From dc1b6d6c551d9b5003e3012e6ce59c8b015b93d6 Mon Sep 17 00:00:00 2001 From: baiwei Date: Sat, 7 May 2022 11:51:08 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9Aadd=20hdf=20userauth=20driver?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: baiwei --- user_auth/bundle.json | 42 ++++ user_auth/v1_0/BUILD.gn | 24 +++ user_auth/v1_0/IUserAuthInterface.idl | 279 ++++++++++++++++++++++++++ user_auth/v1_0/UserAuthTypes.idl | 136 +++++++++++++ 4 files changed, 481 insertions(+) create mode 100644 user_auth/bundle.json create mode 100644 user_auth/v1_0/BUILD.gn create mode 100644 user_auth/v1_0/IUserAuthInterface.idl create mode 100644 user_auth/v1_0/UserAuthTypes.idl diff --git a/user_auth/bundle.json b/user_auth/bundle.json new file mode 100644 index 00000000..7bf0f544 --- /dev/null +++ b/user_auth/bundle.json @@ -0,0 +1,42 @@ +{ + "name": "user_auth_device_driver_interface", + "description": "user_auth device driver", + "version": "3.1", + "license": "Apache License 2.0", + "component": { + "name": "user_auth_device_driver_interface", + "subsystem": "hdf", + "syscap": [""], + "adapter_system_type": ["standard"], + "rom": "675KB", + "ram": "7400KB", + "deps": { + "components": [ + "ipc", + "device_driver_framework", + "hiviewdfx_hilog_native", + "utils_base" + ], + "third_part": [ + "bounds_checking_function" + ] + }, + "build": { + "sub_component": [ + "//drivers/interface/user_auth/v1_0:libuser_auth_proxy_1.0" + ], + "test": [ + ], + "inner_kits": [ + { + "name": "//drivers/interface/user_auth/v1_0:libuser_auth_proxy_1.0", + "header": { + "header_files": [ + ], + "header_base": "//drivers/interfaces/user_auth" + } + } + ] + } + } + } \ No newline at end of file diff --git a/user_auth/v1_0/BUILD.gn b/user_auth/v1_0/BUILD.gn new file mode 100644 index 00000000..b321843b --- /dev/null +++ b/user_auth/v1_0/BUILD.gn @@ -0,0 +1,24 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//drivers/adapter/uhdf2/hdi.gni") +hdi("user_auth") { + module_name = "user_auth_device_driver" + sources = [ + "IUserAuthInterface.idl", + "UserAuthTypes.idl", + ] + language = "cpp" + subsystem_name = "hdf" + part_name = "user_auth_device_driver" +} diff --git a/user_auth/v1_0/IUserAuthInterface.idl b/user_auth/v1_0/IUserAuthInterface.idl new file mode 100644 index 00000000..f13a2e6e --- /dev/null +++ b/user_auth/v1_0/IUserAuthInterface.idl @@ -0,0 +1,279 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup HdfUserAuth + * @{ + * + * @brief Provides APIs for the user auth driver. + * + * The user auth driver provides a unified interface for the pin auth service to access the user auth driver. + * After obtaining the pin auth driver proxy, the service can call related APIs to register executor, + * manage credentials, and complete password and biometric authentication. + * @since 3.2 + */ + +/** + * @file IUserAuthInterface.idl + * + * @brief Declare the APIs of userauth driver. These APIs can be used to register executor, + * manage credentials, and complete password and biometric authentication. + * + * @since 3.2 + */ + +package ohos.hdi.user_auth.v1_0; + +import ohos.hdi.user_auth.v1_0.UserAuthTypes; + +/** + * @brief Declare the APIs of userauth driver. + * + * @since 3.2 + * @version 1.0 + */ +interface IUserAuthInterface { + /** + * @brief Initialize cache information of user auth driver. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + Init(); + /** + * @brief Add an authentication executor to obtain this authentication capability. + * + * @param info Indicates executor registration information, see {@link ExecutorRegisterInfo}. + * @param index Indicates executor index under the authentication frameworks. + * @param publicKey Indicates public key of authentication frameworks. + * @param templateIds Indicates templateIds enrolled by executor. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + AddExecutor([in] struct ExecutorRegisterInfo info, [out] unsigned long index, + [out] unsigned char[] publicKey, [out] unsigned long[] templateIds); + /** + * @brief Delete executor. + * + * @param index Indicates executor index under the authentication frameworks. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + DeleteExecutor([in] unsigned long index); + /** + * @brief Open authentication credential management session. + * + * @param userId Indicates user id. + * @param challenge Indicates random number, used to generate authentication token. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + OpenSession([in] int userId, [out] unsigned char[] challenge); + /** + * @brief Close authentication credential management session. + * + * @param userId Indicates user id. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + CloseSession([in] int userId); + /** + * @brief Begin the enrollment of authentication credential. + * When the authentication type is pin and the current user has enrolled PIN credential, + * the pin credential will be updated. + * + * @param userId Indicates user id. + * @param authToken Indicates user password authentication token. + * @param param Indicates input parameters, see {@link EnrollParam}. + * @param info Indicates scheduling information, see {@link ScheduleInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + BeginEnrollment([in] int userId, [in] unsigned char[] authToken, [in] struct EnrollParam param, + [out] struct ScheduleInfo info); + /** + * @brief Update the enrollment result and complete this enrollment. + * + * @param userId Indicates user id. + * @param scheduleResult Indicates enrollment result issued by executor. + * @param credentialId Indicates credential id. + * @param oldInfo Indicates old credential information, see {@link CredentialInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + UpdateEnrollmentResult([in] int userId, [in] unsigned char[] scheduleResult, [out] unsigned long credentialId, + [out] struct CredentialInfo oldInfo); + /** + * @brief Cancel enrollment. + * + * @param userId Indicates user id. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + CancelEnrollment([in] int userId); + /** + * @brief Delete credential information. + * + * @param userId Indicates user id. + * @param credentialId Indicates credential id. + * @param authToken Indicates user password authentication token. + * @param info Indicates deleted credential information, see {@link CredentialInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + DeleteCredential([in] int userId, [in] unsigned long credentialId, [in] unsigned char[] authToken, + [out] struct CredentialInfo info); + /** + * @brief Query credential information. + * + * @param userId Indicates Indicates user id. + * @param authType Indicates authentication type, see {@link AuthType}. + * @param infos Indicates credential information, see {@link CredentialInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + GetCredential([in] int userId, [in] enum AuthType authType, [out] struct CredentialInfo[] infos); + /** + * @brief Query secure information. + * + * @param userId Indicates user id. + * @param secureUid Indicates secure user id, see {@link AuthType}. + * @param infos Indicates enrolled Info, see {@link EnrolledInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + GetSecureInfo([in] int userId, [out] unsigned long secureUid, [out] struct EnrolledInfo[] infos); + /** + * @brief Delete pin, delete user in Iam subsystem. + * + * @param userId Indicates user id. + * @param authToken Indicates Indicates user password authentication token. + * @param deletedInfos Indicates deleted credential information, see {@link CredentialInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + DeleteUser([in] int userId, [in] unsigned char[] authToken, [out] struct CredentialInfo[] deletedInfos); + /** + * @brief Forcibly delete user. + * + * @param userId Indicates user id. + * @param deletedInfos Indicates deleted credential information, see {@link CredentialInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + EnforceDeleteUser([in] int userId, [out] struct CredentialInfo[] deletedInfos); + /** + * @brief Begin authentication, and generate authentication scheme. + * + * @param contextId Indicates context id. + * @param param Indicates input parameters, see {@link AuthSolution}. + * @param scheduleInfos Indicates scheduling information, see {@link ScheduleInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + BeginAuthentication([in] unsigned long contextId, [in] struct AuthSolution param, + [out] struct ScheduleInfo[] scheduleInfos); + /** + * @brief Update authentication result, and evaluate the results of this authentication scheme. + * + * @param contextId Indicates context id. + * @param scheduleResult Indicates authentication result issued by executor. + * @param info Indicates authentication result information, see {@link AuthResultInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + UpdateAuthenticationResult([in] unsigned long contextId, [in] unsigned char[] scheduleResult, + [out] struct AuthResultInfo info); + /** + * @brief Cancel authentication. + * + * @param contextId Indicates context id. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + CancelAuthentication([in] unsigned long contextId); + /** + * @brief Begin identification, and generate identification scheme. + * + * @param contextId Indicates context id. + * @param authType Indicates identification type, see @{AuthType}. + * @param scheduleInfo Indicates scheduling information, see {@link ScheduleInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + BeginIdentification([in] unsigned long contextId, [in] enum AuthType authType, [in] byte[] challenge, + [in] unsigned int executorId, [out] struct ScheduleInfo scheduleInfo); + /** + * @brief Update identification result, and evaluate the results of this identification scheme. + * + * @param contextId Indicates context id. + * @param scheduleResult Indicates identification result issued by executor. + * @param info Indicates identification result information, see {@link IdentifyResultInfo}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + UpdateIdentificationResult([in] unsigned long contextId, [in] unsigned char[] scheduleResult, + [out] struct IdentifyResultInfo info); + /** + * @brief Cancel identification. + * + * @param contextId Indicates context id. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + CancelIdentification([in] unsigned long contextId); + /** + * @brief Get the authentication trust level of the current authentication type. + * + * @param userId Indicates user id. + * @param authType Indicates authentication type, see {@link AuthType}. + * @param authTrustLevel Indicates authentication trust level. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + GetAuthTrustLevel([in] int userId, [in] enum AuthType authType, [out] unsigned int authTrustLevel); + /** + * @brief Get the valid authentication methods under the current authentication trust level. + * + * @param userId Indicates user id. + * @param authTypes Indicates authentication type of the to be filtered, see {@link AuthType}. + * @param authTrustLevel Indicates authentication trust level. + * @param validTypes Indicates valid authentication type, see {@link AuthType}. + * + * @return Returns 0 if the operation is successful. + * @return Returns a non-zero value if the operation fails. + */ + GetValidSolution([in] int userId, [in] enum AuthType[] authTypes, [in] unsigned int authTrustLevel, + [out] enum AuthType[] validTypes); +} diff --git a/user_auth/v1_0/UserAuthTypes.idl b/user_auth/v1_0/UserAuthTypes.idl new file mode 100644 index 00000000..6c05a62f --- /dev/null +++ b/user_auth/v1_0/UserAuthTypes.idl @@ -0,0 +1,136 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + /** + * @addtogroup HdfUserAuth + * @{ + * + * @brief Provides APIs for the user auth driver. + * + * The user auth driver provides a unified interface for the user auth service to access the user auth driver. + + * + * @since 3.2 + */ + + package ohos.hdi.user_auth.v1_0; + + /** + * Enumerates credential type for authentication. + * + * @since 3.2 + * @version 1.0 + */ +enum AuthType : int { + ALL = 0, /**< Indicates authentication type is ALL. */ + PIN = 1, /**< Indicates authentication type is PIN. */ + FACE = 2, /**< Indicates authentication type is face. */ + FINGERPRINT = 3, /**< Indicates