thomwiggers / kemtls-experiment Goto Github PK

View Code? Open in Web Editor NEW

26.0 5.0 12.0 231 KB

Experimental implementation of KEMTLS in Rustls

Home Page: https://wggrs.nl/p/kemtls/

License: Other

Dockerfile 4.25% Shell 16.18% Python 79.57%

post-quantum-tls rustls post-quantum cryptography tls kemtls

kemtls-experiment's Introduction

Post-Quantum TLS without handshake signatures

This repository accompanies

Peter Schwabe, Douglas Stebila and Thom Wiggers. More efficient KEMTLS with pre-distributed public keys. ESORICS 2021.
Peter Schwabe, Douglas Stebila and Thom Wiggers. Post-quantum TLS without handshake signatures. ACM CCS 2020.
Peter Schwabe, Douglas Stebila and Thom Wiggers. More efficient KEMTLS with pre-distributed public keys. IACR Cryptology ePrint Archive, Report 2021/779. Updated online version. March 2022.
Peter Schwabe, Douglas Stebila and Thom Wiggers. Post-quantum TLS without handshake signatures. IACR Cryptology ePrint Archive, Report 2020/534. Updated online version. March 2022.
Fabio Campos, Jorge Chavez-Saab, Jesús-Javier Chi-Domínguez, Michael Meyer, Krijn Reijnders, Francisco Rodríguez-Henríquez, Peter Schwabe, Thom Wiggers. Optimizations and Practicality of High-Security CSIDH. IACR Cryptology ePrint Archive, Report 2023/793. October 2023.
Thom Wiggers. Post-Quantum TLS. PhD thesis, January 2024.

@inproceedings{CCS:SchSteWig20,
  author = {Schwabe, Peter and Stebila, Douglas and Wiggers, Thom},
  title = {Post-Quantum {TLS} Without Handshake Signatures},
  year = {2020},
  isbn = {9781450370899},
  publisher = {Association for Computing Machinery},
  address = {New York, {NY}, {USA}},
  url = {https://thomwiggers.nl/publication/kemtls/},
  doi = {10.1145/3372297.3423350},
  booktitle = {Proceedings of the 2020 {ACM} {SIGSAC} Conference on Computer and Communications Security},
  pages = {1461–1480},
  numpages = {20},
  keywords = {transport layer security, key-encapsulation mechanism, {NIST PQC}, post-quantum cryptography},
  location = {Virtual Event, {USA}},
  series = {{CCS '20}}
}

@misc{EPRINT:SchSteWig20,
  author = {Peter Schwabe and Douglas Stebila and Thom Wiggers},
  title = {Post-quantum {TLS} without handshake signatures},
  year = 2022,
  month = mar,
  note = {full online version},
  url = {https://ia.cr/2020/534},
}

@inproceedings{ESORICS:SchSteWig21,
  title = {More efficient post-quantum {KEMTLS} with pre-distributed public keys},
  author = {Peter Schwabe and Douglas Stebila and Thom Wiggers},
  year = 2021,
  month = sep,
  url = {https://thomwiggers.nl/publication/kemtlspdk/},
  editor = {Bertino, Elisa and Shulman, Haya and Waidner, Michael},
  booktitle = {Computer Security -- ESORICS 2021},
  series = {Lecture Notes in Computer Science},
  publisher = {Springer International Publishing},
  address = {Cham},
  pages = {3--22},
  isbn = {978-3-030-88418-5},
  doi = {10.1007/978-3-030-88418-5_1},
}

@misc{EPRINT:SchSteWig21,
      author = {Peter Schwabe and Douglas Stebila and Thom Wiggers},
      title = {More efficient post-quantum {KEMTLS} with pre-distributed public keys},
      howpublished = {Cryptology ePrint Archive, Paper 2021/779},
      year = {2022},
      month = mar,
      note = {full online version},
      url = {https://eprint.iacr.org/2021/779}
}

