Merge pull request #81 from rosenpass/alice/video

Alice/video

assets/js/click-to-copy.js

@@ -0,0 +1,29 @@
+let codeListings = document.querySelectorAll('.highlight > pre');
+
+for (let index = 0; index < codeListings.length; index++)
+{
+    const codeSample = codeListings[index].querySelector('code');
+    const copyButton = document.createElement("button");
+    copyButton.setAttribute('type', 'button');
+    copyButton.onclick = function() { copyCode(codeSample, copyButton); };
+    copyButton.classList.add('code-copy'); 
+    copyButton.setAttribute('data-toggle', 'tooltip');
+    copyButton.setAttribute('title', 'Copy to clipboard');
+    copyButton.innerHTML = '<i class="fa fa-copy"></i>';
+    const buttonDiv = document.createElement('div');
+    buttonDiv.classList.add('click-to-copy');
+    buttonDiv.append(copyButton);
+    codeListings[index].insertBefore(buttonDiv, codeSample);
+    new bootstrap.Tooltip(copyButton);
+}
+function copyCode(codeSample, button)
+{
+    navigator.clipboard.writeText(codeSample.textContent.trim());
+    const tooltipInstance = bootstrap.Tooltip.getInstance(button);
+    tooltipInstance.setContent({ '.tooltip-inner': 'Copied!' });
+    tooltipInstance.show();
+    setTimeout(() => {
+        tooltipInstance.setContent({ '.tooltip-inner': 'Copy to clipboard' });
+        tooltipInstance.hide();
+    }, 3000);
+}

content/en/blog/pentest_january.md

@@ -6,6 +6,8 @@ author: "Alice Bowman"
 date: 2024-03-01
 ---
 
+## Introduction
+
 Last month, we had the good fortune to collaborate with Radically Open Security (ROS), who ran a series of penetration tests on our Rosenpass project with the aim of identifying, and then addressing, any unseen security flaws in the project. These tests were primarily undertaken by Morgan Hill, a freelance security consultant working with ROS who focuses on Rust language projects. The report produced from these tests forms the basis of this blogpost and can be found in both the documentation section and linked below.
 
 As always in this business, what was secure yesterday may be broken today, and thus we are always grateful to those who test our set ups. We were particularly keen to work with Radically Open Security, as an organisation strongly committed to maintaining, and improving the security of the internet as a whole. They make a point of releasing theirs tools as open source software for wider use and adoption, as well as providing detailed explanations to their partners on how to perform the same audits themselves.

content/en/blog/tlsrosenpass_july.md

@@ -7,9 +7,11 @@ date: 2024-07-29
 editor: "Alice Bowman"
 ---
 
+## Introduction
+
 Although Rosenpass' primary use case is the creation of a hybrid post-quantum-secure VPN Channel for WireGuard, we have always sought to expand its utility to help create post-quantum-secure systems in other applications. In this case, by applying the principles used for its combination with WireGuard, we sought to produce a proof-of-concept demonstrating such its application to Transport Layer Security (TLS).
 
-To achieve this, we used the popular OpenSSL library, and its tools `s-client` and `s_server` , to attempt to provide hybrid post-quantum security for TLS versions 1.2 and 1.3, which are the two versions currently in use online.
+To achieve this, we used the popular OpenSSL library, and its tools `s_client` and `s_server` , to attempt to provide hybrid post-quantum security for TLS versions 1.2 and 1.3, which are the two versions currently in use online.
 
 Typically, Rosenpass achieves post-quantum hybrid security with WireGuard by injecting external post-quantum-secure keys, from the Rosenpass tool, into its key derivation. This is called a pre-shared key (PSK), which is a symmetric key that both involved parties have to agree upon ahead of time.
 
@@ -39,7 +41,8 @@ In the following sections, we build up the final show case step-by-step, retraci
 
 All commands, config files, and scripts described in this tutorial are available in the [repository rosenpass/openssl-tutorial](https://github.com/rosenpass/openssl-tutorial).
 