authentication type is fingerprint. */ +}; + +/** + * Enumerates executor role. + * + * @since 3.2 + * @version 1.0 + */ +enum ExecutorRole : int { + COLLECTOR = 1, /**< Indicates executor role is collector. */ + VERIFIER = 2, /**< Indicates executor role is verifier. */ + ALL_IN_ONE = 3, /**< Indicates executor role is collector and verifier. */ +}; + +/** + * Enumerates executor secure level. + * + * @since 3.2 + * @version 1.0 + */ +enum ExecutorSecureLevel : int { + ESL0 = 0, /**< Indicates executor secure level is ESL0. */ + ESL1 = 1, /**< Indicates executor secure level is ESL1. */ + ESL2 = 2, /**< Indicates executor secure level is ESL2. */ + ESL3 = 3, /**< Indicates executor secure level is ESL3. */ +}; + +struct ExecutorRegisterInfo { + enum AuthType authType; /**< Indicates authentication type, see @{AuthType}. */ + enum ExecutorRole executorRole; /**< Indicates executor role, see @{ExecutorRole}. */ + unsigned int executorId; /**< Indicates executor id under the same authentication type. */ + unsigned int executorType; /**< Indicates executor type. */ + enum ExecutorSecureLevel esl; /**< Indicates executor secure level, see @{ExecutorSecureLevel}. */ + unsigned char[] publicKey; /**< Indicates publicKey. */ +}; + +struct ExecutorInfo { + unsigned long index; /**< Indicates executor index under the authentication frameworks. */ + struct ExecutorRegisterInfo info; /**< Indicates executor registration information, see @{ExecutorRegisterInfo}. */ +}; + +struct ScheduleInfo { + unsigned long scheduleId; /**< Indicates schedule id of authentication. */ + unsigned long[] templateIds; /**< Indicates the templates to authenticate. */ + enum AuthType authType; /**< Indicates authentication type, see @{AuthType}. */ + unsigned int executorType; /**< Indicates executor type. */ + unsigned int scheduleMode; /**< Indicates authentication or identification. */ + struct ExecutorInfo[] executors; /**< Indicates executor info of identification, see @{ExecutorInfo}. */ +}; + +struct AuthSolution { + int userId; /**< Indicates user id. */ + unsigned int authTrustLevel; /**< Indicates authentication trust level of authentication. */ + enum AuthType authType; /**< Indicates authentication type, see @{AuthType}. */ + unsigned int executorId; /**< Indicates executor index under the same authentication type. */ + unsigned char[] challenge; /**< Indicates challenge of authentication. */ +}; + +struct ExecutorSendMsg { + unsigned int index; /**< Indicates executor index under the authentication frameworks. */ + unsigned char[] msg; /**< Indicates executor msg to send. */ +}; + +struct AuthResultInfo { + unsigned int result; /**< Indicates result. */ + int freezingTime; /**< Indicates freezing time in seconds. */ + int remainTimes; /**< Indicates freezing time in seconds. */ + struct ExecutorSendMsg[] msgs; /**< Indicates executor msgs, see @{ExecutorSendMsg}. */ + unsigned char[] token; /**< Indicates authentication token. */ +}; + +struct IdentifyResultInfo { + int result; /**< Indicates result. */ + int userId; /**< Indicates user id. */ + unsigned char[] token; /**< Indicates identification token. */ +}; + +struct EnrollParam { + enum AuthType authType; /**< Indicates authentication type, see @{AuthType}. */ + unsigned int executorType; /**< Indicates executor type. */ + unsigned int executorId; /**< Indicates executor id under the same authentication type. */ +}; + +struct CredentialInfo { + unsigned long credentialId; /**< Indicates credential Id. */ + unsigned long index; /**< Indicates executor index under the authentication frameworks. */ + unsigned long templateId; /**< Indicates template Id. */ + enum AuthType authType; /**< Indicates authentication type, see @{AuthType}. */ + unsigned int executorType; /**< Indicates executor type. */ + unsigned int executorId; /**< Indicates executor id under the same authentication type. */ +}; + +struct EnrolledInfo { + unsigned long enrolledId; /**< Indicates enrolled id. */ + enum AuthType authType; /**< Indicates authentication type, see @{AuthType}. */ +}; \ No newline at end of file -- Gitee