update

2024-02-10 14:40:04 +01:00 · 2024-02-10 14:40:04 +01:00 · e4347bf8e1
commit e4347bf8e1
parent 8cad60789d
2 changed files with 218 additions and 0 deletions
--- a/oqsprovider/README.md
+++ b/oqsprovider/README.md
@ -0,0 +1,93 @@
+OpenSSL 3.2
+```
+sudo apt install build-essential checkinstall -y
+
+git clone https://github.com/openssl/openssl.git (verzia 3.3.0-dev (21.01.2024)
+
+https://github.com/openssl/openssl/releases/download/openssl-3.2.0/openssl-3.2.0.tar.gz
+tar -xvf openssl-3.2.0.tar.gz
+cd openssl-3.2.0
+./Configure
+make
+sudo make install
+
+export PATH="/usr/local:$PATH"
+export LD_LIBRARY_PATH="/usr/local/lib64:$PATH"
+
+cd /etc/ld.so.conf.d/
+sudo touch openssl-3.2.0.conf
+echo "/usr/local/lib64" | sudo tee -a openssl-3.1.2.conf
+sudo ldconfig -v
+```
+
+LIBOQS
+```
+sudo apt install astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind -y
+git clone https://github.com/open-quantum-safe/liboqs.git
+cd liboqs/
+mkdir build && cd build
+
+cmake -GNinja .. -DBUILD_SHARED_LIBS=ON -DOPENSSL_ROOT_DIR=/usr/local/lib64 -DOQS_ALGS_ENABLED=ALL
+ninja
+sudo ninja install
+
+cd /etc/ld.so.conf.d/
+sudo touch liboqs.conf
+echo "/usr/local/lib" | sudo tee -a liboqs.conf
+sudo ldconfig -v
+```
+
+OQS PROVIDER
+```
+git clone https://github.com/open-quantum-safe/oqs-provider.git
+cd oqs-provider
+cmake -S . -B _build -DOPENSSL_ROOT_DIR=/usr/local/lib64 -Dliboqs_DIR=/usr/local -DBUILD_SHARED_LIBS=ON
+cmake --build _build
+sudo cmake --install _build
+```
+
+```
+cd /usr/local/ssl/
+sudo nano openssl.cnf
+```
+
+// add 
+```
+[provider_sect]
+default = default_sect
+oqsprovider = oqsprovider_sect
+[oqsprovider_sect]
+activate = 1
+```
+Note: Be sure to always activate either the "default"
+
+
+WIN
+
+Winlibs
+
+copy + path update
+make rename
+
+
+LIBOQS
+```
+mkdir build
+cd build
+cmake -GNinja .. -DOPENSSL_ROOT_DIR='D:\TUKE\DIPLOMOVKA\WIN\openssl-3\x64\bin\' -DOQS_ALGS_ENABLED=ALL -DCMAKE_C_LINK_LIBRARY_FLAG="-lssl -lcrypto"
+d:\mingw64\lib\ - nakopírované ssl a crypto
+cmake_install.cmake - set(CMAKE_INSTALL_PREFIX - uprava cesty kde chceme inštalovať
+```
+OQS-PROVIDER
+```
+cmake -GNinja .. -DOPENSSL_ROOT_DIR="C:\Program Files\Common Files\FireDaemon SSL 3" -Dliboqs_DIR=d:\liboqs\lib\cmake\liboqs\ -DBUILD_SHARED_LIBS=OFF
+ninja
+ninja install
+```
+
+- oqs_test_tlssig.c - added certsdir mingw64 check
+- alebo ignorovat testy 
+
+
+config do hlavnej zložky - c:\Program Files\Common Files\FireDaemon SSL 3\
+
--- a/OQS-OpenSSL/README.md
+++ b/OQS-OpenSSL/README.md
@ -0,0 +1,125 @@
+## Open quantum safe OpenSSL 1.1.1t
+
+:red_circle: OpenSSL 1.1.1 End of life - https://www.openssl.org/blog/blog/2023/09/11/eol-111/
+
+## Building
+### LINUX
+- testované na Ubuntu 20.04.5
+
+**1. Inštalácia potrebných nástrojov**
+
+```sudo apt install cmake gcc libtool libssl-dev make ninja-build git -y```
+
+**2. Stiahnutie Open Quantum Safe OpenSSL repozitáru**
+
+```git clone --branch OQS-OpenSSL_1_1_1-stable https://github.com/open-quantum-safe/openssl.git```
+
+**3. Stiahnutie a inštalácia liboqs**
+
+```
+git clone --branch main https://github.com/open-quantum-safe/liboqs.git
+cd liboqs
+mkdir build && cd build
+cmake -GNinja -DCMAKE_INSTALL_PREFIX=../../openssl/oqs ..
