Commit Graph

14 Commits

Author SHA1 Message Date
Brian Carlstrom
4d51522f5f Add keychain user with special keystore access permissions
Change-Id: I02fe5171add62c5cd9f57b01bc137f3bc1cb3a69
2011-04-08 14:06:39 -07:00
Chia-chi Yeh
ae17a37d2d KeyStore: Update the parameters of generating master keys.
To improve the security, the parameters to generate the master key has
been changed. Special cares has been taken to prevent from permanent
damages of the existing data during the transition process.

Change-Id: I0c93f3de28a9fcd314932675ccfb65a7f11fa3ff
2010-10-01 01:42:55 +08:00
Chia-chi Yeh
857edec1a2 KeyStore: Initialize IV correctly.
Change-Id: Idbf207dfcc11b92e606cbf4fd3732ed7a8aa3416
2010-09-30 17:28:01 +08:00
Chia-chi Yeh
e3bc023471 keystore: add AID_ROOT into the user table.
Change-Id: I4b9cf24d75ca79583d7913bbb2c33745a2316cde
2010-03-09 09:44:07 +08:00
Chia-chi Yeh
b78679e18d keystore: compute the padding in an intuitive way. 2009-12-30 10:38:39 +08:00
Chia-chi Yeh
ced66258e1 keystore: Add paddings before checksumming.
Also fix a file descriptor leak when file system is nearly full.

Bug: 2339184
2009-12-22 17:26:42 +08:00
Chia-chi Yeh
1cdc2a4b81 keystore: rename scan() to saw(). 2009-09-22 02:57:52 +08:00
Chia-chi Yeh
dd2a71eebc keystore: enable delete(), scan(), exist() when keystore is locked.
Also check end-of-file explicitly.
2009-09-21 11:36:33 +08:00
Chia-chi Yeh
2f3b2a5aa6 keystore: switch to multi-user version. 2009-09-18 17:23:53 +08:00
Chia-chi Yeh
4cff21f21b keystore: add multi-user support.
Change-Id: I60268261110934a1d60efa341ff530f94415724f
2009-09-18 11:49:55 +08:00
Chung-yih Wang
c186c66a29 Implement the generic mini-keystore for security.
1. We will progressively migrate to this implementation.
2. For richc to have a quick review on the keymgmt part.
3. Add remove_key and make sure all functions are working.
4. Add permission check for get operation.
5. Return the retry count if unlock failed.
6. Add the reset operation for keystore reset.
7. Add the putfile shell command for putting the key value from file.
8. Fix the boundary issue during parsing command.
9. Use the ' ' as delimiter and reset the reply structure for each request.
10. Add change password retry count check.
11. Extract the read_marshal/write_marshal for certtool.h.
12. Remove the old implementation.
2009-07-02 14:08:20 +08:00
Chung-yih Wang
4c40420cd2 Change the keystore APIs.
1. simplify the keypair selection in UI.
2. add the user certificate and key into the keystore for keygen feature.
2009-06-17 14:32:05 +08:00
Chung-yih Wang
8fcbada742 Provide the Keystore feature in the framework.
-- added the keystore library for Java application.
-- changed the marshalling of the keystore function return.
2009-06-11 17:28:40 +08:00
Chung-yih Wang
a92d5dc0f6 First version of the keystore service.
The keystore service is protected by the user 'keystore'. Only keystore
user/group can access the key content. All users are able to do the
following commands from shell as well:
  listcerts
  listuserkeys
  installcert
  removecert
  installuserkey
  removeuserkey
2009-06-08 16:34:54 +08:00