Develop to main (#26)

* Improved cert generation from csr

* Documentation addition

* Propagated API change to admin

* X509: PKI code refactoring (clippy, doc)

PKI refactoring

Clippy improvements

* Addition of hybrid keypair loading

* Passed cargo fmt

* X509: Fix Github CI workflow

Update rust.yml (#18)

Fixed github workflow

Github CI: added libsoup

Github CI: changed libsoup version

Github worflow: fixed typo in dependencies

Github workflow: added javascript dependency

Github workflow: added webkit dependency

* X509: fix keysas-out use of PKI

* Enrolment: Generate private keys on the station
* Rework of private key generation in keysas-sign to use the utility
functions in the PKI crate.
* Added oqs initialisation to all function in PKI crate
* Cleanup cargo manifest in keysas-sign

* Enrolment: Added certificate saving to keysas-sign
* Fixe of save function in keysas-sign
* WIP - Addition of certificate validation in PKI

* Keysas-admin: added station enrolment
* Implementation of station enrolment in admin
* Fix generate signing keys in station
* Fix Rdn generation
* General code cleanup

* Addition of tauri dist directory

* File signing: keysas-sign code cleanup and doc

* File signing: added tests and doc

* Cleaning up the code

* Add SDPX headers + remove feature

* Format

* Validate hybrid signature from certs

* oqs: use only dilithium feature

* Remove minisign crate

* Feature became stable

* Add usb signing functions

* Remove tauri plugin store

* Add libs for signing device

* Start modifying keysas-admin to locally sign usb devices

* Fix overflowing serial number

* Bump version to 0.2.0

* Bump version to 0.2.0

* Serial are now arrays of 20 bytes

* Update deps + improve pki creation

* Add USB device hybrid signing functionnality

* Add delete keysas station function

* Display the PKI information:
  - Add Serialize to CertificateField;
  - UX improvement.

* Update home + improve UX

* Add Revoke USB device

* Add check for PKI password length

* Rename few componants

* Bump version

* Check that country is < 2 chars long

* Bump version

* Improve UX

* Improve HELP for adding a station

* Rename componant AddForm into AddStation

* Fox is_alive to be async

* Update comments

* Remove std features for oqs

* Remove pretty format for digest computation

* Windows: Initial commit for the driver

* Added simple communication between driver and app

* Windows: restructured project
* Separation of the user space app in a daemon with admin level and GUI
* Separation of the driver in smaller modules
* Started the addition of context support in the driver
* Improved the communication between the driver and the daemon

* Improved context management

* Implemented file validation by the user

* Improved list of create call filtered

* Started file validation

* Run analysis on driver and initialized tray app

* Continued file verification

* Validated file reports

* Added first window to tray app

* Cleaned driver and service code

* Update windows GUI

* Fixed dalek version

* Update keysas-lib dependencies versions

* Renamed USB firewall folder

* Fix function signatures + tests

* BEGIN: Fixing frontend for reading reports

* Fix bind_and_sign() tests and set the signature optional if keys are not found

* Fix const paths bugs

* handle ws upgrade

* handle ws upgrade

* Fix paths for PKI creation

* Update some logs + stay async as much as possible

* Fix GNU/Linux paths for key generation

* Fix stations online status

* UX: color update on homepage + remove useless method

* Set some functions in async mode

* Print some feedback to final user while creating a new PKI

* Clear the password as soon as used

* Downgrade time crate to match tauri pinning :(

* Update deprecated method add to insert

* Add tests file

* Import mod tests

* Add new empty arg to match signature

* Add dev-dependencies + update yara

* Downgrade logger crate to match tauri pinning :(

* Change const paths for windows

* Bump tungstenite crate

* Tests fix (#25)

* Fix bind_and_sign() tests and set the signature optional if keys are not found

* Fix const paths bugs

* handle ws upgrade

* handle ws upgrade

* Fix paths for PKI creation

* Update some logs + stay async as much as possible

* Fix GNU/Linux paths for key generation

* Fix stations online status

* UX: color update on homepage + remove useless method

* Set some functions in async mode

* Print some feedback to final user while creating a new PKI

* Clear the password as soon as used

* Downgrade time crate to match tauri pinning :(

* Update deprecated method add to insert

* Add tests file

* Import mod tests

* Add new empty arg to match signature

* Add dev-dependencies + update yara

* Downgrade logger crate to match tauri pinning :(

* Change const paths for windows

* Bump tungstenite crate

* Bump criterion

* Update windows pzaths and clean useless fn

* cargo fmt

* Add delete PKI functionnality

* Handle errors when cannot parse signature

* Install sudoers config for keysas-admin

* Update install/uninstall scripts with sudoers config

* Restart keysas instead of keysas-out (socket broken)

