1.4.1 (2024-05-14)
Fixed bugs:
- e2e_tests: Ignore different key test for RSA in pkcs11 #764 (tgonzalezorlandoarm)
Merged pull requests:
- Minor CI pipeline fixes #766 (gowthamsk-arm)
1.4.1-rc1 (2024-05-10)
Merged pull requests:
- Revert "Test patch for cross-compiler docker image" #767 (gowthamsk-arm)
- Use v1.0.0 release of trusted services #765 (gowthamsk-arm)
- Adds support to build and test the cross-compiler docker images. #762 (gowthamsk-arm)
- Minor fixes #760 (gowthamsk-arm)
1.4.0 (2024-03-28)
1.4.0-rc2 (2024-03-28)
Merged pull requests:
- tpm/tests: Ignore test_root_key_check case #755 (tgonzalezorlandoarm)
1.4.0-rc1 (2024-03-18)
Implemented enhancements:
- Set up build to track dependency mismatches #360
Fixed bugs:
- e2e_tests/stress.rs: Add a workaround for spurious test failures #739 (tgonzalezorlandoarm)
Security fixes:
- TPM Provider: Check root key's name #751 (tgonzalezorlandoarm)
Closed issues:
- parsec-cli-tests.sh error: The CSR does not contain the serialNumber field of the Distinguished Name #742
- Migrate away from using users crate #678
- Parsec Quickstart - Docker: Pull access denied for parallaxsecond/parsec-quickstart, repository does not exist #666
- Vulnerability in SQLite #648
Merged pull requests:
- dependency_cross_matcher: Fix typo (missing comma) #754 (tgonzalezorlandoarm)
- structopt: Migrate to clap #753 (tgonzalezorlandoarm)
- Cargo.toml: Bump tss-esapi to 7.5.0 #750 (tgonzalezorlandoarm)
- nightly/audit: Temporary ignore RUSTSEC-2024-0006 #748 (tgonzalezorlandoarm)
- Use infallible conversion into instead of try_into #747 (gowthamsk-arm)
- .cargo/config.toml: remove #746 (billatarm)
- Dependency mismatcher Comparison option #745 (tgonzalezorlandoarm)
- dependency_cross_matcher job: Move to PR runs and minor refactoring #743 (tgonzalezorlandoarm)
- Cargo.lock: Update rustix and bitflags dependencies to latest version #741 (tgonzalezorlandoarm)
- cargo-check: Run with both stable and MSRV Compilers #737 (tgonzalezorlandoarm)
- ci.yml: Trigger docker image creation only on workflow_dispatch #736 (tgonzalezorlandoarm)
- ci.yml,deny.toml: Setup license testing #735 (tgonzalezorlandoarm)
- Cargo.toml: Specify rust-version=1.66.0 #733 (tgonzalezorlandoarm)
- Track and test dependencies' 'next' branch #732 (tgonzalezorlandoarm)
- Add dependency cross matching #731 (tgonzalezorlandoarm)
- e2e_tests/mangled_ping: Fix socket path #728 (tgonzalezorlandoarm)
- ci/coverage: Fix cargo-tarpaulin to its locked version #727 (tgonzalezorlandoarm)
1.3.0 (2023-10-25)
1.3.0-rc2 (2023-10-19)
Merged pull requests:
- e2e_tests/wrong_permitted_algorithm: Change used sha for hw compatibi… #723 (tgonzalezorlandoarm)
1.3.0-rc1 (2023-10-17)
Closed issues:
Merged pull requests:
- Bump psa-crypto and interface crates #718 (gowthamsk-arm)
- Update toml, env_logger and bindgen crates #716 (tgonzalezorlandoarm)
- Bump various crates #714 (tgonzalezorlandoarm)
- Update picky crates #711 (tgonzalezorlandoarm)
- Cargo.toml: Remove uuid crate #710 (tgonzalezorlandoarm)
- Bump sd-notify to 0.4.1 #708 (tgonzalezorlandoarm)
- fuzz: Bump bumpalo to 3.14.0 #706 (tgonzalezorlandoarm)
- Update the tss-esapi crate to version 7.3.0 #702 (tgonzalezorlandoarm)
- Fix cargo-tarpaulin version to 0.26.1 #701 (tgonzalezorlandoarm)
- Add a Security Vulnerability Reporting section in the README #700 (tgonzalezorlandoarm)
- Update maintainers list #699 (tgonzalezorlandoarm)
- ci: Fix coverage builds, nightly issues #698 (tgonzalezorlandoarm)
- Update cryptoki and cryptoki-sys crates #697 (tgonzalezorlandoarm)
- Use arrays instead of vec! when possible #696 (tgonzalezorlandoarm)
- Make wrong_permitted_algorithm test use a non-deprecated Hash #695 (tgonzalezorlandoarm)
- Fix coverage builds for different providers #694 (tgonzalezorlandoarm)
- Update MSRV to Rust 1.66.0 #692 (tgonzalezorlandoarm)
- Bump ASN1 crates dependencies #691 (anta5010)
- Minor fixes to changelog #690 (gowthamsk-arm)
- Upgrade proc-macro2 package #688 (tgonzalezorlandoarm)
- Update CONTRIBUTORS.md #687 (Firstyear)
- Disable the optional features for the 'structopt' crate #686 (tgonzalezorlandoarm)
- Upgrade enumflags2 crate #685 (tgonzalezorlandoarm)
- Remove unmaintained 'users' crate #684 (tgonzalezorlandoarm)
- Fix compilation issues #682 (tgonzalezorlandoarm)
- Bump base64 dependency to 0.21.0 #679 (ema)
1.2.0 (2023-04-05)
Closed issues:
- Parsec 1.1 fails to build with meta-security master branch #663
1.2.0-rc1 (2023-03-21)
Closed issues:
- Parsec fails to compile for arm32 #647
Merged pull requests:
- Update crates #671 (gowthamsk-arm)
- Update rusqlite to fix security issue #662 (gowthamsk-arm)
- Update MSRV to 1.58 #661 (gowthamsk-arm)
- Remove dependency on crate "version" #657 (ema)
- Update TPM TCTI configuration docs #656 (paulhowardarm)
- Add support for a Quickstart Docker image #654 (dennisgove)
- Update to remove const_err #653 (marcsvll)
- Fix Clippy warnings for rustc version 1.65 #652 (mohamedasaker-arm)
- Bump sd-notify to 0.3.0 #651 (stevecapperarm)
1.1.0 (2022-09-29)
1.1.0-rc2 (2022-09-13)
Merged pull requests:
- Update change log for release candidate 1.1.0-rc2 #639 (mohamedasaker-arm)
- Release candidate prep 1.1.0 rc2 #638 (mohamedasaker-arm)
1.1.0-rc1 (2022-09-07)
Implemented enhancements:
- Update PKCS11 dependency #604
- Allow binary PIN values for PKCS11 providers #603
- Implement get_random in the PKCS11 provider #594
- Implement get_random in TPM provider #593
- Create script for Quickstart package #534
- Recognise a PKCS11 hardware token with its serial number instead of slot number #481
- Implement configurable exclusion of deprecated primitives #119
Fixed bugs:
- RSA padding oracle issue #619
- PKCS11 provider serial_number configuration #615
- Export of public EC key fails with PKCS#11 back-end on NXP Layerscape #599
- Wrong permissions on KIM files #598
- Send back PsaErrorInvalidPadding when needed #620 (ionut-arm)
Security fixes:
- Update Spiffe dependency #602
Closed issues:
- Add key persistence tests for TS provider #568
- Create stability tests for SQLite KIM #519
- Change default socket path for E2E tests #463
Merged pull requests:
- Update Change log and service version no. #637 (mohamedasaker-arm)
- Update maintainers list #636 (mohamedasaker-arm)
- Fix spiffy issue #635 (gowthamsk-arm)
- Add sqlite stability tests #634 (gowthamsk-arm)
- Feature/119 implement configurable exclusion of deprecated primitives #633 (mohamedasaker-arm)
- Feature/603 allow binary pin values for pkcs11 #631 (mohamedasaker-arm)
- Add
Eq
to the types withPartialEq
#630 (ionut-arm) - build and share docker image across jobs #628 (mohamedasaker-arm)
- Kim file permissions #627 (gowthamsk-arm)
- Testing/568 add key persistence tests for ts provider #625 (mohamedasaker-arm)
- Fix problem reported by Clippy (rust 1.62) #624 (mohamedasaker-arm)
- Validate hash sign operation before execution. #623 (gowthamsk-arm)
- Fix Hugues' email address #622 (hug-dev)
- Compare trimmed token serial numbers (PKCS11 provider) #621 (mohamedasaker-arm)
- Added some context to error messages. #618 (fredrik-jansson-se)
- Implement get_random in the PKCS11 provider #613 (gowthamsk-arm)
- Add a script to create the Quickstart package #612 (mohamedasaker-arm)
- Change default socket path for E2E tests #610 (gowthamsk-arm)
- Fix
cargo-audit
TOML config #609 (ionut-arm) - Recognise a PKCS11 hardware token with its serial number instead of slot number #608 (mohamedasaker-arm)
- Bump version of cryptoki #605 (ionut-arm)
- Fix issue #599 - allow EC_POINT public key data to omit ASN.1 structure wrapping #600 (paulhowardarm)
- Add generate random support into TPM provider #595 (anta5010)
1.0.0 (2022-03-30)
Security fixes:
- RUSTSEC-2022-0013 #587
Merged pull requests:
1.0.0-rc3 (2022-03-21)
Fixed bugs:
- Cargo audit failing #544
Merged pull requests:
1.0.0-rc2 (2022-03-02)
Implemented enhancements:
Closed issues:
- Update the Parsec Book to include SQLiteKeyInfoManager #532
1.0.0-rc1 (2022-02-16)
Implemented enhancements:
parsec.service
hardening #569- Implement
CryptoCanDo
for the Trusted Services and Mbed Crypto providers #543 - Implement CryptoCanDo for TPM provider #542
- Refactor the PKCS11 CryptoCanDo implementation #541
- Implement ActivateCredential key attestation #539
- Making the SQLiteKIM the default #531
- Create a new KeyInfoManager based on SQLite #424
- Add support for other cryptographic services in the Trusted Service provider #341
