Skip to content

Fork of OpenSSL that includes quantum-resistant algorithms and ciphersuites based on liboqs.

License

Notifications You must be signed in to change notification settings

christianpaquin/openssl

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

open-quantum-safe/openssl

OpenSSL is an open-source TLS/SSL and crypto library https://openssl.org/. (View the original README file for OpenSSL.)

This repository contains a fork of OpenSSL that adds quantum-safe cryptographic algorithms and ciphersuites.

Overview

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography.

liboqs is an open source C library for quantum-safe cryptographic algorithms. liboqs initially focuses on key exchange algorithms. See more about liboqs at https://github.com/open-quantum-safe/liboqs/, including a list of supported algorithms.

open-quantum-safe/openssl is an integration of liboqs into OpenSSL 1.0.2. The goal of this integration is to provide easy prototyping of quantum-resistant cryptography. The integration should not be considered "production quality".

More information on OQS can be found on our website: https://openquantumsafe.org/.

Contents

open-quantum-safe/openssl currently contains:

  • Integration of post-quantum key exchange primitives from liboqs into OpenSSL's speed command
  • Ciphersuites using post-quantum key exchange based on primitives from liboqs, including hybrid ciphersuites which also use ECDHE key exchange

Our modifications are only for OpenSSL v1.0.2, and appear only on the OpenSSL_1_0_2-stable branch.

Key exchange mechanisms

liboqs currently supports the following key exchange mechanisms:

  • RLWE_BCNS15: key exchange from the ring learning with errors problem (Bos, Costello, Naehrig, Stebila, IEEE Symposium on Security & Privacy 2015, https://eprint.iacr.org/2014/599)
  • RLWE_NEWHOPE: "NewHope": key exchange from the ring learning with errors problem (Alkim, Ducas, Pöppelmann, Schwabe, USENIX Security 2016, https://eprint.iacr.org/2015/1092) (using the reference C implementation of NewHope from https://github.com/tpoeppelmann/newhope)
  • LWE_FRODO_RECOMMENDED: "Frodo": key exchange from the learning with errors problem (Bos, Costello, Ducas, Mironov, Naehrig, Nikolaenko, Raghunathan, Stebila, ACM Conference on Computer and Communications Security 2016, http://eprint.iacr.org/2016/659); using the "recommended" parameter set

Ciphersuites

For each post-quantum key exchange primitive X, there are the following ciphersuites:

  • X-RSA-AES128-GCM-SHA256
  • X-ECDSA-AES128-GCM-SHA256
  • X-RSA-AES256-GCM-SHA384
  • X-ECDSA-AES256-GCM-SHA384
  • X-ECDHE-RSA-AES128-GCM-SHA256
  • X-ECDHE-ECDSA-AES128-GCM-SHA256
  • X-ECDHE-RSA-AES256-GCM-SHA384
  • X-ECDHE-ECDSA-AES256-GCM-SHA384

There is also a "generic" ciphersuite (X = GENERIC) which uses whichever key exchange primitive is configured as the default key exchange primitive in liboqs. It is set to GENERIC = RLWE_BCNS15, but this can be changed.

Building

Builds have been tested on Mac OS X 10.11.6, macOS 10.12, Ubuntu 16.04.1, and Windows 10.

Linux and macOS

To build, clone or download the source from Github:

git clone --branch OpenSSL_1_0_2-stable https://github.com/open-quantum-safe/openssl.git
cd openssl

To configure OpenSSL, on Linux type:

./config

and on Mac OS X type:

./Configure darwin64-x86_64-cc

Then type:

make depend
make

This will build both liboqs and OpenSSL.

Windows

Windows binaries can be generated using the standard build process for OpenSSL on Windows.

Running

See the liboqs Github site for information on test programs in liboqs.

openssl speed

OpenSSL's speed command performs basic benchmarking of cryptographic primitives. You can see results for primitives from liboqs by typing

apps/openssl speed oqskex

TLS demo

OpenSSL contains a basic TLS server (s_server) and TLS client (s_client) which can be used to demonstrate and test SSL/TLS connections.