-### 1. Simple Example with a Dummy Pre-Shared Key
+
+### Simple Example with a Dummy Pre-Shared Key
 
 
 We started with the simple example of employing a dummy pre-shared key. We used two terminals on the same machine. In one, we executed the following command to start the server, which is explained directly below:
@@ -562,8 +565,7 @@ SSL-Session:
 ```
 In TLS 1.2, the usage of a PSK was still part of the ciphersuite choice, and it is visible in the chosen ciphersuite `DHE-PSK-AES256-GCM-SHA384`. Also, the PSK identity `rosenpass` was displayed.
 
-
-### 2. Rosenpass Simple Example
+### Rosenpass Simple Example
 
 For this section, we assume that you have already installed Rosenpass on your system. You can do so by following the step-by-step [manual on our website](https://rosenpass.eu/docs/compilation/).
 
@@ -631,7 +633,7 @@ $ diff rp*-key-out
 We then terminated both Rosenpass peers using `Ctrl+C`. Otherwise, they would have continued to perform new handshakes and written new shared keys to their output key file every two minutes.
 
 
-### 3. Plugging it all in
+### Plugging it all in
 
 The final step was to hand the Rosenpass shared key over to the OpenSSL `s_client` and `s_server` commands. We needed to achieve the following:
 
@@ -710,7 +712,7 @@ As explained above, this is insecure because the PSK ends up visible in plaintex
 
 On the client side, the user still needs to input `GET /` manually. We also tested piping `echo "GET /"` into the `openssl s_client` command, however, this turned out to be unreliable. The server sometimes did not answer with the status output. We believe this may be because the input would sometimes arrive too early.
 
-### 4. Security Analysis
+## Security Analysis
 
 The general idea of hybrid post-quantum security is that:
 
@@ -730,7 +732,7 @@ There are two cryptography papers formally analysing the security of the PSK cip
 
 For TLS 1.2, more details can be found in *Section 3* and *Theorem 2* of [ia.cr/2014/037](https://eprint.iacr.org/2014/037) relating to the “TLS_DHE_PSK protocol”. For TLS 1.3, there are *Theorem 7.1* and *Figure 1* of [ia.cr/2022/246](https://eprint.iacr.org/2022/246).
     
-### 5. Conclusion
+## Conclusion
 
 In the course of producing this tutorial, we were able to demonstrate that Rosenpass can be used to achieve hybrid post-quantum security with both a TLS 1.2 and a TLS 1.3 channel. Although we have made our scripts available in [rosenpass/openssl-tutorial](https://github.com/rosenpass/openssl-tutorial), it is worth noting that this is meant as a proof-of-concept. The reader should be aware that this tutorial's implentation is not as secure as it should be for production use. The immediately known flaws in this method are:
 

content/en/docs/presentations/easterhegg-2023.md

@@ -13,6 +13,8 @@ toc:
   depth: 3
 ---
 
+{{< blocks/video-embed title="Video: Easterhegg 2023" subtitle="Ein VPN zum Schutz vor Quantencomputern" href="https://app.media.ccc.de/v/eh20-4-rosenpass-ein-vpn-zum-schutz-vor-quantencomputern/oembed" hostPg="https://media.ccc.de/v/eh20-4-rosenpass-ein-vpn-zum-schutz-vor-quantencomputern" privacy="https://media.ccc.de/about.html#privacy" host="Chaos Computer Club" screenshot="img/conferences/easterhegg2023-screenshot.png">}}
+
 {{< blocks/pdfembed >}}
 
 

content/en/docs/presentations/mrmcd-2023.md

@@ -1,7 +1,7 @@
 ---
 title: "Sichere Kryptografie trotz Quantencomputern: Projektupdate"
 linkTitle: "MRMCD 2023"
-description: "A recap on, and overview of, Rosenpass' progress since April presented to the MetaRehinMainChaosDays conference in Darmstadt."
+description: "A recap on, and overview of, Rosenpass' progress since April presented to the MetaRheinMainChaosDays conference in Darmstadt."
 talkLanguage: "DE"
 banner: "mrmcd2023.jpg"
 
@@ -13,4 +13,6 @@ toc:
 pdf_filename: "2023-09-03-MRMCD2023/slides.pdf"
 ---
 
