revision1

This commit is contained in:
josi 2024-05-07 10:46:35 +02:00
parent bd55ec336d
commit 5735c858f1
8 changed files with 112 additions and 16 deletions

View File

@ -4,8 +4,11 @@ generovanie PQ algoritmov.
Na generovanie PQ algoritmov je nutne aktivovat oqsprovidera. Navod na aktivaciu
sa nachadza v zlozke /oqsprovider/
Dostupne PQ algoritmy (20.02.2024)
Dostupne PQ algoritmy (07.05.2024)
- zalezi tiez na nastaveniach kniznic liboqs a oqs-provider viď https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
mldsa44
mldsa65
mldsa87
dilithium2
dilithium3
dilithium5
@ -14,12 +17,12 @@ falcon1024
sphincssha2128fsimple
sphincssha2128ssimple
sphincssha2192fsimple
sphincssha2192ssimple
sphincssha2256fsimple
sphincssha2256ssimple
sphincsshake128fsimple
Nepodporovane algoritmy pri defaultnom nastaveni kniznice
sphincssha2192ssimple
sphincssha2256fsimple
sphincssha2256ssimple
sphincsshake128ssimple
sphincsshake192fsimple
sphincsshake192ssimple

View File

@ -1,3 +1,6 @@
/*
JS 2024-05-07 doplnene priklady nastavenia premennej DEFAULT_GROUPS, doplnene info o ML-KEM
*/
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0
*/
@ -101,7 +104,7 @@ SSL vyhodi chybu SSL routines:final_key_share:no suitable key share
Priklad pouzitia:
- klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072"
- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- PQ algoritmy: "mlkem512:mlkem768:mlkem1024:kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768"
Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md
@ -109,7 +112,7 @@ Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-p
POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0)
*/
#define DEFAULT_GROUPS "kyber512:X25519:kyber768"
#define DEFAULT_GROUPS "mlkem512:hqc128:X25519:kyber768"
#define DEFAULT_PORT 443

View File

@ -1,3 +1,6 @@
/*
JS 2024-05-07 doplnene priklady nastavenia premennej DEFAULT_GROUPS, doplnene info o ML-KEM
*/
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0
*/
@ -115,7 +118,7 @@ SSL vyhodi chybu: "SSL routines:final_key_share:no suitable key share"
Priklad pouzitia:
- klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072"
- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- PQ algoritmy: "mlkem512:mlkem768:mlkem1024:kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768"
Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md
@ -123,7 +126,7 @@ Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-p
POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0)
*/
#define DEFAULT_GROUPS "kyber768:frodo976aes:kyber1024"
#define DEFAULT_GROUPS "mlkem512:kyber768:frodo976aes:kyber1024"
#define DEFAULT_PORT 443

View File

@ -1,3 +1,6 @@
/*
JS 2024-05-07 doplnene priklady nastavenia premennej DEFAULT_GROUPS, doplnene info o ML-KEM
*/
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0
*/
@ -56,7 +59,7 @@ SSL vyhodi chybu SSL routines:final_key_share:no suitable key share
Priklad pouzitia:
- klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072"
- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- PQ algoritmy: "mlkem512:mlkem768:mlkem1024:kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768"
Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md
@ -64,7 +67,7 @@ Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-p
POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0)
*/
#define DEFAULT_GROUPS "X25519:kyber512:kyber768"
#define DEFAULT_GROUPS "mlkem512:X25519:kyber512:kyber768"
/**
* printUsage function who describe the utilisation of this script.

View File

@ -1,3 +1,6 @@
/*
JS 2024-05-07 doplnene priklady nastavenia premennej DEFAULT_GROUPS, doplnene info o ML-KEM
*/
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0
*/
@ -59,7 +62,7 @@ SSL vyhodi chybu SSL routines:final_key_share:no suitable key share
Priklad pouzitia:
- klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072"
- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- PQ algoritmy: "mlkem512:mlkem768:mlkem1024:kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768"
Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md
@ -67,7 +70,7 @@ Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-p
POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0)
*/
#define DEFAULT_GROUPS "kyber768:frodo976aes:kyber1024"
#define DEFAULT_GROUPS "mlkem512:kyber768:frodo976aes:kyber1024"
#define DEFAULT_PORT 443

