search

microsoft / PQCrypto-VPN

Post-quantum Cryptography VPN
https://www.microsoft.com/research/project/post-quantum-crypto-vpn/
MIT License
314 stars 74 forks source link

Picnic #6

Closed vbog1 closed 4 years ago

vbog1 commented 4 years ago

I wonder if Picnic is really usable in PQCrypto-VPN as you mentioned here?

I created the certificate with picnicl1fs key and received the error:

Mon Jan 13 12:55:40 2020 OpenSSL: error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm
Mon Jan 13 12:55:40 2020 OpenSSL: error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm
Mon Jan 13 12:55:40 2020 OpenSSL: error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib
Mon Jan 13 12:55:40 2020 MANAGEMENT: Client disconnected
Mon Jan 13 12:55:40 2020 Cannot load certificate file C:\Program Files\OpenVPN_PQCrypto\config\client.crt
Mon Jan 13 12:55:40 2020 Exiting due to fatal error
kevinmkane commented 4 years ago

Your error messages suggest either OpenVPN isn't actually being linked at runtime with the the OQS fork of OpenSSL, but are instead linking to the system-installed version of OpenSSL; or you're generating your Picnic certs with a newer version of OQS-OpenSSL which the version we're currently dependent on doesn't support. As with all the PQ algorithms, Picnic has been updated over time. We also don't support using the 1.1 fork of OQS-OpenSSL; we only support the 1.0.2 fork. Our build scripts fetch a specific commit from OQS-OpenSSL for this reason. Make sure you're running all the openssl commands referring specifically to the openssl binary generated by the OQS-OpenSSL build.

We're currently working to make the OQS-OpenSSL 1.1 fork compatible with OpenVPN, and our next release will both update to the latest version of OpenVPN and support OQS-OpenSSL 1.1.

All that aside, we did discover after the fact that most Picnic certificates trigger a bug in OpenSSL because they end up being too large, and trip a size limitation in the TLS code. Oops! Sorry about that. So it does end up being the case that Picnic isn't currently very usable, and we're recommending the use of RSA certificates for now, and then you still get the benefit of using post-quantum key exchange. This should also be working, and with the updated version of Picnic, in our next release.

vbog1 commented 4 years ago

Thanks for the explanation.

And yes, I managed to establish connection with tls-cipher OQSKEX-LWE-FRODO-RECOMMENDED-ECDHE-ECDSA-AES256-GCM-SHA384

kevinmkane commented 4 years ago

@vbog1 I've got a candidate of the 1.3 release, where Picnic certificates are now working, in the dev-1.3 branch: https://github.com/microsoft/PQCrypto-VPN/tree/dev-1.3

I've moved to using submodules for the various dependencies, so clone with: git clone --branch dev-1.3 --recurse-submodules https://github.com/microsoft/PQCrypto-VPN.git. There's also a Dockerfile under openvpn/build/docker as well. The Windows build is now done completely cross-compiled, so everything gets built in one step now.

Feedback welcome!