From 5735c858f13b314e49c61911bcd80e0bb37109b6 Mon Sep 17 00:00:00 2001 From: josi Date: Tue, 7 May 2024 10:46:35 +0200 Subject: [PATCH] revision1 --- PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/README.txt | 11 +++-- .../CLIENT_SERVER_SECURE/CLIENT/client.c | 7 ++- .../CLIENT_SERVER_SECURE/SERVER/server.c | 7 ++- .../CLIENT_SERVER_SECURE_BIO/CLIENT/client.c | 7 ++- .../CLIENT_SERVER_SECURE_BIO/SERVER/server.c | 7 ++- PQ_PROJECT_SSL_TLS/oqsprovider/README.txt | 39 ++++++++++++++-- PQ_TIIGER_TLS/CMakeLists.txt | 45 +++++++++++++++++++ README.md | 5 ++- 8 files changed, 112 insertions(+), 16 deletions(-) create mode 100644 PQ_TIIGER_TLS/CMakeLists.txt diff --git a/PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/README.txt b/PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/README.txt index ede8be9..6b2fd0b 100644 --- a/PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/README.txt +++ b/PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/README.txt @@ -4,8 +4,11 @@ generovanie PQ algoritmov. Na generovanie PQ algoritmov je nutne aktivovat oqsprovidera. Navod na aktivaciu sa nachadza v zlozke /oqsprovider/ -Dostupne PQ algoritmy (20.02.2024) +Dostupne PQ algoritmy (07.05.2024) - zalezi tiez na nastaveniach kniznic liboqs a oqs-provider viď https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md +mldsa44 +mldsa65 +mldsa87 dilithium2 dilithium3 dilithium5 @@ -14,12 +17,12 @@ falcon1024 sphincssha2128fsimple sphincssha2128ssimple sphincssha2192fsimple -sphincssha2192ssimple -sphincssha2256fsimple -sphincssha2256ssimple sphincsshake128fsimple Nepodporovane algoritmy pri defaultnom nastaveni kniznice +sphincssha2192ssimple +sphincssha2256fsimple +sphincssha2256ssimple sphincsshake128ssimple sphincsshake192fsimple sphincsshake192ssimple diff --git a/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/CLIENT/client.c b/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/CLIENT/client.c index cb5f658..94aa06c 100644 --- a/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/CLIENT/client.c +++ b/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/CLIENT/client.c @@ -1,3 +1,6 @@ +/* + JS 2024-05-07 doplnene priklady nastavenia premennej DEFAULT_GROUPS, doplnene info o ML-KEM +*/ /* JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0 */ @@ -101,7 +104,7 @@ SSL vyhodi chybu SSL routines:final_key_share:no suitable key share Priklad pouzitia: - klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072" -- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake" +- PQ algoritmy: "mlkem512:mlkem768:mlkem1024:kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake" - hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768" Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md @@ -109,7 +112,7 @@ Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-p POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0) */ -#define DEFAULT_GROUPS "kyber512:X25519:kyber768" +#define DEFAULT_GROUPS "mlkem512:hqc128:X25519:kyber768" #define DEFAULT_PORT 443 diff --git a/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/SERVER/server.c b/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/SERVER/server.c index bc54d00..d9322ba 100644 --- a/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/SERVER/server.c +++ b/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/SERVER/server.c @@ -1,3 +1,6 @@ +/* + JS 2024-05-07 doplnene priklady nastavenia premennej DEFAULT_GROUPS, doplnene info o ML-KEM +*/ /* JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0 */ @@ -115,7 +118,7 @@ SSL vyhodi chybu: "SSL routines:final_key_share:no suitable key share" Priklad pouzitia: - klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072" -- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake" +- PQ algoritmy: "mlkem512:mlkem768:mlkem1024:kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake" - hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768" Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md @@ -123,7 +126,7 @@ Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-p POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0) */ -#define DEFAULT_GROUPS "kyber768:frodo976aes:kyber1024" +#define DEFAULT_GROUPS "mlkem512:kyber768:frodo976aes:kyber1024" #define DEFAULT_PORT 443 diff --git a/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/CLIENT/client.c b/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/CLIENT/client.c index 5d8dbb0..89d2c0d 100644 --- a/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/CLIENT/client.c +++ b/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/CLIENT/client.c @@ -1,3 +1,6 @@ +/* + JS 2024-05-07 doplnene priklady nastavenia premennej DEFAULT_GROUPS, doplnene info o ML-KEM +*/ /* JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0 */ @@ -56,7 +59,7 @@ SSL vyhodi chybu SSL routines:final_key_share:no suitable key share Priklad pouzitia: - klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072" -- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake" +- PQ algoritmy: "mlkem512:mlkem768:mlkem1024:kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake" - hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768" Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md @@ -64,7 +67,7 @@ Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-p POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0) */ -#define DEFAULT_GROUPS "X25519:kyber512:kyber768" +#define DEFAULT_GROUPS "mlkem512:X25519:kyber512:kyber768" /** * printUsage function who describe the utilisation of this script. diff --git a/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/SERVER/server.c b/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/SERVER/server.c index 467e96f..90b49b9 100644 --- a/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/SERVER/server.c +++ b/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/SERVER/server.c @@ -1,3 +1,6 @@ +/* + JS 2024-05-07 doplnene priklady nastavenia premennej DEFAULT_GROUPS, doplnene info o ML-KEM +*/ /* JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0 */ @@ -59,7 +62,7 @@ SSL vyhodi chybu SSL routines:final_key_share:no suitable key share Priklad pouzitia: - klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072" -- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake" +- PQ algoritmy: "mlkem512:mlkem768:mlkem1024:kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake" - hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768" Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md @@ -67,7 +70,7 @@ Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-p POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0) */ -#define DEFAULT_GROUPS "kyber768:frodo976aes:kyber1024" +#define DEFAULT_GROUPS "mlkem512:kyber768:frodo976aes:kyber1024" #define DEFAULT_PORT 443 diff --git a/PQ_PROJECT_SSL_TLS/oqsprovider/README.txt b/PQ_PROJECT_SSL_TLS/oqsprovider/README.txt index 9b036f2..69e8b32 100644 --- a/PQ_PROJECT_SSL_TLS/oqsprovider/README.txt +++ b/PQ_PROJECT_SSL_TLS/oqsprovider/README.txt @@ -7,9 +7,6 @@ klient/server na inom zariadeni je nutne vytvorit novy .dll subor. Vytvorene a testovane na: OpenSSL 3.3.0, liboqs 0.10.0, oqs-provider 0.6.0 -Cely postup je dostupny online: -https://git.kemt.fei.tuke.sk/js331zc/MastersThesis/src/branch/master/OpenSSL_liboqs_oqsprovider - NAVOD NA POUZITIE - predpokladame ze system obsahuje kniznice libcrypto a libssl - na generovanie PQ certifikatov je potrebne mat OpenSSL.exe @@ -52,3 +49,39 @@ premennu OPENSSL_CONF na priecinok, kde sa tento subor nachadza. V BPS obraze je tato premenna nastavena na C:\OPENSSL\BIN\ Systemovu premennu mozeme zmenit alebo skopirovat nas konfiguracny subor na dane miesto. + +------------------------------------------------------------------------------- +Ak potrebujeme vygenerovat nove verzie kniznic liboqs a oqs-provider: + +NAVOD NA KOMPILACIU +Predpokladame, ze BPS obraz obsahuje vsetky potrebne nastroje (WinLibs) a OpenSSL + +1. liboqs +https://github.com/open-quantum-safe/liboqs +https://github.com/open-quantum-safe/liboqs/releases - ak potrebujeme konkretnu verziu +- stiahnuty subor rozbalime na nami zvolene miesto, napr. C:\liboqs\ +- kniznicu nainstalujeme prikazmi: + +mkdir build +cd build +cmake -GNinja .. +ninja +ninja install + +- po dokonceni instalacie vznikli zlozky /include/ a /lib/, ktore +skopirujeme do hlavnej zlozky nasho prekladaca, napr. C:\MINGW\ + +2. oqs-provider +https://github.com/open-quantum-safe/oqs-provider/tree/main +https://github.com/open-quantum-safe/oqs-provider/releases - ak potrebujeme konkretnu verziu +- stiahnuty balik rozbalime na nami zvolene miesto, napr. C:\oqsprovider\ +- v subore CMakeLists.txt pridame na riadok 90 a 91 pred funkcie +enable_testing() a add_subdirectory(test) symbol #, ktorym zakomentujeme +a nezrealizujeme kompilaciu testov +- kniznicu nainstalujeme tymito prikazmi: + + +cmake -GNinja -DOPENSSL_ROOT_DIR=C:\OPENSSL -S . -B _build +cd _build +ninja +ninja install diff --git a/PQ_TIIGER_TLS/CMakeLists.txt b/PQ_TIIGER_TLS/CMakeLists.txt new file mode 100644 index 0000000..dd23d41 --- /dev/null +++ b/PQ_TIIGER_TLS/CMakeLists.txt @@ -0,0 +1,45 @@ +# JS update 29.02.2024 +# Odstranene nepotrebne podmienky a funkcie + +cmake_minimum_required(VERSION 3.7) + +# CMake instructions to build tiitls library + +# Set the project name +project(tiitls1.3) + +configure_file(./sal/tls_sal_m.xpp ./lib/tls_sal.cpp COPYONLY) + +set(SRC + ./lib/tls_cert_chain.cpp + ./lib/tls_client_recv.cpp + ./lib/tls_client_send.cpp + ./lib/tls_keys_calc.cpp + ./lib/tls_sockets.cpp + ./lib/tls_octads.cpp + ./lib/tls_logger.cpp + ./lib/tls_protocol.cpp + ./lib/tls_cacerts.cpp + ./lib/tls_client_cert.cpp + ./lib/tls_tickets.cpp + ./lib/tls_x509.cpp + ./lib/tls_sal.cpp + ./lib/ibe/tls_bfibe.cpp + ./lib/ibe/tls_pqibe.cpp + ) + +# Add a library +add_library(tiitls STATIC ${SRC}) + +target_include_directories(tiitls PUBLIC include) +target_include_directories(tiitls PUBLIC sal/miracl) +target_include_directories(tiitls PUBLIC sal/miracl/includes) + +# CMake instructions to build client app + +add_executable( client src/client.cpp ) + +target_link_libraries(client tiitls ) + +target_link_libraries(client ${PROJECT_SOURCE_DIR}/sal/miracl/core.a -loqs -lstdc++ -lws2_32) + diff --git a/README.md b/README.md index b23c534..c81f8f3 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,10 @@ # MastersThesis ## About +Tento repozitár obsahuje zdrojové kódy knižníc, návody kompilácie, vytvorené skripty a výsledky meraní, ktoré vznikli pri riešení problematiky diplomovej práce s názvom "Zabezpečená komunikácia klient server s využitím post-kvantových algoritmov" ## Author -Author: Jozef Simko +Author: Jozef Šimko School year: 5., Master study, 2023/24 @@ -11,3 +12,5 @@ Study program: Computer Networks Organization: Technical University of Kosice (TUKE), Faculty of Electrical Engineering and Informatics (FEI) +Revision: 1 (07.05.2024) +