SET(
SRCS
src/hal-api-security-certs.c
+ src/hal-api-security-auth.c
)
LINK_DIRECTORIES(${SECURITY_DEPS_LIBRARY_DIRS})
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#ifndef __TIZEN_HAL_SECURITY_AUTH_DOC_H__
+#define __TIZEN_HAL_SECURITY_AUTH_DOC_H__
+
+
+/**
+ * @file hal_security_auth_doc.h
+ * @brief This file contains high level documentation of the HAL Security Auth module.
+ */
+
+/**
+ * @ingroup HALAPI_HAL_SECURITY
+ * @defgroup HALAPI_HAL_SECURITY_AUTH_MODULE Security Auth
+ * @brief The @ref HALAPI_HAL_SECURITY_AUTH_MODULE provides functions to handle the authentication per user.
+ *
+ * @section HALAPI_HAL_SECURITY_AUTH_MODULE_HEADER Required Header
+ * \#include <hal/hal-security-auth.h>
+ *
+ * @section HALAPI_HAL_SECURITY_AUTH_MODULE_OVERVIEW Overview
+ * The Security Auth provides functions to handle the authentication per user.
+ *
+ * The Security Auth functions provide methods to:
+ * - Create password file
+ * - Write password auth parameters from memory to file
+ * - Write the number of attempts to enter password auth till now
+ * - Set a new password auth context
+ * - Check if the entered password auth context is the same as the current password
+ * - Set the maximum number of history size to store password context in the past
+ * - Get the maximum number of history size
+ * - Get the expire time period in days
+ * - Set the expire time period in days
+ * - Get the expire time left in seconds
+ * - Set the expire time left in seconds
+ * - Get the accumulated attempt number for user's password auth tries
+ * - Reset the accumulated attempt number for user's password auth tries
+ * - Increase the accumulated attempt number for user's password auth tries
+ * - Get the limited maximum attempt number of user's password auth tries
+ * - Set the limited maximum attempt number of user's password auth tries
+ * - Get the active status of user's password auth context
+ * - Check if the entered password context has the previously-used history
+ * - Check if the password auth context has expired
+ * - Check if the accumulated attempt number for user's password auth try exceeds the limited maximum attempt
+ * - Check if the new attempt interval elapsed the ignore period(ex. RETRY_TIMEOUT = 0.5 secs)
+ * - Check if the history for storing the previous password context is activated
+ * - Get the password type regarding to the user
+ * For more information on the Security Auth features and the macros, see HAL Security programming guides and tutorials.
+ */
+
+#endif /* __TIZEN_HAL_SECURITY_AUTH_DOC_H__ */
* <td>@ref HALAPI_HAL_SECURITY_CERTS_MODULE</td>
* <td>Provides functions to handle device certificates and signing operations</td>
* </tr>
+ * <tr>
+ * <td>@ref HALAPI_HAL_SECURITY_AUTH_MODULE</td>
+ * <td>Provides functions to handle the authentication per user</td>
+ * </tr>
* </table>
*
* For more information on the HAL Security submodule features, see HAL Security Guide.
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __HAL_SECURITY_AUTH_INTERFACE_1_H__
+#define __HAL_SECURITY_AUTH_INTERFACE_1_H__
+
+#include "hal-security-auth-types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @addtogroup HALAPI_HAL_SECURITY_AUTH_MODULE
+ * @{
+ */
+
+/**
+ * @brief Structure for security auth-fw functions.
