MastersThesis/EOL_OQS-OpenSSL/README.md
2024-04-11 09:37:17 +00:00

4.9 KiB

Open quantum safe OpenSSL 1.1.1t

OpenSSL 1.1.1 End of life - https://www.openssl.org/blog/blog/2023/09/11/eol-111/

"The OpenSSL project has announced that its support for OpenSSL 1.1.1 will stop in September, 2023, and that all users should switch to OpenSSL 3. Consequently, the Open Quantum Safe project is discontinuing development of our OQS-OpenSSL 1.1.1 fork." - https://github.com/open-quantum-safe/openssl

Building

Inštalované a testované na:

Platform OS compiler cmake ninja
Linux Ubuntu 20.04.5 LTS
(GNU/Linux 5.15.133.1-microsoft-standard-WSL2 x86_64)
gcc version 11.4.0
(Ubuntu 11.4.0-1ubuntu1~22.04)
version 1.10.1 version 3.16.3

LINUX

1. Inštalácia potrebných nástrojov

sudo apt install cmake gcc libtool libssl-dev make ninja-build git -y

2. Stiahnutie a inštalácia liboqs

git clone --branch main https://github.com/open-quantum-safe/liboqs.git
cd liboqs
mkdir build && cd build
cmake -GNinja -DCMAKE_INSTALL_PREFIX=../../openssl/oqs ..
ninja
ninja install

3. Stiahnutie a inštalácia OQS-OpenSSL

git clone --branch OQS-OpenSSL_1_1_1-stable https://github.com/open-quantum-safe/openssl.git
cd ./openssl
./Configure no-shared linux-x86_64 -lm
make -j 1
sudo make install

WINDOWS

Inštalované a testované na:

Platform OS compiler cmake ninja Perl Build Tools
for Visual Studio 2022
Windows Windows 10.0.19043 gcc version 13.2.0
(MinGW-W64 x86_64-msvcrt-posix-seh)
version 1.11.1 version 3.27.1 5.32.1 17.5.5

1. Príprava prostredia

GCC, ninja, CMake - súťasťou knižnice Winlibs - https://winlibs.com/

Perl - stiahnutie a inštalácia Perl-u strawberry-perl-5.32.1.1-64bit zo stránky https://strawberryperl.com/

NMAKE - stiahnutie a inštalácia nástrojov Build Tools for Visual Studio 2022 zo stránky https://visualstudio.microsoft.com/downloads/

Pridanie premenných prostredia:

D:\Strawberry\perl\bin
D:\Program Files\CMake\bin
D:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Tools\MSVC\14.35.32215\bin\Hostx86\x86\nmake.exe

V našom prípade systémová premenná nepomohla a bolo nutné ich nekonfigurovať manuálne v Powershell termináli príkazmi:

$env:path += ";D:\Program Files\cmake\bin"
$env:path += ";d:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Tools\MSVC\14.35.32215\bin\Hostx86\x86\"

Pre správnu funkciu NMAKE je nutné spustiť súbor vcvarsall.bat
V našom prípade sa tento súbor nachádzal na adrese d:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Auxiliary\Build\

2. Stiahnutie OQS-OpenSSL a liboqs

OpenSSL OQS - stiahnutie OQS OpenSSL repozitáru z GITu - https://github.com/open-quantum-safe/openssl/tree/OQS-OpenSSL_1_1_1-stable

Liboqs - stiahnutie súborov z GITu - https://github.com/open-quantum-safe/liboqs

3. Príprava liboqs

cd liboqs
mkdir build
cd build
cmake -GNinja -DCMAKE_INSTALL_PREFIX='D:\Program Files\openssl\openssl-OQS-OpenSSL_1_1_1-stable\oqs' ..
ninja
ninja install

4. Build QS OpenSSL fork

cd ./openssl
perl Configure VC-WIN64A no-shared
nmake

Launch

1. Vytvorenie CA kľúča a certifikátu

  • v tomto príklade predstavuje p256_dilithium2 hybridný algoritmus dilithium2 v kombinácii si krivkou p256 ECDSA algorimu
cd ./openssl/apps
./openssl req -x509 -new -newkey p256_dilithium2 -keyout p256_dilithium2_CA.key -out p256_dilithium2_CA.crt -nodes -subj "/CN=oqstest CA" -days 365 -config ./openssl.cnf

2. Vygenerovanie privátneho kľúča pre server

./openssl req -new -newkey p256_dilithium2 -keyout p256_dilithium2_srv.key -out p256_dilithium2_srv.csr -nodes -subj "/CN=localhost" -config ./openssl.cnf

3. Vygenerovanie certifikátu s CA podpisom pre server

./openssl x509 -req -in p256_dilithium2_srv.csr -out p256_dilithium2_srv.crt -CA p256_dilithium2_CA.crt -CAkey p256_dilithium2_CA.key -CAcreateserial -days 365

4. Spustenie serveru a klienta

  • oba programy je potrebné spustiť v samostatných oknách terminálu
./openssl s_server -cert p256_dilithium2_srv.crt -key p256_dilithium2_srv.key -www -tls1_3
./openssl s_client -groups kyber1024 -CAfile p256_dilithium2_CA.crt -connect localhost

References

Open quantum safe OpenSSL 1.1.1t

liboqs

WinLibs

Strawberry Perl