information. See {@link CredentialInfo}. */
+ struct CredentialInfo oldInfo;
+ /**< Protection key for the user file key. */
+ unsigned char[] rootSecret;
+ /**< Old protection key for the user file key. */
+ unsigned char[] oldRootSecret;
+ /**< Indicates the authentication token of the user password. */
+ unsigned char[] authToken;
+};
+
+/**
+ * @brief Defines scheduling information.
+ *
+ * @since 3.2
+ * @version 2.0
+ */
+struct ScheduleInfo {
+ /**< Schedule index of authentication. */
+ unsigned long scheduleId;
+ /**< Templates to authenticate. */
+ unsigned long[] templateIds;
+ /**< Authentication type. See @{AuthType}. */
+ int authType;
+ /**< Executor matcher. */
+ unsigned int executorMatcher;
+ /**< Operation to perform. See @{scheduleMode}*/
+ int scheduleMode;
+ /**< Executor indexes. */
+ unsigned long [] executorIndexes;
+ /**< Executor messages. */
+ unsigned char[][] executorMessages;
+};
+
+/**
+ * @brief Defines enrolled users information.
+ *
+ * @since 4.0
+ * @version 1.1
+ */
+struct UserInfo {
+ /**< SecureUid of this user. */
+ unsigned long secureUid;
+ /**< PinSubType of this user. See @{@PinSubType}. */
+ int pinSubType;
+ /**< Related enrolled information list. See @{EnrolledInfo}. */
+ struct EnrolledInfo[] enrolledInfos;
+};
+
+/**
+ * @brief Defines enrolled users information.
+ *
+ * @since 4.1
+ * @version 1.2
+ */
+struct ExtUserInfo {
+ /**< User ID. */
+ int userId;
+ /**< info of this user. */
+ struct UserInfo userInfo;
+};
+
+/**
+ * @brief Defines the authentication param.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+struct AuthParamBase {
+ /**< User ID. */
+ int userId;
+ /**< Authentication trust level. */
+ unsigned int authTrustLevel;
+ /**< Executor sensor hint under the same authentication type, 0 is not allowed. */
+ unsigned int executorSensorHint;
+ /**< Challenge of the authentication. */
+ unsigned char[] challenge;
+ /**< Caller name. */
+ String callerName;
+ /**< Caller Type. */
+ int callerType;
+ /**< Calling napi or innerkit api version. */
+ int apiVersion;
+};
+
+/**
+ * @brief Defines the authentication parameter.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+struct AuthParam {
+ /**< Authentication parameter. See @{AuthParamBase}. */
+ AuthParamBase baseParam;
+ /**< Authentication type. See @{AuthType}. */
+ int authType;
+ /**< Authentication intent. See @{AuthIntent}. */
+ int authIntent;
+ /**< Is os account verified. */
+ boolean isOsAccountVerified;
+ /**< Collector udid. */
+ String collectorUdid;
+};
+
+/**
+ * @brief Request information of reused unlock result.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+struct ReuseUnlockParam {
+ /**< Authentication parameter. See @{AuthParam}. */
+ AuthParamBase baseParam;
+ /** Authentication type. See @{AuthType}. */
+ int[] authTypes;
+ /** The allowable reuse duration. */
+ unsigned long reuseUnlockResultDuration;
+ /** Reuse unlock result mode. See @{ReuseMode}. */
+ int reuseUnlockResultMode;
+};
+
+/**
+ * @brief Defines credential enrollment parameters.
+ *
+ * @since 3.2
+ * @version 3.0
+ */
+struct EnrollParam {
+ /**< Authentication type. See @{AuthType}. */
+ int authType;
+ /**< Executor sensor hint under the same authentication type. 0 is not allowed. */
+ unsigned int executorSensorHint;
+ /**< Caller name. */
+ String callerName;
+ /** Caller Type. */
+ int callerType;
+ /**< Calling napi or innerkit api version. */
+ int apiVersion;
+ /**< User ID. */
+ int userId;
+ /**< User Type. */
+ int userType;
+ /**< Auth sub type. */
+ int authSubType;
+};
+
+/**
+* @brief Define credential enrollment ID information.