+ * @since HAL_MODULE_SECURITY_AUTH 1.0
+ */
+
+typedef struct _hal_backend_security_auth_funcs {
+ /** Create password file */
+ int (*create_password_file)(uid_t user_id,
+ hal_security_auth_password_type_e type);
+
+ /** Write password auth parameters from memory to file */
+ int (*write_memory_to_file)(uid_t user_id);
+
+ /** Write the number of attempts to enter password auth till now */
+ int (*write_attempt_to_file)(uid_t user_id);
+
+ /** Set a new password auth context */
+ int (*set_password)(uid_t user_id,
+ const char* password);
+
+ /** Check if the entered password auth context is the same as the current password */
+ int (*check_password)(uid_t user_id,
+ const char* password);
+
+ /** Set the maximum number of history size to store password context in the past */
+ int (*set_max_history_size)(uid_t user_id,
+ unsigned int history_size);
+
+ /** Get the maximum number of history size */
+ int (*get_max_history_size)(uid_t user_id,
+ unsigned int *history_size);
+
+ /** Get the expire time period in days */
+ int (*get_expire_time)(uid_t user_id,
+ unsigned int *expire_time);
+
+ /** Set the expire time period in days */
+ int (*set_expire_time)(uid_t user_id,
+ unsigned int expire_time);
+
+ /** Get the expire time left in seconds */
+ int (*get_expire_time_left)(uid_t user_id,
+ unsigned int *expire_time_left);
+
+ /** Set the expire time left in seconds */
+ int (*set_expire_time_left)(uid_t user_id,
+ unsigned int expire_time_left);
+
+ /** Get the accumulated attempt number for user's password auth trys */
+ int (*get_attempt)(uid_t user_id,
+ unsigned int *attempt);
+
+ /** Reset the accumulated attempt number for user's password auth trys */
+ int (*reset_attempt)(uid_t user_id);
+
+ /** Increase the accumulated attempt number for user's password auth trys */
+ int (*increment_attempt)(uid_t user_id);
+
+ /** Get the limited maximum attempt number of user's password auth trys */
+ int (*get_max_attempt)(uid_t user_id,
+ unsigned int *max_attempt);
+
+ /** Set the limited maximum attempt number of user's password auth trys */
+ int (*set_max_attempt)(uid_t user_id,
+ unsigned int max_attempt);
+
+ /** Get the active status of user's password auth context */
+ int (*is_password_active)(uid_t user_id);
+
+ /** Check if the entered password context has the previously-used history */
+ int (*is_password_reused)(uid_t user_id,
+ const char* password);
+
+ /** Check if the password auth context has expired */
+ int (*check_expiration)(uid_t user_id);
+
+ /** Check if the accumulated attempt number for user's password auth try exceeds the limited maximum attempt */
+ int (*check_attempt_exceeded)(uid_t user_id);
+
+ /** Check if the new attempt interval elapsed the ignore period(ex. RETRY_TIMEOUT = 0.5 secs) */
+ int (*is_ignore_period)(uid_t user_id);
+
+ /** Check if the history for storing the previous password context is activated */
+ int (*is_history_active)(uid_t user_id);
+
+ /** Get the password type regarding to user_id */
+ int (*get_password_type)(uid_t user_id,
+ hal_security_auth_password_type_e *password_type);
+
+} hal_backend_security_auth_funcs;
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* __HAL_SECURITY_AUTH_INTERFACE_1_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __HAL_SECURITY_AUTH_INTERFACE_H__
+#define __HAL_SECURITY_AUTH_INTERFACE_H__
+
+#include "hal-security-auth-interface-1.h"
+
+#endif /* __HAL_SECURITY_AUTH_INTERFACE_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __HAL_SECURITY_AUTH_TYPES_H__
+#define __HAL_SECURITY_AUTH_TYPES_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @addtogroup HALAPI_HAL_SECURITY_AUTH_MODULE
+ * @{
+ */
+
+/**
+ * @brief Enumeration for auth password type
+ * @since HAL_MODULE_SECURITY_AUTH 1.0
+ */
+typedef enum {
+ HAL_SECURITY_AUTH_PASSWORD_NORMAL = 0, /**< Character string for normal password */
+ HAL_SECURITY_AUTH_PASSWORD_PIN = 1, /**< Numeric character string for personal identification number */
+ HAL_SECURITY_AUTH_PASSWORD_PATTERN = 2, /**< Numeric character string for pattern match */
+} hal_security_auth_password_type_e;
+
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* __HAL_SECURITY_AUTH_TYPES_H__ */
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __HAL_SECURITY_AUTH_H__
+#define __HAL_SECURITY_AUTH_H__
+
+#include "hal-security-auth-types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int hal_security_auth_create_password_file(uid_t user_id,
+ hal_security_auth_password_type_e password_type);
+
+int hal_security_auth_write_memory_to_file(uid_t user_id);
+
+int hal_security_auth_write_attempt_to_file(uid_t user_id);
+
+int hal_security_auth_set_password(uid_t user_id,
+ const char* password);
+
+int hal_security_auth_check_password(uid_t user_id,
+ const char* password);
+
+int hal_security_auth_set_max_history_size(uid_t user_id,
+ unsigned int history_size);
+
+int hal_security_auth_get_max_history_size(uid_t user_id,
+ unsigned int *history_size);
+
+int hal_security_auth_get_expire_time(uid_t user_id,
+ unsigned int *expire_time);
+
+int hal_security_auth_set_expire_time(uid_t user_id,
+ unsigned int expire_time);
+
+int hal_security_auth_get_expire_time_left(uid_t user_id,
+ unsigned int *expire_time_left);
+
+int hal_security_auth_set_expire_time_left(uid_t user_id,
+ unsigned int expire_time_left);
+
+int hal_security_auth_get_attempt(uid_t user_id,
+ unsigned int *attempt);
+
+int hal_security_auth_reset_attempt(uid_t user_id);
+
+int hal_security_auth_increment_attempt(uid_t user_id);
+
+int hal_security_auth_get_max_attempt(uid_t user_id,
+ unsigned int *max_attempt);
+
+int hal_security_auth_set_max_attempt(uid_t user_id,
+ unsigned int max_attempt);
+
+int hal_security_auth_is_password_active(uid_t user_id);
+
+int hal_security_auth_is_password_reused(uid_t user_id,
+ const char* password);
+
+int hal_security_auth_check_expiration(uid_t user_id);
+
+int hal_security_auth_check_attempt_exceeded(uid_t user_id);
+
+int hal_security_auth_is_ignore_period(uid_t user_id);
+
+int hal_security_auth_is_history_active(uid_t user_id);
+
+int hal_security_auth_get_password_type(uid_t user_id,
+ hal_security_auth_password_type_e *password_type);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __HAL_SECURITY_AUTH_H__ */
\ No newline at end of file
<name>HAL_MODULE_SECURITY_CERTS</name>
<version>1.0</version>
</hal-module>
+ <hal-module>
+ <name>HAL_MODULE_SECURITY_AUTH</name>
+ <version>1.0</version>
+ </hal-module>
</manifest>
</hal-api>
%defattr(-,root,root,-)
%manifest %{name}.manifest
%license LICENSE.Apache-2.0
+%{_includedir}/hal/hal-security-auth*.h
%{_includedir}/hal/hal-security-certs*.h
%{_libdir}/pkgconfig/hal-api-security.pc
%{_libdir}/hal/lib%{name}.so
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <errno.h>
+
+#include <hal/hal-common.h>
+
+#include "hal-security-auth-interface.h"
+#include "hal-security-auth.h"
+#ifndef EXPORT
+#define EXPORT __attribute__ ((visibility("default")))
+#endif
+
+static hal_backend_security_auth_funcs *g_security_auth_funcs = NULL;
+
+EXPORT int hal_security_auth_get_backend(void)
+{
+ int ret;
+
+ if (g_security_auth_funcs)
+ return 0;
+
+ g_security_auth_funcs = calloc(1, sizeof(hal_backend_security_auth_funcs));
+ if (!g_security_auth_funcs)
+ return -ENOMEM;
+
+ ret = hal_common_get_backend(HAL_MODULE_SECURITY_AUTH, (void **)&g_security_auth_funcs);
+ if (ret < 0) {
+ free(g_security_auth_funcs);
+ g_security_auth_funcs = NULL;
+ return -ENOTSUP;
+ }
+
+ return 0;
+}
+
+EXPORT int hal_security_auth_put_backend(void)
+{
+ if (!g_security_auth_funcs)
+ return -EINVAL;
+
+ hal_common_put_backend(HAL_MODULE_SECURITY_AUTH, (void *)g_security_auth_funcs);
