Develop to main #37
Merged
Develop to main #37
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Owner
r3dlight
commented
Jul 31, 2023
r3dlight
commented
- Add latest Keysas-firewall sources
- Patch security.conf for keysas-transit (fix Problème lors de l'installation (mode station blanche) #34)
- Update documentation
- Bump version
PKI refactoring Clippy improvements
Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency
* Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign
* Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI
* Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup
* Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]>
lb-anssi
approved these changes
Jul 31, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.