+{{< blocks/video-embed title="Video: MRMCD 2023" subtitle="Rosenpass Update: Post Quantum Kryptographie in praktischer Anwendung." href="https://media.ccc.de/v/2023-265-rosenpass-update-post-quantum-kryptographie-in-praktischer-anwendung-/oembed" hostPg="https://media.ccc.de/v/2023-265-rosenpass-update-post-quantum-kryptographie-in-praktischer-anwendung-" host="Chaos Computer Club" privacy="https://media.ccc.de/about.html#privacy" screenshot="img/conferences/mrmcd2023-screenshot.png">}}
+
 {{< blocks/pdfembed >}}

content/en/docs/source_code.md

@@ -6,4 +6,5 @@ menu: false
 type: docs
 icon: fab fa-github
 manualLink: "https://github.com/rosenpass/rosenpass"
+manualLinkTarget: "_blank"
 ---

content/en/impressum.md

@@ -60,23 +60,21 @@ Datenschutzerklärung / Data Protection Policy Statement
 
 Our Data Protection Policy (Datenschutzerklärung) is stated hereunto, in German, as Germany is our legal lieu de affaires. The German text is legally binding. We provide a summary for our English-speaking audience here: 
 
-You may always direct your inquiries regarding your personal data to [email protected]
-Note that we are a non-commercial research project. We try to answer any such mail with priority. This does not affect your rights to complain with the responsible Data Protection Autorities. We would, however, encourage you to e-mail us first in case of any complaint or uncertainty.
+You may direct your inquiries regarding your personal data to [email protected].
+Please note that, whilst we endeavour to answer all inquries promptly, we are a non-commercial research project. This does not affect your right to file a complaint with the responsible Data Protection Autorities. We would, however, request that you e-mail us first in case of any complaint or uncertainty so that we may seek to resolve it ourselves.
 
 We aim at processing as little personal information on our visitors as technically possible. We do not use cookie consent tools as we only use technically essential cookies and logs and delete them in due course.
 
 We have signed an Auftragsverarbeitungsvertrag (Order processing contract according to GDPR) with our hoster and direct our instructions and settings accordingly, as far as this is technically possible.
 
-We do not use third-party services on this website that would require a prior consent from your side, as far as we know. We retain the right of error and ask for immediate notification in case of uncertainties.
+Any third-party services, that would require the user to consent to data sharing, used on this website are clearly marked and do not activate, nor send user data, prior to that consent. We welcome any notification of unmarked services and/or behaviours that we have overlooked.
 
 The responsible contact person for any such inquiries is stated in the Datenschutzerklärung below.
 
-However, on this website, we link to third-party websites/service whose data protection policies we don't have any control or influence over. Consult their respective data protection statements. We do not take any responsibilities for content oder data usage by websites that are linked on this site.
+On this website, we  dolink to third-party websites/service whose data protection policies we don't have any control or influence over. Please consult their respective data protection statements as appropriate. We do not accept any responsibility for content or data usage by external websites linked on this site.
 
 By using our website, you consent to our Privacy Policy and agree to its terms.
 
-Very welcome!
-Project Rosenpass
 
 {{< /blocks/section >}}
 

layouts/blog/content.html

@@ -1,4 +1,4 @@
-<div class="td-content">
+<div class="td-content blog">
 	<h1>{{ .Title }}</h1>
 	{{ with .Params.description }}<div class="lead">{{ . | markdownify }}</div>{{ end }}
 	<div class="td-byline mb-4">

layouts/blog/list.html

@@ -16,7 +16,8 @@ <h2>{{ T "" }} {{ .Key }}</h2>
 				<li class="media post-list-item mb-4">
 					<div class="media-body">
 						<h5 class="mt-0 mb-1"><a href="{{ .RelPermalink }}">{{ .Title }}</a></h5>