+ninja
+ninja install
+```
+**4. Build QS OpenSSL fork**
+
+```
+cd ./openssl
+./Configure no-shared linux-x86_64 -DOQS_DEFAULT_GROUPS=\"kyber1024:p521_kyber1024:kyber90s1024:p521_kyber90s1024\" -lm
+make -j 1
+sudo make install
+```
+- prepínač `-DOQS_DEFAULT_GROUPS` umožňuje meniť key exchange algoritmy, ktoré bude server podporovať
+- zoznam všetkých podporovaných algoritmov - https://github.com/open-quantum-safe/openssl#key-exchange
+
+**5. Vytvorenie CA kľúča a certifikátu**
+- v tomto príklade je *p256_dilithium2* hybridný algoritmus *dilithium2* s použitím P256 ECDH krivkou
+
+```
+cd ./openssl/apps
+./openssl req -x509 -new -newkey p256_dilithium2 -keyout p256_dilithium2_CA.key -out p256_dilithium2_CA.crt -nodes -subj "/CN=oqstest CA" -days 365 -config ./openssl.cnf
+```
+**6. Vygenerovanie privátneho kľúča pre server**
+```
+./openssl req -new -newkey p256_dilithium2 -keyout p256_dilithium2_srv.key -out p256_dilithium2_srv.csr -nodes -subj "/CN=localhost" -config ./openssl.cnf
+```
+**7. Vygenerovanie certifikátu s CA podpisom pre server**
+```
+./openssl x509 -req -in p256_dilithium2_srv.csr -out p256_dilithium2_srv.crt -CA p256_dilithium2_CA.crt -CAkey p256_dilithium2_CA.key -CAcreateserial -days 365
+```
+**8. Spustenie serveru a klienta**
+- oba programy je potrebné spustiť v samostatných oknách terminálu
+```
+./openssl s_server -cert p256_dilithium2_srv.crt -key p256_dilithium2_srv.key -www -tls1_3
+./openssl s_client -groups kyber1024 -CAfile p256_dilithium2_CA.crt -connect localhost
+```
+
+### WINDOWS
+- testované na Windows 10.0.19043
+
+**1. Príprava prostredia**
+
+Perl - stiahnutie Perl-u strawberry-perl-5.32.1.1-64bit zo stránky https://strawberryperl.com/
+
+Cmake - stihnutie CMake-u cmake-3.26.3-windows-x86_64 zo stránky https://cmake.org/download/
+
+NMAKE - stiahnutie a inštalácia nástrojov Build Tools for Visual Studio 2022 zo stránky https://visualstudio.microsoft.com/downloads/
+
+Pridanie premenných prostredia:
+```
+D:\Strawberry\perl\bin
+D:\Program Files\CMake\bin
+D:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Tools\MSVC\14.35.32215\bin\Hostx86\x86\nmake.exe
+```
+pozn. v našom prípade premenná nepomohla a bolo nutné ich nekonfigurovať manuálne v Powershelli príkazmi:
+```
+$env:path += ";D:\Program Files\cmake\bin"
+$env:path += ";d:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Tools\MSVC\14.35.32215\bin\Hostx86\x86\"
+```
+Pre správnu funkciu NMAKE je nutné spustiť súbor vcvarsall.bat <br>
+V našom prípade sa tento súbor nachádzal na adrese `d:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Auxiliary\Build\`
+
+**2. Stiahnutie OpenSSL, Open Quantum Safe OpenSSL repozitáru a liboqs**
+
+OpenSSL - stiahnutie OpenSSL 1.1.1t zo stránky - https://www.openssl.org/source/ <br>
+Stiahnutý súbor sme extrahovali do priečinka ProgramFiles a premenovali sme ho na openssl
+
+OpenSSL OQS - stiahnutie OQS OpenSSL repozitáru z GITu - https://github.com/open-quantum-safe/openssl/tree/OQS-OpenSSL_1_1_1-stable <br>
+Presun stiahnutých súborov do openssl priečinku
+
+Liboqs - stiahnutie súborov z GITu - https://github.com/open-quantum-safe/liboqs
+
+**3. Príprava liboqs**
+- v prípade chyby prístupu pri príkaze cmake alebo ninja je potrebné spustiť PowerShell ako administrátor
+- v našom prípade sme použili Administrator Developer PowerShell for VS 2022
+```
+cd liboqs
+mkdir build
+cd build
+cmake -GNinja -DCMAKE_INSTALL_PREFIX='D:\Program Files\openssl\openssl-OQS-OpenSSL_1_1_1-stable\oqs' ..
+ninja
+ninja install
+```
+
+**4. Build QS OpenSSL fork**
+```
+cd ./openssl
+perl Configure VC-WIN64A no-shared
+nmake
+```
+
+pozn. chyba spôsobená chýbajúcim nalinkovaním Perlu a NMAKE-u (vyriešené spustením súboru vcvarsall.bat)
+![err-code](https://ctrlv.sk/shots/2023/05/09/QHGf.png)
+
+**5. Príprava certifikátu, kľúčov a spustenie programov**
+
+Generovanie certifikátu, kľúčov a spustenie programov je rovnaké ako na platforme UNIX - viď. bod 5-8 <br>
+Výsledok je rovnaký
+
+![final-result](https://ctrlv.sk/shots/2023/05/10/SzvJ.png)
+
+## References
+[Open quantum safe OpenSSL 1.1.1t](https://github.com/open-quantum-safe/openssl)