- Add system emulation tests for TS provider #304
- Add support for importing ECC public key in the TPM provider #170
- Add asymmetric encryption to TS provider #580 (ionut-arm)
- Change dependency revision for TSS crate #579 (ionut-arm)
- Add systemd hardening options #572 (ionut-arm)
- Make SQLite KIM default #570 (ionut-arm)
- Feature sqlite kim #566 (ionut-arm)
- Add error handling to ActivateCredential #562 (ionut-arm)
- Add ActivateCredential tests and fixes #560 (ionut-arm)
- Activate credential #558 (ionut-arm)
- Expand support for importing public keys for TPM #540 (ionut-arm)
- [CryptoAuthLib provider] PsaAeadEncrypt and PsaAeadDecrypt implemented #536 (TomaszPawelecGL)
Fixed bugs:
- Disable test from old E2E suite #574
- Errors in validating ECC key bits in PKCS11 provider #545
- UnixDomainSocket connection returns error from server #528
- Fuzz Testing & Nightly Cargo udeps are failing due to prost-derive #514
- TPM Provider does not persist generated keys accross reboot #504
- Issue with PKCS11 backend with Nitrokey HSM #380
- Skip flakey test #577 (ionut-arm)
- Fix codecov build #573 (ionut-arm)
- Fix handling of
bits
in PKCS11 imports #546 (ionut-arm)
Closed issues:
- Align with stable TSS crate #567
- Stable 0.8.1 release depends on tss-esapi alpha #527
- Create E2E tests for SQLite KIM #516
- Switch to dynamic key names in tests #453
- Add capabilities discovery operations #426
Merged pull requests:
- Update Changelog and service version no. #583 (ionut-arm)
- Bump bindgen dependency version #582 (ionut-arm)
- Bump SQLite dependency #581 (ionut-arm)
- [CryptoAuthLib provider] PsaRawKeyAgreement operation implementation #578 (akazimierskigl)
- Implement can-do-crypto for TS and mbed-crypto providers #565 (anta5010)
- Add error message if submodule not initialised #564 (ionut-arm)
- [CryptoAuthLib provider] PsaCipherEncrypt and PsaCipherDecrypt implementation #563 (akazimierskigl)
- Add clippy and fmt checkt to e2e_tests #561 (ionut-arm)
- Re-factor e2e tests to use common key attributes functions #556 (anta5010)
- Merge can-do-crypto branch into main #555 (anta5010)
- Merge main branch changes into can-do crypto #554 (anta5010)
- Jn9e9/issue453 #552 (jn9e9)
- e2e CanDoCrypto tests for Hashes, ECC curves and Crypto algorithms #551 (anta5010)
- Implement CanDoCrypto trait and use it for PKCS11 and TPM providers #550 (anta5010)
- Use ec_params for can-do-crypto checks instead of hard-coded values #549 (anta5010)
- Small refactor of PKCS11 CryptoCanDo #548 (anta5010)
- Merge origin/main into can-do-crypto #547 (anta5010)
- Increase the MSRV to 1.53.0 #535 (hug-dev)
- Update the CHANGELOG file with 0.8.1 #533 (hug-dev)
- Added the CanDoCrypto operation as well as fixing some of the other test scripts. #522 (Kakemone)
0.8.1 (2021-09-17)
Implemented enhancements:
- Add Unit Tests to SQLiteKeyInfoManager #510
- Change KeyTriple to Include Auth ID, Provider Name & Provider UUID #488
- Update provider to use new version fo TransKeyCtx #515 (ionut-arm)
Fixed bugs:
- Decide and implement a new serialization format for KeyInfo #509
- Memory leak in TS context #501
- Disable broken workflows #525 (ionut-arm)
Closed issues:
- Make a Parsec Ockam Vault: investigation issue #506
- Add Basic SQLiteKeyInfoManager Storage/Retrieval Functionality #503
- Add config tests for multiple provider names #496
Merged pull requests:
- Bump version for release #526 (ionut-arm)
- Use as_ptr for TS service name #524 (anta5010)
- Lower Hash algorithm #499 (hug-dev)
- Update CHANGELOG #498 (hug-dev)
0.8.0 (2021-08-05)
Implemented enhancements:
- Add Provider Name Config Option #487
- Add PKCS11 provider export-attributes switch #462
- Refactor the all-providers workflow #455
- Adjust linking for TS provider #427
- Allow providers to be optional or conditional depending on platform feature availability #401
- Add cross-compilation tests for the TPM provider #382
- Make the slot_number field optional #375
- Design workflow and associated APIs for key attestation in Parsec #370
- Implement error handling for TS caller errors #332
- Add release-build tests to CI #163
- Add the possibility of changing key store location of Mbed Crypto provider #53
- Add TS provider to all-providers #482 (ionut-arm)