@misc{EPRINT:CCCMRRSW23,
      author = {Fabio Campos and Jorge Chavez-Saab and Jesús-Javier Chi-Domínguez and Michael Meyer and Krijn Reijnders and Francisco Rodríguez-Henríquez and Peter Schwabe and Thom Wiggers},
      title = {Optimizations and Practicality of High-Security {CSIDH}},
      howpublished = {Cryptology ePrint Archive, Paper 2023/793},
      year = {2023},
      url = {https://eprint.iacr.org/2023/793}
}

@phdthesis{RU:Wiggers24,
    title = {Post-Quantum {TLS}},
    author = {Thom Wiggers},
    date = {2024-01-09},
    school = {Radboud University},
    address = {Nijmegen, The Netherlands},
    url = {https://thomwiggers.nl/publication/thesis/}
}

Overview of this repository

The below are all git submodules. If you want to make a fork of this repository, you will need to also fork the relevant submodules and update your .gitmodules. See also the notes below.

Main folders

rustls: modified Rustls TLS stack to implement KEMTLS and post-quantum versions of "normal" TLS 1.3
measuring: The scripts to measure the above
ring: Modified version of Ring to allow for longer DER-encoded strings than typically expected from TLS instances.
webpki: Modified version of WebPKI to work with PQ and KEM public keys in certificates
mk-cert: Utility scripts to create post-quantum PKI for pqtls and KEMTLS.

Supporting repositories

oqs-rs: Rust wrapper around liboqs. Contains additional implementations of schemes (notably AVX2 implementations).
mk-cert/xmss-rs: Rust wrapper around the XMSS reference code, with our custom parameter set (src/settings.rs) and utilities for keygen and signing.

Working with this repository

MAKE SURE TO CLONE WITH ALL SUBMODULES. There are submodules within submodules, so clone with --recurse-submodules.
If you want to make a fork of this repository, you will need to also fork the relevant submodules and update your .gitmodules.
The Dockerfile serves as an example of how everything can be compiled and how test setups can be created. It is used by the ./measuring/script/create-experimental-setup.sh script, which serves as an example of its use.
The mk-certs folder contains a python script, encoder.py, that can be used to create the required PKI. RSA certificates and X25519 certificates are available in subfolders. The certificates assume that the server hostname is servername, so put this in your /etc/hosts. Alternatively, override it using the environment variables in the file (which is also how you set which algorithms are used).
Experimenting with rustls can be done directly; use the rustls-mio subfolders and run cargo run --example tlsserver -- --help or cargo run --example tlsclient -- --help.
The measurement setup is handled in the measuring/ folder. See the ./run_experiment.sh script.
Processing of results is done by the ./scripts/process.py folder. It expects a data folder as produced by ./scripts/experiment.py.
Downloading archived results can be done through the scripts in measuring/archived-results/

kemtls-experiment's People

Contributors

Stargazers

Watchers

Forkers

claucece gracezenzen yylluu sherzxh mickeyucas kemtls-sike guilhemn ches8131 jcromack srujana41 lv901mk2 xianglingzhang

kemtls-experiment's Issues

No TLS 1.2 Support

Hello,

I was trying to run
./target/debug/examples/tlsclient --http expired.badssl.com
in rustls-mio from rustls-kemtls. It seems that the main throws an internal error
This same error occurs with ./target/debug/examples/tlsclient --http mozilla-modern.badssl.com

Connecting to server for iteration 0 of 1
EMITTED CH: 1591937 ns
RECEIVED SH: 391645551 ns
thread 'main' panicked at 'internal error: entered unreachable code: Don't support TLS 1.2 anymore', /home/simonpc/Documents/kemtls-experiment/rustls-kemtls/src/client/hs.rs:927:9
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

I am not sure how to activate the TLS 1.3 since the problem is arising from
// For TLS1.3, start message encryption using
// handshake_traffic_secret.
if sess.common.is_tls13() {
validate_server_hello_tls13(sess, server_hello)?;
self.start_handshake_traffic(sess, server_hello)?;
emit_fake_ccs(&mut self.handshake, sess);
return Ok(self.into_expect_tls13_encrypted_extensions());
}
unreachable!("Don't support TLS 1.2 anymore");

