Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes that help make mosquito compatible with wolfMQTT. #143

Closed
wants to merge 1 commit into from
Closed

Changes that help make mosquito compatible with wolfMQTT. #143

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 11 additions & 8 deletions mosquitto/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,16 @@
ARG SOURCE_PATH="/usr/local/src"
ARG OPENSSL_LIB_PATH="/usr/local/ssl"

# liboqs build type variant; maximum portability of image:
ARG LIBOQS_BUILD_DEFINES="-DOQS_DIST_BUILD=ON"
# liboqs build type variant; limit to algorithms that are supported by wolfMQTT
ARG LIBOQS_BUILD_DEFINES="-DOQS_DIST_BUILD=ON -DOQS_MINIMAL_BUILD=OQS_ENABLE_KEM_kyber_512;OQS_ENABLE_SIG_falcon_512 "

# openssl build defines (https://github.com/open-quantum-safe/openssl#build-options)
ARG OPENSSL_BUILD_DEFINES="-DOQS_DEFAULT_GROUPS=kyber512:X25519:p384_kyber768"
# limit to groups supported by wolfMQTT
ARG OPENSSL_BUILD_DEFINES="-DOQS_DEFAULT_GROUPS=kyber512:p256_kyber512"

# define the QSC signature algorithm used for the certificates
ARG SIG_ALG="dilithium2"
# limit to signature algorithm supported by wolfMQTT
ARG SIG_ALG="falcon512"

# define IP addresses or Domain Name
ARG BROKER_IP=localhost
Expand Down Expand Up @@ -43,13 +45,14 @@ ARG OPENSSL_BUILD_DEFINES
RUN apt update && apt install build-essential vim cmake gcc libtool libssl-dev make ninja-build git doxygen \
libcjson1 libcjson-dev uthash-dev libcunit1-dev libsqlite3-dev xsltproc docbook-xsl -y && apt clean

# Get the fork of OQS-OpenSSL_1_1_1-stable
# Get the fork of OQS-OpenSSL_1_1_1-stable-snapshot-2021-08
WORKDIR $SOURCE_PATH
RUN git clone --depth 1 --branch OQS-OpenSSL_1_1_1-stable https://github.com/open-quantum-safe/openssl.git OQS-OpenSSL
RUN git clone --depth 1 --branch OQS-OpenSSL_1_1_1-stable-snapshot-2021-08 https://github.com/open-quantum-safe/openssl.git OQS-OpenSSL

# Get and build liboqs, then install it into a subdirectory inside the OQS-OpenSSL folder
RUN git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git liboqs && \
cd liboqs && mkdir build && cd build && \
# Use the commit that is supported by wolfSSL
RUN git clone --single-branch --branch main https://github.com/open-quantum-safe/liboqs.git liboqs && \
cd liboqs && git checkout ba5b61a779a0db364f0e691a0a0bc8ac42e73f1b && mkdir build && cd build && \
cmake -GNinja $LIBOQS_BUILD_DEFINES -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=$SOURCE_PATH/OQS-OpenSSL/oqs .. && \
ninja && ninja install && echo "liboqs installed successfully" || exit 1

Expand Down
9 changes: 6 additions & 3 deletions mosquitto/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ Thanks,

--Chia-Chin Chung

NOTE: Further modifications have been made to accomodate the algorithms which
are supported by wolfMQTT.

## Background

[Eclipse Mosquitto](https://mosquitto.org) is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers.
Expand All @@ -24,7 +27,7 @@ The following provides some introduction to Mosquitto:

[Install Docker](https://docs.docker.com/install) and run the following simplified commands in this directory:

1. `docker build -t oqs-mosquitto-img .` This will generate the image with a default QSC algorithm (key exchange: kyber512, authentication: dilithium2 -- see Dockerfile to change).
1. `docker build -t oqs-mosquitto-img .` This will generate the image with a default QSC algorithm (key exchange: kyber512, authentication: falcon512 -- these match what is supported by wolfMQTT.
2. `docker run -it --rm --name oqs-mosquitto -p 8883:8883 oqs-mosquitto-img`

This will start a docker container that has mosquitto MQTT broker listening for TLS 1.3 connections on port 8883.
Expand Down Expand Up @@ -65,13 +68,13 @@ The default setting defines a range of default algorithms suggested for key exch

This defines the quantum-safe cryptographic key exchange algorithm.

The default value is 'kyber512', but this value can be set to any value documented [here](https://github.com/open-quantum-safe/openssl#key-exchange).
The default value is 'kyber512' which matches what is supported by wolfMQTT.

### SIG_ALG

This defines the quantum-safe cryptographic signature algorithm for the internally generated server and client certificates.

The default value is 'dilithium2' but can be set to any value documented [here](https://github.com/open-quantum-safe/openssl#authentication).
The default value is 'falcon512' which matches what is supported by wolfMQTT.

### BROKER_IP

Expand Down