From: Dongik Lee <dongik.lee@samsung.com>
Date: Tue, 15 Apr 2025 05:33:47 +0000 (+0900)
Subject: Add unit-tests to hal-api security-auth
X-Git-Tag: accepted/tizen/unified/20250502.102822~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d7a7c6c70e9d2f77db93fd6d7c468df0ba1f3f61;p=platform%2Fhal%2Fapi%2Fsecurity.git

Add unit-tests to hal-api security-auth

Change-Id: I29c256c7d7b82d1ff99a3c3dcb9efac9bdd394f5
---

diff --git a/haltest/CMakeLists.txt b/haltest/CMakeLists.txt
index 8795d0c..151c24a 100644
--- a/haltest/CMakeLists.txt
+++ b/haltest/CMakeLists.txt
@@ -10,7 +10,7 @@ FIND_LIBRARY(
     REQUIRED)
 
 INCLUDE(FindPkgConfig)
-PKG_CHECK_MODULES(TEST_DEPS REQUIRED capi-system-info gmock)
+PKG_CHECK_MODULES(TEST_DEPS REQUIRED capi-system-info libtzplatform-config gmock)
 
 INCLUDE_DIRECTORIES(SYSTEM ${TEST_DEPS_INCLUDE_DIRS})
 INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR})
@@ -22,8 +22,9 @@ SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed -pie")
 
 SET(SRCS
     ${CMAKE_SOURCE_DIR}/haltest/main.cpp
-    ${CMAKE_SOURCE_DIR}/haltest/security-certs.cpp)
+    ${CMAKE_SOURCE_DIR}/haltest/security-certs.cpp
+    ${CMAKE_SOURCE_DIR}/haltest/security-auth.cpp)
 ADD_EXECUTABLE(${PROJECT_NAME} ${SRCS})
 
 TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${TEST_DEPS_LDFLAGS} ${HALAPI_LIBRARY})
-INSTALL(TARGETS ${PROJECT_NAME} DESTINATION /usr/bin/hal)
+INSTALL(TARGETS ${PROJECT_NAME} DESTINATION /usr/bin/hal)
\ No newline at end of file
diff --git a/haltest/security-auth.cpp b/haltest/security-auth.cpp
new file mode 100644
index 0000000..8f34f2e
--- /dev/null
+++ b/haltest/security-auth.cpp
@@ -0,0 +1,443 @@
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <system_info.h>
+#include <gtest/gtest.h>
+#include <string.h>
+#include <unistd.h>
+#include <tzplatform_config.h>
+
+#include "hal-security-auth.h"
+#include "hal-security-auth-error.h"
+
+const char *normal_password = "normal-password";
+const char *admin_password = "admin-password";
+const char *wrong_password = "wrong-password";
+const char *reused_normal = "normal-password";
+const char *reused_admin = "admin-password";
+const char *new_password = "new-password";
+
+const uid_t wrong_user_id = 8888;
+const unsigned int max_history_size = 5;
+const unsigned int expire_time_days = 100;
+const unsigned int increment_unit = 1;
+const unsigned int max_attempt_size = 10;
+const uid_t root_user = 0;
+
+class SECURITY_AUTH : public testing::Test
+{
+protected:
+    void SetUp() override {
+        int ret = hal_security_auth_get_backend();
+        ASSERT_EQ(ret, 0) << "Failed to get security auth backend (" << ret << ")";
+    };
+
+    void TearDown() override {
+        int ret = hal_security_auth_put_backend();
+        EXPECT_EQ(ret, 0) << "Failed to put security auth backend (" << ret << ")";
+    };
+};
+
+TEST_F(SECURITY_AUTH, WriteMemoryToFile)
+{
+    int ret;
+    uid_t user_id = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+
+    hal_security_auth_password_type_e password_type;
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PIN);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_write_memory_to_file(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to write memory to file (" << ret << ")";
+
+    ret = hal_security_auth_write_memory_to_file(wrong_user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to write to memory to file  (" << ret << ")";
+
+    ret = hal_security_auth_write_attempt_to_file(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to write attempt to file (" << ret << ")";
+
+    ret = hal_security_auth_write_attempt_to_file(wrong_user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to write attempt to file  (" << ret << ")";
+
+    ret = hal_security_auth_get_password_type(user_id, &password_type);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get password type (" << ret << ")";
+    EXPECT_EQ(password_type, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PIN) << "Failed : Wrong password type (" << password_type << ")";
+
+    user_id = root_user;
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PIN);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_write_memory_to_file(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to write memory to file (" << ret << ")";
+
+    ret = hal_security_auth_write_memory_to_file(wrong_user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to write to memory to file  (" << ret << ")";
+
+    ret = hal_security_auth_write_attempt_to_file(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to write attempt to file (" << ret << ")";
+
+    ret = hal_security_auth_write_attempt_to_file(wrong_user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to write attempt to file  (" << ret << ")";
+
+    ret = hal_security_auth_get_password_type(user_id, &password_type);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get password type (" << ret << ")";
+    EXPECT_EQ(password_type, HAL_SECURITY_AUTH_PASSWORD_PIN) << "Failed : Wrong password type (" << password_type << ")";
+}
+
+
+TEST_F(SECURITY_AUTH, SetAndCheckPassword)
+{
+    int ret;
+    uid_t user_id = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_NORMAL);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_set_password(user_id, normal_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set password (" << ret << ")";
+
+    ret = hal_security_auth_set_password(wrong_user_id, normal_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to set password (" << ret << ")";
+
