From 7a8543d12f410c047c2af4cdb8f0e2ca384df7e0 Mon Sep 17 00:00:00 2001 From: baiwei Date: Mon, 11 Jul 2022 16:01:37 +0800 Subject: [PATCH] fix userauth interface Signed-off-by: baiwei --- .../hdi/user_auth/IUserAuthInterface.idl | 76 +++---- en/device_api/hdi/user_auth/UserAuthTypes.idl | 185 ++++++++++-------- .../hdi/user_auth/IUserAuthInterface.idl | 20 +- .../hdi/user_auth/UserAuthTypes.idl | 65 ++++-- 4 files changed, 203 insertions(+), 143 deletions(-) diff --git a/en/device_api/hdi/user_auth/IUserAuthInterface.idl b/en/device_api/hdi/user_auth/IUserAuthInterface.idl index 2b5e9d07..1f940f7a 100644 --- a/en/device_api/hdi/user_auth/IUserAuthInterface.idl +++ b/en/device_api/hdi/user_auth/IUserAuthInterface.idl @@ -17,10 +17,10 @@ * @addtogroup HdfUserAuth * @{ * - * @brief Provides APIs for the user auth driver. + * @brief Provides APIs for the user_auth driver. * - * The user auth driver provides a unified interface for the user auth service to access the user auth driver. - * After obtaining the user auth driver proxy, the service can call related APIs to register executors, + * The user_auth driver provides a unified interface for the user_auth service to access the user_auth driver. + * After obtaining the user_auth driver proxy, the service can call related APIs to register executors, * manage credentials, and complete password and biometric authentication. * @since 3.2 */ @@ -28,7 +28,7 @@ /** * @file IUserAuthInterface.idl * - * @brief Declares the APIs of the user auth driver, which can be used to register executors, + * @brief Declares the user_auth driver APIs, which can be used to register executors, * manage credentials, and complete password and biometric authentication. * * @since 3.2 @@ -39,14 +39,14 @@ package ohos.hdi.user_auth.v1_0; import ohos.hdi.user_auth.v1_0.UserAuthTypes; /** - * @brief Declares the APIs of the user auth driver. + * @brief Declares the APIs of the user_auth driver. * * @since 3.2 * @version 1.0 */ interface IUserAuthInterface { /** - * @brief Initializes the cache information of the user auth driver. + * @brief Initializes the cache information of the user_auth driver. * * @return Returns 0 if the operation is successful. * @return Returns a non-zero value if the operation fails. @@ -58,7 +58,7 @@ interface IUserAuthInterface { * @param info Indicates executor registration information. See {@link ExecutorRegisterInfo}. * @param index Indicates the executor index under the authentication framework. * @param publicKey Indicates the public key of the authentication framework. - * @param templateIds Indicates template indexes enrolled by the executors. + * @param templateIds Indicates template IDs enrolled by the executors. * * @return Returns 0 if the operation is successful. * @return Returns a non-zero value if the operation fails. @@ -66,7 +66,7 @@ interface IUserAuthInterface { AddExecutor([in] struct ExecutorRegisterInfo info, [out] unsigned long index, [out] unsigned char[] publicKey, [out] unsigned long[] templateIds); /** - * @brief Deletes executors. + * @brief Deletes an executor. * * @param index Indicates the executor index under the authentication framework. * @@ -75,7 +75,7 @@ interface IUserAuthInterface { */ DeleteExecutor([in] unsigned long index); /** - * @brief Opens the authentication credential management session. + * @brief Opens a session for authentication credential management. * * @param userId Indicates the user ID. * @param challenge Indicates the random number, which is used to generate an authentication token. @@ -95,8 +95,7 @@ interface IUserAuthInterface { CloseSession([in] int userId); /** * @brief Begins the enrollment of authentication credentials. - * When the authentication type is pin and the current user has enrolled a pin credential, - * the pin credential will be updated. + * If the authentication type is PIN, this method updates the existing PIN credential. * * @param userId Indicates the user ID. * @param authToken Indicates the authentication token of the user password. @@ -109,20 +108,18 @@ interface IUserAuthInterface { BeginEnrollment([in] int userId, [in] unsigned char[] authToken, [in] struct EnrollParam param, [out] struct ScheduleInfo info); /** - * @brief Updates the enrollment results and completes the enrollment. + * @brief Updates the enrollment result and completes the enrollment. * * @param userId Indicates the user ID. - * @param scheduleResult Indicates the enrollment results issued by the executors. - * @param credentialId Indicates the credential index. - * @param oldInfo Indicates old credential information. See {@link CredentialInfo}. + * @param scheduleResult Indicates the enrollment result issued by the executor. + * @param info Indicates the enrollment result. See {@link EnrollResultInfo}. * * @return Returns 0 if the operation is successful. * @return Returns a non-zero value if the operation fails. */ - UpdateEnrollmentResult([in] int userId, [in] unsigned char[] scheduleResult, [out] unsigned long credentialId, - [out] struct CredentialInfo oldInfo); + UpdateEnrollmentResult([in] int userId, [in] unsigned char[] scheduleResult, [out] struct EnrollResultInfo info); /** - * @brief Cancels enrollment. + * @brief Cancels an enrollment. * * @param userId Indicates the user ID. * @@ -136,7 +133,7 @@ interface IUserAuthInterface { * @param userId Indicates the user ID. * @param credentialId Indicates the credential index. * @param authToken Indicates the authentication token of the user password. - * @param info Indicates deleted credential information. See {@link CredentialInfo}. + * @param info Indicates the credential information to delete. See {@link CredentialInfo}. * * @return Returns 0 if the operation is successful. * @return Returns a non-zero value if the operation fails. @@ -144,7 +141,7 @@ interface IUserAuthInterface { DeleteCredential([in] int userId, [in] unsigned long credentialId, [in] unsigned char[] authToken, [out] struct CredentialInfo info); /** - * @brief Queries credential information. + * @brief Obtains credential information. * * @param userId Indicates the user ID. * @param authType Indicates the authentication type. See {@link AuthType}. @@ -155,39 +152,41 @@ interface IUserAuthInterface { */ GetCredential([in] int userId, [in] enum AuthType authType, [out] struct CredentialInfo[] infos); /** - * @brief Queries secure information. + * @brief Obtains user information. * * @param userId Indicates the user ID. * @param secureUid Indicates the secure user ID. + * @param pinSubType Indicates the sub type of PIN authentication. See {@link PinSubType}. * @param infos Indicates enrolled information. See {@link EnrolledInfo}. * * @return Returns 0 if the operation is successful. * @return Returns a non-zero value if the operation fails. */ - GetSecureInfo([in] int userId, [out] unsigned long secureUid, [out] struct EnrolledInfo[] infos); + GetUserInfo([in] int userId, [out] unsigned long secureUid, [out] enum PinSubType pinSubType, + [out] struct EnrolledInfo[] infos); /** - * @brief Deletes the pin and user in the IAM subsystem. + * @brief Deletes a pin and a user from the IAM subsystem. * * @param userId Indicates the user ID. * @param authToken Indicates the authentication token of the user password. - * @param deletedInfos Indicates deleted credential information. See {@link CredentialInfo}. + * @param deletedInfos Indicates the credential information to delete. See {@link CredentialInfo}. * * @return Returns 0 if the operation is successful. * @return Returns a non-zero value if the operation fails. */ DeleteUser([in] int userId, [in] unsigned char[] authToken, [out] struct CredentialInfo[] deletedInfos); /** - * @brief Forcibly deletes the user. + * @brief Forcibly deletes a user. * * @param userId Indicates the user ID. - * @param deletedInfos Indicates deleted credential information. See {@link CredentialInfo}. + * @param deletedInfos Indicates the credential information to delete. See {@link CredentialInfo}. * * @return Returns 0 if the operation is successful. * @return Returns a non-zero value if the