+*
+ * @since 5.0
+ * @version 1.0
+*/
+struct EnrolledState {
+ /** Desensitization Enrolled ID. */
+ unsigned long credentialDigest;
+ /** Number of Credential. */
+ unsigned short credentialCount;
+};
+
+/**
+ * @brief The reuse result of unlock device.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+struct ReuseUnlockInfo {
+ /**< Authentication type. See @{AuthType}. */
+ int authType;
+ /**< Authentication token. */
+ unsigned char[] token;
+ /**< Enrolled state. See @{EnrolledState}. */
+ EnrolledState enrolledState;
+};
+
+/**
+ * @brief Global config type.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+enum GlobalConfigType : int {
+ /** Pin expired period */
+ PIN_EXPIRED_PERIOD = 1,
+ /** Enable specified authType capability. */
+ ENABLE_STATUS = 2,
+};
+
+/**
+ * @brief Global config value.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+union GlobalConfigValue {
+ /** Pin expired period value. When pinExpiredPeriod equals to 0, userAuth won't check pin expired period. */
+ long pinExpiredPeriod;
+ /** Enable specified authType capability.*/
+ boolean enableStatus;
+};
+
+/**
+ * @brief Global config param.
+ *
+ * @since 5.0
+ * @version 1.0
+ */
+struct GlobalConfigParam {
+ /** Global config type. See @{GlobalConfigType}*/
+ int type;
+ /** Global config value. See @{GlobalConfigValue}*/
+ GlobalConfigValue value;
+ /** Specified userIds. GlobalConfigParam will be effect for all userspaces when the array is empty. */
+ int[] userIds;
+ /** Specified authTypes, shouldn't empty. See @{AuthType}.*/
+ int[] authTypes;
+};
+
+/**
+ * @brief User auth token plain.
+ *
+ * @since 5.1
+ * @version 1.0
+ */
+struct UserAuthTokenPlain {
+ /** Token version. */
+ unsigned int version;
+ /** User ID. */
+ int userId;
+ /** Challenge of the token. */
+ unsigned char[] challenge;
+ /** Time interval between token signed and verified. */
+ unsigned long timeInterval;
+ /** Authentication trust level. */
+ unsigned int authTrustLevel;
+ /** Authentication type. See @{AuthType}. */
+ int authType;
+ /** Auth mode. */
+ int authMode;
+ /** Security level. */
+ unsigned int securityLevel;
+ /** Token type. */
+ int tokenType;
+ /** SecureUid of the user. */
+ unsigned long secureUid;
+ /** Enrollment ID. */
+ unsigned long enrolledId;
+ /** Credential ID. */
+ unsigned long credentialId;
+ /** Collector udid. */
+ String collectorUdid;
+ /** Verifier udid. */
+ String verifierUdid;
+};
+
+/**
+ * @brief Credential operate type.
+ *
+ * @since 6.0
+ * @version 1.0
+ */
+enum CredentialOperateType : int {
+ /** credential delete */
+ CREDENTIAL_DELETE = 1,
+ /** credential abandon */
+ CREDENTIAL_ABANDON = 2,
+};
+
+/**
+ * @brief Credential operate info.
+ *
+ * @since 6.0
+ * @version 1.0
+ */
+struct CredentialOperateInfo {
+ /** schedule information. */
+ ScheduleInfo scheduleInfo;
+ /** credential information.*/
+ CredentialInfo credentialInfo;
+};
+
+/**
+ * @brief Credential operate result.
+ *
+ * @since 6.0
+ * @version 1.0
+ */
+struct CredentialOperateResult {
+ /** credential operate type. See @{CredentialOperateType}*/
+ CredentialOperateType operateType;
+ /** credential operate info. See @{CredentialOperateInfo}*/
+ CredentialOperateInfo operateInfo;
+};
+/** @} */
\ No newline at end of file