+    ret = hal_security_auth_check_password(user_id, normal_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to check password (" << ret << ")";
+
+    ret = hal_security_auth_check_password(user_id, wrong_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_PASSWORD_MISMATCH) << "Wrong password to check password (" << ret << ")";
+
+    user_id = root_user;
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_NORMAL);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_set_password(user_id, normal_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set password (" << ret << ")";
+
+    ret = hal_security_auth_set_password(wrong_user_id, normal_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to set password (" << ret << ")";
+
+    ret = hal_security_auth_check_password(user_id, normal_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to check password (" << ret << ")";
+
+    ret = hal_security_auth_check_password(user_id, wrong_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_PASSWORD_MISMATCH) << "Wrong password to check password (" << ret << ")";
+}
+
+TEST_F(SECURITY_AUTH, HistoryParams)
+{
+    int ret;
+    unsigned int history_size = 0;
+    uid_t user_id = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PIN);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_set_max_history_size(user_id, max_history_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set max history size (" << ret << ")";
+
+    ret = hal_security_auth_set_max_history_size(wrong_user_id, max_history_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to set max history size (" << ret << ")";
+
+    ret = hal_security_auth_get_max_history_size(user_id, &history_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get max history size (" << ret << ")";
+    EXPECT_EQ(history_size, max_history_size) << "Failed : Wrong max history size (" << history_size << ")";
+
+    ret = hal_security_auth_get_max_history_size(wrong_user_id, &history_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to get max history size (" << ret << ")";
+
+    user_id = root_user;
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PIN);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_set_max_history_size(user_id, max_history_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set max history size (" << ret << ")";
+
+    ret = hal_security_auth_set_max_history_size(wrong_user_id, max_history_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to set max history size (" << ret << ")";
+
+    ret = hal_security_auth_get_max_history_size(user_id, &history_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get max history size (" << ret << ")";
+    EXPECT_EQ(history_size, max_history_size) << "Failed : Wrong max history size (" << history_size << ")";
+
+    ret = hal_security_auth_get_max_history_size(wrong_user_id, &history_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to get max history size (" << ret << ")";
+}
+
+TEST_F(SECURITY_AUTH, ExpireParams)
+{
+    int ret;
+    unsigned int expire_time = 0;
+    uid_t user_id = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PATTERN);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_set_expire_time(user_id, expire_time_days);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set expire time (" << ret << ")";
+
+    ret = hal_security_auth_set_expire_time(wrong_user_id, expire_time_days);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to set expire time (" << ret << ")";
+
+    ret = hal_security_auth_get_expire_time(user_id, &expire_time);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get expire time (" << ret << ")";
+    EXPECT_EQ(expire_time, expire_time_days) << "Wrong expire time (" << expire_time << ")";
+
+    ret = hal_security_auth_get_expire_time(wrong_user_id, &expire_time);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to get expire time (" << ret << ")";
+
+    user_id = root_user;
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PATTERN);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_set_expire_time(user_id, expire_time_days);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set expire time (" << ret << ")";
+
+    ret = hal_security_auth_set_expire_time(wrong_user_id, expire_time_days);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to set expire time (" << ret << ")";
+
+    ret = hal_security_auth_get_expire_time(user_id, &expire_time);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get expire time (" << ret << ")";
+    EXPECT_EQ(expire_time, expire_time_days) << "Wrong expire time (" << expire_time << ")";
+
+    ret = hal_security_auth_get_expire_time(wrong_user_id, &expire_time);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to get expire time (" << ret << ")";
+}
+
+TEST_F(SECURITY_AUTH, AttemptParams)
+{
+    int ret;
+    unsigned int attempt = 0;
+    unsigned int max_attempt = 0;
+    uid_t user_id = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_NORMAL);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_reset_attempt(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to reset attempt (" << ret << ")";
+
+    ret = hal_security_auth_reset_attempt(wrong_user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to reset attempt (" << ret << ")";
+
+    ret = hal_security_auth_increment_attempt(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to increment attempt (" << ret << ")";
+
+    ret = hal_security_auth_increment_attempt(wrong_user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to increment attempt (" << ret << ")";
+