operation fails. */ EnforceDeleteUser([in] int userId, [out] struct CredentialInfo[] deletedInfos); /** - * @brief Begins authentication, and generates the authentication scheme. + * @brief Begins authentication, and generates the authentication solution. * * @param contextId Indicates the context index. * @param param Indicates input parameters. See {@link AuthSolution}. @@ -199,10 +198,10 @@ interface IUserAuthInterface { BeginAuthentication([in] unsigned long contextId, [in] struct AuthSolution param, [out] struct ScheduleInfo[] scheduleInfos); /** - * @brief Updates the authentication results, and evaluates the results of the authentication scheme. + * @brief Updates the authentication result, and evaluates the result of the authentication solution. * * @param contextId Indicates the context index. - * @param scheduleResult Indicates the authentication results issued by the executors. + * @param scheduleResult Indicates the authentication result issued by the executor. * @param info Indicates authentication result information. See {@link AuthResultInfo}. * * @return Returns 0 if the operation is successful. @@ -220,22 +219,25 @@ interface IUserAuthInterface { */ CancelAuthentication([in] unsigned long contextId); /** - * @brief Begins identification, and generates the identification scheme. + * @brief Begins identification, and generates the identification solution. * * @param contextId Indicates the context index. * @param authType Indicates the identification type. See @{AuthType}. + * @param challenge Indicates the identification challenge. + * @param executorSensorHint Indicates the executor sensor hint. + * The value 0 indicates that no value is specified. * @param scheduleInfo Indicates scheduling information. See {@link ScheduleInfo}. * * @return Returns 0 if the operation is successful. * @return Returns a non-zero value if the operation fails. */ - BeginIdentification([in] unsigned long contextId, [in] enum AuthType authType, [in] byte[] challenge, - [in] unsigned int executorId, [out] struct ScheduleInfo scheduleInfo); + BeginIdentification([in] unsigned long contextId, [in] enum AuthType authType, [in] unsigned char[] challenge, + [in] unsigned int executorSensorHint, [out] struct ScheduleInfo scheduleInfo); /** - * @brief Updates the identification results, and evaluates the results of the identification scheme. + * @brief Updates the identification result, and evaluates the result of the identification solution. * * @param contextId Indicates the context index. - * @param scheduleResult Indicates the identification results issued by the executors. + * @param scheduleResult Indicates the identification result issued by the executor. * @param info Indicates identification result information. See {@link IdentifyResultInfo}. * * @return Returns 0 if the operation is successful. @@ -253,7 +255,7 @@ interface IUserAuthInterface { */ CancelIdentification([in] unsigned long contextId); /** - * @brief Gets the authentication trust level of the current authentication type. + * @brief Obtains the trust level of the current authentication type. * * @param userId Indicates the user ID. * @param authType Indicates the authentication type. See {@link AuthType}. @@ -264,12 +266,12 @@ interface IUserAuthInterface { */ GetAuthTrustLevel([in] int userId, [in] enum AuthType authType, [out] unsigned int authTrustLevel); /** - * @brief Gets the valid authentication methods under the current authentication trust level. + * @brief Obtains the valid authentication methods under the current authentication trust level. * * @param userId Indicates the user ID. * @param authTypes Indicates the authentication types to be filtered. See {@link AuthType}. * @param authTrustLevel Indicates the authentication trust level. - * @param validTypes Indicates the valid authentication type. See {@link AuthType}. + * @param validTypes Indicates the valid authentication types. See {@link AuthType}. * * @return Returns 0 if the operation is successful. * @return Returns a non-zero value if the operation