- Adjust TS provider linking #474 (ionut-arm)
- Add cargo-audit config #473 (ionut-arm)
- Update dependency on Trusted Services #467 (ionut-arm)
- Add import and export support for ECC for PKCS11 #452 (ionut-arm)
- Add a SPIFFE based authenticator #449 (hug-dev)
- Add ECC functionality to PKCS11 prov #446 (ionut-arm)
- Enable coverage testing for TS provider #434 (ionut-arm)
- Create SECURITY.md #414 (ionut-arm)
- Add TPM provider cross-compilation #403 (ionut-arm)
- Added Option<Slot> to PKCS 11 Provider constructor #402 (Sven-bg)
Fixed bugs:
- If a response is an error, log it before sending it #417
- Fix ingress/egress trace logs #416
- Make
KeyInfo
a private type #400 - Unable to build 0.7.2 for i686 (and ppc64/ppc64le) #379
- Unable to build 0.7.2 for armv7 #378
- Document clearly how Mbed Crypto provider keys are stored #373
- Fix code coverage reports #495 (ionut-arm)
- Modify the git submodule command #490 (hug-dev)
- Do not login if no user pin was entered #489 (hug-dev)
- Fix git command and use Arm machine #485 (ionut-arm)
- Fix CircleCI config format. #484 (ionut-arm)
- Add submodule initialisation to CircleCI #483 (ionut-arm)
- Make cross-compilation run on release version #454 (ionut-arm)
- Bump picky crate versions #443 (ionut-arm)
- Remove the TS coverage computation #436 (ionut-arm)
- Fix nightly workflow #435 (ionut-arm)
- Fix ServiceConfig import in fuzz_service #433 (ionut-arm)
- Fix Contributing link #415 (ionut-arm)
- Fix ownership of ibmtpm folder #385 (ionut-arm)
- Fix CircleCI config #384 (ionut-arm)
- Implement a few fixes #374 (ionut-arm)
Security fixes:
- Resurrect fuzz testing framework #422
- Set up Github security policy #398
- Investigate testing of Cryptoauthlib provider #315
- rust-spiffe: make sure that the claims returned by the validation operation are as expected #290
- rust-spiffe: provide a local validation of the JWT-SVID #289
- Revive the fuzz testing framework #429 (ionut-arm)
Closed issues:
- NXP PKCS#11 Parsec integration testing. #456
- Split the build tests on a different CI workflow #447
- Support ECC signing keys in the PKCS#11 provider #421
- Stability: Communication with backends #412
- Adopt CII Best Practices Badge from the LF #411
- Unable to build parsec 0.7.2 with rust 1.43.1. Parsec 0.6.0 builds fine. #409
- Stability: Build toolchain #408
- Stability: Environment variables #405
- Stability: Dynamic libraries dependencies #397
- Stability: systemd communication #396
- Stability: OS signals #395
- Stability: Persistent state (key mappings) #394
- Stability: Configuration file #393
- Stability: CLI invocation #392
- Stability: Authenticators #391
- Stability: Communication with clients (listeners endpoint) #390
- Stability: Communication with clients (operation contracts) #389
- Stability: Communication with clients (requests/responses) #388
- Setup environment stability test #386
- Archive for 0.7.0 contains .cargo/ folder #377
- Add more Fixed Common header tests #351
Merged pull requests:
- Switch imports to crates.io #497 (ionut-arm)
- Add the Class attribute when generating key pairs #493 (hug-dev)
- Add tests checking absence of slot_number #492 (hug-dev)
- Split out the all-providers cargo check into its own CI job. #472 (MattDavis00)
- Make KeyInfo a private type Fix #400 #469 (Kakemone)
- Added psa_export_key & psa_generate_random to TS Provider #468 (MattDavis00)
- Add a allow_export flag to restrict exporting #466 (hug-dev)
- Added missing ingress logs to providers. #416 #465 (MattDavis00)
- #417 Added additional error logging to front end handle_request function. #464 (MattDavis00)
- Update the TS revision used #461 (ionut-arm)
- Add a way to allow providers to fail instantiation #451 (hug-dev)
- Randomly select the shutdown signal #448 (hug-dev)
- Execute e2e tests with an old version of client #445 (hug-dev)
- [CryptoAuthLib provider] Implementation of export key operation #442 (TomaszPawelecGL)
- Move CLI log into its own file #441 (hug-dev)
- Add various tests checking contracts #440 (hug-dev)
- Isolate config logic and add e2e config tests #432 (hug-dev)
- [CryptoAuthLib provider] Implementation of psa_export_public_key operation. #431 (RobertDrazkowskiGL)
