Skip to content

Latest commit

 

History

History
790 lines (615 loc) · 69.8 KB

CHANGELOG.md

File metadata and controls

790 lines (615 loc) · 69.8 KB

Changelog

Full Changelog

Closed issues:

  • Parsec 1.1 fails to build with meta-security master branch #663

1.2.0-rc1 (2023-03-21)

Full Changelog

Closed issues:

  • Parsec fails to compile for arm32 #647

Merged pull requests:

1.1.0 (2022-09-29)

Full Changelog

Merged pull requests:

1.1.0-rc2 (2022-09-13)

Full Changelog

Merged pull requests:

1.1.0-rc1 (2022-09-07)

Full Changelog

Implemented enhancements:

  • Update PKCS11 dependency #604
  • Allow binary PIN values for PKCS11 providers #603
  • Implement get_random in the PKCS11 provider #594
  • Implement get_random in TPM provider #593
  • Create script for Quickstart package #534
  • Recognise a PKCS11 hardware token with its serial number instead of slot number #481
  • Implement configurable exclusion of deprecated primitives #119

Fixed bugs:

  • RSA padding oracle issue #619
  • PKCS11 provider serial_number configuration #615
  • Export of public EC key fails with PKCS#11 back-end on NXP Layerscape #599
  • Wrong permissions on KIM files #598
  • Send back PsaErrorInvalidPadding when needed #620 (ionut-arm)

Security fixes:

  • Update Spiffe dependency #602

Closed issues:

  • Add key persistence tests for TS provider #568
  • Create stability tests for SQLite KIM #519
  • Change default socket path for E2E tests #463

Merged pull requests:

1.0.0 (2022-03-30)

Full Changelog

Security fixes:

  • RUSTSEC-2022-0013 #587

Merged pull requests:

1.0.0-rc3 (2022-03-21)

Full Changelog

Fixed bugs:

  • Cargo audit failing #544

Merged pull requests:

1.0.0-rc2 (2022-03-02)

Full Changelog

Implemented enhancements:

Closed issues:

  • Update the Parsec Book to include SQLiteKeyInfoManager #532

1.0.0-rc1 (2022-02-16)

Full Changelog

Implemented enhancements:

  • parsec.service hardening #569
  • Implement CryptoCanDo for the Trusted Services and Mbed Crypto providers #543
  • Implement CryptoCanDo for TPM provider #542
  • Refactor the PKCS11 CryptoCanDo implementation #541
  • Implement ActivateCredential key attestation #539
  • Making the SQLiteKIM the default #531
  • Create a new KeyInfoManager based on SQLite #424
  • Add support for other cryptographic services in the Trusted Service provider #341
  • Add system emulation tests for TS provider #304
  • Add support for importing ECC public key in the TPM provider #170
  • Add asymmetric encryption to TS provider #580 (ionut-arm)
  • Change dependency revision for TSS crate #579 (ionut-arm)
  • Add systemd hardening options #572 (ionut-arm)
  • Make SQLite KIM default #570 (ionut-arm)
  • Feature sqlite kim #566 (ionut-arm)
  • Add error handling to ActivateCredential #562 (ionut-arm)
  • Add ActivateCredential tests and fixes #560 (ionut-arm)
  • Activate credential #558 (ionut-arm)
  • Expand support for importing public keys for TPM #540 (ionut-arm)
  • [CryptoAuthLib provider] PsaAeadEncrypt and PsaAeadDecrypt implemented #536 (TomaszPawelecGL)

Fixed bugs:

  • Disable test from old E2E suite #574
  • Errors in validating ECC key bits in PKCS11 provider #545
  • UnixDomainSocket connection returns error from server #528
  • Fuzz Testing & Nightly Cargo udeps are failing due to prost-derive #514
  • TPM Provider does not persist generated keys accross reboot #504
  • Issue with PKCS11 backend with Nitrokey HSM #380
  • Skip flakey test #577 (ionut-arm)
  • Fix codecov build #573 (ionut-arm)
  • Fix handling of bits in PKCS11 imports #546 (ionut-arm)

Closed issues:

  • Align with stable TSS crate #567
  • Stable 0.8.1 release depends on tss-esapi alpha #527
  • Create E2E tests for SQLite KIM #516
  • Switch to dynamic key names in tests #453
  • Add capabilities discovery operations #426

Merged pull requests:

  • Update Changelog and service version no. #583 (ionut-arm)
  • Bump bindgen dependency version #582 (ionut-arm)
  • Bump SQLite dependency #581 (ionut-arm)
  • [CryptoAuthLib provider] PsaRawKeyAgreement operation implementation #578 (akazimierskigl)
  • Implement can-do-crypto for TS and mbed-crypto providers #565 (anta5010)
  • Add error message if submodule not initialised #564 (ionut-arm)
  • [CryptoAuthLib provider] PsaCipherEncrypt and PsaCipherDecrypt implementation #563 (akazimierskigl)
  • Add clippy and fmt checkt to e2e_tests #561 (ionut-arm)
  • Re-factor e2e tests to use common key attributes functions #556 (anta5010)
  • Merge can-do-crypto branch into main #555 (anta5010)
  • Merge main branch changes into can-do crypto #554 (anta5010)
  • Jn9e9/issue453 #552 (jn9e9)
  • e2e CanDoCrypto tests for Hashes, ECC curves and Crypto algorithms #551 (anta5010)
  • Implement CanDoCrypto trait and use it for PKCS11 and TPM providers #550 (anta5010)
  • Use ec_params for can-do-crypto checks instead of hard-coded values #549 (anta5010)
  • Small refactor of PKCS11 CryptoCanDo #548 (anta5010)
  • Merge origin/main into can-do-crypto #547 (anta5010)
  • Increase the MSRV to 1.53.0 #535 (hug-dev)
  • Update the CHANGELOG file with 0.8.1 #533 (hug-dev)
  • Added the CanDoCrypto operation as well as fixing some of the other test scripts. #522 (Kakemone)

0.8.1 (2021-09-17)

Full Changelog

Implemented enhancements:

  • Add Unit Tests to SQLiteKeyInfoManager #510
  • Change KeyTriple to Include Auth ID, Provider Name & Provider UUID #488
  • Update provider to use new version fo TransKeyCtx #515 (ionut-arm)

Fixed bugs:

  • Decide and implement a new serialization format for KeyInfo #509
  • Memory leak in TS context #501
  • Disable broken workflows #525 (ionut-arm)

Closed issues:

  • Make a Parsec Ockam Vault: investigation issue #506
  • Add Basic SQLiteKeyInfoManager Storage/Retrieval Functionality #503
  • Add config tests for multiple provider names #496

Merged pull requests:

0.8.0 (2021-08-05)

Full Changelog

Implemented enhancements:

  • Add Provider Name Config Option #487
  • Add PKCS11 provider export-attributes switch #462
  • Refactor the all-providers workflow #455
  • Adjust linking for TS provider #427
  • Allow providers to be optional or conditional depending on platform feature availability #401
  • Add cross-compilation tests for the TPM provider #382
  • Make the slot_number field optional #375
  • Design workflow and associated APIs for key attestation in Parsec #370
  • Implement error handling for TS caller errors #332
  • Add release-build tests to CI #163
  • Add the possibility of changing key store location of Mbed Crypto provider #53
  • Add TS provider to all-providers #482 (ionut-arm)
  • Adjust TS provider linking #474 (ionut-arm)
  • Add cargo-audit config #473 (ionut-arm)
  • Update dependency on Trusted Services #467 (ionut-arm)
  • Add import and export support for ECC for PKCS11 #452 (ionut-arm)
  • Add a SPIFFE based authenticator #449 (hug-dev)
  • Add ECC functionality to PKCS11 prov #446 (ionut-arm)
  • Enable coverage testing for TS provider #434 (ionut-arm)
  • Create SECURITY.md #414 (ionut-arm)
  • Add TPM provider cross-compilation #403 (ionut-arm)
  • Added Option<Slot> to PKCS 11 Provider constructor #402 (Sven-bg)

Fixed bugs:

Security fixes:

  • Resurrect fuzz testing framework #422
  • Set up Github security policy #398
  • Investigate testing of Cryptoauthlib provider #315
  • rust-spiffe: make sure that the claims returned by the validation operation are as expected #290
  • rust-spiffe: provide a local validation of the JWT-SVID #289
  • Revive the fuzz testing framework #429 (ionut-arm)

Closed issues:

  • NXP PKCS#11 Parsec integration testing. #456
  • Split the build tests on a different CI workflow #447
  • Support ECC signing keys in the PKCS#11 provider #421
  • Stability: Communication with backends #412
  • Adopt CII Best Practices Badge from the LF #411
  • Unable to build parsec 0.7.2 with rust 1.43.1. Parsec 0.6.0 builds fine. #409
  • Stability: Build toolchain #408
  • Stability: Environment variables #405
  • Stability: Dynamic libraries dependencies #397
  • Stability: systemd communication #396
  • Stability: OS signals #395
  • Stability: Persistent state (key mappings) #394
  • Stability: Configuration file #393
  • Stability: CLI invocation #392
  • Stability: Authenticators #391
  • Stability: Communication with clients (listeners endpoint) #390
  • Stability: Communication with clients (operation contracts) #389
  • Stability: Communication with clients (requests/responses) #388
  • Setup environment stability test #386
  • Archive for 0.7.0 contains .cargo/ folder #377
  • Add more Fixed Common header tests #351

Merged pull requests:

0.7.2 (2021-03-25)

Full Changelog

Merged pull requests:

0.7.1 (2021-03-25)

Full Changelog

Closed issues:

  • Investigate calculating test coverage #342

Merged pull requests:

0.7.0 (2021-03-23)

Full Changelog

Implemented enhancements:

  • Stop the duplication of key ID conversions #331
  • Add key management operations support #267
  • Enable TS context initialization #266
  • Create the Trusted Service bindings #265
  • Improve import key support in TPM provider #251
  • Investigate and define the work required for SPIFFE-based client identity management #232
  • Make existence of key info consistent with existence of key #149
  • Extract Docker images into own repo #124
  • Add version structures for better handling of versions #43
  • Rearrange modules for a more structured feel #32
  • Change CI to use published Docker image #357 (ionut-arm)
  • Improve coverage script #348 (ionut-arm)
  • Add coverage checking in nightly run #347 (ionut-arm)
  • Trusted service provider #330 (ionut-arm)
  • Add admin configuration #316 (ionut-arm)
  • Add new parsec provider using ATECCx08 cryptochip via CryptoAuthentication Library #303 (RobertDrazkowskiGL)
  • Improve error handling in builder #298 (ionut-arm)
  • Add Changelog file (#278) #280 (ionut-arm)
  • Remove PKCS11 single thread lock (#264) #277 (ionut-arm)

Fixed bugs:

  • Move the spiffe related features in its own branch #327
  • Resolve default implementation issue for list_keys in Provide #312
  • ListKeys should only be callable on the Core provider #310
  • Service should not start if some components weren't built successfully #297
  • No changelog for the releases #278
  • PKCS11 multi-threading #264
  • Fix ImportKey to allow importing private key #126
  • PKCS 11 provider stress tests sometimes fail #116
  • Update docker registry for TPM2 images #356 (ionut-arm)
  • Run the Codecov script outside container #353 (ionut-arm)
  • Fix code coverage docker command #352 (ionut-arm)
  • Remove the spiffe-based authenticator #328 (hug-dev)

Security fixes:

  • Add a test for admin operations #309
  • Implement admin logic #308
  • Investigate admin role and admin-level operations #292
  • Add failure-counter mechanism #176

Closed issues:

  • Implement ListClients and DeleteClient in the core provider #311
  • Correct lint issues found after the toolchain upgrade to version 1.49.0 #305
  • Investigate cross-compilation to Linux on Aarch64 #300
  • Investigate adding ListClients and DeleteClient operations #293
  • Consume the new, safer Rust PKCS#11 interface into Parsec when it is available #272
  • Add a SPIFFE JWT-SVID multitenancy test #269
  • Add a JWT-SVID Authenticator #268
  • Investigate and define the work required for compatibility with Arm Firmware Framework for Armv8-A (FF-A) #247

Merged pull requests:

0.6.0 (2020-10-20)

Full Changelog

Implemented enhancements:

  • Add multitenancy testing infrastructure 👩‍🔧 #245
  • Delete "Provider" suffix out of provider names #134
  • Improve error message on service startup #260 (ionut-arm)

Fixed bugs:

Closed issues:

  • Add authenticator configuration #270
  • Assemble a PR checklist for code reviewers #258
  • Adjust README disclaimer wording #231

Merged pull requests:

0.5.0 (2020-10-02)

Full Changelog

Implemented enhancements:

  • Creating a build-time configuration file #256
  • Merge integration tests in E2E test suite #228
  • Support dbus-parsec with NXP secureobj library #223
  • Verify which dependencies can/should be updated #158
  • Add more test cases #151
  • Test Parsec installation as a systemd daemon #49
  • Improve E2E testing #253 (ionut-arm)
  • Upgrade and clean dependencies #246 (hug-dev)
  • Import private key support for TPM provider #243 (joechrisellis)
  • Allow software operations in PKCS11 provider #241 (ionut-arm)
  • Improve key metadata handling #240 (ionut-arm)
  • Add support for psa_generate_random operation for MbedCrypto provider #208 (joechrisellis)