-						<p class="mb-2 mb-md-3"><small class="text-muted">{{ .Date.Format ($.Param "time_format_blog") }} {{ T "ui_in"}} {{ .CurrentSection.LinkTitle }}</small></p>
+						<p class="mb-0"><small class="text-muted">by {{ .Params.Author }}</small></p>
+						<p class="mb-2 mb-md-3"><small class="text-muted">{{ .Date.Format "2 January 2006" }}</small></p>
 						<header class="article-meta">
 							{{ partial "taxonomy_terms_article_wrapper.html" . }}
 							{{ if (and (not .Params.hide_readingtime) (.Site.Params.ui.readingtime.enable)) }}

layouts/docs/list.html

@@ -16,7 +16,7 @@
 				<ul  id="presentation-list"  class="post-list list-unstyled row">
 
 					{{ range  $p := .Pages}}
-					<li class="col-12 col-lg-5">
+					<li class="col-12 col-lg-6">
 						<div class="post-list-item card">
 							<div class="row px-0 justify-content-between">
 								<p class="h4 presentation-card-title col-8 pe-0">{{ $p.LinkTitle }} </p>
@@ -28,7 +28,7 @@
 										 src="/img/conferences/{{ $p.Params.banner }}" alt="Featured Image for {{ $p.LinkTitle }}" >
 								</a>
 							{{ end }}
-							<h5 class="card-title"><a href="{{ .RelPermalink }}">  "{{ $p.Title }}"</a></h5>
+							<h5 class="card-title"><a href="{{ .RelPermalink }}">  {{ $p.Title }}</a></h5>
 							<div class="card-text"><p class="pt-0 mt-0">{{ $p.Description }}</p>
 								<p class="pt-0 readmore"><a href="{{ .RelPermalink }}" aria-label="{{ T "ui_read_more"}} - {{ .LinkTitle }}">{{ T "ui_read_more"}}</a></p>
 							</div>

layouts/partials/footer.html

@@ -2,7 +2,7 @@
 <footer class="bg-white py-5 row d-print-none">
 
   <p class=" text-center mb-1"><a href="/press/">Press</a> | <a href="/impressum/"  >Impressum</a> | <a href="/contributors/#contact">Contact</a></p>
-   <p class=" text-center text-xs mb-1">Funded through <a href="https://nlnet.nl/">NLnet</a> with financial support from the European Commission's <a href="https://nlnet.nl/assure">NGI Assure</a> program <br/>
+   <p class=" text-center text-xs mb-1">Funded through <a href="https://nlnet.nl/">NLNet</a> with financial support from the European Commission's <a href="https://nlnet.nl/assure">NGI Assure</a> program <br/>
    and ProtoType Fund of the <a href="https://okfn.de/en/">Open Knowledge Foundation Germany</a>, financed by the <a href="https://www.bmbf.de/en/index.html">Federal Ministry of Education and Research (BMBF).</a></p></p>
   <p class=" text-center text-xs">Website and mail hosting sponsored by <a href="https://servercow.de/">Servercow</a>.</p>
 

layouts/partials/scripts.html

@@ -0,0 +1,105 @@
+{{ $needKaTeX  := or .Site.Params.katex.enable .Params.math .Params.chem -}}
+{{ $needmhchem := or .Site.Params.katex.mhchem.enable .Params.chem -}}
+{{ $needmermaid := .Site.Params.mermaid.enable -}}
+{{ if ge hugo.Version "0.93.0" -}}
+    {{ with .Site.Params.mermaid }}
+        {{ $needmermaid = true }}
+    {{ end }}
+  {{ $needKaTeX = or $needKaTeX (.Page.Store.Get "hasKaTeX") (.Page.Store.Get "hasmhchem") -}}
+  {{ $needmhchem = or $needmhchem (.Page.Store.Get "hasmhchem") -}}
+  {{ $needmermaid = or $needmermaid (.Page.Store.Get "hasmermaid") -}}
+{{ else -}}
+  {{ if or $needKaTeX $needmhchem $needmermaid -}}
+    {{ warnf "Outdated Hugo version %s, consider upgrading to make full use of all theme features" hugo.Version  }}
+  {{ end -}}
+{{ end -}}
+
+{{ if .Site.Params.markmap.enable -}}
+<style>
+.markmap > svg {
+  width: 100%;
+  height: 300px;
+}
+</style>
+<script>
+window.markmap = {
+  autoLoader: {
+      manual: true,
+      onReady() {
+        const { autoLoader, builtInPlugins } = window.markmap;
+        autoLoader.transformPlugins = builtInPlugins.filter(plugin => plugin.name !== 'prism');
+      },
+  },
+};
+</script>
+<script src="https://cdn.jsdelivr.net/npm/markmap-autoloader"></script>
+{{ end -}}
+
+{{ if .Site.Params.plantuml.enable -}}
+  <script src='{{ "js/deflate.js" | relURL }}'></script>
+{{ end -}}
+
+{{ if  $needKaTeX -}}
+{{/* load stylesheet and scripts for KaTeX support */ -}}