- [CryptoAuthLib provider] Support for psa_sign_message and psa_verify_message. #425 (RobertDrazkowskiGL)
- Replace persistence tests with key mappings tests #420 (hug-dev)
- Add Codecov and cii badges #419 (ionut-arm)
- CryptoAuthentication Library provider - support for PsaSignHash and PsaVerifyHash operations. #413 (RobertDrazkowskiGL)
- Make it compile for Rust 1.43.1 #410 (hug-dev)
- PSA_IMPORT_KEY introduction. #399 (RobertDrazkowskiGL)
- CryptoAuthLib provider testability improvements: #387 (RobertDrazkowskiGL)
- Add CircleCI config #383 (ionut-arm)
- Import newest versions of cryptoki and tss-esapi #381 (hug-dev)
- Update CHANGELOG #367 (hug-dev)
- Implementation of PsaGenerateKey and PsaDestroyKey operations #354 (RobertDrazkowskiGL)
0.7.2 (2021-03-25)
Merged pull requests:
0.7.1 (2021-03-25)
Closed issues:
- Investigate calculating test coverage #342
Merged pull requests:
- Update tss-esapi dependency #366 (hug-dev)
- Add quickstart reference #365 (hug-dev)
- Update CHANGELOG #364 (hug-dev)
0.7.0 (2021-03-23)
Implemented enhancements:
- Stop the duplication of key ID conversions #331
- Add key management operations support #267
- Enable TS context initialization #266
- Create the Trusted Service bindings #265
- Improve import key support in TPM provider #251
- Investigate and define the work required for SPIFFE-based client identity management #232
- Make existence of key info consistent with existence of key #149
- Extract Docker images into own repo #124
- Add version structures for better handling of versions #43
- Rearrange modules for a more structured feel #32
- Change CI to use published Docker image #357 (ionut-arm)
- Improve coverage script #348 (ionut-arm)
- Add coverage checking in nightly run #347 (ionut-arm)
- Trusted service provider #330 (ionut-arm)
- Add admin configuration #316 (ionut-arm)
- Add new parsec provider using ATECCx08 cryptochip via CryptoAuthentication Library #303 (RobertDrazkowskiGL)
- Improve error handling in builder #298 (ionut-arm)
- Add Changelog file (#278) #280 (ionut-arm)
- Remove PKCS11 single thread lock (#264) #277 (ionut-arm)
Fixed bugs:
- Move the spiffe related features in its own branch #327
- Resolve default implementation issue for
list_keys
inProvide
#312 - ListKeys should only be callable on the Core provider #310
- Service should not start if some components weren't built successfully #297
- No changelog for the releases #278
- PKCS11 multi-threading #264
- Fix ImportKey to allow importing private key #126
- PKCS 11 provider stress tests sometimes fail #116
- Update docker registry for TPM2 images #356 (ionut-arm)
- Run the Codecov script outside container #353 (ionut-arm)
- Fix code coverage docker command #352 (ionut-arm)
- Remove the spiffe-based authenticator #328 (hug-dev)
Security fixes:
- Add a test for admin operations #309
- Implement admin logic #308
- Investigate admin role and admin-level operations #292
- Add failure-counter mechanism #176
Closed issues:
- Implement ListClients and DeleteClient in the core provider #311
- Correct lint issues found after the toolchain upgrade to version 1.49.0 #305
- Investigate cross-compilation to Linux on Aarch64 #300
- Investigate adding ListClients and DeleteClient operations #293
- Consume the new, safer Rust PKCS#11 interface into Parsec when it is available #272
- Add a SPIFFE JWT-SVID multitenancy test #269
- Add a JWT-SVID Authenticator #268
- Investigate and define the work required for compatibility with Arm Firmware Framework for Armv8-A (FF-A) #247
Merged pull requests:
- Prepare for 0.7.0 release #363 (hug-dev)
- Update to latest TSS crate version #362 (ionut-arm)
- Enable code coverage for PKCS11, disable for TS #361 (ionut-arm)
- Add Edmund to Contributors list #359 (ionut-arm)
- Add myself to contributors, re. rust-cryptoki #358 (nickray)
- Add some cross-compilation tests #355 (hug-dev)
- Upgrade all dependencies to their latest version #345 (hug-dev)
- Create KeyInfoManagerClient #343 (ionut-arm)
- Parsec PsaHashCompare operation implementation for CryptoAuthLib provider #333 (akazimierskigl)
- Parsec PsaGenerateRandom operation implementation for CryptoAuthLib provider #325 (RobertDrazkowskiGL)
- Add consistency in key creation/deletion #324 (hug-dev)