fails. diff --git a/en/device_api/hdi/user_auth/UserAuthTypes.idl b/en/device_api/hdi/user_auth/UserAuthTypes.idl index 3d9eeb5f..7cc5724b 100644 --- a/en/device_api/hdi/user_auth/UserAuthTypes.idl +++ b/en/device_api/hdi/user_auth/UserAuthTypes.idl @@ -17,9 +17,9 @@ * @addtogroup HdfUserAuth * @{ * - * @brief Provides APIs for the user auth driver. + * @brief Provides APIs for the user_auth driver. * - * The user auth driver provides a unified interface for the user auth service to access the user auth driver. + * The user_auth driver provides a unified interface for the user_auth service to access the user_auth driver. * * @since 3.2 @@ -28,7 +28,7 @@ /** * @file UserAuthTypes.idl * - * @brief Defines the enumeration and data structure of the user auth driver. + * @brief Defines the enumeration values and data structures of the user_auth driver. * * @since 3.2 */ @@ -42,14 +42,14 @@ package ohos.hdi.user_auth.v1_0; * @version 1.0 */ enum AuthType : int { - /**< Indicates that the authentication type is ALL. */ + /**< All types. */ ALL = 0, - /**< Indicates that the authentication type is PIN. */ + /**< PIN authentication. */ PIN = 1, - /**< Indicates that the authentication type is face. */ + /**< Facial authentication. */ FACE = 2, - /**< Indicates that the authentication type is fingerprint. */ - FINGERPRINT = 3, + /**< Fingerprint authentication. */ + FINGERPRINT = 4, }; /** @@ -59,200 +59,227 @@ enum AuthType : int { * @version 1.0 */ enum ExecutorRole : int { - /**< Indicates that the executor role is collector. */ + /**< The executor acts as a collector. */ COLLECTOR = 1, - /**< Indicates that the executor role is verifier. */ + /**< The executor acts as a verifier. */ VERIFIER = 2, - /**< Indicates that the executor role is the combination of collector and verifier. */ + /**< The executor acts as a collector and verifier. */ ALL_IN_ONE = 3, }; /** - * @brief Enumerates executor secure levels. + * @brief Enumerates executor security levels. * * @since 3.2 * @version 1.0 */ enum ExecutorSecureLevel : int { - /**< Indicates that the executor secure level is ESL0. */ + /**< ESL0. */ ESL0 = 0, - /**< Indicates that the executor secure level is ESL1. */ + /**< ESL1. */ ESL1 = 1, - /**< Indicates that the executor secure level is ESL2. */ + /**< ESL2. */ ESL2 = 2, - /**< Indicates that the executor secure level is ESL3. */ + /**< ESL3. */ ESL3 = 3, }; /** - * @brief Indicates executor registration information. + * @brief Defines pin auth's subtype. + * + * @since 3.2 + * @version 1.0 + */ +enum PinSubType : int { + PIN_SIX = 10000, /**< Six digit pin. */ + PIN_NUMBER = 10001, /**< Digit pin. */ + PIN_MIX = 10002, /**< Mixing pin. */ +}; + +/** + * @brief Defines executor registration information. * * @since 3.2 * @version 1.0 */ struct ExecutorRegisterInfo { - /**< Indicates the authentication type. See @{AuthType}. */ + /**< Authentication type. See @{AuthType}. */ enum AuthType authType; - /**< Indicates the executor role. See @{ExecutorRole}. */ + /**< Executor role. See @{ExecutorRole}. */ enum ExecutorRole executorRole; - /**< Indicates the executor indexes under the same authentication type. */ - unsigned int executorId; - /**< Indicates the executor type. */ - unsigned int executorType; - /**< Indicates the executor secure level. See @{ExecutorSecureLevel}. */ + /**< Executor sensor hint under the same authentication type, 0 is not allowed. */ + unsigned int executorSensorHint; + /**< Executor matcher. */ + unsigned int executorMatcher; + /**< Executor secure level. See @{ExecutorSecureLevel}. */ enum ExecutorSecureLevel esl; - /**< Indicates the public key of the executor. */ + /**< Public key of the executor. */ unsigned char[] publicKey; }; /** - * @brief Indicates executor information. + * @brief Defines executor information. * * @since 3.2 * @version 1.0 */ struct ExecutorInfo { - /**< Indicates the executor index under the authentication framework. */ - unsigned long index; - /**< Indicates executor registration information. See @{ExecutorRegisterInfo}. */ + /**< Executor index under the authentication framework. */ + unsigned long executorIndex; + /**< Executor registration information. See @{ExecutorRegisterInfo}. */ struct ExecutorRegisterInfo info; }; /** - * @brief Indicates schedule information. + * @brief Defines scheduling information. * * @since 3.2 * @version 1.0 */ struct ScheduleInfo { - /**< Indicates the schedule index of authentication. */ + /**< Schedule index of authentication. */ unsigned long scheduleId; - /**< Indicates the templates to authenticate. */ + /**< Templates to authenticate. */ unsigned long[] templateIds; - /**< Indicates the authentication type. See @{AuthType}. */ + /**< Authentication type. See @{AuthType}. */ enum AuthType authType; - /**< Indicates the executor type. */ - unsigned int executorType; - /**< Indicates enrollment, authentication, or identification. */ + /**< Executor matcher. */ + unsigned int executorMatcher; + /**< Operation to perform, which can be enrollment, authentication, or identification. */ unsigned int scheduleMode; - /**< Indicates executor information. See @{ExecutorInfo}. */ + /**< Executor information. See @{ExecutorInfo}. */ struct ExecutorInfo[] executors; }; /** - * @brief Indicates the authentication solution. + * @brief Defines the authentication solution. * * @since 3.2 * @version 1.0 */ struct AuthSolution { - /**< Indicates the user ID. */ + /**< User ID. */ int userId; - /**< Indicates the authentication trust level of authentication. */ + /**< Authentication trust level. */ unsigned int authTrustLevel; - /**< Indicates the authentication type. See @{AuthType}. */ + /**< Authentication type. See @{AuthType}. */ enum AuthType authType; - /**< Indicates the executor indexes under the same authentication type. */ - unsigned int executorId; - /**< Indicates the challenge of authentication. */ + /**< Executor sensor hint under the same authentication type, 0 is not allowed. */ + unsigned int executorSensorHint; + /**< Challenge of the authentication. */ unsigned char[] challenge; }; /** - * @brief Indicates executor messages. + * @brief Defines executor messages. * * @since 3.2 * @version 1.0 */ struct ExecutorSendMsg { - /**< Indicates the executor index under the authentication framework. */ - unsigned int index; - /**< Indicates the executor message to send. */ + /**< Executor index under the authentication framework. */ + unsigned long executorIndex; + /**< Indicates command ID. */ + int commandId; + /**< Executor message to send. */ unsigned char[] msg; }; /** - * @brief Indicates authentication result information. + * @brief Defines authentication result information. * * @since 3.2 * @version 1.0 */ struct AuthResultInfo { - /**< Indicates the results. */ + /**< Authentication result. */ unsigned int result; - /**< Indicates freezing time in seconds. */ + /**< Freezing time, in seconds. */ int freezingTime; - /**< Indicates remaining authentication times before a lockout. */ + /**< Remaining authentication times before a lockout. */ int remainTimes; - /**< Indicates executor messages. See @{ExecutorSendMsg}. */ + /**< Executor messages. See @{ExecutorSendMsg}. */ struct ExecutorSendMsg[] msgs; - /**< Indicates the authentication token. */ + /**< Authentication token. */ unsigned char[] token; + /**< Protection key for the user file key. */ + unsigned char[] rootSecret; }; /** - * @brief Indicates identification result information. + * @brief Defines identification result information. * * @since 3.2 * @version 1.0 */ struct IdentifyResultInfo { - /**< Indicates the results. */ + /**< iIdentification result. */ int result; - /**< Indicates the user ID. */ + /**< User ID. */ int userId; - /**< Indicates the identification token. */ + /**< Identification token. */ unsigned char[] token; }; /** - * @brief Indicates credential enrollment parameters. + * @brief Defines credential enrollment parameters. * * @since 3.2 * @version 1.0 */ struct EnrollParam { - /**< Indicates the authentication type. See @{AuthType}. */ + /**< Authentication type. See @{AuthType}. */ enum AuthType authType; - /**< Indicates the executor type. */ - unsigned int executorType; - /**< Indicates the executor indexes under the same authentication type. */ - unsigned int executorId; + /**< Executor sensor hint under the same authentication type. 0 is not allowed. */ + unsigned int executorSensorHint; }; /** - * @brief Indicates credential information. + * @brief Defines credential information. * * @since 3.2 * @version 1.0 */ struct CredentialInfo { - /**< Indicates the credential index. */ + /**< Credential ID. */ unsigned long credentialId; - /**< Indicates the executor index under the authentication framework. */ - unsigned long index; - /**< Indicates the template index. */ + /**< Executor index under the authentication framework. */ + unsigned long executorIndex; + /**< Template ID. */ unsigned long templateId; - /**< Indicates the authentication type. See @{AuthType}. */ + /**< Authentication type. See @{AuthType}. */ enum AuthType authType; - /**< Indicates the executor type. */ - unsigned int executorType; - /**< Indicates the executor indexes under the same authentication type. */ - unsigned int executorId; - /**< Indicates extra information. */ - unsigned char[] extraInfo; + /**< Executor matcher. */ + unsigned int executorMatcher; + /**< Executor sensor hint under the same authentication type. 0 is not allowed. */ + unsigned int executorSensorHint; }; /** - * @brief Indicates credential enrolled information. + * @brief Defines credential enrollment information. * * @since 3.2 * @version 1.0 */ struct EnrolledInfo { - /**< Indicates the enrolled index. */ + /**< Enrollment ID. */ unsigned long enrolledId; - /**< Indicates the authentication type. See @{AuthType}. */ + /**< Authentication type. See @{AuthType}. */ enum AuthType authType; }; + +/** + * @brief Defines enrollment result information. + * + * @since 3.2 + * @version 1.0 + */ +struct EnrollResultInfo { + /**< Credential ID. */ + unsigned long credentialId; + /**< Old credential information. See {@link CredentialInfo}. */ + struct CredentialInfo oldInfo; + /**< Protection key for the user file key. */ + unsigned char[] rootSecret; +}; /** @} */ \ No newline at end of file diff --git a/zh-cn/device_api/hdi/user_auth/IUserAuthInterface.idl b/zh-cn/device_api/hdi/user_auth/IUserAuthInterface.idl index b8b53a57..3a1061d3 100755 --- a/zh-cn/device_api/hdi/user_auth/IUserAuthInterface.idl +++ b/zh-cn/device_api/hdi/user_auth/IUserAuthInterface.idl @@ -128,8 +128,7 @@ interface IUserAuthInterface { * * @param userId 用户ID。 * @param scheduleResult 执行器签发的注册结果。 - * @param credentialId 凭据ID。 - * @param oldInfo 已经删除的凭据信息{@link CredentialInfo}。 + * @param info 录入结果信息{@link EnrollResultInfo}。 * * @return 0 表示操作成功。 * @return 非0 表示操作失败。 @@ -137,8 +136,7 @@ interface IUserAuthInterface { * @since 3.2 * @version 1.0 */ - UpdateEnrollmentResult([in] int userId, [in] unsigned char[] scheduleResult, [out] unsigned long credentialId, - [out] struct CredentialInfo oldInfo); + UpdateEnrollmentResult([in] int userId, [in] unsigned char[] scheduleResult, [out] struct EnrollResultInfo info); /** * @brief 取消注册请求。 * @@ -182,10 +180,11 @@ interface IUserAuthInterface { */ GetCredential([in] int userId, [in] enum AuthType authType, [out] struct CredentialInfo[] infos); /** - * @brief 查询用户安全信息。 + * @brief 查询用户认证相关信息。 * * @param userId 用户ID。 * @param secureUid 安全用户ID。 + * @param pinSubType 口令认证子类型{@link PinSubType}。 * @param infos 注册信息{@link EnrolledInfo}。 * * @return 0 表示操作成功。 @@ -194,7 +193,8 @@ interface IUserAuthInterface { * @since 3.2 * @version 1.0 */ - GetSecureInfo([in] int userId, [out] unsigned long secureUid, [out] struct EnrolledInfo[] infos); + GetUserInfo([in] int userId, [out] unsigned long secureUid, [out] enum PinSubType pinSubType, + [out] struct EnrolledInfo[] infos); /** * @brief 删除用户口令认证凭据,在用户IAM系统内删除该用户,该请求由用户触发。 * @@ -269,6 +269,8 @@ interface IUserAuthInterface { * * @param contextId 上下文索引。 * @param authType 用户身份识别类型@{AuthType}。 + * @param challenge 随机挑战值,用于生成用户身份识别令牌,防止重放。 + * @param executorSensorHint 执行器传感器提示,用于找到对应认证方式的传感器。 * @param scheduleInfo 调度信息{@link ScheduleInfo}。 * * @return 0 表示操作成功。 @@ -277,10 +279,10 @@ interface IUserAuthInterface { * @since 3.2 * @version 1.0 */ - BeginIdentification([in] unsigned long contextId, [in] enum AuthType authType, [in] byte[] challenge, - [in] unsigned int executorId, [out] struct ScheduleInfo scheduleInfo); + BeginIdentification([in] unsigned long contextId, [in] enum AuthType authType, [in] unsigned char[] challenge, + [in] unsigned int executorSensorHint, [out] struct ScheduleInfo scheduleInfo); /** - * @brief 更新用户身份识别结果,生成身份识别方案的结果 + * @brief 更新用户身份识别结果,生成身份识别方案的结果。 * * @param contextId 上下文索引。 * @param scheduleResult 执行器签发的用户身份识别结果。 diff --git a/zh-cn/device_api/hdi/user_auth/UserAuthTypes.idl b/zh-cn/device_api/hdi/user_auth/UserAuthTypes.idl index 39d40830..aae9eb95 100755 --- a/zh-cn/device_api/hdi/user_auth/UserAuthTypes.idl +++ b/zh-cn/device_api/hdi/user_auth/UserAuthTypes.idl @@ -83,6 +83,18 @@ enum ExecutorSecureLevel : int { ESL3 = 3, }; +/** + * @brief 口令认证子类型。 + * + * @since 3.2 + * @version 1.0 + */ +enum PinSubType : int { + PIN_SIX = 10000, /**< 六位口令密码。 */ + PIN_NUMBER = 10001, /**< 数字口令密码。 */ + PIN_MIX = 10002, /**< 混合密码。 */ +}; + /** * @brief 执行器注册信息。 * @@ -94,10 +106,10 @@ struct ExecutorRegisterInfo { enum AuthType authType; /** 执行器角色@{ExecutorRole}。 */ enum ExecutorRole executorRole; - /** 既定用户认证凭据类型的执行器ID。 */ - unsigned int executorId; - /** 执行器类型,根据执行器支持的认证能力进行分类。 */ - unsigned int executorType; + /** 既定用户认证凭据类型的执行器传感器提示,用于找到对应认证方式的传感器。 */ + unsigned int executorSensorHint; + /** 执行器匹配器,根据执行器支持的认证能力进行分类。 */ + unsigned int executorMatcher; /** 执行器安全等级@{ExecutorSecureLevel}。 */ enum ExecutorSecureLevel esl; /** 执行器公钥,用于校验该执行器私钥签名的信息。 */ @@ -112,7 +124,7 @@ struct ExecutorRegisterInfo { */ struct ExecutorInfo { /** 用户认证框架的执行器索引。 */ - unsigned long index; + unsigned long executorIndex; /** 执行器注册信息@{ExecutorRegisterInfo}。 */ struct ExecutorRegisterInfo info; }; @@ -130,8 +142,8 @@ struct ScheduleInfo { unsigned long[] templateIds; /** 用户认证凭据类型@{AuthType}。 */ enum AuthType authType; - /** 执行器类型。 */ - unsigned int executorType; + /** 执行器匹配器。 */ + unsigned int executorMatcher; /** 调度模式,支持注册、认证和识别模式。 */ unsigned int scheduleMode; /** 执行器信息列表@{ExecutorInfo}。 */ @@ -151,8 +163,8 @@ struct AuthSolution { unsigned int authTrustLevel; /** 用户认证凭据类型@{AuthType}。 */ enum AuthType authType; - /** 既定用户认证凭据类型的执行器ID。 */ - unsigned int executorId; + /** 既定用户认证凭据类型的执行器传感器提示,用于找到对应认证方式的传感器。 */ + unsigned int executorSensorHint; /** 挑战值,用于签发认证令牌。 */ unsigned char[] challenge; }; @@ -165,7 +177,9 @@ struct AuthSolution { */ struct ExecutorSendMsg { /** 用户认证框架的执行器索引。 */ - unsigned int index; + unsigned long executorIndex; + /** 消息命令ID。 */ + int commandId; /** 执行器发送的消息。 */ unsigned char[] msg; }; @@ -187,6 +201,8 @@ struct AuthResultInfo { struct ExecutorSendMsg[] msgs; /** 用户身份认证令牌。 */ unsigned char[] token; + /** 保护文件加密密钥的密钥。 */ + unsigned char[] rootSecret; }; /** @@ -215,8 +231,8 @@ struct EnrollParam { enum AuthType authType; /** 执行器类型。 */ unsigned int executorType; - /** 既定用户认证凭据类型的执行器ID。 */ - unsigned int executorId; + /** 既定用户认证凭据类型的执行器传感器提示,用于找到对应认证方式的传感器。 */ + unsigned int executorSensorHint; }; /** @@ -234,12 +250,10 @@ struct CredentialInfo { unsigned long templateId; /** 用户认证凭据类型@{AuthType}。 */ enum AuthType authType; - /** 执行器类型。 */ - unsigned int executorType; - /** 既定用户认证凭据类型的执行器ID。 */ - unsigned int executorId; - /** 其他相关信息,用于支持信息扩展。 */ - unsigned char[] extraInfo; + /** 执行器匹配器。 */ + unsigned int executorMatcher; + /** 既定用户认证凭据类型的执行器传感器提示,用于找到对应认证方式的传感器。 */ + unsigned int executorSensorHint; }; /** @@ -254,4 +268,19 @@ struct EnrolledInfo { /** 用户认证凭据类型@{AuthType}。 */ enum AuthType authType; }; + +/** + * @brief 录入结果信息。 + * + * @since 3.2 + * @version 1.0 + */ +struct EnrollResultInfo { + /** 认证凭据ID */ + unsigned long credentialId; + /** 旧凭据信息{@link CredentialInfo}。 */ + struct CredentialInfo oldInfo; + /** 保护文件加密密钥的密钥。 */ + unsigned char[] rootSecret; +}; /** @} */ \ No newline at end of file -- Gitee