+    ret = hal_security_auth_get_attempt(user_id, &attempt);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get attempt (" << ret << ")";
+    EXPECT_EQ(attempt, increment_unit) << "Wrong attempt (" << attempt << ")";
+
+    ret = hal_security_auth_get_attempt(wrong_user_id, &attempt);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to get attempt (" << ret << ")";
+
+    ret = hal_security_auth_set_max_attempt(user_id, max_attempt_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set max attempt (" << ret << ")";
+
+    ret = hal_security_auth_set_max_attempt(wrong_user_id, max_attempt_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to set max attempt (" << ret << ")";
+
+    ret = hal_security_auth_get_max_attempt(user_id, &max_attempt);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get max attempt (" << ret << ")";
+    EXPECT_EQ(max_attempt, max_attempt_size) << "Wrong max attempt (" << max_attempt << ")";
+
+    ret = hal_security_auth_get_max_attempt(wrong_user_id, &max_attempt);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to get max attempt (" << ret << ")";
+
+    user_id = root_user;
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_NORMAL);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_reset_attempt(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to reset attempt (" << ret << ")";
+
+    ret = hal_security_auth_reset_attempt(wrong_user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to reset attempt (" << ret << ")";
+
+    ret = hal_security_auth_increment_attempt(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to increment attempt (" << ret << ")";
+
+    ret = hal_security_auth_increment_attempt(wrong_user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to increment attempt (" << ret << ")";
+
+    ret = hal_security_auth_get_attempt(user_id, &attempt);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get attempt (" << ret << ")";
+    EXPECT_EQ(attempt, increment_unit) << "Wrong attempt (" << attempt << ")";
+
+    ret = hal_security_auth_get_attempt(wrong_user_id, &attempt);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to get attempt (" << ret << ")";
+
+    ret = hal_security_auth_set_max_attempt(user_id, max_attempt_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set max attempt (" << ret << ")";
+
+    ret = hal_security_auth_set_max_attempt(wrong_user_id, max_attempt_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to set max attempt (" << ret << ")";
+
+    ret = hal_security_auth_get_max_attempt(user_id, &max_attempt);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get max attempt (" << ret << ")";
+    EXPECT_EQ(max_attempt, max_attempt_size) << "Wrong max attempt (" << max_attempt << ")";
+
+    ret = hal_security_auth_get_max_attempt(wrong_user_id, &max_attempt);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id to get max attempt (" << ret << ")";
+}
+
+TEST_F(SECURITY_AUTH, StatusParams)
+{
+    int ret;
+    uid_t user_id = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PIN);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_set_max_history_size(user_id, max_history_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set max history size (" << ret << ")";
+
+    ret = hal_security_auth_set_password(user_id, normal_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set password (" << ret << ")";
+
+    ret = hal_security_auth_is_password_active(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Wrong password active status (" << ret << ")";
+
+    ret = hal_security_auth_is_history_active(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Wrong history active status (" << ret << ")";
+
+    ret = hal_security_auth_is_history_active(wrong_user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id for history active status (" << ret << ")";
+
+    ret = hal_security_auth_is_password_reused(user_id, reused_normal);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Wrong to check password reused status for a previously-used one (" << ret << ")";
+
+    ret = hal_security_auth_is_password_reused(user_id, new_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_STATUS) << "Wrong password reused status for a new one (" << ret << ")";
+
+    ret = hal_security_auth_set_password(user_id,"");//null password is for inactive password status
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set password (" << ret << ")";
+
+    ret = hal_security_auth_is_password_active(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_STATUS) << "Wrong status for active password (" << ret << ")";
+
+    user_id = root_user;
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PIN);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    ret = hal_security_auth_set_max_history_size(user_id, max_history_size);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set max history size (" << ret << ")";
+
+    ret = hal_security_auth_set_password(user_id, normal_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set password (" << ret << ")";
+
+    ret = hal_security_auth_is_password_active(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Wrong password active status (" << ret << ")";
+
+    ret = hal_security_auth_is_history_active(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Wrong history active status (" << ret << ")";
+
+    ret = hal_security_auth_is_history_active(wrong_user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_INPUT_PARAM) << "Wrong user id for history active status (" << ret << ")";
+