- Make the authenticators their own features #322 (puiterwijk)
- Improve mandatory Provide methods #321 (ionut-arm)
- Use newest TSS crate #320 (ionut-arm)
- Add ListClients and DeleteClient operations #318 (hug-dev)
- Added support for PsaHashCompute to CryptoAuthLib provider. #317 (RobertDrazkowskiGL)
- Update service dependencies #314 (ionut-arm)
- Add a test checking ListKeys provider target #313 (hug-dev)
- Fix lint warning #306 (ionut-arm)
- Return correct key provider id in list_keys #302 (jn9e9)
- Use the new abstraction on the PKCS11 interface #301 (hug-dev)
- Switch Travis CI build to cron-only #299 (ionut-arm)
- Add a JWT-SVID authenticator #283 (hug-dev)
- Add Patrick to the contributor list #281 (puiterwijk)
0.6.0 (2020-10-20)
Implemented enhancements:
- Add multitenancy testing infrastructure 👩🔧 #245
- Delete "Provider" suffix out of provider names #134
- Improve error message on service startup #260 (ionut-arm)
Fixed bugs:
Closed issues:
- Add authenticator configuration #270
- Assemble a PR checklist for code reviewers #258
- Adjust README disclaimer wording #231
Merged pull requests:
- Add multitenancy tests #276 (hug-dev)
- Put config tests in all_providers #275 (hug-dev)
- Remove warnings about parsec and parsec-clients #274 (hug-dev)
- Add authentication configuration #273 (hug-dev)
- Refactored provider names #263 (Swell61)
- Add list keys #261 (joechrisellis)
0.5.0 (2020-10-02)
Implemented enhancements:
- Creating a build-time configuration file #256
- Merge integration tests in E2E test suite #228
- Support dbus-parsec with NXP secureobj library #223
- Verify which dependencies can/should be updated #158
- Add more test cases #151
- Test Parsec installation as a systemd daemon #49
- Improve E2E testing #253 (ionut-arm)
- Upgrade and clean dependencies #246 (hug-dev)
- Import private key support for TPM provider #243 (joechrisellis)
- Allow software operations in PKCS11 provider #241 (ionut-arm)
- Improve key metadata handling #240 (ionut-arm)
- Add support for
psa_generate_random
operation for MbedCrypto provider #208 (joechrisellis)
Fixed bugs:
- Memory cleanup of sensitive data #122
- Fix attribute conversion in PKCS11 provider #254 (ionut-arm)
- Fix sign attribute in PKCS11 #252 (ionut-arm)
- Add Uuid from the interface directly #242 (hug-dev)
- Add
buffer_size_limit
config option for providers #233 (joechrisellis)
Security fixes:
Closed issues:
- Implement ListAuthenticators #216
- Better error message when file not found #210
- Implement an authenticator based on the domain socket peer credential #200
Merged pull requests:
- Add Unix peer credentials authenticator #214 (joechrisellis)
0.4.0 (2020-09-01)
Implemented enhancements:
- Implement asymmetric encrypt/decrypt in the PKCS#11 provider #224
- Implement asymmetric encrypting/decrypting for TPM provider #217
- Create a Parsec Command Line Interface Client #202
- Create a mechanism for the listener to pass system-level data to the authenticator #199
- Auto create
/tmp/parsec
with correct permissions on startup #195 - Update attribute handling in PKCS11 provider #227 (ionut-arm)
- Add asymmetric encryption support to TPM provider #225 (ionut-arm)
- Improve error message when config file is not found #211 (ionut-arm)
Fixed bugs:
- Update Adam Parco email address in maintainers files #230
- Update email address #235 (hug-dev)
- Bugfix: fix off-by-one error (default body length limit) #234 (joechrisellis)
- Fix clippy errors #206 (ionut-arm)
Closed issues:
- Add an option to pass a path to a build-config file #174
Merged pull requests:
- Add missing_docs lint and missing docs #236 (hug-dev)
- Added aead encrypt decrypt, hash compute compare and raw key agreement #229 (sbailey-arm)
- Fix test and enable Travis #221 (ionut-arm)
- Add implementation for ListAuthenticators operation #220 (joechrisellis)
- Add check to prevent the Parsec service from running as root #219 (joechrisellis)
- CoreProvider can query the other providers #215 (ionut-arm)
- Rebase on new tss_esapi #213 (puiterwijk)
- Add Asymmetric Encrypt/Decrypt to mbed supported opcodes #212 (puiterwijk)
- Create
Connection
abstraction for client communication #207 (joechrisellis) - Added user and group checks. Auto create socket dir. #205 (sbailey-arm)
