Скачать parsec для windows 7 32 bit

Main features delivered

• Add generate random support into TPM and PKCS11 providers
• Implement configurable exclusion of deprecated primitives
• Allow binary PIN values for PKCS11 provider
• Recognise a PKCS11 hardware token with its serial number instead of slot number

For a more comprehensive view of the release see the changelog below.

Changelog

1.1.0 (2022-09-13)

1.1.0-rc2 (2022-09-13)

Full Changelog

Merged pull requests:

• Update change log for release candidate 1.1.0-rc2 #639 (mohamedasaker-arm)
• Release candidate prep 1.1.0 rc2 #638 (mohamedasaker-arm)

1.1.0-rc1 (2022-09-07)

Full Changelog

Implemented enhancements:

• Update PKCS11 dependency #604
• Allow binary PIN values for PKCS11 providers #603
• Implement get_random in the PKCS11 provider #594
• Implement get_random in TPM provider #593
• Create script for Quickstart package #534
• Recognise a PKCS11 hardware token with its serial number instead of slot number #481
• Implement configurable exclusion of deprecated primitives #119

Fixed bugs:

• RSA padding oracle issue #619
• PKCS11 provider serial_number configuration #615
• Export of public EC key fails with PKCS#11 back-end on NXP Layerscape #599
• Wrong permissions on KIM files #598
• Send back PsaErrorInvalidPadding when needed #620 (ionut-arm)

Security fixes:

• Update Spiffe dependency #602

Closed issues:

• Add key persistence tests for TS provider #568
• Create stability tests for SQLite KIM #519
• Change default socket path for E2E tests #463

Merged pull requests:

• Update Change log and service version no. #637 (mohamedasaker-arm)
• Update maintainers list #636 (mohamedasaker-arm)
• Fix spiffy issue #635 (gowthamsk-arm)
• Add sqlite stability tests #634 (gowthamsk-arm)
• Feature/119 implement configurable exclusion of deprecated primitives #633 (mohamedasaker-arm)
• Feature/603 allow binary pin values for pkcs11 #631 (mohamedasaker-arm)
• Add Eq to the types with PartialEq #630 (ionut-arm)
• build and share docker image across jobs #628 (mohamedasaker-arm)
• Kim file permissions #627 (gowthamsk-arm)
• Testing/568 add key persistence tests for ts provider #625 (mohamedasaker-arm)
• Fix problem reported by Clippy (rust 1.62) #624 (mohamedasaker-arm)
• Validate hash sign operation before execution. #623 (gowthamsk-arm)
• Fix Hugues’ email address #622 (hug-dev)
• Compare trimmed token serial numbers (PKCS11 provider) #621 (mohamedasaker-arm)
• Added some context to error messages. #618 (fredrik-jansson-se)
• Implement get_random in the PKCS11 provider #613 (gowthamsk-arm)
• Add a script to create the Quickstart package #612 (mohamedasaker-arm)
• Change default socket path for E2E tests #610 (gowthamsk-arm)
• Fix cargo-audit TOML config #609 (ionut-arm)
• Recognise a PKCS11 hardware token with its serial number instead of slot number #608 (mohamedasaker-arm)
• Bump version of cryptoki #605 (ionut-arm)
• Fix issue #599 — allow EC_POINT public key data to omit ASN.1 structure wrapping #600 (paulhowardarm)
• Add generate random support into TPM provider #595 (anta5010)

Main features delivered

• Added a new Key Info Manager — the SQLite KIM — which will serve as the default KIM from now on.
• Added and implemented a new operation, CanDoCrypto, which allows clients to verify the capabilities of the various backends before performing any actual cryptographic operations.
• Added and implemented two operations, AttestKey and PrepareKeyAttestation, in the TPM provider, backed by TPM2_ActivateCredential.
• Added support for importing ECC public keys in the TPM provider.

For a more comprehensive view of the release see the changelog below.