Fixed bugs:

Security fixes:

Closed issues:

  • Implement ListAuthenticators #216
  • Better error message when file not found #210
  • Implement an authenticator based on the domain socket peer credential #200

Merged pull requests:

0.4.0 (2020-09-01)

Full Changelog

Implemented enhancements:

  • Implement asymmetric encrypt/decrypt in the PKCS#11 provider #224
  • Implement asymmetric encrypting/decrypting for TPM provider #217
  • Create a Parsec Command Line Interface Client #202
  • Create a mechanism for the listener to pass system-level data to the authenticator #199
  • Auto create /tmp/parsec with correct permissions on startup #195
  • Update attribute handling in PKCS11 provider #227 (ionut-arm)
  • Add asymmetric encryption support to TPM provider #225 (ionut-arm)
  • Improve error message when config file is not found #211 (ionut-arm)

Fixed bugs:

Closed issues:

  • Add an option to pass a path to a build-config file #174

Merged pull requests:

0.3.0 (2020-07-16)

Full Changelog

Implemented enhancements:

  • Create a Mbed Crypto Secure Element driver calling Parsec Rust Client #128
  • Threat model of Parsec #89
  • Precise the providers' order importance #203 (hug-dev)
  • Keep list_providers order; add cfg tests #197 (ionut-arm)

Merged pull requests:

0.2.0 (2020-07-02)

Full Changelog

Implemented enhancements:

  • Further simplification of the Mbed Crypto provider #187
  • Create config "service" #181
  • Use psa-crypto crate in the Mbed Crypto Provider #177
  • Have a real integration test example #161
  • Separate provider code into modules #133
  • Update with PSA Crypto 1.0.0 interface #129
  • Create a Parsec Rust Client #127
  • TPM provider should establish most-secure primitives for itself #121
  • Improvements for tests/ci.sh #108
  • Split out ProviderConfig #103
  • Check clippy::pedantic lints #100
  • Modify configuration to have provider-specific table #70
  • Create a PSA Crypto Rust wrapper crate #62
  • Add TCTI configuration functionality #194 (ionut-arm)
  • Updated Parsec to use latest parsec-interface (0.17.0) #193 (sbailey-arm)
  • Modify socket path #192 (hug-dev)
  • Changed local_ids for Atomic counter and removed key_slot_semaphore. #191 (sbailey-arm)
  • Removed duplicate macros for sign output size and export pub key size. #190 (sbailey-arm)
  • Move Parsec over to psa-crypto #186 (sbailey-arm)
  • Add trace logging on Provide method calls #185 (hug-dev)
  • Update fuzz target #184 (ionut-arm)
  • Improve log security #183 (ionut-arm)
  • Add GlobalConfig #182 (ionut-arm)
  • Add community repo link #180 (hug-dev)
  • Use crates.io version of the interface #179 (hug-dev)
  • Import the newest Parsec interface #178 (hug-dev)
  • Improve handling of list_opcodes #173 (ionut-arm)
  • Add default context cipher selection for TPM provider #172 (ionut-arm)
  • Add ECDSA support for TPM provider #171 (ionut-arm)
  • Improve TPM provider #168 (ionut-arm)
  • Improve digest handling in PKCS11 provider #167 (ionut-arm)
  • Split provider code into separate modules #165 (ionut-arm)
  • Add integration test #162 (ionut-arm)
  • Move end to end tests to own crate #160 (ionut-arm)
  • Move test client back in the Parsec repo #150 (ionut-arm)
  • Remove stress test on Travis CI for PKCS 11 #145 (hug-dev)
  • Add tests checking if key attributes are respected #135 (hug-dev)
  • Add Contributors file #132 (ionut-arm)
  • Update with the latest interface #131 (hug-dev)
  • Improvments for tests/ci.sh #117 (anta5010)

Fixed bugs:

  • Integration tests should be isolated in their crate #155
  • Key should be deleted from the KIM if generation/import fails #139
  • Fixed PKCS#11 provieder failing failed_created_key_should_be_removed test #188 (sbailey-arm)
  • Replace calendar iframe with URL #166 (ionut-arm)
  • Fix clippy errors #157 (ionut-arm)
  • Allow PKCS11 tests to fail on Travis #154 (ionut-arm)

Security fixes:

Closed issues:

  • Allow TPM owner hierarchy auth to be non-string #120

Merged pull requests:

0.1.2 (2020-02-27)

