# Plugins implementing TLS Crypt V2 for OpenVPN

## Description

This repository contains multiple plugins each implementing the TLS Crypt V2 mechanism in a HSM or Hardware Token. To use any of the plugins, it is required to patch OpenVPN to add a plugin Hook for performing TLS Crypt V2 operations.

## Installation

Each plugin is an individual CMake project and can compiled with it. Dependencies depend on plugin:

* SoftHSM: softhsm
* YubiKey: openssl, yubico-c
* Smartcard: pcsclite, ant

Using the Smartcard Key Wrapping plugin requires compiling and loading a Java Applet onto a Smartcard. The applet code is provided in `SmartcardKeyWrapping/SmartcardKeyWrappingApplet`. The applet is an Ant Project.

## Usage

Add the plugin to your server config and add arguments depending on the plugin. Order of arguments matters!

* SoftHSM: Path to SoftHSM2 Library (e.g. /usr/lib/pkcs11/libsofthsm2.so)
* YubiKey: Slot number to use on the YubiKey (e.g. 1 or 2) and access code for the YubiKey (if unknown / not set: 0)
* Smartcard: No arguments required