Changelog

1.0.0 (2022-03-21)

1.0.0-rc3 (2022-03-21)

Full Changelog

Fixed bugs:

• Cargo audit failing #544

Merged pull requests:

• Prepare for Release Candidate 3 #592 (ionut-arm)

1.0.0-rc2 (2022-03-02)

Full Changelog

Implemented enhancements:

• Updates for Release Candidate 2 #584 (ionut-arm)

Closed issues:

• Update the Parsec Book to include SQLiteKeyInfoManager #532

1.0.0-rc1 (2022-02-16)

Full Changelog

Implemented enhancements:

• parsec.service hardening #569
• Implement CryptoCanDo for the Trusted Services and Mbed Crypto providers #543
• Implement CryptoCanDo for TPM provider #542
• Refactor the PKCS11 CryptoCanDo implementation #541
• Implement ActivateCredential key attestation #539
• Making the SQLiteKIM the default #531
• Create a new KeyInfoManager based on SQLite #424
• Add support for other cryptographic services in the Trusted Service provider #341
• Add system emulation tests for TS provider #304
• Add support for importing ECC public key in the TPM provider #170
• Add asymmetric encryption to TS provider #580 (ionut-arm)
• Change dependency revision for TSS crate #579 (ionut-arm)
• Add systemd hardening options #572 (ionut-arm)
• Make SQLite KIM default #570 (ionut-arm)
• Feature sqlite kim #566 (ionut-arm)
• Add error handling to ActivateCredential #562 (ionut-arm)
• Add ActivateCredential tests and fixes #560 (ionut-arm)
• Activate credential #558 (ionut-arm)
• Expand support for importing public keys for TPM #540 (ionut-arm)
• [CryptoAuthLib provider] PsaAeadEncrypt and PsaAeadDecrypt implemented #536 (TomaszPawelecGL)

Fixed bugs:

• Disable test from old E2E suite #574
• Errors in validating ECC key bits in PKCS11 provider #545
• UnixDomainSocket connection returns error from server #528
• Fuzz Testing & Nightly Cargo udeps are failing due to prost-derive #514
• TPM Provider does not persist generated keys accross reboot #504
• Issue with PKCS11 backend with Nitrokey HSM #380
• Skip flakey test #577 (ionut-arm)
• Fix codecov build #573 (ionut-arm)
• Fix handling of bits in PKCS11 imports #546 (ionut-arm)

Closed issues:

• Align with stable TSS crate #567
• Stable 0.8.1 release depends on tss-esapi alpha #527
• Create E2E tests for SQLite KIM #516
• Switch to dynamic key names in tests #453
• Add capabilities discovery operations #426

Merged pull requests:

• Update Changelog and service version no. #583 (ionut-arm)
• Bump bindgen dependency version #582 (ionut-arm)
• Bump SQLite dependency #581 (ionut-arm)
• [CryptoAuthLib provider] PsaRawKeyAgreement operation implementation #578 (akazimierskigl)
• Implement can-do-crypto for TS and mbed-crypto providers #565 (anta5010)
• Add error message if submodule not initialised #564 (ionut-arm)
• [CryptoAuthLib provider] PsaCipherEncrypt and PsaCipherDecrypt implementation #563 (akazimierskigl)
• Add clippy and fmt checkt to e2e_tests #561 (ionut-arm)
• Re-factor e2e tests to use common key attributes functions #556 (anta5010)
• Merge can-do-crypto branch into main #555 (anta5010)
• Merge main branch changes into can-do crypto #554 (anta5010)
• Jn9e9/issue453 #552 (jn9e9)
• e2e CanDoCrypto tests for Hashes, ECC curves and Crypto algorithms #551 (anta5010)
• Implement CanDoCrypto trait and use it for PKCS11 and TPM providers #550 (anta5010)
• Use ec_params for can-do-crypto checks instead of hard-coded values #549 (anta5010)
• Small refactor of PKCS11 CryptoCanDo #548 (anta5010)
• Merge origin/main into can-do-crypto #547 (anta5010)
• Increase the MSRV to 1.53.0 #535 (hug-dev)
• Update the CHANGELOG file with 0.8.1 #533 (hug-dev)
• Added the CanDoCrypto operation as well as fixing some of the other test scripts. #522 (Kakemone)

Main features delivered

• ECC keys are now supported in the PKCS11 provider
• a SPIFFE based authenticator is now available
• New CryptoAuthLib provider operation support: generate/import/export keys, sign/verify
• The TPM provider can be set as optional depending on platform availability
• The slot_number field is now optional
• all-providers now contains the Trusted Service provider
• The TPM provider has been updated to store keys in a different format, with migration capability from the previous format.