0.3.0 (2020-07-16)
Implemented enhancements:
- Create a Mbed Crypto Secure Element driver calling Parsec Rust Client #128
- Threat model of Parsec #89
- Precise the providers' order importance #203 (hug-dev)
- Keep list_providers order; add cfg tests #197 (ionut-arm)
Merged pull requests:
- Added PsaExportKey #204 (sbailey-arm)
- Migrated uses of a locally declared RsaPublic key to new create picky-asn1-x509 #201 (sbailey-arm)
- Added asymmetric encrypt and decrypt to Mbed Crypto provider #196 (sbailey-arm)
0.2.0 (2020-07-02)
Implemented enhancements:
- Further simplification of the Mbed Crypto provider #187
- Create config "service" #181
- Use psa-crypto crate in the Mbed Crypto Provider #177
- Have a real integration test example #161
- Separate provider code into modules #133
- Update with PSA Crypto 1.0.0 interface #129
- Create a Parsec Rust Client #127
- TPM provider should establish most-secure primitives for itself #121
- Improvements for tests/ci.sh #108
- Split out ProviderConfig #103
- Check clippy::pedantic lints #100
- Modify configuration to have provider-specific table #70
- Create a PSA Crypto Rust wrapper crate #62
- Add TCTI configuration functionality #194 (ionut-arm)
- Updated Parsec to use latest parsec-interface (0.17.0) #193 (sbailey-arm)
- Modify socket path #192 (hug-dev)
- Changed local_ids for Atomic counter and removed key_slot_semaphore. #191 (sbailey-arm)
- Removed duplicate macros for sign output size and export pub key size. #190 (sbailey-arm)
- Move Parsec over to psa-crypto #186 (sbailey-arm)
- Add trace logging on Provide method calls #185 (hug-dev)
- Update fuzz target #184 (ionut-arm)
- Improve log security #183 (ionut-arm)
- Add GlobalConfig #182 (ionut-arm)
- Add community repo link #180 (hug-dev)
- Use crates.io version of the interface #179 (hug-dev)
- Import the newest Parsec interface #178 (hug-dev)
- Improve handling of list_opcodes #173 (ionut-arm)
- Add default context cipher selection for TPM provider #172 (ionut-arm)
- Add ECDSA support for TPM provider #171 (ionut-arm)
- Improve TPM provider #168 (ionut-arm)
- Improve digest handling in PKCS11 provider #167 (ionut-arm)
- Split provider code into separate modules #165 (ionut-arm)
- Add integration test #162 (ionut-arm)
- Move end to end tests to own crate #160 (ionut-arm)
- Move test client back in the Parsec repo #150 (ionut-arm)
- Remove stress test on Travis CI for PKCS 11 #145 (hug-dev)
- Add tests checking if key attributes are respected #135 (hug-dev)
- Add Contributors file #132 (ionut-arm)
- Update with the latest interface #131 (hug-dev)
- Improvments for tests/ci.sh #117 (anta5010)
Fixed bugs:
- Integration tests should be isolated in their crate #155
- Key should be deleted from the KIM if generation/import fails #139
- Fixed PKCS#11 provieder failing failed_created_key_should_be_removed test #188 (sbailey-arm)
- Replace calendar iframe with URL #166 (ionut-arm)
- Fix clippy errors #157 (ionut-arm)
- Allow PKCS11 tests to fail on Travis #154 (ionut-arm)
Security fixes:
Closed issues:
- Allow TPM owner hierarchy auth to be non-string #120
Merged pull requests:
- Update partners file with web links and logos #159 (paulhowardarm)
- Update CONTRIBUTORS.md #143 (Superhepper)
- A few more README updates including fixes for broken doc links #141 (paulhowardarm)
- README enhancements, PARTNERS file and new visual style for the project #136 (paulhowardarm)
0.1.2 (2020-02-27)
Implemented enhancements:
- Modify configuration to have provider-specific structs #114 (anta5010)
- Improve code documentation #113 (ionut-arm)
0.1.1 (2020-02-21)
Implemented enhancements:
- Check for more Clippy lints #91
- Switch to picky-asn1-der for ASN.1-DER parsing #84
- Have all the providers dynamically loadable #79
- Pass config.toml path as command-line argument #78
- Convert Key ID Manager String errors to ResponseStatus in the KIM itself #77
- Test strategy for our providers on the CI #69
- Add a PKCS 11 Provider #66
- Add a Trusted Platform Module Provider #65
- Assess the contents of unsafe blocks in Mbed Provider #63
- Drop key handles implicitly #57
- Add cross-compilation to Aarch64 logic and investigate CI testing #55
- Add fuzz tests #54
