From: Sungbae Yoo Date: Mon, 23 Jan 2017 07:25:27 +0000 (+0900) Subject: Add APIs to verify password X-Git-Tag: submit/tizen/20170213.020148~16 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d3146aa5eb477eefd6bcb9e87f79b18c12e701d8;p=platform%2Fcore%2Fsecurity%2Fode.git Add APIs to verify password Signed-off-by: Sungbae Yoo Change-Id: Ib9486d8cff39d72bce8bea3792742c79d84ff842 --- diff --git a/lib/external-encryption.cpp b/lib/external-encryption.cpp index ed096c3..780f54e 100644 --- a/lib/external-encryption.cpp +++ b/lib/external-encryption.cpp @@ -62,6 +62,16 @@ int ExternalEncryption::decrypt(const std::string& password) } } +int ExternalEncryption::verifyPassword(const std::string& password) +{ + try { + return context->methodCall("ExternalEncryption::verifyPassword", + password); + } catch (runtime::Exception& e) { + return -1; + } +} + int ExternalEncryption::changePassword(const std::string& oldPassword, const std::string& newPassword) { diff --git a/lib/internal-encryption.cpp b/lib/internal-encryption.cpp index a6e7586..48ad20c 100644 --- a/lib/internal-encryption.cpp +++ b/lib/internal-encryption.cpp @@ -62,6 +62,16 @@ int InternalEncryption::decrypt(const std::string& password) } } +int InternalEncryption::verifyPassword(const std::string& password) +{ + try { + return context->methodCall("InternalEncryption::verifyPassword", + password); + } catch (runtime::Exception& e) { + return -1; + } +} + int InternalEncryption::changePassword(const std::string& oldPassword, const std::string& newPassword) { diff --git a/lib/ode/external-encryption.cpp b/lib/ode/external-encryption.cpp index 4ff6e3d..5c0070e 100644 --- a/lib/ode/external-encryption.cpp +++ b/lib/ode/external-encryption.cpp @@ -64,6 +64,22 @@ int ode_external_encryption_decrypt(const char* password) return external.decrypt(password); } +int ode_external_encryption_verify_password(const char *password, int *result) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(result, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + int ret = external.verifyPassword(password); + + RET_ON_FAILURE(ret < 0, ODE_ERROR_INVALID_PARAMETER); + + *result = ret; + return ODE_ERROR_NONE; +} + int ode_external_encryption_change_password(const char* old_password, const char* new_password) { diff --git a/lib/ode/external-encryption.h b/lib/ode/external-encryption.h index 5fc4b45..e1bd2a6 100644 --- a/lib/ode/external-encryption.h +++ b/lib/ode/external-encryption.h @@ -168,6 +168,22 @@ typedef enum { */ ODE_API int ode_external_encryption_get_supported_options(unsigned int* options); +/** + * @brief Verify if given password is external encryption password. + * @details Administrator can use this API to find if a password is used + by external encryption + * @since_tizen 3.0 + * @param[out] password The password to be verified + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_external_encryption_encrypt() + */ +ODE_API int ode_external_encryption_verify_password(const char *password); + /** * @} */ diff --git a/lib/ode/internal-encryption.cpp b/lib/ode/internal-encryption.cpp index 8ada3ee..7f227cd 100644 --- a/lib/ode/internal-encryption.cpp +++ b/lib/ode/internal-encryption.cpp @@ -64,6 +64,22 @@ int ode_internal_encryption_decrypt(const char* password) return internal.decrypt(password); } +int ode_internal_encryption_verify_password(const char *password, int *result) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(result, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + int ret = internal.verifyPassword(password); + + RET_ON_FAILURE(ret < 0, ODE_ERROR_INVALID_PARAMETER); + + *result = ret; + return ODE_ERROR_NONE; +} + int ode_internal_encryption_change_password(const char* old_password, const char* new_password) { diff --git a/lib/ode/internal-encryption.h b/lib/ode/internal-encryption.h index cb0742e..f905034 100644 --- a/lib/ode/internal-encryption.h +++ b/lib/ode/internal-encryption.h @@ -166,6 +166,22 @@ typedef enum { */ ODE_API int ode_internal_encryption_get_supported_options(unsigned int* options); +/** + * @brief Verify if given password is internal encryption password. + * @details Administrator can use this API to find if a password is used + by internal encryption + * @since_tizen 3.0 + * @param[out] password The password to be verified + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_internal_encryption_encrypt() + */ +ODE_API int ode_internal_encryption_verify_password(const char *password); + /* * @} */ diff --git a/rmi/external-encryption.h b/rmi/external-encryption.h index dc6fc63..c2cc199 100644 --- a/rmi/external-encryption.h +++ b/rmi/external-encryption.h @@ -39,6 +39,7 @@ public: int encrypt(const std::string& password, unsigned int options); int decrypt(const std::string& password); + int verifyPassword(const std::string& password); int changePassword(const std::string& oldPW, const std::string& newPW); enum State { diff --git a/rmi/internal-encryption.h b/rmi/internal-encryption.h index ddbe6a1..a915a16 100644 --- a/rmi/internal-encryption.h +++ b/rmi/internal-encryption.h @@ -36,6 +36,7 @@ public: int encrypt(const std::string& password, unsigned int options); int decrypt(const std::string& password); + int verifyPassword(const std::string& password); int changePassword(const std::string& oldPW, const std::string& newPW); enum State { diff --git a/server/external-encryption.cpp b/server/external-encryption.cpp index c821c5d..7ed8206 100644 --- a/server/external-encryption.cpp +++ b/server/external-encryption.cpp @@ -243,6 +243,17 @@ int ExternalEncryption::decrypt(const std::string &password) return 0; } +int ExternalEncryption::verifyPassword(const std::string& password) +{ + KeyManager::data data(password.begin(), password.end()); + KeyManager keyManager(engine.getKeyMeta()); + + if (!keyManager.verifyPassword(data)) { + return 1; + } + return 0; +} + int ExternalEncryption::changePassword(const std::string &oldPassword, const std::string &newPassword) { diff --git a/server/internal-encryption.cpp b/server/internal-encryption.cpp index 9b5d416..47c6ae1 100644 --- a/server/internal-encryption.cpp +++ b/server/internal-encryption.cpp @@ -244,6 +244,17 @@ int InternalEncryption::decrypt(const std::string& password) return 0; } +int InternalEncryption::verifyPassword(const std::string& password) +{ + KeyManager::data data(password.begin(), password.end()); + KeyManager keyManager(engine.getKeyMeta()); + + if (keyManager.verifyPassword(data)) { + return 1; + } + return 0; +} + int InternalEncryption::changePassword(const std::string& oldPassword, const std::string& newPassword) {