Add recovery APIs to use when there is something wrong with encryption

[platform/core/security/ode.git] / lib / ode / external-encryption.h

/*
 *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License
 */

#ifndef __CAPI_ODE_EXTERNAL_ENCRYPTION_H__
#define __CAPI_ODE_EXTERNAL_ENCRYPTION_H__

#include <ode/common.h>

/**
 * @file external-encryption.h
 * @brief This file provides APIs to manage the encryption of external storage
 *        such as SD card.
 */

#ifdef __cplusplus
extern "C" {
#endif

/**
 * @brief       Mount external storage with encryption by given password.
 * @details     Administrator can use this API to mount encrypted external
 *              storage.
 * @since_tizen 3.0
 * @param[in]   password The password to mount external storage
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_KEY_REJECTED Password doen't match
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @pre         The password must match with what is set by
 *              ode_external_encryption_init_password().
 * @see         ode_external_encryption_encrypt()
 * @see         ode_external_encryption_umount()
 */
ODE_API int ode_external_encryption_mount(const char* password);

/**
 * @brief       Umount external storage
 * @details     Administrator can use this API to unmount external storage.
 * @since_tizen 3.0
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_external_encryption_mount()
 */
ODE_API int ode_external_encryption_umount();

/**
 * @brief       Encrypt external storage by given password.
 * @details     Administrator can use this API to encrypt external storage.
 * @since_tizen 3.0
 * @param[in]   password The password to encrypt external storage
 * @param[in]   options Encryption options
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_KEY_REJECTED Password doen't match
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 * @retval      #ODE_ERROR_NOT_SUPPORTED Given options are not supported
 *              the privilege to call this API
 * @see         ode_external_encryption_mount()
 * @see         ode_external_encryption_decrypt()
 * @see         ode_external_encryption_get_supported_options()
 */
ODE_API int ode_external_encryption_encrypt(const char* password, unsigned int options);

/**
 * @brief       Decrypt external storage by given password.
 * @details     Administrator can use this API to decrypt external storage.
 * @since_tizen 3.0
 * @param[in]   password The password to decrypt external storage
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_KEY_REJECTED Password doen't match
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @pre         The password must match with what is set by
 *              ode_external_encryption_init_password().
 * @see         ode_external_encryption_encrypt()
 */
ODE_API int ode_external_encryption_decrypt(const char* password);

/**
 * @brief       Recovery external encryption when there is something wrong.
 * @details     Administrator can use this API to recovery encrypted external
 *              storage when the password is missing or the encryption is
 *              corrupted. Note that this API will be erase all the contents
 *              in external storage.
 * @since_tizen 3.0
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_external_encryption_encrypt()
 */
ODE_API int ode_external_encryption_recovery();

/**
 * @brief       Checks whether the external encryption password was created
 * @details     Administrator can use this API to check if the password that
                will be used for external storage encryption/decryption
                exists.
 * @since_tizen 3.0
 * @param[out]  result Whether encryption password was created
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_external_encryption_init_password()
 * @see         ode_external_encryption_clean_password()
 */
ODE_API int ode_external_encryption_is_password_initialized(bool* result);

/**
 * @brief       Initialize external encryption password to given password
 * @details     Administrator can use this API to set new password that will be
                used for external storage encryption/decryption.
 * @since_tizen 3.0
 * @param[in]   password The password to set
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_external_encryption_change_password()
 * @see         ode_external_encryption_clean_password()
 * @see         ode_external_encryption_encrypt()
 * @see         ode_external_encryption_decrypt()
 * @see         ode_external_encryption_mount()
 */
ODE_API int ode_external_encryption_init_password(const char* password);

/**
 * @brief       Remove external encryption password
 * @details     Administrator can use this API to delete password that was set
                by ode_external_encryption_init_password().
 * @since_tizen 3.0
 * @param[in]   password The password to delete
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_KEY_REJECTED old_password doen't match
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @pre         The password must match with what is set by
 *              ode_external_encryption_init_password().
 * @see         ode_external_encryption_init_password()
 */
ODE_API int ode_external_encryption_clean_password(const char* password);

/**
 * @brief       Change the password for external storage.
 * @details     Administrator can use this API to change password for external
 *              storage.
 * @since_tizen 3.0
 * @param[in]   old_password Current password of external storage
 * @param[in]   new_password The password to use newly for external storage
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_KEY_REJECTED old_password doen't match
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @pre         The password must match with what is set by
 *              ode_external_encryption_init_password().
 * @see         ode_external_encryption_encrypt()
 */
ODE_API int ode_external_encryption_change_password(const char* old_password,
                                                                                                        const char* new_password);

/**
 * @brief       Verify if given password is external encryption password.
 * @details     Administrator can use this API to find if a password is used
                by external encryption
 * @since_tizen 3.0
 * @param[int]  password The password to be verified
 * @param[out]  result The result of verification
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @pre         The password must match with what is set by
 *              ode_external_encryption_init_password().
 * @see         ode_external_encryption_encrypt()
 */
ODE_API int ode_external_encryption_verify_password(const char* password, bool* result);

/**
 * @brief       Get current encryption state of external storage.
 * @details     Administrator can use this API to get current encryption state
 *              of external storage.
 * @since_tizen 3.0
 * @param[out]  state The encryption state of external storage
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_external_encryption_encrypt()
 * @see         ode_external_encryption_decrypt()
 */
ODE_API int ode_external_encryption_get_state(int* state);

/*
 * @brief       Enumeration for external encryption options
 * @since_tizen 3.0
 */
typedef enum {
    ODE_OPTION_EXTERNAL_ONLY_NEW_FILE  = 1 << 0, /**< Encrypt new files only  */
    ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE  = 1 << 1, /**< Encrypt non-media files only */
} ode_options_external_e;

/**
 * @brief       Get supported options for encryption of external storage.
 * @details     Administrator can use this API to get which options are
                                supported for encryption of external storage.
 * @since_tizen 3.0
 * @param[out]  option The logical OR of supported options in external storage
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_external_encryption_encrypt()
 */
ODE_API int ode_external_encryption_get_supported_options(unsigned int* options);

/**
 * @}
 */

#ifdef __cplusplus
}
#endif

#endif /* __CAPI_ODE_EXTERNAL_ENCRYPTION_H__ */