See the changelog below to see all differences with previous release.

Changelog

0.8.1 (2021-09-17)

Full Changelog

Implemented enhancements:

• Add Unit Tests to SQLiteKeyInfoManager #510
• Change KeyTriple to Include Auth ID, Provider Name & Provider UUID #488
• Update provider to use new version fo TransKeyCtx #515 (ionut-arm)

Fixed bugs:

• Decide and implement a new serialization format for KeyInfo #509
• Memory leak in TS context #501
• Disable broken workflows #525 (ionut-arm)

Closed issues:

• Make a Parsec Ockam Vault: investigation issue #506
• Add Basic SQLiteKeyInfoManager Storage/Retrieval Functionality #503
• Add config tests for multiple provider names #496

Merged pull requests:

• Bump version for release #526 (ionut-arm)
• Use as_ptr for TS service name #524 (anta5010)
• Lower Hash algorithm #499 (hug-dev)
• Update CHANGELOG #498 (hug-dev)

0.8.0 (2021-08-05)

Full Changelog

Implemented enhancements:

• Add Provider Name Config Option #487
• Add PKCS11 provider export-attributes switch #462
• Refactor the all-providers workflow #455
• Adjust linking for TS provider #427
• Allow providers to be optional or conditional depending on platform feature availability #401
• Add cross-compilation tests for the TPM provider #382
• Make the slot_number field optional #375
• Design workflow and associated APIs for key attestation in Parsec #370
• Implement error handling for TS caller errors #332
• Add release-build tests to CI #163
• Add the possibility of changing key store location of Mbed Crypto provider #53
• Add TS provider to all-providers #482 (ionut-arm)
• Adjust TS provider linking #474 (ionut-arm)
• Add cargo-audit config #473 (ionut-arm)
• Update dependency on Trusted Services #467 (ionut-arm)
• Add import and export support for ECC for PKCS11 #452 (ionut-arm)
• Add a SPIFFE based authenticator #449 (hug-dev)
• Add ECC functionality to PKCS11 prov #446 (ionut-arm)
• Enable coverage testing for TS provider #434 (ionut-arm)
• Create SECURITY.md #414 (ionut-arm)
• Add TPM provider cross-compilation #403 (ionut-arm)
• Added Option<Slot> to PKCS 11 Provider constructor #402 (Sven-bg)

Fixed bugs:

• If a response is an error, log it before sending it #417
• Fix ingress/egress trace logs #416
• Make KeyInfo a private type #400
• Unable to build 0.7.2 for i686 (and ppc64/ppc64le) #379
• Unable to build 0.7.2 for armv7 #378
• Document clearly how Mbed Crypto provider keys are stored #373
• Fix code coverage reports #495 (ionut-arm)
• Modify the git submodule command #490 (hug-dev)
• Do not login if no user pin was entered #489 (hug-dev)
• Fix git command and use Arm machine #485 (ionut-arm)
• Fix CircleCI config format. #484 (ionut-arm)
• Add submodule initialisation to CircleCI #483 (ionut-arm)
• Make cross-compilation run on release version #454 (ionut-arm)
• Bump picky crate versions #443 (ionut-arm)
• Remove the TS coverage computation #436 (ionut-arm)
• Fix nightly workflow #435 (ionut-arm)
• Fix ServiceConfig import in fuzz_service #433 (ionut-arm)
• Fix Contributing link #415 (ionut-arm)
• Fix ownership of ibmtpm folder #385 (ionut-arm)
• Fix CircleCI config #384 (ionut-arm)
• Implement a few fixes #374 (ionut-arm)

Security fixes:

• Resurrect fuzz testing framework #422
• Set up Github security policy #398
• Investigate testing of Cryptoauthlib provider #315
• rust-spiffe: make sure that the claims returned by the validation operation are as expected #290
• rust-spiffe: provide a local validation of the JWT-SVID #289
• Revive the fuzz testing framework #429 (ionut-arm)

