-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to build a custom PQCrypto-VPN with latest (dev) liboqs and OQS-OpenSSL (1.1.1k) on Windows 10 #28
Comments
Greetings all, Some updates regarding my quick guide: For the step 1. For the step 3. For the step 5. Some algorithms such as sidhp e.t.c. are currently now working/enabled on the latest Windows build, so you may need to:
I will try to apply this last recommendation myself aswell and share my future insights. Congratulations to all the involved people and contributors of the OpenSSL, PQCrypto-VPN, OQS-OpenSSL, libOQS sub-projects for all this great work! |
Thank you for your continued interest! As you see we haven't had the resources available to update this project yet, but I'm keeping your issues open so that we have them as a reference when we're able. And of course, we always take pull requests, so if you have the time and motivation to make any of the changes yourself, we'd be glad to take them! |
Greetings Kev, Yes I would be more than happy to provide some contribution on the PQCrypto-VPN sub-project of OQS, possibly by providing a frequently upgraded branch of all the according repos involved, so I have already started working on it and I will provide you with details pretty soon, maybe within a few days Also I have to state that in the Windows build, all PQ KEMs are enabled but in HYBRID mode, except NTRU-Prime which is also allowed to be used in normal PQ mode. That means:
For example, since kyber768 claims L3 security, the hybrid p384_kyber768 is available. (these datasheets specify which provide what security) |
Two very last notes for now, I would like to comment, coming from my tests so far, are that: A. actually every pure PQ KEM algorithm originally enabled in OQS-OpenSSL and libOQS can be used using my guide above, but you have to:
B. The second one is that if the desired algorithm falls in NIST L4 security, you can use it as either secp384_ or secp521_ (I don't remember now which one worked for me, actually) Best regards and enjoy the NIST Round 3 submissions! |
My building system's basic details:
O.S.: Windows 10 Home Edition
CPU: AMD-type
CMD Prompt: Using Administrator x64 Native tools command prompt of VS 2019
Stage: all tests passed, oqs-openssl and libs installed correctly and working
Here is a quick guide on how to achieve it:
1. Build the repository of Microsoft PQCrypto-VPN as it currently is resulting is the windows binary and install it.
2. Install all the according Windows dependencies
(git, VS 2019, Perl - Active & Strawberry - MinGW & MSys, other needed extensions like Ninja, NASM e.t.c. - check the liboqs and openssl-oqs repo)
and clone the latest (dev versions) of liboqs and openssl-oqs from the gits.3. After cloning, when in \liboqs\build use:
cmake -GNinja -DCMAKE_INSTALL_PREFIX=..\..\openssl-oqs\oqs -DBUILD_SHARED_LIBS=OFF ..
then ninja and ninja install should work just fine
4. build normally according to the instructions (perl Configure VC-WIN64A, then nmake test, then nmake install)
5. Import (copy) the libraries from the newly install Program Files\OpenSSL directory (under C:) to the openvpn\bin directory
You should also copy the newly created openssl.exe (binary) from \Program Files\OpenSSL\bin to \OpenVPN\bin aswell. It works but the system may need to be restarted.
**6. Don't forget to set the according PATH variables
7. Test the new algorithms
You can also activate other desired OQS algorithms than the default enabled ones. Follow this guide of the openssl-oqs folder on an Ubuntu machine and the download the updated archive/directory to your Windows system, re-install liboqs as explained above targeting this new directory and then perl Configure... , nmake... and you should be ready!
I wish you find my guide useful.
Best regards!
The text was updated successfully, but these errors were encountered: