williamr@4: /* williamr@4: * Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). williamr@4: * All rights reserved. williamr@4: * This component and the accompanying materials are made available williamr@4: * under the terms of the License "Eclipse Public License v1.0" williamr@4: * which accompanies this distribution, and is available williamr@4: * at the URL "http://www.eclipse.org/legal/epl-v10.html". williamr@4: * williamr@4: * Initial Contributors: williamr@4: * Nokia Corporation - initial contribution. williamr@4: * williamr@4: * Contributors: williamr@4: * williamr@4: * Description: williamr@4: * CAuthPluginInterface williamr@4: * williamr@4: */ williamr@4: williamr@4: williamr@4: /** williamr@4: @file williamr@4: @publishedAll williamr@4: @released williamr@4: */ williamr@4: williamr@4: #ifndef AUTHPLUGININTERFACE_H williamr@4: #define AUTHPLUGININTERFACE_H williamr@4: williamr@4: williamr@4: #include williamr@4: #include williamr@4: williamr@4: namespace AuthServer williamr@4: { williamr@4: williamr@4: /// The interface UID for the authentication plugin interface williamr@4: const TUid KCAuthPluginInterfaceUid = { 0x102740FE }; williamr@4: williamr@4: williamr@4: /** williamr@4: * The ECOM interface for authentication plugins. An authentication plugin is williamr@4: * used to help identify the current device holder. When a plugin is asked to williamr@4: * identify the holder, it interacts with the user and potentially hardware or williamr@4: * services provided by other servers. The plugin then generates some data williamr@4: * which is unique and repeatable for the input recieved. This data should williamr@4: * not be persisted on the device in any form that can easily be used to williamr@4: * recover the data. williamr@4: * williamr@4: * For example, a plugin might request a PIN number from the user. The plugin williamr@4: * will take the number, perhaps compare the hash of the number against the williamr@4: * hashes recorded during training and if a match is found return the identity williamr@4: * along with some unique data associated with it. williamr@4: * williamr@4: */ williamr@4: class CAuthPluginInterface : public CBase williamr@4: { williamr@4: public: williamr@4: williamr@4: /** williamr@4: * @return the id of the plugin. This should be the ECOM implementation id. williamr@4: **/ williamr@4: virtual TPluginId Id() const = 0; williamr@4: williamr@4: /** williamr@4: * williamr@4: * @return the name of the plugin. williamr@4: * williamr@4: **/ williamr@4: virtual const TPtrC& Name() const = 0; williamr@4: williamr@4: /** williamr@4: * williamr@4: * @return a description of the plugin. williamr@4: * williamr@4: **/ williamr@4: virtual const TPtrC& Description() const = 0; williamr@4: williamr@4: /** williamr@4: * williamr@4: * @return the minimum entropy of the plugin. williamr@4: * williamr@4: **/ williamr@4: virtual TEntropy MinEntropy() const = 0; williamr@4: williamr@4: /** williamr@4: * williamr@4: * @return the rate of false positive identifications. williamr@4: * williamr@4: **/ williamr@4: virtual TPercentage FalsePositiveRate() const = 0; williamr@4: williamr@4: /** williamr@4: * williamr@4: * @return the rate of false negative identifications. williamr@4: * williamr@4: **/ williamr@4: virtual TPercentage FalseNegativeRate() const = 0; williamr@4: williamr@4: /** williamr@4: * williamr@4: * @return the type of plugin williamr@4: * williamr@4: **/ williamr@4: virtual TAuthPluginType Type() const = 0; williamr@4: williamr@4: /** williamr@4: * Performs actions required to identify the current device holder. williamr@4: * williamr@4: * For details see the reference/test implementation of a knowledge-type williamr@4: * plugin called the pinplugin. williamr@4: * williamr@4: * @param aId in the event of a successfull call, aId will be set to the williamr@4: * id of the identity. The value is not modified otherwise. It should be williamr@4: * noted that a successful call includes the possibility of not williamr@4: * recognising the user in which case aId should be set to williamr@4: * KUnknownIdentity. williamr@4: * williamr@4: * @param aClientMessage A displayable text string parameter for authentication williamr@4: * requests.It shall be passed to plug-ins to display to the users. williamr@4: * williamr@4: * @param aResult in the event of a successfull call, aResult contains the williamr@4: * data generated from the identification process. This data is used by williamr@4: * the authentication server to generate a transient key which in turn is williamr@4: * used to decrypt the identities protection key. If the call was williamr@4: * unsuccessful or the user is unknown no buffer will be created. Ownership of williamr@4: * the buffer is transfered to the caller. williamr@4: * williamr@4: * @param aRequest the request status through which the caller will be williamr@4: * notified of completion. Upon completion, the status value will be one of the williamr@4: * following : williamr@4: * KErrNone if the identification process is successful. williamr@4: * KErrAuthServPluginCancelled if the user cancels the identification process for williamr@4: * this plugin. williamr@4: * KErrAuthServPluginQuit if the user quits the whole identification williamr@4: * process. williamr@4: * ... or any of the system wide error codes. williamr@4: **/ williamr@4: williamr@4: williamr@4: virtual void Identify(TIdentityId& aId, const TDesC& aClientMessage, williamr@4: HBufC8*& aResult, TRequestStatus& aRequest) = 0; williamr@4: williamr@4: /** williamr@4: * Cancel the current action. This method must complete with KErrCancel williamr@4: * any outstanding asyncronous requests such as Train or Identify. williamr@4: **/ williamr@4: williamr@4: williamr@4: virtual void Cancel() = 0; williamr@4: williamr@4: /** williamr@4: * This method tells the plugin to operate in training mode. After the williamr@4: * successful this method the plugin should be able to correctly identify williamr@4: * the specified identity using the Identify method. If the plugin already williamr@4: * has existing training data for the