To see the list of supported ciphersuites from OQS, type:

apps/openssl ciphers OQSKEX-GENERIC:OQSKEX-GENERIC-ECDHE:OQSKEX-RLWE-BCNS15:OQSKEX-RLWE-BCNS15-ECDHE:OQSKEX-RLWE-NEWHOPE:OQSKEX-RLWE-NEWHOPE-ECDHE:OQSKEX-LWE-FRODO-RECOMMENDED:OQSKEX-LWE-FRODO-RECOMMENDED-ECDHE

To run a server, we first need to generate a self-signed X.509 certificate. Run the following command:

apps/openssl req -x509 -new -newkey rsa:2048 -keyout server.key -nodes -out server.cer -sha256 -days 365 -config apps/openssl.cnf

Hit enter in response to all the prompts to accept the defaults.

When done, type to combine the key and certificate (as required by s_server):

cat server.key server.cer > server.pem

To run a basic TLS server with all OQS ciphersuites enabled:

apps/openssl s_server -cipher OQSKEX-GENERIC:OQSKEX-GENERIC-ECDHE:OQSKEX-RLWE-BCNS15:OQSKEX-RLWE-BCNS15-ECDHE:OQSKEX-RLWE-NEWHOPE:OQSKEX-RLWE-NEWHOPE-ECDHE:OQSKEX-LWE-FRODO-RECOMMENDED:OQSKEX-LWE-FRODO-RECOMMENDED-ECDHE

In another terminal window, you can run a TLS client for any or all of the supported ciphersuites, for example:

apps/openssl s_client -cipher OQSKEX-GENERIC
apps/openssl s_client -cipher OQSKEX-GENERIC-ECDHE
apps/openssl s_client -cipher OQSKEX-RLWE-BCNS15
apps/openssl s_client -cipher OQSKEX-RLWE-BCNS15-ECDHE
apps/openssl s_client -cipher OQSKEX-RLWE-NEWHOPE
apps/openssl s_client -cipher OQSKEX-RLWE-NEWHOPE-ECDHE
apps/openssl s_client -cipher OQSKEX-LWE-FRODO-RECOMMENDED
apps/openssl s_client -cipher OQSKEX-LWE-FRODO-RECOMMENDED-ECDHE

Current status and plans

Our initial launch of the liboqs integration into OpenSSL was on August 25, 2016.

At this point, there are no plans to add further functionality to the OpenSSL integration, beyond supporting additional algorithms added by liboqs. See the liboqs page for more information about liboqs plans. Update: we realize there is interest in quantum-safe signature integration in OpenSSL, and will consider this when we begin to add signature schemes to liboqs; volunteers welcome!

We will endeavour to regularly sync our branch with commits in the original openssl/openssl repository.

For future reference, adding new algorithms/ciphersuites can easily be done by following these diffs:

Note

Proofs of TLS such as [JKSS12] and [KPW13] require a key exchange mechanism that has a form of active security, either in the form of the PRF-ODH assumption, or an IND-CCA KEM. Most basic post-quantum key exchange mechanisms do not achieve active security, and would need to have an IND-CPA to IND-CCA KEM transform applied [Pei14] or be protected from active attacks using a signature scheme [BCNS15]. Neither countermeasure is currently applied in this prototype OpenSSL integration, so existing proofs of security of TLS against active attackers do not apply to this software. Improving this is an active research goal.

License

All modifications in the open-quantum-safe/openssl repository are released under the same terms as OpenSSL, namely as described in the file LICENSE.

Team

The Open Quantum Safe project is lead by Michele Mosca (University of Waterloo) and Douglas Stebila (McMaster University).

Support

Development of Open Quantum Safe has been supported in part by the Tutte Institute for Mathematics and Computing. Research projects which developed specific components of Open Quantum Safe have been supported by various research grants; see the source papers for funding acknowledgements.

About

Fork of OpenSSL that includes quantum-resistant algorithms and ciphersuites based on liboqs.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 73.7%
  • Perl 16.1%
  • Makefile 3.6%
  • C++ 2.2%
  • Assembly 1.6%
  • DIGITAL Command Language 1.6%
  • Other 1.2%