+    ret = hal_security_auth_is_password_reused(user_id, reused_normal);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Wrong to check password reused status for a previously-used one (" << ret << ")";
+
+    ret = hal_security_auth_is_password_reused(user_id, new_password);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_STATUS) << "Wrong password reused status for a new one (" << ret << ")";
+
+    ret = hal_security_auth_set_password(user_id,"");//null password is for inactive password status
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set password (" << ret << ")";
+
+    ret = hal_security_auth_is_password_active(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_STATUS) << "Wrong status for active password (" << ret << ")";
+}
+
+TEST_F(SECURITY_AUTH, LimitationParams)
+{
+    int ret;
+    unsigned int expire_time_left_days = 10;
+    unsigned int expire_time_left_secs;
+    uid_t user_id = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+
+    hal_security_auth_password_type_e password_type;
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PATTERN);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    time_t curTime = time(NULL);
+	unsigned int validSecs = (curTime + (expire_time_left_days * 86400));
+
+    ret = hal_security_auth_set_expire_time_left(user_id,validSecs);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed : set expire_time_left (" << ret << ")";
+
+    unsigned int validLeftSecs = validSecs;
+    ret = hal_security_auth_get_expire_time_left(user_id,&expire_time_left_secs);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed : get expire_time_left (" << ret << ")";
+    EXPECT_EQ((validLeftSecs <= (expire_time_left_secs+curTime)) && (validLeftSecs <= (expire_time_left_secs+curTime+1)),true) << "Failed : get expire time left (" << expire_time_left_secs << "),"
+                                                                                                            << "(" << validLeftSecs << ")";
+
+    ret = hal_security_auth_check_expiration(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed : check expiration status (" << ret << ")";
+
+    ret = hal_security_auth_check_attempt_exceeded(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed : check to attempt exceeded status (" << ret << ")";
+    sleep(1);
+    ret = hal_security_auth_is_ignore_period(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_PASSWORD_RETRY_TIMER) << "Failed : ignore period status (" << ret << ")";
+
+    ret = hal_security_auth_get_password_type(user_id, &password_type);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get password type (" << ret << ")";
+    EXPECT_EQ(password_type, HAL_SECURITY_AUTH_PASSWORD_PATTERN) << "Failed : Wrong password type (" << password_type << ")";
+
+    ret = hal_security_auth_set_max_history_size(user_id, 0);//0 is for inactive history
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set max history size (" << ret << ")";
+
+    user_id = root_user;
+
+    ret = hal_security_auth_create_password_file(user_id, hal_security_auth_password_type_e::HAL_SECURITY_AUTH_PASSWORD_PATTERN);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to create password file for client (" << ret << ")";
+
+    curTime = time(NULL);
+	validSecs = (curTime + (expire_time_left_days * 86400));
+
+    ret = hal_security_auth_set_expire_time_left(user_id,validSecs);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed : set expire_time_left (" << ret << ")";
+
+    validLeftSecs = validSecs;
+    ret = hal_security_auth_get_expire_time_left(user_id,&expire_time_left_secs);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed : get expire_time_left (" << ret << ")";
+    EXPECT_EQ((validLeftSecs <= (expire_time_left_secs+curTime)) && (validLeftSecs <= (expire_time_left_secs+curTime+1)),true) << "Failed : get expire time left (" << expire_time_left_secs << "),"
+                                                                                                        << "(" << validLeftSecs << ")";
+
+    ret = hal_security_auth_check_expiration(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed : check expiration status (" << ret << ")";
+
+    ret = hal_security_auth_check_attempt_exceeded(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed : check to attempt exceeded status (" << ret << ")";
+    sleep(1);
+    ret = hal_security_auth_is_ignore_period(user_id);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_ERROR_PASSWORD_RETRY_TIMER) << "Failed : ignore period status (" << ret << ")";
+
+    ret = hal_security_auth_get_password_type(user_id, &password_type);
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to get password type (" << ret << ")";
+    EXPECT_EQ(password_type, HAL_SECURITY_AUTH_PASSWORD_PATTERN) << "Failed : Wrong password type (" << password_type << ")";
+
+    ret = hal_security_auth_set_max_history_size(user_id, 0);//0 is for inactive history
+    EXPECT_EQ(ret, AUTH_PASSWD_API_SUCCESS) << "Failed to set max history size (" << ret << ")";
+}
\ No newline at end of file
diff --git a/include/hal-security-auth-error.h b/include/hal-security-auth-error.h
new file mode 100644
index 0000000..f32e711
--- /dev/null
+++ b/include/hal-security-auth-error.h
@@ -0,0 +1,103 @@
+/*
+ *  Authentication password
+ *
+ *  Copyright (c) 2000 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Contact: Jooseong Lee <jooseong.lee@samsung.com>
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ *
+ */
+
+#ifndef AUTH_PASSWD_ERROR_H
+#define AUTH_PASSWD_ERROR_H
+
+/**
+ * \name Return Codes
+ * exported by the foundation API.