Closed issues:

• NXP PKCS#11 Parsec integration testing. #456
• Split the build tests on a different CI workflow #447
• Support ECC signing keys in the PKCS#11 provider #421
• Stability: Communication with backends #412
• Adopt CII Best Practices Badge from the LF #411
• Unable to build parsec 0.7.2 with rust 1.43.1. Parsec 0.6.0 builds fine. #409
• Stability: Build toolchain #408
• Stability: Environment variables #405
• Stability: Dynamic libraries dependencies #397
• Stability: systemd communication [#396](https://github.com/parallaxsecond/par…

Changelog

0.7.0 (2021-03-23)

Full Changelog

Main features and bugfixes delivered

• Added support for admin clients in the service. Admins can perform two operations forbidden for other clients: ListClients (returns a list of clients with active data available in at least one provider), and DeleteClient (which removes all data stored by the service for a given client).
• Updated our PKCS11 backend to use an improved, higher-level crate (cryptoki) that offers a safer interface.
• Two new providers were added, one for ATECCx08 devices via CryptoAuthLib, and one for Trusted Services running in a Trusted Execution Environment. Both are under development and thus not ready for production deployments.
• Fixed a bug where all keys reported by ListKeys were shown as MbedCryptoProvider keys.

Implemented enhancements:

• Stop the duplication of key ID conversions #331
• Add key management operations support #267
• Enable TS context initialization #266
• Create the Trusted Service bindings #265
• Improve import key support in TPM provider #251
• Investigate and define the work required for SPIFFE-based client identity management #232
• Make existence of key info consistent with existence of key #149
• Extract Docker images into own repo #124
• Add version structures for better handling of versions #43
• Rearrange modules for a more structured feel #32
• Change CI to use published Docker image #357 (ionut-arm)
• Improve coverage script #348 (ionut-arm)
• Add coverage checking in nightly run #347 (ionut-arm)
• Trusted service provider #330 (ionut-arm)
• Add admin configuration #316 (ionut-arm)
• Add new parsec provider using ATECCx08 cryptochip via CryptoAuthentication Library #303 (RobertDrazkowskiGL)
• Improve error handling in builder #298 (ionut-arm)
• Add Changelog file (#278) #280 (ionut-arm)
• Remove PKCS11 single thread lock (#264) #277 (ionut-arm)

Fixed bugs:

• Move the spiffe related features in its own branch #327
• Resolve default implementation issue for list_keys in Provide #312
• ListKeys should only be callable on the Core provider #310
• Service should not start if some components weren’t built successfully #297
• No changelog for the releases #278
• PKCS11 multi-threading #264
• Fix ImportKey to allow importing private key #126
• PKCS 11 provider stress tests sometimes fail #116
• Update docker registry for TPM2 images #356 (ionut-arm)
• Run the Codecov script outside container #353 (ionut-arm)
• Fix code coverage docker command #352 (ionut-arm)
• Remove the spiffe-based authenticator #328 (hug-dev)

Security fixes:

• Add a test for admin operations #309
• Implement admin logic #308
• Investigate admin role and admin-level operations #292
• Add failure-counter mechanism #176

Closed issues:

• Implement ListClients and DeleteClient in the core provider #311
• Correct lint issues found after the toolchain upgrade to version 1.49.0 #305
• Investigate cross-compilation to Linux on Aarch64 #300
• Investigate adding ListClients and DeleteClient operations #293
• Consume the new, safer Rust PKCS#11 interface into Parsec when it is available #272
• Add a SPIFFE JWT-SVID multitenancy test #269
• Add a JWT-SVID Authenticator #268
• Investigate and define the work required for compatibility with Arm Firmware Framework for Armv8-A (FF-A) #247

Merged pull requests:

• Prepare for 0.7.0 release #363 (hug-dev)
• Update to latest TSS crate version #362 (ionut-arm)
• Enable code coverage for PKCS11, disable for TS #361 (ionut-arm)
• Add Edmund to Contributors list #359 (ionut-arm)
• Add myself to contributors, re. rust-cryptoki #358 (nickray)
• Add some cross-compilation tests #355 (hug-dev)
• Upgrade all dependencies to their latest version #345 (hug-dev)
• Create KeyInfoManagerClient #343 (ionut-arm)
• Parsec PsaHashCompare operation implementation for CryptoAuthLib provider #333 (akazimierskigl)
• Parsec PsaGenerateRandom operation implementation for CryptoAuthLib provider #325 (RobertDrazkowskiGL)
• Add consistency in key creation/deletion #324 (hug-dev)
• Make the authenticators their own features #322 (puiterwijk)
• Improve mandatory Provide methods #321 (ionut-arm)
• Use newest TSS crate #320 (ionut-arm)
• Add ListClients and DeleteClient operations #318 (hug-dev)
• Added support for PsaHashCompute to CryptoAuthLib provider. #317 (RobertDrazkowskiGL)
• Update service dependencies #314 (ionut-arm)
• Add a test checking ListKeys provider target #313 (hug-dev)
• Fix lint warning #306 (ionut-arm)
• Return correct key provider id in list_keys #302 (jn9e9)
• Use the new abstraction on the PKCS11 interface #301 (hug-dev)
• Switch Travis CI build to cron-only #299 (ionut-arm)
• Add a JWT-SVID authenticator #283 (hug-dev)
• Add Patrick to the contributor list #281 (puiterwijk)

Changelog

0.6.0 (2020-10-20)

Full Changelog

Main features delivered

• Authentication support for Unix Peer Credentials (for Domain Sockets); authenticators are now configurable at runtime using config.toml
• Added support for an operation (ListKeys) to list all keys belonging to a client
• Removed filesystem checks (ownership/permissions) as we can now more safely rely on valid setup by the admin

Implemented enhancements:

• Add multitenancy testing infrastructure 👩‍🔧 #245
• Delete «Provider» suffix out of provider names #134
• Improve error message on service startup #260 (ionut-arm)

Fixed bugs:

• Limit key imports in TPM provider #255 (ionut-arm)

Closed issues:

• Add authenticator configuration #270
• Assemble a PR checklist for code reviewers #258
• Adjust README disclaimer wording #231

Merged pull requests:

• Add multitenancy tests #276 (hug-dev)
• Put config tests in all_providers #275 (hug-dev)
• Remove warnings about parsec and parsec-clients #274 (hug-dev)
• Add authentication configuration #273 (hug-dev)
• Refactored provider names #263 (samwell61)
• Add list keys #261 (joechrisellis)

Changelog

0.5.0 (2020-10-02)

Full Changelog

Main features delivered

• Moved the Parsec service assets to locations in the filesystem where they would match the FHS spec
• Added memory cleanup for sensitive buffers — before the memory is released, the contents are scrubbed away

Implemented enhancements:

• Creating a build-time configuration file #256
• Merge integration tests in E2E test suite #228
• Support dbus-parsec with NXP secureobj library #223
• Verify which dependencies can/should be updated #158
• Add more test cases #151
• Test Parsec installation as a systemd daemon #49
• Improve E2E testing #253 (ionut-arm)
• Upgrade and clean dependencies #246 (hug-dev)
• Import private key support for TPM provider #243 (joechrisellis)
• Allow software operations in PKCS11 provider #241 (ionut-arm)
• Improve key metadata handling #240 (ionut-arm)
• Add support for psa_generate_random operation for MbedCrypto provider #208 (joechrisellis)

Fixed bugs:

• Memory cleanup of sensitive data #122
• Fix attribute conversion in PKCS11 provider #254 (ionut-arm)
• Fix sign attribute in PKCS11 #252 (ionut-arm)
• Add Uuid from the interface directly #242 (hug-dev)
• Add buffer_size_limit config option for providers #233 (joechrisellis)

Security fixes:

• Add memory zeroizing when needed #239 (hug-dev)

Closed issues:

• Implement ListAuthenticators #216
• Better error message when file not found #210
• Implement an authenticator based on the domain socket peer credential #200

Merged pull requests:

• Add Unix peer credentials authenticator #214 (joechrisellis)