Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only * Added contribution guidelines * Remove useless files * Fix landlock path for yara rules * Be more verbose about Landlock yara path * Update dependencies + set production mode * Bump version to 2.1 * Start implementing PKI restoration * Bump packages version * Check root certificates and station certificate signatures * Check root certificates and station certificate signatures * Bump ed25519-dalek to 2.x series * Fix some rustc + clippy warnings * Update lints for private_in_public changes * Bump keysas-admin dependencies * Bump keysas-backend dependencies * Bump nix crate * Bump global Keysas version * Bump ssh-rs to latest version * Fix timeout duration + Bump ed25519 version * Rename keysas-udev to keysas-io * Force ssh-rs version to prevent fallback to 0.3.2 * Temporary patch ed25519-dalek for signature crate conflict * Bump ed25519-dalek to v2 * Add current user to plugdev group * Bump yara crate * Bump tempfile and flexi_logger * House keeping: remove comments * Remove useless crate * Bump yubico-manager with custom updated version * Fix udev configuration related documentation * Add keysas user creation/deletion when not using pre-built Debian image * Fix udev configuration related documentation * Remove prehashed to verify signatures * Bugfix: use ca to verify signatures + force strict verification * Force strict signature verification * Remove prehashed to verify signatures * Remove prehashed to verify signatures + use strict signature verifications * Add test_save_and_load_hybrid_signature test * Bugfix: use ca to verify signatures for Dilithium * Cleaning up println * Add application verification test for Dilithium * Remove false comment in fn * Bump tempfile crate * Update check_restore_pki signature + async * Be more verbose while verifying signatures * Add check_restore_pki fonction * Add more comments forfunction cjeck_restore_pki * Bump npm dependencies * Bump dependencies * Add uded rule + group instructions * Bump ssh-rs * Bump npm dependencies + show keysas reports * Fix typos in readme * Add source env for rustup * Fix private_bounds pragma * Fix home install for keysas * Remove private-interface pragma * Fix ascii art * Update wizard fr * Fix typo in wizard fr * Bump version to 2.2 * Add clock_gettime syscall * Ignore .filepart as requested by a user * Typo fix * Revert .filepart ignoring and add this feature to a dedicated branch * Bump userdoc to v2.2 * Add mkfs instructions * Ignore unsupported operations by miri * Improve UX in home page * Housekeeping + UX * Housekeeping + UX * UX and design improvement * UX and design improvement * Fix uncorrect/misleading comment * Bump syscallz and landlock crates * Update default method but stay on ABI V2 for now * landlock: restrict sas_in directory with ReadFile, RemoveFile and RemoveDir * Landlock: Add ReadDir attr to be able to read the dir content * Landlock: Remove wrong comment on ABI version * Fix Landlock RO + unlink sas_in + UX (#50) * Fix clippy warning for String * Update dependencies * Bump dependencies * Bump dependencies * Remove / update error module * Bump version to v2.3 * Update UX * Update SDPX headers * Fix missing variable in flush() * Firewall: addition of installer for minifilter (#51) * USB Filter: add USB filter in add event * Added USB descriptor query * USB Firewall: started installer setup * USB Filter: improved usb device inspection * Created installer for windows daemon and filter * Created installer with Innosetup * Rename minifilter project * Started preparation for Linux port * Applied Clippy and cargo fmt * Keysas Service: added taury app to installer * Firewall: improved readmes * Bump various crates * Set compat level for Landlock * Print json report to logs * Add non camel case types * Remove update headers * Remove patch & switch to ed25519-dalek v2.1 * Update SDPX * Update npm dependencies * Update installation dependencies * Add Todo list * Update release and changlog * Bump Tauri dependencies * Bump regex crate * Bump dependencies * Update documentation about StreamMaxLength * Update documentation for udev and keysas-admin * Bump dependencies * npm update and audit fix * Fix clippy warnings * Remove loopdev patch * Remove dead code + allow non camel case types * Add truncate open to true * Bump dependencies * Fix clippy warnings * Update link to download on github * Bump npm dependencies * Update EN translation on AppWizard-en.vue & fix typo on AppWizard-fr.vue * Bump dependencies * Bump simple_logger * Bump dependencies + change pubkey for keysas-admin * Remove tarpaulin for warnings * Remove duplicated attributes * Bump user documentation version * Bump version in about view --------- Co-authored-by: Luc <[email protected]> Co-authored-by: lb-anssi <[email protected]>
- Loading branch information
3 people
authored
Jun 19, 2024
1 parent
a6b8a6a
commit 08c4420