+ * result codes begin with the start error code and extend into negative direction.
+ * @{
+*/
+#define AUTH_PASSWD_API_SUCCESS 0
+
+/*! \brief   indicating the result of the one specific API is successful */
+#define AUTH_PASSWD_API_ERROR_SOCKET -1
+
+/*! \brief   indicating the API's input parameter is malformed */
+#define AUTH_PASSWD_API_ERROR_INPUT_PARAM -2
+
+/*! \brief   indicating system  is running out of memory state */
+#define AUTH_PASSWD_API_ERROR_OUT_OF_MEMORY -3
+
+/*! \brief   indicating the output buffer size which is passed as parameter is too small */
+#define AUTH_PASSWD_API_ERROR_BUFFER_TOO_SMALL -4
+
+/*! \brief   indicating Authenticaton Server has been failed for some reason */
+#define AUTH_PASSWD_API_ERROR_SERVER_ERROR -5
+
+/*! \brief   indicating the access has been denied by Authetnication Server */
+#define AUTH_PASSWD_API_ERROR_ACCESS_DENIED -6
+
+/*! \brief   indicating there is no user */
+#define AUTH_PASSWD_API_ERROR_NO_USER -8
+
+/*! \brief   indicating there is no password set */
+#define AUTH_PASSWD_API_ERROR_NO_PASSWORD -9
+
+/*! \brief   indicating password exists in system */
+#define AUTH_PASSWD_API_ERROR_PASSWORD_EXIST -11
+
+/*! \brief   indicating password mismatch */
+#define AUTH_PASSWD_API_ERROR_PASSWORD_MISMATCH -12
+
+/*! \brief   indicating password retry timeout has not yet occurred */
+#define AUTH_PASSWD_API_ERROR_PASSWORD_RETRY_TIMER -13
+
+/*! \brief   indicating no more attempts are possible */
+#define AUTH_PASSWD_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED -14
+
+/*! \brief   indicating password is expired */
+#define AUTH_PASSWD_API_ERROR_PASSWORD_EXPIRED -15
+
+/*! \brief   indicating password is reused */
+#define AUTH_PASSWD_API_ERROR_PASSWORD_REUSED -16
+
+/*! \brief   indicating password does not meet password min length policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_MIN_LENGTH -18
+
+/*! \brief   indicating password does not meet min complex character number policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_MIN_COMPLEX_CHAR_NUM -19
+
+/*! \brief   indicating password does not meet max character occurences policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_MAX_CHAR_OCCURENCES -20
+
+/*! \brief   indicating password does not meet max number sequence length policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_MAX_NUM_SEQ_LENGTH -21
+
+/*! \brief   indicating password does not meet forbidden passwords policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_FORBIDDEN_PASSWORDS -22
+
+/*! \brief   indicating password does not meet quality type policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_QUALITY_TYPE -23
+
+/*! \brief   indicating password does not meet pattern policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_PATTERN -24
+
+/*! \brief   indicating status does not meet the required condition or threshold */
+#define AUTH_PASSWD_API_ERROR_STATUS -25
+
+/*! \brief   indicating the error with unknown reason */
+#define AUTH_PASSWD_API_ERROR_UNKNOWN -255
+/** @}*/
+
+#endif
diff --git a/packaging/hal-api-security.spec b/packaging/hal-api-security.spec
index 89c9b84..d2f02a2 100644
--- a/packaging/hal-api-security.spec
+++ b/packaging/hal-api-security.spec
@@ -32,6 +32,7 @@ Summary:        %{name} tests
 Group:          Development/Libraries
 Requires:       %{name} = %{version}-%{release}
 BuildRequires: pkgconfig(capi-system-info)
+BuildRequires: pkgconfig(libtzplatform-config)
 BuildRequires: pkgconfig(gmock)
 
 %description -n %{name}-haltests