Re: [Openvpn-devel] Upstreaming pqcrypto changes from microsoft/openvpn

2018-07-04 Thread Илья Шипицин
Hi, I meant "vpndialer" part first :) as for PQ crypto - I played with it, however, it is currently far from worldwide adoption (if that would have been implemented as openssl loadable engine, it would be more luck) ср, 4 июл. 2018 г. в 5:17, Kevin Kane : > Hello all, > > Thanks to Jon for

Re: [Openvpn-devel] Upstreaming pqcrypto changes from microsoft/openvpn

2018-07-04 Thread Steffan Karger
Hi Kevin, On 04-07-18 02:39, Kevin Kane via Openvpn-devel wrote: > Thanks to Jon for making the introduction. My team works on > post-quantum (PQ) cryptography, which is algorithms used by regular > computers but which are resistant to attack by a sufficiently > powerful quantum computer. This Ope

[Openvpn-devel] Summary of the community meeting (Wed, 4th July 2018)

2018-07-04 Thread Samuli Seppänen
Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 4th July 2018 Time: 11:30 CET (9:30 UTC) Planned meeting topics for this meeting were here: The next mee

Re: [Openvpn-devel] Summary of the community meeting (Wed, 4th July 2018)

2018-07-04 Thread Samuli Seppänen
Forgot the chatlog, so here it comes. Samuli Il 04/07/2018 14:05, Samuli Seppänen ha scritto: > Hi, > > Here's the summary of the IRC meeting. > > --- > > COMMUNITY MEETING > > Place: #openvpn-meeting on irc.freenode.net > Date: Wednesday 4th July 2018 > Time: 11:30 CET (9:30 UTC) > > Planne

Re: [Openvpn-devel] Upstreaming pqcrypto changes from microsoft/openvpn

2018-07-04 Thread Gert Doering
Hi Kevin, besides the PQ Crypto stuff (which I find less interesting than Steffan, because I'm the packet geek and he's the Man Who Understands Crypto :-) ), you also have done "something with an openvpndial-0.1.dll". Wild guessing suggests that this is hooking into the Dial-Up-Network control pa

[Openvpn-devel] [PATCH v2 4/9] tls-crypt-v2: add specification to doc/

2018-07-04 Thread Steffan Karger
From: Steffan Karger This is a preliminary description of tls-crypt-v2. It should give a good impression about the reasoning and design behind tls-crypt-v2, but might need some polishing and updating. Signed-off-by: Steffan Karger --- doc/tls-crypt-v2.txt | 164 +++

[Openvpn-devel] [PATCH v2 7/9] tls-crypt-v2: add P_CONTROL_HARD_RESET_CLIENT_V3 opcode

2018-07-04 Thread Steffan Karger
From: Steffan Karger Not used yet, but prepare for sending and receiving tls-crypt-v2 handshake messages. Signed-off-by: Steffan Karger --- src/openvpn/ps.c | 3 ++- src/openvpn/ssl.c| 23 ++- src/openvpn/ssl.h| 5 - src/openvpn/ssl_common.h |

[Openvpn-devel] [PATCH v2 8/9] tls-crypt-v2: implement tls-crypt-v2 handshake

2018-07-04 Thread Steffan Karger
From: Steffan Karger This makes clients send-and-use, and servers receive-unwrap-and-use tls-crypt-v2 client keys, which completes the on-the-wire work. Signed-off-by: Steffan Karger --- src/openvpn/init.c | 39 +- src/openvpn/openvpn.h| 2 + src/

[Openvpn-devel] [PATCH v2 1/9] Move file-related functions from misc.c to platform.c

2018-07-04 Thread Steffan Karger
From: Steffan Karger To avoid having to include misc.c - which is a dependency mess - in the tls-crypt unit tests, move file-handing related functions to platform.c (which is where other file-related functions already reside). Note that platform_create_temp_file() needs random. To avoid includi

[Openvpn-devel] [PATCH v2 6/9] tls-crypt-v2: add unwrap_client_key

2018-07-04 Thread Steffan Karger
From: Steffan Karger Add helper functions to unwrap tls-crypt-v2 client keys. Signed-off-by: Steffan Karger --- src/openvpn/buffer.h | 7 + src/openvpn/tls_crypt.c | 102 + tests/unit_tests/openvpn/test_tls_crypt.c | 253 --

[Openvpn-devel] [PATCH v2 5/9] tls-crypt-v2: generate client keys

2018-07-04 Thread Steffan Karger
From: Steffan Karger As a first step towards a full tls-crypt-v2 implementation, add functionality to generate tls-crypt-v2 client keys. Signed-off-by: Steffan Karger --- doc/openvpn.8 | 51 src/openvpn/buffer.c| 63 + src/openvpn/buffer.h| 6 + src/openv

[Openvpn-devel] [PATCH v2 9/9] tls-crypt-v2: add script hook to verify metadata

2018-07-04 Thread Steffan Karger
From: Steffan Karger To allow rejecting incoming connections very early in the handshake, add a --tls-crypt-v2-verify option that allows administators to run an external command to verify the metadata from the client key. See doc/tls-crypt-v2.txt for more details. Because of the extra dependenci

[Openvpn-devel] [PATCH v2 2/9] Move execve/run_script helper functions to run_command.c

2018-07-04 Thread Steffan Karger
To avoid having to include misc.c - which is a dependency mess - in the tls-crypt unit tests, move the command execution helper functions to a new run_command.c module. While at it, abstract away the script_security global variable. Signed-off-by: Steffan Karger --- src/openvpn/Makefile.am |

[Openvpn-devel] [PATCH v2 3/9] Add crypto_pem_{encode,decode}()

2018-07-04 Thread Steffan Karger
From: Steffan Karger Needed for tls-crypt-v2, but isolated enough to be reviewed as a separate patch. The encode API allocates memory, because it fits our typical gc-oriented code pattern and the caller does not have to do multiple calls or calculations to determine the required destination buff