* Remove useless import

* remove old diode paths

* Fix some clippy warnings

* Update log message

* Add base64 + bump some crates

* Get the signature size and decode both signatures

* Add some debug logs

* Bump simple logger crate

* Clean up useless fn

* Fix: remove unwanted b64 decode

* Handle bad password error in UX

* Update installation process for Tauri

* UX: add some verbosity for admin

* Update readme

* Remove std feature for Windows

* Rename component to keysas

* Update dependencies

* Rename component to keysas in App

* Start rewriting wizard-fr

* Temporary removing rejected files

* Update Help/Quick start procedure

* Update id tag

* Add const for paths and update ip parsing

* Fix ipaddr for eth|enp style

* Remove useless comment

* Fix install/uninstall binaries

* Fix install/uninstall binaries: restart clamd

* Switch to Bookworm install

* Fix install of sudo rules

* Update rust.yml

- Freeze toolchain for loopdev

* Temporary patching devloop til the next release

* Switch back to nightly toolchain

* Update README with nightly toolchain installation

* Bump ubuntu pkg to libyara9

* Removing workflow for now: Ubuntu kinetic not supported

* Removing workflow for now: Ubuntu kinetic not supported

---------

Co-authored-by: lb-anssi <[email protected]>
Co-authored-by: lb-anssi <[email protected]>

.github/workflows/rust.yml → .github/workflows/.rust.yml.save

@@ -24,7 +24,28 @@ jobs:
     - run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }}
     - run: |
         sudo apt-get update -yq
-        sudo apt -y install libyara-dev libyara8 wget make lsb-release software-properties-common libseccomp-dev pkg-config git bash libudev-dev cmake
+        sudo apt -y install \
+          build-essential \
+          curl \
+          wget \
+          libssl-dev \
+          libgtk-3-dev \
+          libayatana-appindicator3-dev \
+          librsvg2-dev \
+          libyara-dev \
+          libyara9 \
+          make \
+          lsb-release \
+          software-properties-common \
+          libseccomp-dev \
+          pkg-config \
+          git \
+          bash \
+          libudev-dev \
+          cmake \
+          libsoup2.4-dev \
+          libjavascriptcoregtk-4.0-dev \
+          libwebkit2gtk-4.0-dev
     - run: sudo bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)"
     - name: Build
       run: cargo build --verbose

.gitignore

@@ -12,7 +12,42 @@ keysas-frontend/dist
 keysas-frontend/.vscode
 keysas-admin/node_modules
 keysas-admin/src-tauri/target
-keysas-admin/dist
 keysas-admin/.vscode
 keysas-admin/.keysas.dat
 keysas-admin/src-tauri/.keysas.dat
+.vscode
+.vs/
+x64/
+x86/
+sdv/
+minifilterx64/
+.vscode/c_cpp_properties.json
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+keysas-usbfilter/minifilter/runsdvui.cmd
+keysas-usbfilter/minifilter/SDV-default.xml
+keysas-usbfilter/minifilter/sdv-user.sdv
+keysas-usbfilter/minifilter/smvstats.txt
+keysas-usbfilter/tray-app/package-lock.json

Cargo.toml

@@ -7,4 +7,13 @@ members = [
     "keysas-sign/",
     "keysas-fido/",
     "keysas_lib/",
+    "keysas-admin/src-tauri"
 ]
+
+exclude = [
+    "keysas-usbfilter"
+]
+
+[patch.crates-io.loopdev]
+git = "https://github.com/mulkieran/loopdev"
+branch = "bump-bindgen-reduce-version"

README.md

@@ -2,9 +2,7 @@
 <img  src ="img/logo-keysas-github.png"  alt="Keysas"  width=300px/>
 </div>
 
-# USB virus cleaning station (WIP)
-
-Warning: This is only a work in progress for now.
+# USB virus cleaning station
 
 # Main features
 - Retrieve untrusted files from USB (via keysas-io) or over the network
@@ -41,24 +39,22 @@ Files are passed between daemons as raw file descriptors and using abstract sock
  - Keysas-fido: Manage Yubikeys 5 enrollment
  - Keysas-backend: Create a websocket server to send different json values to the keysas-frontend
  - Keysas-frontend: Readonly VueJS3 Frontend for the final user
- - Keysas-admin: Desktop application for managing several Keysas stations (Tauri + VueJS3). It also provides a PKI to sign USB outgoing devices, sign certificat signing reqests (csr) from Keysas stations.
+ - Keysas-admin: Desktop application for managing several Keysas stations (Tauri + VueJS). It also provides an hybrid post-quantum PKI to sign USB outgoing devices, sign certificat signing reqests (csr) from Keysas stations.
 
 ## Installation
 
-On Debian stable:
+On Debian stable (Bookwoom):
 ```
-echo "deb http://deb.debian.org/debian bullseye-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list
-apt-get update -yq
-apt -qy -t bullseye-backports install libyara-dev libyara9
-apt-get install -y wget cmake make lsb-release software-properties-common libseccomp-dev clamav-daemon clamav-freshclam pkg-config git bash libudev-dev
+apt -qy install -y libyara-dev libyara9 wget cmake make lsb-release software-properties-common libseccomp-dev clamav-daemon clamav-freshclam pkg-config git bash libudev-dev libwebkit2gtk-4.0-dev build-essential curl wget libssl-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev
 bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)"
 curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain nightly -y
 git clone --depth=1 https://github.com/r3dlight/keysas && cd keysas
+rustup default nightly
 make help
 make build
 make install
 ```
 ## User documentation
 
-User documentation can be found here : [https://keysas.fr](https://keysas.fr)
+User documentation (outdated for now) can be found here : [https://keysas.fr](https://keysas.fr)
 

keysas-admin/dist/assets/AboutView-5b0396ce.css

@@ -0,0 +1 @@
+h3{font-weight:700;color:#fff;font-size:20px}