identity then the data should be williamr@4: * replaced. Care should be taken to allow the user to cancel or quit the williamr@4: * training without losing the existing training. williamr@4: * williamr@4: * @param aId the identity for whom to train the plugin. This allows the williamr@4: * plugin to persist training data associated with the identity and delete williamr@4: * or update that data later on. williamr@4: * williamr@4: * @param aResult this buffer will be filled with data that matches the williamr@4: * current device holder. This should be the same data as is returned by williamr@4: * the Identify method for the same identity. Ownership of the buffer is williamr@4: * transfered to the caller. williamr@4: * williamr@4: * @param aRequest the request status through which the caller will be williamr@4: * notified of completion. Upon completion the status value will be one of the williamr@4: * following : williamr@4: * KErrNone if the training process is successful. williamr@4: * KErrAuthServPluginCancelled if the user cancels the training process for williamr@4: * this plugin. williamr@4: * KErrAuthServPluginQuit if the user quits the whole training williamr@4: * process. williamr@4: * ... or any of the system wide error codes. williamr@4: **/ williamr@4: williamr@4: williamr@4: virtual void Train(TIdentityId aId, HBufC8*& aResult, williamr@4: TRequestStatus& aRequest) = 0; williamr@4: williamr@4: /** williamr@4: * @return true if the plugin can be used for identification or training williamr@4: * purposes without further user intervention. williamr@4: **/ williamr@4: williamr@4: williamr@4: virtual TBool IsActive() const = 0; williamr@4: williamr@4: /** williamr@4: * Remove any stored training data for the specified identity. This is williamr@4: * used if an identity is being removed from the device. No user williamr@4: * interaction should take place as a result of this call. williamr@4: * williamr@4: * @param aId the identity for whom to remove any persisted training data. williamr@4: * williamr@4: * @return KErrNone if the operation is successful. williamr@4: * @return KErrAuthServNoSuchIdentity if the TIdentityId wasn't recognised. williamr@4: * @return ... or any of the system wide error codes. williamr@4: **/ williamr@4: williamr@4: williamr@4: virtual TInt Forget(TIdentityId aId) = 0; williamr@4: williamr@4: /** williamr@4: * Pretend the device holder has identified themselves using a default williamr@4: * entry. For example, a pin number plugin would return the same data as williamr@4: * if the holder had entered the default pin. This call is used during the williamr@4: * creation of the initial device identity and allows the device to be williamr@4: * operated without the user being forced to train plugins the first time williamr@4: * the device is started. No user interaction should take place as a williamr@4: * result of this call. williamr@4: * williamr@4: * Only plugins of type EAuthKnowledge should support default williamr@4: * data. Plugins of other types will be ignored. williamr@4: * williamr@4: * @param aId The identity that will be registered using the default data. williamr@4: * williamr@4: * @param aOutputBuf This buffer should be filled with the data that would williamr@4: * be generated if the phone holder identified themselves using the williamr@4: * default manner. Ownership of the buffer is transfered to the caller. williamr@4: * williamr@4: * @return KErrNone if the plugin supports default data. williamr@4: * @return KErrNotSupported if the plugin doesn't support default data. williamr@4: * @return ... or any of the system wide error codes. williamr@4: **/ williamr@4: williamr@4: williamr@4: virtual TInt DefaultData(TIdentityId aId, HBufC8*& aOutputBuf) = 0; williamr@4: williamr@4: /** williamr@4: * This method tells the plugin to remove the training data held for the given identity williamr@4: * and to regenerate it using the supplied registration data. The intent of this method williamr@4: * is to allow a backend reset of user credentials in situations where the user is not williamr@4: * able to provide the credentials for some reason (for instance the user has forgotten williamr@4: * the password). Note that no user interaction should take place as a result of this call. williamr@4: * Since the registration data may not be usable by all plugin types it is expected that only williamr@4: * EAuthKnowledge type plugins (those based on pins, passphrases, etc.) use this data for williamr@4: * registering the user and return the result. williamr@4: * williamr@4: * @param aId The identity whose training data should be reset. williamr@4: * williamr@4: * @param aRegistrationData The data that can be used to register the identity. williamr@4: * This data is meaningful for EAuthKnowledge type plugins. Other plugins may choose to williamr@4: * ignore this parameter. An empty descriptor signifies the absence of registration data. williamr@4: * williamr@4: * @param aResult This buffer will be filled with data that matches the specified identity. williamr@4: * This should be the same data subsequently returned by the Identify method for the same identity. williamr@4: * Note that plugins that aren't supplied registration data or those that don't use the supplied williamr@4: * registration data for the reset can return NULL. Ownership of the buffer is transfered to williamr@4: * the caller. williamr@4: * williamr@4: * @return KErrNone if the plugin is successfully able to either remove and/or reset the training data. williamr@4: * @return KErrNotSupported if the plugin doesn't support a reset functionality. williamr@4: * @return ... or any of the system wide error codes. williamr@4: **/ williamr@4: williamr@4: williamr@4: virtual TInt Reset(TIdentityId aId, const TDesC& aRegistrationData, williamr@4: HBufC8*& aResult) = 0; williamr@4: williamr@4: /** williamr@4: * williamr@4: * Destructor. williamr@4: * williamr@4: **/ williamr@4: williamr@4: williamr@4: virtual ~CAuthPluginInterface() {}; williamr@4: williamr@4: }; williamr@4: williamr@4: } // namespace williamr@4: williamr@4: #endif