Unknown host

I was running the measurement file using the script.
This generates the KDDD with client auth DD, KKDD, KKDD with client auth KD, XRRR, XRRR with client auth RR.
However the code stops with an error:

File ".../kemtls-experiment/measuring/scripts/experiment.py", line 647, in
hostname = reverse_resolve_hostname()
File ".../kemtls-experiment/measuring/scripts/experiment.py", line 497, in reverse_resolve_hostname
return socket.gethostbyaddr("10.99.0.1")[0]
socket.herror: [Errno 1] Unknown host

What should I do to solve this?

Problem when run cargo

Hi
I have got a problem when run cargo run --example tlsserver -- --help

Compiling oqs-sys v0.6.0 (https://github.com/thomwiggers/liboqs-rust.git?branch=dirty-oqs-avx2-rainbow#7356ebc9)
Compiling docopt v1.1.1
error: failed to run custom build command for oqs-sys v0.6.0 (https://github.com/thomwiggers/liboqs-rust.git?branch=dirty-oqs-avx2-rainbow#7356ebc9)

Caused by:
process didn't exit successfully: /home/abc/kemtls-experiment/rustls/target/debug/build/oqs-sys-3702b637f225cfaa/build-script-build (exit status: 101)
--- stdout
cargo:rustc-link-lib=crypto
cargo:rerun-if-env-changed=OPENSSL_ROOT_DIR

Thanks!

Regression: ops_rs fails to compile

macOS Sonoma 14.5, Xcode-15.4.

Current master, trying to build rustls:

.  .  .
[  2%] Built target bike1_l1_cpa
  [  2%] Built target frodokem_avx2

  --- stderr
  gmake: warning: -j20 forced in submake: resetting jobserver mode.
  /Users/ur20980/.cargo/git/checkouts/liboqs-rust-1e16fdaacd85eaa0/7356ebc/oqs-sys/liboqs/src/kem/sike/kem_sike.c:41:42: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
  OQS_KEM *OQS_KEM_sike_p434_compressed_new() {
                                           ^
                                            void
  /Users/ur20980/.cargo/git/checkouts/liboqs-rust-1e16fdaacd85eaa0/7356ebc/oqs-sys/liboqs/src/kem/sike/kem_sike.c:71:31: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
  OQS_KEM *OQS_KEM_sike_p503_new() {
                                ^
                                 void
  /Users/ur20980/.cargo/git/checkouts/liboqs-rust-1e16fdaacd85eaa0/7356ebc/oqs-sys/liboqs/src/kem/sike/kem_sike.c:101:42: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
  OQS_KEM *OQS_KEM_sike_p503_compressed_new() {
                                           ^
                                            void
  /Users/ur20980/.cargo/git/checkouts/liboqs-rust-1e16fdaacd85eaa0/7356ebc/oqs-sys/liboqs/src/kem/sike/kem_sike.c:131:31: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
  OQS_KEM *OQS_KEM_sike_p610_new() {
                                ^
                                 void
  /Users/ur20980/.cargo/git/checkouts/liboqs-rust-1e16fdaacd85eaa0/7356ebc/oqs-sys/liboqs/src/kem/sike/kem_sike.c:161:42: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
  OQS_KEM *OQS_KEM_sike_p610_compressed_new() {
                                           ^
                                            void
  /Users/ur20980/.cargo/git/checkouts/liboqs-rust-1e16fdaacd85eaa0/7356ebc/oqs-sys/liboqs/src/kem/sike/kem_sike.c:191:31: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
  OQS_KEM *OQS_KEM_sike_p751_new() {
                                ^
                                 void
  /Users/ur20980/.cargo/git/checkouts/liboqs-rust-1e16fdaacd85eaa0/7356ebc/oqs-sys/liboqs/src/kem/sike/kem_sike.c:221:42: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
.  .  .
  /Users/ur20980/.cargo/git/checkouts/liboqs-rust-1e16fdaacd85eaa0/7356ebc/oqs-sys/liboqs/src/kem/frodokem/kem_frodokem1344aes.c:9:39: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
  OQS_KEM *OQS_KEM_frodokem_1344_aes_new() {
                                        ^
                                         void
  1 error generated.
  gmake[3]: *** [src/kem/frodokem/CMakeFiles/frodokem.dir/build.make:188: src/kem/frodokem/CMakeFiles/frodokem.dir/kem_frodokem1344aes.c.o] Error 1
  gmake[2]: *** [CMakeFiles/Makefile2:1122: src/kem/frodokem/CMakeFiles/frodokem.dir/all] Error 2
  gmake[1]: *** [CMakeFiles/Makefile2:895: src/CMakeFiles/oqs.dir/rule] Error 2
  gmake: *** [Makefile:169: oqs] Error 2
  thread 'main' panicked at /Users/ur20980/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cmake-0.1.48/src/lib.rs:975:5:

  command did not execute successfully, got: exit status: 2

  build script failed, must exit now
  stack backtrace:
     0: _rust_begin_unwind
     1: core::panicking::panic_fmt
     2: cmake::fail
     3: cmake::run
     4: cmake::Config::build
     5: build_script_build::main
     6: core::ops::function::FnOnce::call_once
  note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
$

The old problem of using func() instead of func(void).

Cmake exit

Hello,

After the last chat, I updated my OS to Ubuntu 20.04. Now :

gcc version is 9.3.0
cmake version 3.20.0
docker version 19.03.8, build afacb8b7f0
cargo version 1.51.0 (43b129a20 2021-03-16)
Things should be up to date however there is still a build problem. This is what the terminal outputs :

Compiling ... (all packages) then there is
Compiling oqs-sys v0.1.0 (/home/simonpc/Documents/kemtls-experiment/oqs-rs/oqs-sys)
error: failed to run custom build command for oqs-sys v0.1.0 (/home/simonpc/Documents/kemtls-experiment/oqs-rs/oqs-sys)

Caused by:
process didn't exit successfully: /home/simonpc/Documents/kemtls-experiment/rustls-kemtls/rustls-mio/target/debug/build/oqs-sys-6a7f51bcb3780b01/build-script-build (exit code: 101)
--- stdout
cargo:rustc-link-lib=crypto
running: "cmake" "/home/simonpc/Documents/kemtls-experiment/oqs-rs/oqs-sys/liboqs" "-DOQS_USE_OPENSSL=Yes" "-DCMAKE_INSTALL_PREFIX=/home/simonpc/Documents/kemtls-experiment/rustls-kemtls/rustls-mio/target/debug/build/oqs-sys-1bae2684958a2faa/out" "-DCMAKE_C_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_C_COMPILER=/usr/bin/cc" "-DCMAKE_CXX_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_CXX_COMPILER=/usr/bin/c++" "-DCMAKE_ASM_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_ASM_COMPILER=/usr/bin/cc" "-DCMAKE_BUILD_TYPE=Optimized"
-- Configuring incomplete, errors occurred!
See also "/home/simonpc/Documents/kemtls-experiment/rustls-kemtls/rustls-mio/target/debug/build/oqs-sys-1bae2684958a2faa/out/build/CMakeFiles/CMakeOutput.log".