- Update to Mbed Crypto v2.0.0 #38
- Improve logging message structure #36
- Make PARSEC a daemon #35
- Improve builders for service components #31
- Implement a thread pool #29
- Use dynamically-sized buffers in Mbed provider #27
- Implement configuration #26
- Prepare for upload to crates io #109 (ionut-arm)
- Add cargo clippy lints to the CI #99 (hug-dev)
- Implement fuzz testing #97 (ionut-arm)
- Add body length limit #96 (ionut-arm)
- Ensure the safety of unsafe blocks #93 (hug-dev)
- Replace most panicking behaviours with Result #92 (hug-dev)
- Modify Travis CI test script #90 (hug-dev)
- Deny compilation for some rustc lints #87 (hug-dev)
- Switch crates to use picky-asn1-der #85 (hug-dev)
- Modify tests directory structure #83 (hug-dev)
- Allow optional providers and key ID managers #82 (hug-dev)
- Add a command-line option to select configuration #81 (hug-dev)
- Add a TPM provider #75 (hug-dev)
- Add SIGHUP signal handling to reload configuration #71 (hug-dev)
- Add a PKCS 11 provider #68 (hug-dev)
- Simplify the README.md file #67 (hug-dev)
- Add cross compilation tests to the CI with cross #64 (hug-dev)
- Add cross-compilation logic for Mbed Crypto #61 (hug-dev)
- Make key slot release implicit #59 (ionut-arm)
- Make buffers dynamically sized in Mbed Provider #58 (ionut-arm)
- Upgrade dependency on Mbed Crypto to v2.0.0 #56 (ionut-arm)
- Add provider configuration #51 (ionut-arm)
- Improve handling of systemd activation #50 (lnicola)
- Replace println calls with log crate #48 (hug-dev)
- Add a compile-time option for a daemon binary #46 (hug-dev)
- Add service builder and configuration #44 (ionut-arm)
- Add stress test to the suite #42 (ionut-arm)
- Add SIGTERM handler for a graceful shutdown #39 (hug-dev)
- Add a GitHub Actions workflow for CI #34 (hug-dev)
- Add and improve component builders #33 (ionut-arm)
Fixed bugs:
- TPM provider must support Owner Hierarchy authentication #102
- Audit our use of panicking #74
- Audit our use of unsafe code #73
- Review response codes returned by providers #72
- Warning during compilation about
llvm-config --prefix
#60 - Key handle manipulation is not thread-safe in Mbed Crypto #40
- Add owner hierarchy auth param #104 (ionut-arm)
- Add a verify-only integration test #88 (hug-dev)
- Add sign to ASN.1 Integer types for RSAPublicKey #86 (hug-dev)
- Make sure Cargo features work #76 (hug-dev)
- Make UnixStreams block on read/write #47 (ionut-arm)
- Keep key ID within bounds for Mbed provider #45 (ionut-arm)
- Add locking around key handle operations in mbed provider #41 (ionut-arm)
- Use new version of test client to fix CI #37 (hug-dev)
Closed issues:
- Deny compilation if there is any warning #80
Merged pull requests:
- Remove references to key lifetime #52 (hug-dev)
- Use thread pool instead of new thread per request #30 (ionut-arm)
- Add the integration tests in the parsec repository #28 (hug-dev)
0.1.0 (2019-10-09)
Closed issues:
- Building/running PARSEC #4
- Add Jenkins, CI/CD, unit testing, and code coverage #3
- Implement stubbed server API for client testing #2
- Create PASL golang client API #1
Merged pull requests:
- Add versioning requirement on the interface #25 (hug-dev)
- Fixed Ionut's email address #24 (robdimond-arm)
- Remove Go client from PARSEC service #22 (hug-dev)
- Add documentation updates #21 (hug-dev)
- Docs: Update documentation to reflect the source code state #20 (ionut-arm)
- Add support for ListProviders operation update #19 (hug-dev)
- Add a MAINTAINERS file #18 (hug-dev)
- Merge Integration into Master #17 (ionut-arm)
- Update conn and key interfaces for initialization #16 (jamesonhyde-docker)
- Update response to handle a mis-aligned header and response test #15 (jamesonhyde-docker)
- Various improvements of the service internals #14 (hug-dev)
- Go client implementations #12 (jamesonhyde-docker)
- update logo from plasma to parsec #11 (adamparco)
- Initial go client interface for signing keys #10 (jamesonhyde-docker)
- Provide minimal software solution based on Mbed Crypto #9 (hug-dev)
- Add API landing page #8 (ionut-arm)
- Adding doc fragments. #7 (ionut-arm)
- update name from PASL to PLASMA #6 (adamparco)
* This Changelog was automatically generated by github_changelog_generator