Full Changelog

Implemented enhancements:

0.1.1 (2020-02-21)

Full Changelog

Implemented enhancements:

  • Check for more Clippy lints #91
  • Switch to picky-asn1-der for ASN.1-DER parsing #84
  • Have all the providers dynamically loadable #79
  • Pass config.toml path as command-line argument #78
  • Convert Key ID Manager String errors to ResponseStatus in the KIM itself #77
  • Test strategy for our providers on the CI #69
  • Add a PKCS 11 Provider #66
  • Add a Trusted Platform Module Provider #65
  • Assess the contents of unsafe blocks in Mbed Provider #63
  • Drop key handles implicitly #57
  • Add cross-compilation to Aarch64 logic and investigate CI testing #55
  • Add fuzz tests #54
  • Update to Mbed Crypto v2.0.0 #38
  • Improve logging message structure #36
  • Make PARSEC a daemon #35
  • Improve builders for service components #31
  • Implement a thread pool #29
  • Use dynamically-sized buffers in Mbed provider #27
  • Implement configuration #26
  • Prepare for upload to crates io #109 (ionut-arm)
  • Add cargo clippy lints to the CI #99 (hug-dev)
  • Implement fuzz testing #97 (ionut-arm)
  • Add body length limit #96 (ionut-arm)
  • Ensure the safety of unsafe blocks #93 (hug-dev)
  • Replace most panicking behaviours with Result #92 (hug-dev)
  • Modify Travis CI test script #90 (hug-dev)
  • Deny compilation for some rustc lints #87 (hug-dev)
  • Switch crates to use picky-asn1-der #85 (hug-dev)
  • Modify tests directory structure #83 (hug-dev)
  • Allow optional providers and key ID managers #82 (hug-dev)
  • Add a command-line option to select configuration #81 (hug-dev)
  • Add a TPM provider #75 (hug-dev)
  • Add SIGHUP signal handling to reload configuration #71 (hug-dev)
  • Add a PKCS 11 provider #68 (hug-dev)
  • Simplify the README.md file #67 (hug-dev)
  • Add cross compilation tests to the CI with cross #64 (hug-dev)
  • Add cross-compilation logic for Mbed Crypto #61 (hug-dev)
  • Make key slot release implicit #59 (ionut-arm)
  • Make buffers dynamically sized in Mbed Provider #58 (ionut-arm)
  • Upgrade dependency on Mbed Crypto to v2.0.0 #56 (ionut-arm)
  • Add provider configuration #51 (ionut-arm)
  • Improve handling of systemd activation #50 (lnicola)
  • Replace println calls with log crate #48 (hug-dev)
  • Add a compile-time option for a daemon binary #46 (hug-dev)
  • Add service builder and configuration #44 (ionut-arm)
  • Add stress test to the suite #42 (ionut-arm)
  • Add SIGTERM handler for a graceful shutdown #39 (hug-dev)
  • Add a GitHub Actions workflow for CI #34 (hug-dev)
  • Add and improve component builders #33 (ionut-arm)

Fixed bugs:

  • TPM provider must support Owner Hierarchy authentication #102
  • Audit our use of panicking #74
  • Audit our use of unsafe code #73
  • Review response codes returned by providers #72
  • Warning during compilation about llvm-config --prefix #60
  • Key handle manipulation is not thread-safe in Mbed Crypto #40
  • Add owner hierarchy auth param #104 (ionut-arm)
  • Add a verify-only integration test #88 (hug-dev)
  • Add sign to ASN.1 Integer types for RSAPublicKey #86 (hug-dev)
  • Make sure Cargo features work #76 (hug-dev)
  • Make UnixStreams block on read/write #47 (ionut-arm)
  • Keep key ID within bounds for Mbed provider #45 (ionut-arm)
  • Add locking around key handle operations in mbed provider #41 (ionut-arm)
  • Use new version of test client to fix CI #37 (hug-dev)

Closed issues:

  • Deny compilation if there is any warning #80

Merged pull requests:

  • Remove references to key lifetime #52 (hug-dev)
  • Use thread pool instead of new thread per request #30 (ionut-arm)
  • Add the integration tests in the parsec repository #28 (hug-dev)

0.1.0 (2019-10-09)

Full Changelog

Closed issues:

  • Building/running PARSEC #4
  • Add Jenkins, CI/CD, unit testing, and code coverage #3
  • Implement stubbed server API for client testing #2
  • Create PASL golang client API #1

Merged pull requests:

* This Changelog was automatically generated by github_changelog_generator