[platform/core/security/ode.git] / lib / ode / internal-encryption.h

/*
 *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License
 */

#ifndef __CAPI_ODE_INTERNAL_ENCRYPTION_H__
#define __CAPI_ODE_INTERNAL_ENCRYPTION_H__

#include <ode/common.h>

/**
 * @file internal-encryption.h
 * @brief This file provides APIs to manage the encryption of internal storage.
 */

#ifdef __cplusplus
extern "C" {
#endif

/**
 * @brief       Mount internal storage with encryption by given password.
 * @details     Administrator can use this API to mount encrypted internal
 *              storage.
 * @since_tizen 3.0
 * @param[in]   password The password to mount internal storage
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_KEY_REJECTED Password doen't match
 * @retval      #ODE_ERROR_NO_SUCH_FILE No such file or directory
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @pre         The password must match with what is set by
 *              ode_internal_encryption_init_password().
 * @see         ode_internal_encryption_encrypt()
 * @see         ode_internal_encryption_umount()
 */
ODE_API int ode_internal_encryption_mount(const char* password);

/**
 * @brief       Umount internal storage
 * @details     Administrator can use this API to unmount internal storage.
 * @since_tizen 3.0
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_NO_SUCH_FILE No such file or directory
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_internal_encryption_mount()
 */
ODE_API int ode_internal_encryption_umount();

/**
 * @brief       Encrypt internal storage by given password.
 * @details     Administrator can use this API to encrypt internal storage.
 * @since_tizen 3.0
 * @param[in]   password The password to encrypt internal storage
 * @param[in]   options Encryption options
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_KEY_REJECTED Password doen't match
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 * @retval      #ODE_ERROR_NOT_SUPPORTED Given options are not supported
 *              the privilege to call this API
 * @pre         The password must match with what is set by
 *              ode_internal_encryption_init_password().
 * @see         ode_internal_encryption_mount()
 * @see         ode_internal_encryption_decrypt()
 * @see         ode_internal_encryption_get_supported_options()
 */
ODE_API int ode_internal_encryption_encrypt(const char* password, unsigned int options);

/**
 * @brief       Decrypt internal storage by given password.
 * @details     Administrator can use this API to decrypt internal storage.
 * @since_tizen 3.0
 * @param[in]   password The password to decrypt internal storage
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_KEY_REJECTED Password doen't match
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @pre         The password must match with what is set by
 *              ode_internal_encryption_init_password().
 * @see         ode_internal_encryption_encrypt()
 */
ODE_API int ode_internal_encryption_decrypt(const char* password);

/**
 * @brief       Checks whether the internal encryption password was created
 * @details     Administrator can use this API to check if the password that
                will be used for internal storage encryption/decryption
                exists.
 * @since_tizen 3.0
 * @param[out]  result Whether encryption password was created
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_internal_encryption_init_password()
 * @see         ode_internal_encryption_clean_password()
 */
ODE_API int ode_internal_encryption_is_password_initialized(bool* result);

/**
 * @brief       Initialize internal encryption password to given password
 * @details     Administrator can use this API to set new password that will be
                used for internal storage encryption/decryption.
 * @since_tizen 3.0
 * @param[in]   password The password to set
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_internal_encryption_change_password()
 * @see         ode_internal_encryption_clean_password()
 * @see         ode_internal_encryption_encrypt()
 * @see         ode_internal_encryption_decrypt()
 * @see         ode_internal_encryption_mount()
 */
ODE_API int ode_internal_encryption_init_password(const char* password);

/**
 * @brief       Remove internal encryption password
 * @details     Administrator can use this API to delete password that was set
                by ode_internal_encryption_init_password().
 * @since_tizen 3.0
 * @param[in]   password The password to delete
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_KEY_REJECTED old_password doen't match
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @pre         The password must match with what is set by
 *              ode_internal_encryption_init_password().
 * @see         ode_internal_encryption_init_password()
 */
ODE_API int ode_internal_encryption_clean_password(const char* password);

/**
 * @brief       Change the password for internal storage.
 * @details     Administrator can use this API to change password for internal
 *              storage.
 * @since_tizen 3.0
 * @param[in]   old_password Current password of internal storage
 * @param[in]   new_password The password to use newly for internal storage
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_KEY_REJECTED old_password doen't match
 * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @pre         Old password must match with what is set by
 *              ode_internal_encryption_init_password().
 * @see         ode_internal_encryption_init_password()
 */
ODE_API int ode_internal_encryption_change_password(const char* old_password,
                                                                                                        const char* new_password);

/**
 * @brief       Verify if given password is internal encryption password.
 * @details     Administrator can use this API to find if a password is used
                by internal encryption
 * @since_tizen 3.0
 * @param[in]   password The password to be verified
 * @param[out]  result The result of verification
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @pre         The password must match with what is set by
 *              ode_internal_encryption_init_password().
 * @see         ode_internal_encryption_init_password()
 * @see         ode_internal_encryption_change_password()
 */
ODE_API int ode_internal_encryption_verify_password(const char* password, bool* result);

/**
 * @brief       Get current encryption state of internal storage.
 * @details     Administrator can use this API to get current encryption state
 *              of internal storage.
 * @since_tizen 3.0
 * @param[out]  state The encryption state of internal storage
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_internal_encryption_encrypt()
 * @see         ode_internal_encryption_decrypt()
 */
ODE_API int ode_internal_encryption_get_state(int* state);

/*
 * @brief       Enumeration for internal encryption options
 * @since_tizen 3.0
 */
typedef enum {
        ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION  = 1 << 0, /**< Encrypt all include unused region  */
} ode_options_internal_e;

/**
 * @brief       Get supported options for encryption of internal storage.
 * @details     Administrator can use this API to get which options are
                supported for encryption of external storage.
 * @since_tizen 3.0
 * @param[out]  option The logical OR of supported options in internal storage
 * @return      #ODE_ERROR_NONE on success, otherwise a negative value
 * @retval      #ODE_ERROR_NONE Successful
 * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
 * @retval      #ODE_ERROR_TIMED_OUT Time out
 * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
 *              the privilege to call this API
 * @see         ode_internal_encryption_encrypt()
 */
ODE_API int ode_internal_encryption_get_supported_options(unsigned int* options);

/*
 * @}
 */

#ifdef __cplusplus
}
#endif

#endif /* __CAPI_ODE_INTERNAL_ENCRYPTION_H__ */