Skip to content

Commit

Permalink
2024 October Chromium update (open-quantum-safe#302)
Browse files Browse the repository at this point in the history
Signed-off-by: PI <[email protected]>
  • Loading branch information
pi-314159 authored Oct 10, 2024
1 parent 8a96e57 commit 663cab8
Show file tree
Hide file tree
Showing 6 changed files with 464 additions and 337 deletions.
27 changes: 9 additions & 18 deletions chromium/README-Linux.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,48 +8,39 @@ The rest of the instructions will use **$CHROMIUM_ROOT** to refer to the root di

```shellscript
cd $CHROMIUM_ROOT
git checkout tags/124.0.6339.0
git checkout tags/131.0.6767.0
gclient sync
```

### 2. Install Go and Perl

### 3. Switch to the OQS-BoringSSL
### 2. Switch to the OQS-BoringSSL

```shellscript
cd $CHROMIUM_ROOT/third_party/boringssl/src
git remote add oqs-bssl https://github.com/open-quantum-safe/boringssl
git fetch oqs-bssl
git checkout -b oqs-bssl-master c0a0bb4d1243952819b983129c546f9ae1c03008
git checkout -b oqs-bssl-master 0599bb559d3be76a98f0940d494411b6a8e0b18e
```

### 4. Clone and Build liboqs
### 3. Clone and Build liboqs

Choose a directory to store the liboqs source code and use the `cd` command to move to that directory. We will use ninja to build liboqs.

```shellscript
git clone https://github.com/open-quantum-safe/liboqs.git && git checkout 890a6aa448598a019e72b5431d8ba8e0a5dbcc85
git clone https://github.com/open-quantum-safe/liboqs.git && git checkout 9aa2e1481cd0c242658ec8e92776741feabec163
cd liboqs && mkdir build && cd build
cmake .. -G"Ninja" -DCMAKE_INSTALL_PREFIX=$CHROMIUM_ROOT/third_party/boringssl/src/oqs -DOQS_USE_OPENSSL=OFF -DCMAKE_BUILD_TYPE=Release
ninja && ninja install
```

### 5. Enable Quantum-Safe Crypto
### 4. Enable Quantum-Safe Crypto

```shellscript
cd $CHROMIUM_ROOT
wget https://raw.githubusercontent.com/open-quantum-safe/oqs-demos/main/chromium/oqs-Linux.patch
git apply oqs-Linux.patch
```

### 6. Generate BoringSSL Build Files for Chromium

```shellscript
cd $CHROMIUM_ROOT/third_party/boringssl
python src/util/generate_build_files.py gn
```

### 7. Build
### 5. Build

```shellscript
cd $CHROMIUM_ROOT
Expand All @@ -68,6 +59,6 @@ blink_symbol_level = 0
Save and close the configuration file. Last, run `autoninja -C out/Default chrome`.\
If the build completes successfully, it will create _chrome_ in _$CHROMIUM_ROOT/out/Default_.

### 8. Miscellaneous
### 6. Miscellaneous

- This guide is published on March 8, 2024, and may be outdated.
- This guide is published on October 10, 2024, and may be outdated.
32 changes: 10 additions & 22 deletions chromium/README-Windows.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,54 +11,43 @@ In Command Prompt, run following commands:

```bat
cd %CHROMIUM_ROOT%
git checkout tags/124.0.6339.0
git checkout tags/131.0.6769.0
gclient sync
```

### 2. Install Go and Perl

### 3. Switch to the OQS-BoringSSL
### 2. Switch to the OQS-BoringSSL

In Command Prompt, run following commands:

```bat
cd %CHROMIUM_ROOT%/third_party/boringssl/src
git remote add oqs-bssl https://github.com/open-quantum-safe/boringssl
git fetch oqs-bssl
git checkout -b oqs-bssl-master c0a0bb4d1243952819b983129c546f9ae1c03008
git checkout -b oqs-bssl-master 0599bb559d3be76a98f0940d494411b6a8e0b18e
```

### 4. Clone and Build liboqs
### 3. Clone and Build liboqs

Choose a directory to store the liboqs source code and use the `cd` command to move to that directory. We will use msbuild instead of ninja to build liboqs.\
Start _x64 Native Tools Command Prompt for VS 2022_ (usually it's in _C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2022\Visual Studio Tools\VC_) and run following commands:

```bat
git clone https://github.com/open-quantum-safe/liboqs.git && git checkout 890a6aa448598a019e72b5431d8ba8e0a5dbcc85
git clone https://github.com/open-quantum-safe/liboqs.git && git checkout 9aa2e1481cd0c242658ec8e92776741feabec163
cd liboqs && mkdir build && cd build
cmake .. -DCMAKE_INSTALL_PREFIX=%CHROMIUM_ROOT%/third_party/boringssl/src/oqs -DOQS_USE_OPENSSL=OFF -DCMAKE_BUILD_TYPE=Release
msbuild ALL_BUILD.vcxproj
msbuild INSTALL.vcxproj
```

### 5. Enable Quantum-Safe Crypto
### 4. Enable Quantum-Safe Crypto

Download the [oqs-changes.patch](https://raw.githubusercontent.com/open-quantum-safe/oqs-demos/main/chromium/oqs-Windows.patch) and save it at _%CHROMIUM_ROOT%_, then apply the patch by running
Download the [oqs-Windows.patch](https://raw.githubusercontent.com/open-quantum-safe/oqs-demos/main/chromium/oqs-Windows.patch) and save it at _%CHROMIUM_ROOT%_, then apply the patch by running

```bat
git apply oqs-Windows.patch
```

### 6. Generate BoringSSL Build Files for Chromium

In Command Prompt, run following commands:

```bat
cd %CHROMIUM_ROOT%/third_party/boringssl
python src/util/generate_build_files.py gn
```

### 7. Build
### 5. Build

In Command Prompt, run following commands:

Expand All @@ -81,8 +70,7 @@ target_os = "win"
Save and close the configuration file. Last, run `autoninja -C out/Default chrome` in Command Prompt.\
If the build completes successfully, it will create _chrome.exe_ in _%CHROMIUM_ROOT%/out/Default_.

### 8. Miscellaneous
### 6. Miscellaneous

- BIKE key exchange is not supported.
- This guide was initially published on March 8, 2024, and may be outdated.
- These instructions have been tested on 64-bit Windows 10 Enterprise with Visual Studio 2022 Community, [Go 1.20.5](https://go.dev/dl/), and [ActiveState Perl 5.36](https://www.activestate.com/products/perl/).
- This guide was initially published on October 10, 2024, and may be outdated.
2 changes: 1 addition & 1 deletion chromium/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
This directory contains no longer fully maintained instructions and corresponding patches to build the Chromium web browser using the [OQS-BoringSSL fork](https://github.com/open-quantum-safe/boringssl), thereby enabling Chromium to use quantum-safe key exchange algorithms.

These instructions are specifically tailored for liboqs commit `890a6aa448598a019e72b5431d8ba8e0a5dbcc85` and Chromium version `124.0.6339.0`. It is important to note that using any other versions of liboqs or Chromium may result in failure. The instructions have been tested on Windows 10 and Ubuntu 22 LTS(x64) installations only. Additionally, they currently apply to a limited subset of quantum-safe key-exchanges, as detailed in the documentation [provided here](https://github.com/open-quantum-safe/boringssl#key-exchange).
These instructions are specifically tailored for liboqs commit `9aa2e1481cd0c242658ec8e92776741feabec163` and Chromium version `131`. It is important to note that using any other versions of liboqs or Chromium may result in failure. The instructions have been tested on Windows 11 and Ubuntu 24.04 LTS installations only. Additionally, they currently apply to a limited subset of quantum-safe algorithms, as detailed in the documentation [provided here](https://github.com/open-quantum-safe/boringssl#key-exchange).

Please be aware that this information is intended for individuals who acknowledge and accept these limitations. While we prioritize support for open source software, we are unable to dedicate the same level of support to the Chromium and BoringSSL PQ software stack as we have in the past. We encourage contributors to update the instructions and patch files for more recent versions of liboqs and Chromium.

Expand Down
2 changes: 1 addition & 1 deletion chromium/USAGE.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ For the unwary user we *strongly* recommend to use a ready-build binary (for x64
3) Install the certificate in the Chromium certificate store by clicking on "..." in the upper right hand corner , then/-> "Preferences" -> "..." in upper left corner -> "Privacy and Security" -> "Security" -> "Certificate Management" -> "Certification Authorities" -> Import: Load the file "CA.crt" downloaded in step 2.
4) Return to the test server at [https://test.openquantumsafe.org](https://test.openquantumsafe.org) and click any of the supported ports representing all available quantum safe KEM and signature algorithms. A success message is returned if everything works as intended.

Please note that not all algorithm combinations are expected to work. Most notably, none of the X25519 or X448 KEM hybrids are supported by the [underlying integration of OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl).
Please note that not all algorithm combinations are expected to work. Most notably, X448 KEM hybrids and composite signature algorithms are not supported by the [underlying integration of OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl?tab=readme-ov-file#supported-algorithms).

Please create a [discussion item](https://github.com/open-quantum-safe/boringssl/discussions/landing) if you feel some algorithm combination that does not work should do.

Expand Down
Loading

0 comments on commit 663cab8

Please sign in to comment.