+
+ free(g_security_auth_funcs);
+ g_security_auth_funcs = NULL;
+
+ return 0;
+}
+
+EXPORT int hal_security_auth_create_password_file(uid_t user_id, hal_security_auth_password_type_e password_type)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->create_password_file(user_id, password_type);
+}
+
+EXPORT int hal_security_auth_write_memory_to_file(uid_t user_id)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->write_memory_to_file(user_id);
+}
+
+EXPORT int hal_security_auth_write_attempt_to_file(uid_t user_id)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->write_attempt_to_file(user_id);
+}
+
+EXPORT int hal_security_auth_set_password(uid_t user_id, const char* password)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->set_password(user_id, password);
+}
+
+EXPORT int hal_security_auth_check_password(uid_t user_id, const char* password)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->check_password(user_id, password);
+}
+
+EXPORT int hal_security_auth_set_max_history_size(uid_t user_id, unsigned int history_size)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->set_max_history_size(user_id, history_size);
+}
+
+EXPORT int hal_security_auth_get_max_history_size(uid_t user_id, unsigned int *history_size)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->get_max_history_size(user_id, history_size);
+}
+
+EXPORT int hal_security_auth_get_expire_time(uid_t user_id, unsigned int *expire_time)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->get_expire_time(user_id, expire_time);
+}
+
+EXPORT int hal_security_auth_set_expire_time(uid_t user_id, unsigned int expire_time)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->set_expire_time(user_id, expire_time);
+}
+
+EXPORT int hal_security_auth_get_attempt(uid_t user_id, unsigned int *attempt)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->get_attempt(user_id, attempt);
+}
+
+EXPORT int hal_security_auth_reset_attempt(uid_t user_id)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->reset_attempt(user_id);
+}
+
+EXPORT int hal_security_auth_increment_attempt(uid_t user_id)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->increment_attempt(user_id);
+}
+
+EXPORT int hal_security_auth_get_max_attempt(uid_t user_id, unsigned int *max_attempt)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->get_max_attempt(user_id, max_attempt);
+}
+
+EXPORT int hal_security_auth_set_max_attempt(uid_t user_id, unsigned int max_attempt)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->set_max_attempt(user_id, max_attempt);
+}
+
+EXPORT int hal_security_auth_is_password_active(uid_t user_id)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->is_password_active(user_id);
+}
+
+EXPORT int hal_security_auth_is_password_reused(uid_t user_id, const char* password)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->is_password_reused(user_id, password);
+}
+
+EXPORT int hal_security_auth_check_expiration(uid_t user_id)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->check_expiration(user_id);
+}
+
+EXPORT int hal_security_auth_check_attempt_exceeded(uid_t user_id)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->check_attempt_exceeded(user_id);
+}
+
+EXPORT int hal_security_auth_is_ignore_period(uid_t user_id)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->is_ignore_period(user_id);
+}
+
+EXPORT int hal_security_auth_is_history_active(uid_t user_id)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->is_history_active(user_id);
+}
+
+EXPORT int hal_security_auth_get_password_type(uid_t user_id, hal_security_auth_password_type_e *password_type)
+{
+ if (!g_security_auth_funcs)
+ return -ENOTSUP;
+ return g_security_auth_funcs->get_password_type(user_id, password_type);
+}
\ No newline at end of file
projects / platform / hal / api / security.git / commitdiff