View File

@ -7,9 +7,6 @@ klient/server na inom zariadeni je nutne vytvorit novy .dll subor.
Vytvorene a testovane na:
OpenSSL 3.3.0, liboqs 0.10.0, oqs-provider 0.6.0
Cely postup je dostupny online:
https://git.kemt.fei.tuke.sk/js331zc/MastersThesis/src/branch/master/OpenSSL_liboqs_oqsprovider
NAVOD NA POUZITIE
- predpokladame ze system obsahuje kniznice libcrypto a libssl
- na generovanie PQ certifikatov je potrebne mat OpenSSL.exe
@ -52,3 +49,39 @@ premennu OPENSSL_CONF na priecinok, kde sa tento subor nachadza. V BPS obraze
je tato premenna nastavena na C:\OPENSSL\BIN\
Systemovu premennu mozeme zmenit alebo skopirovat nas konfiguracny subor
na dane miesto.
-------------------------------------------------------------------------------
Ak potrebujeme vygenerovat nove verzie kniznic liboqs a oqs-provider:
NAVOD NA KOMPILACIU
Predpokladame, ze BPS obraz obsahuje vsetky potrebne nastroje (WinLibs) a OpenSSL
1. liboqs
https://github.com/open-quantum-safe/liboqs
https://github.com/open-quantum-safe/liboqs/releases - ak potrebujeme konkretnu verziu
- stiahnuty subor rozbalime na nami zvolene miesto, napr. C:\liboqs\
- kniznicu nainstalujeme prikazmi:
mkdir build
cd build
cmake -GNinja ..
ninja
ninja install
- po dokonceni instalacie vznikli zlozky /include/ a /lib/, ktore
skopirujeme do hlavnej zlozky nasho prekladaca, napr. C:\MINGW\
2. oqs-provider
https://github.com/open-quantum-safe/oqs-provider/tree/main
https://github.com/open-quantum-safe/oqs-provider/releases - ak potrebujeme konkretnu verziu
- stiahnuty balik rozbalime na nami zvolene miesto, napr. C:\oqsprovider\
- v subore CMakeLists.txt pridame na riadok 90 a 91 pred funkcie
enable_testing() a add_subdirectory(test) symbol #, ktorym zakomentujeme
a nezrealizujeme kompilaciu testov
- kniznicu nainstalujeme tymito prikazmi:
cmake -GNinja -DOPENSSL_ROOT_DIR=C:\OPENSSL -S . -B _build
cd _build
ninja
ninja install

View File

@ -0,0 +1,45 @@
# JS update 29.02.2024
# Odstranene nepotrebne podmienky a funkcie
cmake_minimum_required(VERSION 3.7)
# CMake instructions to build tiitls library
# Set the project name
project(tiitls1.3)
configure_file(./sal/tls_sal_m.xpp ./lib/tls_sal.cpp COPYONLY)
set(SRC
./lib/tls_cert_chain.cpp
./lib/tls_client_recv.cpp
./lib/tls_client_send.cpp
./lib/tls_keys_calc.cpp
./lib/tls_sockets.cpp
./lib/tls_octads.cpp
./lib/tls_logger.cpp
./lib/tls_protocol.cpp
./lib/tls_cacerts.cpp
./lib/tls_client_cert.cpp
./lib/tls_tickets.cpp
./lib/tls_x509.cpp
./lib/tls_sal.cpp
./lib/ibe/tls_bfibe.cpp
./lib/ibe/tls_pqibe.cpp
)
# Add a library
add_library(tiitls STATIC ${SRC})
target_include_directories(tiitls PUBLIC include)
target_include_directories(tiitls PUBLIC sal/miracl)
target_include_directories(tiitls PUBLIC sal/miracl/includes)
# CMake instructions to build client app
add_executable( client src/client.cpp )
target_link_libraries(client tiitls )
target_link_libraries(client ${PROJECT_SOURCE_DIR}/sal/miracl/core.a -loqs -lstdc++ -lws2_32)

View File

@ -1,9 +1,10 @@
# MastersThesis
## About
Tento repozitár obsahuje zdrojové kódy knižníc, návody kompilácie, vytvorené skripty a výsledky meraní, ktoré vznikli pri riešení problematiky diplomovej práce s názvom "Zabezpečená komunikácia klient server s využitím post-kvantových algoritmov"
## Author
Author: Jozef Simko
Author: Jozef Šimko
School year: 5., Master study, 2023/24
@ -11,3 +12,5 @@ Study program: Computer Networks
Organization: Technical University of Kosice (TUKE), Faculty of Electrical Engineering and Informatics (FEI)
Revision: 1 (07.05.2024)