--- stderr
CMake Error: CMake was unable to find a build program corresponding to "Unix Makefiles". CMAKE_MAKE_PROGRAM is not set. You probably need to select a different build tool.
thread 'main' panicked at '
command did not execute successfully, got: exit code: 1

build script failed, must exit now', /home/simonpc/.cargo/registry/src/github.com-1ecc6299db9ec823/cmake-0.1.45/src/lib.rs:894:5
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...
warning: pqclean/crypto_sign/rainbowIa-cyclic/avx2/blas_comm.c:207:10: warning: ‘gf256mat_solve_linear_eq_ref’ defined but not used [-Wunused-function]
warning: 207 | unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) {
warning: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
warning: pqclean/crypto_sign/rainbowIa-cyclic/avx2/blas_comm.c:176:10: warning: ‘gf256mat_gauss_elim_ref’ defined but not used [-Wunused-function]
warning: 176 | unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) {
warning: | ^~~~~~~~~~~~~~~~~~~~~~~
warning: pqclean/crypto_sign/rainbowIa-cyclic/avx2/blas_comm.c:131:10: warning: ‘gf16mat_solve_linear_eq_ref’ defined but not used [-Wunused-function]
warning: 131 | unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) {
warning: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
warning: pqclean/crypto_sign/rainbowIa-cyclic/avx2/blas_comm.c:103:10: warning: ‘gf16mat_gauss_elim_ref’ defined but not used [-Wunused-function]
warning: 103 | unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) {
warning: | ^~~~~~~~~~~~~~~~~~~~~~
warning: pqclean/crypto_sign/rainbowIa-cyclic/avx2/blas_comm.c:64:6: warning: ‘gf256mat_prod_ref’ defined but not used [-Wunused-function]
warning: 64 | void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) {
warning: | ^~~~~~~~~~~~~~~~~
warning: pqclean/crypto_sign/rainbowIa-cyclic/avx2/blas_comm.c:54:6: warning: ‘gf16mat_prod_ref’ defined but not used [-Wunused-function]
warning: 54 | void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) {
warning: | ^~~~~~~~~~~~~~~~
warning: pqclean/crypto_sign/rainbowIa-cyclic/avx2/rainbow_keypair_computation.c:369:6: warning: ‘calculate_Q_from_F_cyclic_ref’ defined but not used [-Wunused-function]
warning: 369 | void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) {
warning: | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
warning: pqclean/crypto_sign/rainbowIa-cyclic/avx2/rainbow_keypair_computation.c:304:6: warning: ‘calculate_F_from_Q_ref’ defined but not used [-Wunused-function]
warning: 304 | void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) {
warning: | ^~~~~~~~~~~~~~~~~~~~~~
warning: pqclean/crypto_sign/rainbowIa-cyclic/avx2/rainbow_keypair_computation.c:187:6: warning: ‘calculate_Q_from_F_ref’ defined but not used [-Wunused-function]
warning: 187 | void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) {
warning: | ^~~~~~~~~~~~~~~~~~~~~~
error: build failed

I checked the CMakeOutput.log file and it is said
The system is: Linux - 5.8.0-48-generic - x86_64

Do you know what should I be doing to solve this?

Cloning Error

fatal: reference is not a tree: 0c105a512fb329708ce1dc0d2941240244e0d227
Unable to checkout '0c105a512fb329708ce1dc0d2941240244e0d227' in submodule path 'pqcrypto/pqclean'

I am not sure why this is happening: all the cloning is working well besides pqclean.

Should I clone https://github.com/PQClean/PQClean/ by hand with --recurse-submodules?

issue on running the experiment.py

Hi Thom,
I tried to compile the experiment.py in the measuring/scripts folder and it says "no data from the server" in red. Any idea on how to fix this problem?

Thank you,
Jennifer

rustls submodule fails to locate OpenSSL

OpenSSL is installed into /opt/local/lib and /opt/local/include.

echo $RUSTFLAGS
-C target-cpu=native -C target-feature=+aes,+ssse3,+sse4.1,+sse4.2,+avx2,+pclmulqdq,+rdrand -L/opt/local/lib -lz -lssl -lcrypto

To reproduce the problem:

$ git clone https://github.com/thomwiggers/kemtls-experiment.git --recurse-submodules
.  .  .
$ cd kemtls-experiment
$ cd rustls
$ cargo build && cargo test
warning: /Users/ur20980/src/kemtls-experiment/rustls/rustls/Cargo.toml: file found to be present in multiple build targets: /Users/ur20980/src/kemtls-experiment/rustls/rustls/tests/benchmarks.rs
    Updating git repository `https://github.com/thomwiggers/ring.git`
    Updating crates.io index
    Updating git repository `https://github.com/thomwiggers/oqs-rs.git`
    Updating git submodule `https://github.com/thomwiggers/liboqs.git`
    Updating git repository `https://github.com/thomwiggers/xmss-rs.git`
    Updating git submodule `https://github.com/thomwiggers/xmss-reference.git`
  Downloaded sct v0.6.1
  Downloaded untrusted v0.7.1
  Downloaded clang-sys v1.3.3
  Downloaded spin v0.5.2
  Downloaded 4 crates (84.7 KB) in 0.67s
   Compiling libc v0.2.126
   Compiling memchr v2.5.0
   Compiling cc v1.0.73
   Compiling glob v0.3.0
   Compiling version_check v0.9.4
   Compiling cfg-if v1.0.0
   Compiling log v0.4.17
   Compiling proc-macro2 v1.0.40
   Compiling quote v1.0.20
   Compiling unicode-ident v1.0.1
   Compiling regex-syntax v0.6.26
   Compiling unicode-width v0.1.9
   Compiling vec_map v0.8.2
   Compiling ansi_term v0.12.1
   Compiling termcolor v1.1.3
   Compiling strsim v0.8.0
   Compiling humantime v2.1.0
   Compiling bindgen v0.58.1
   Compiling bitflags v1.3.2
   Compiling peeking_take_while v0.1.2
   Compiling rustc-hash v1.1.0
   Compiling lazycell v1.3.0
   Compiling shlex v1.1.0
   Compiling lazy_static v1.4.0
   Compiling spin v0.5.2
   Compiling untrusted v0.7.1
   Compiling base64 v0.13.0
   Compiling libloading v0.7.3
   Compiling textwrap v0.11.0
   Compiling build-deps v0.1.4
   Compiling nom v5.1.2
   Compiling clang-sys v1.3.3
   Compiling cmake v0.1.48
   Compiling ring v0.16.999 (https://github.com/thomwiggers/ring.git?branch=longer-der#764621dc)
   Compiling xmss-rs v0.1.0 (https://github.com/thomwiggers/xmss-rs.git#30fc8e60)
   Compiling aho-corasick v0.7.18
   Compiling regex v1.5.6
   Compiling atty v0.2.14
   Compiling which v3.1.1
   Compiling clap v2.34.0
   Compiling cexpr v0.4.0
   Compiling env_logger v0.8.4
The following warnings were emitted during compilation:

warning: xmss-reference/hash.c:3:10: fatal error: 'openssl/sha.h' file not found
warning: #include <openssl/sha.h>
warning:          ^~~~~~~~~~~~~~~
warning: 1 error generated.

error: failed to run custom build command for `xmss-rs v0.1.0 (https://github.com/thomwiggers/xmss-rs.git#30fc8e60)`