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/katex.min.css"
+      integrity="sha512-6VMVcy7XQNyarhVuiL50FzpgCFKsyTd6YO93aaQEyET+BNaWvj0IgKR86Bf6+AmWczxAcSnL+JGjo+iStgO1gQ==" crossorigin="anonymous">
+  {{/* The loading of KaTeX is deferred to speed up page rendering */ -}}
+<script defer src="https://cdn.jsdelivr.net/npm/[email protected]/dist/katex.min.js"
+        integrity="sha512-b9IKj4LCNrtCPBhceRcoYOHWW/S2q9fpl7iAJlyxYpykRj1SKM7FE9+E0NEnJ8g8ni47LBr2GuX9qzg/xeuwzQ=="
+        crossorigin="anonymous">
+</script>
+  {{ if $needmhchem -}}
+  {{/* To add support for displaying chemical equations and physical units, load the mhchem extension: */ -}}
+<script defer src="https://cdn.jsdelivr.net/npm/[email protected]/dist/contrib/mhchem.min.js"
+        integrity="sha512-V1hl0fnOXW6Cdqe5ZVqtw8TBpJVpu3XRDRQti96j/04+tMarPrCdXEUE3UdfvfKYTpOn9DV4zEZBVr0HhDiuiQ=="
+        crossorigin="anonymous">
+</script>
+  {{ end -}}
+  {{/* To automatically render math in text elements, include the auto-render extension: */ -}}
+<script defer src="https://cdn.jsdelivr.net/npm/[email protected]/dist/contrib/auto-render.min.js"
+       integrity="sha512-iWiuBS5nt6r60fCz26Nd0Zqe0nbk1ZTIQbl3Kv7kYsX+yKMUFHzjaH2+AnM6vp2Xs+gNmaBAVWJjSmuPw76Efg==" crossorigin="anonymous"
+       {{ printf "onload='renderMathInElement(%s, %s);'" (( $.Page.Site.Params.katex.html_dom_element | default "document.body" ) | safeJS ) ( printf "%s" ( $.Page.Site.Params.katex.options | jsonify )) | safeHTMLAttr }}>
+</script>
+{{ end -}}
+
+{{ $jsBs := resources.Get "vendor/bootstrap/dist/js/bootstrap.bundle.js" -}}
+{{ $jsBase := resources.Get "js/base.js" -}}
+{{ $jsAnchor := resources.Get "js/anchor.js" -}}
+{{ $jsSearch := resources.Get "js/search.js" | resources.ExecuteAsTemplate "js/search.js" .Site.Home -}}
+{{ $jsMermaid := resources.Get "js/mermaid.js" | resources.ExecuteAsTemplate "js/mermaid.js" . -}}
+{{ $jsMarkmap := resources.Get "js/markmap.js" | resources.ExecuteAsTemplate "js/markmap.js" . -}}
+{{ $jsPlantuml := resources.Get "js/plantuml.js" | resources.ExecuteAsTemplate "js/plantuml.js" . -}}
+{{ $jsDrawio := resources.Get "js/drawio.js" | resources.ExecuteAsTemplate "js/drawio.js" . -}}
+{{ if .Site.Params.offlineSearch -}}
+  {{ $jsSearch = resources.Get "js/offline-search.js" -}}
+{{ end -}}
+
+{{ $jsArray := slice $jsBs $jsBase $jsAnchor $jsSearch $jsPlantuml $jsMarkmap $jsDrawio -}}
+
+{{ if $needmermaid -}}
+{{ $jsArray = $jsArray | append $jsMermaid -}}
+<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/mermaid.min.js" integrity="sha512-IX+bU+wShHqfqaMHLMrtwi4nK6W/Z+QdZoL4kPNtRxI2wCLyHPMAdl3a43Fv1Foqv4AP+aiW6hg1dcrTt3xc+Q==" crossorigin="anonymous"></script>
+{{ end -}}
+
+{{ $js := $jsArray | resources.Concat "js/main.js" -}}
+{{ if hugo.IsProduction -}}
+  {{ $js := $js | minify | fingerprint -}}
+  <script src="{{ $js.RelPermalink }}" integrity="{{ $js.Data.Integrity }}" crossorigin="anonymous"></script>
+{{ else -}}
+  <script src="{{ $js.RelPermalink }}"></script>
+{{ end -}}
+
+{{ if .Site.Params.prism_syntax_highlighting -}}
+  <script src='{{ "js/prism.js" | relURL }}'></script>
+{{ else -}}
+{{ $c2cJS := resources.Get "js/click-to-copy.js" -}}
+  {{ if hugo.IsProduction -}}
+    {{ $c2cJS = $c2cJS | minify | fingerprint -}}
+  {{ end -}}
+  <script defer src="{{ $c2cJS.RelPermalink }}" {{ with $c2cJS.Data.Integrity -}}
+    integrity="{{ . }}" {{ end -}}
+    crossorigin="anonymous"></script>
+{{ end -}}
+
+<script src='{{ "js/tabpane-persist.js" | relURL }}'></script>
+{{ partial "hooks/body-end.html" . -}}

layouts/partials/sidebar.html

@@ -71,6 +71,17 @@
     {{- end }}
   </ul>
   {{- end }}
+  {{ if $active -}}
+    {{ if not $s.Params.notoc -}}
+    {{ with $s.TableOfContents -}}
+      {{ if ne . `<nav id="TableOfContents"></nav>` -}}
+        <div class="td-toc blog-toc">
+          {{ . }}
+        </div>
+      {{ end -}}
+    {{ end -}}
+  {{ end -}}
+{{ end -}}
 </li>
 {{- end }}