Caused by:
  process didn't exit successfully: `/Users/ur20980/src/kemtls-experiment/rustls/target/debug/build/xmss-rs-6af8040e0c34adcb/build-script-build` (exit status: 1)
  --- stdout
  TARGET = Some("x86_64-apple-darwin")
  OPT_LEVEL = Some("0")
  HOST = Some("x86_64-apple-darwin")
  CC_x86_64-apple-darwin = None
  CC_x86_64_apple_darwin = None
  HOST_CC = None
  CC = Some("clang")
  CFLAGS_x86_64-apple-darwin = None
  CFLAGS_x86_64_apple_darwin = None
  HOST_CFLAGS = None
  CFLAGS = Some("-O3 -std=gnu18 -march=native -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk")
  CRATE_CC_NO_DEFAULTS = None
  DEBUG = Some("true")
  running: "clang" "-O0" "-ffunction-sections" "-fdata-sections" "-fPIC" "-g" "-fno-omit-frame-pointer" "--target=x86_64-apple-darwin" "-O3" "-std=gnu18" "-march=native" "-isysroot" "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk" "-I" "xmss-reference" "-std=c11" "-march=native" "-Ofast" "-o" "/Users/ur20980/src/kemtls-experiment/rustls/target/debug/build/xmss-rs-ff509a00abbb904f/out/xmss-reference/fips202.o" "-c" "xmss-reference/fips202.c"
  exit status: 0
  running: "clang" "-O0" "-ffunction-sections" "-fdata-sections" "-fPIC" "-g" "-fno-omit-frame-pointer" "--target=x86_64-apple-darwin" "-O3" "-std=gnu18" "-march=native" "-isysroot" "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk" "-I" "xmss-reference" "-std=c11" "-march=native" "-Ofast" "-o" "/Users/ur20980/src/kemtls-experiment/rustls/target/debug/build/xmss-rs-ff509a00abbb904f/out/xmss-reference/hash_address.o" "-c" "xmss-reference/hash_address.c"
  exit status: 0
  running: "clang" "-O0" "-ffunction-sections" "-fdata-sections" "-fPIC" "-g" "-fno-omit-frame-pointer" "--target=x86_64-apple-darwin" "-O3" "-std=gnu18" "-march=native" "-isysroot" "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk" "-I" "xmss-reference" "-std=c11" "-march=native" "-Ofast" "-o" "/Users/ur20980/src/kemtls-experiment/rustls/target/debug/build/xmss-rs-ff509a00abbb904f/out/xmss-reference/hash.o" "-c" "xmss-reference/hash.c"
  cargo:warning=xmss-reference/hash.c:3:10: fatal error: 'openssl/sha.h' file not found
  cargo:warning=#include <openssl/sha.h>
  cargo:warning=         ^~~~~~~~~~~~~~~
  cargo:warning=1 error generated.
  exit status: 1

  --- stderr


  error occurred: Command "clang" "-O0" "-ffunction-sections" "-fdata-sections" "-fPIC" "-g" "-fno-omit-frame-pointer" "--target=x86_64-apple-darwin" "-O3" "-std=gnu18" "-march=native" "-isysroot" "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk" "-I" "xmss-reference" "-std=c11" "-march=native" "-Ofast" "-o" "/Users/ur20980/src/kemtls-experiment/rustls/target/debug/build/xmss-rs-ff509a00abbb904f/out/xmss-reference/hash.o" "-c" "xmss-reference/hash.c" with args "clang" did not execute successfully (status code exit status: 1).

Generate and Decode Kyber Certificate

Hi,

How to generate a Kyber certificate containing a Kyber public key, and decode the Kyber certificate to get the public key ?

Missing rustls-kemtls folder

Hi Thom,
I am working on a PSK version of the KEMTLS protocol for my master's thesis at ETH Zurich. I would also like to run some experiment on the protocol we designed to compare it to TLS 1.3 in PSK mode and ideally I'd like to re-use your code here.

In the README file you mention a rustls-kemtls folder where you modify the rustls stack to suit KEMTLS, but I'm not sure I can find that folder in the repo.

Compile Error

Hi,

I try to compile this project on Ubuntu 22.04.3 by running

$ sudo bash ./measuring/scripts/create-experimental-setup.sh 
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            Install the buildx component to build images with BuildKit:
            https://docs.docker.com/go/buildx/

Sending build context to Docker daemon  67.58MB
Step 1/64 : FROM rust:1.66-bullseye AS builder
1.66-bullseye: Pulling from library/rust
bbeef03cda1f: Retrying in 1 second 
f049f75f014e: Retrying in 1 second 
56261d0e6b05: Retrying in 1 second 
9bd150679dbd: Waiting 
5b282ee9da04: Waiting 
73a9d184f581: Waiting 
error pulling image configuration: download failed after attempts=6: dial tcp 199.59.148.15:443: connect: connection refused

but I got this error above, how can I solve this problem?

Encoder.py Problem

Hello,

I have compiled the code as you said during the meeting:
I built the tlsserver, and tlsclient - everything seemed okay
However, when I ran the script in measuring, the following error occurred on
Step 51/60 : RUN pipenv run python encoder.py

Traceback (most recent call last):
File "encoder.py", line 459, in
get_classic_certs()
File "encoder.py", line 438, in get_classic_certs
shutil.copyfile("rsas-int/pki/private/client.key", "client.key")
File "/root/.local/share/virtualenvs/mk-cert-QibA59Jh/lib/python3.7/shutil.py", line 120, in copyfile
with open(src, 'rb') as fsrc:
FileNotFoundError: [Errno 2] No such file or directory: 'rsas-int/pki/private/client.key'

I am not sure why is this happening. Could you give me a hint?

Thanks

Error and Warnings on build

Hello,
I have been trying to build the rustls-kemtls as written in the Readme:
$ cd rustls-mio
$ cargo run --example tlsserver -- --help

However hundreds of Warnings appear mostly coming from the pqclean - Check the end of issue.
Additionally the build fails - thus I cannot use the code

I am not sure whether this comes from version incompatibility or something else
My installed versions on Ubuntu 16.04 are:

Docker version 18.09.7, build 2d0083d
cargo 1.50.0 (f04e7fab7 2021-02-04)
rustc 1.50.0 (cb75ad5db 2021-02-10)

One of the error Messages is:
failed to run custom build command for `pqcrypto-dilithium v0.3.1

Some of the Warnings:

warning: In file included from /usr/lib/gcc/x86_64-linux-gnu/5/include/immintrin.h:41:0,
warning: from pqclean/crypto_sign/dilithium2/avx2/rejsample.c:1:
warning: /usr/lib/gcc/x86_64-linux-gnu/5/include/avxintrin.h:900:1: note: declared here
warning: _mm256_storeu_si256 (__m256i *__P, __m256i __A)
warning: ^
warning: pqclean/crypto_sign/dilithium2/avx2/rejsample.c:342:43: error: expected expression before ‘)’ token
warning: rid = _mm_loadl_epi64((__m128i_u *)&idx[(good >> 8) & 0xFF]);
warning: ^
warning: pqclean/crypto_sign/dilithium2/avx2/rejsample.c:346:41: error: expected expression before ‘)’ token
warning: _mm256_storeu_si256((__m256i_u *)&r[ctr], tmp1);
warning: ^
warning: pqclean/crypto_sign/dilithium2/avx2/rejsample.c:346:9: error: too few arguments to function ‘_mm256_storeu_si256’
warning: _mm256_storeu_si256((__m256i_u *)&r[ctr], tmp1);
warning: ^
warning: In file included from /usr/lib/gcc/x86_64-linux-gnu/5/include/immintrin.h:41:0,
warning: from pqclean/crypto_sign/dilithium2/avx2/rejsample.c:1:
warning: /usr/lib/gcc/x86_64-linux-gnu/5/include/avxintrin.h:900:1: note: declared here
warning: _mm256_storeu_si256 (__m256i *__P, __m256i __A)
warning: ^
warning: pqclean/crypto_sign/dilithium2/avx2/rejsample.c:350:43: error: expected expression before ‘)’ token
warning: rid = _mm_loadl_epi64((__m128i_u *)&idx[(good >> 16) & 0xFF]);
warning: ^
warning: pqclean/crypto_sign/dilithium2/avx2/rejsample.c:354:41: error: expected expression before ‘)’ token
warning: _mm256_storeu_si256((__m256i_u *)&r[ctr], tmp1);

etc...

Thanks

thomwiggers / kemtls-experiment Goto Github PK

kemtls-experiment's Introduction

Post-Quantum TLS without handshake signatures

Overview of this repository

Main folders

Supporting repositories

Working with this repository

kemtls-experiment's People

Contributors

Stargazers

Watchers

Forkers

kemtls-experiment's Issues

Recommend Projects

Recommend Topics

Recommend Org