INSTALL 9.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235
  1. 0. Building on *nix from git repository
  2. Run the autogen script to generate configure, then proceed to step 1.
  3. Prerequisites: You'll need autoconf, automake and libtool installed.
  4. $ ./autogen.sh
  5. 1. Building on *nix from a release
  6. $ ./configure
  7. $ make
  8. $ make check # (optional, but highly recommended)
  9. $ sudo make install
  10. 2. Building on iOS
  11. Use on the xcode project in IDE/iOS/wolfssl.xcodeproj
  12. There is a README in IDE/iOS with more information
  13. 3. Building for Apple ARM64
  14. When building for an Apple ARM64 platform, ensure the host CPU type is detected as "aarch64" during configure, if not, pass --host=aarch64-apple-darwin to configure.
  15. 4. Building on Windows
  16. Use the Visual Studio Solution wolfssl64.sln
  17. 5. Building with IAR
  18. Please see the README in IDE/IAR-EWARM for detailed instructions
  19. 6. Building with Keil
  20. Please see the Keil Projects in IDE/MDK5-ARM/Projects
  21. 7. Building with Microchip tools
  22. Please see the README in mplabx
  23. 8. Building with Freescale MQX
  24. Please see the README in mqx
  25. 9. Building with Rowley CrossWorks for ARM
  26. Use the CrossWorks project in IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp
  27. There is a README.md in IDE/ROWLEY-CROSSWORKS-ARM with more information
  28. 10. Building with Arduino
  29. Use the script IDE/ARDUINO/wolfssl-arduino.sh to reformat the wolfSSL
  30. library for compatibility with the Arduino IDE. There is a README.md in
  31. IDE/ARDUINO for detailed instructions.
  32. 11. Building for Android with Visual Studio 2017
  33. Please see the README in IDE/VS-ARM.
  34. Use the Visual Studio solution IDE/VS-ARM/wolfssl.sln.
  35. 12. Building for Yocto Project or OpenEmbedded
  36. Please see the README in the "meta-wolfssl" repository. This repository
  37. holds wolfSSL's Yocto and OpenEmbedded layer, which contains recipes
  38. for wolfSSL, wolfSSH, wolfMQTT, wolfTPM, wolfCrypt examples, and OSS
  39. project bbappend files.
  40. https://github.com/wolfssl/meta-wolfssl
  41. The wolfSSL recipe can also be found in the OpenEmbedded
  42. "meta-openembedded/meta-networking/recipes-connectivity" layer:
  43. https://github.com/openembedded/meta-openembedded
  44. 13. Porting to a new platform
  45. Please see section 2.4 in the manual:
  46. http://www.wolfssl.com/yaSSL/Docs-cyassl-manual-2-building-cyassl.html
  47. 14. Building with CMake
  48. Note: Primary development uses automake (./configure). The support for CMake
  49. is still under development.
  50. For configuring wolfssl using CMake, we recommend downloading the CMake
  51. GUI (https://cmake.org/download/). This tool allows you to see all of
  52. wolfssl's configuration variables, set them, and view their descriptions.
  53. Looking at the GUI or CMakeCache.txt (generated after running cmake once) is
  54. the best way to find out what configuration options are available and what
  55. they do. You can also invoke CMake from the GUI, which is described in the
  56. Windows instructions below. For Unix-based systems, we describe the command
  57. line work flow. Regardless of your chosen workflow, cmake will generate
  58. a header options.h in the wolfssl directory that contains the options used
  59. to configure the build.
  60. Unix-based Platforms
  61. ---
  62. 1) Navigate to the wolfssl root directory containing "CMakeLists.txt".
  63. 2) Create a directory called "build" and change into it. This is where
  64. CMake will store build files.
  65. 3) Run `cmake ..` to generate the target build files (e.g. UNIX Makefiles).
  66. To enable or disable features, set them using -D<option>=[yes/no]. For
  67. example, to disable TLS 1.3 support, run cmake .. -DWOLFSSL_TLS13=no
  68. (autoconf equivalent: ./configure --disable-tls13) To enable DSA, run
  69. cmake .. -DWOLFSSL_DSA=yes (autoconf equivalent: ./configure
  70. --enable-dsa). Again, you can find a list of these options and their
  71. descriptions either using the CMake GUI or by looking at CMakeCache.txt.
  72. 5) The build directory should now contain the generated build files. Build
  73. with `cmake --build .`. Under the hood, this runs the target build tool
  74. (by default, make). You can also invoke the target build tool directly
  75. (e.g. make).
  76. To build with debugging use: `cmake .. -DCMAKE_BUILD_TYPE=Debug`.
  77. Windows (Visual Studio)
  78. ---
  79. 1) Go to this page, download the appropriate Windows installer, and install
  80. to get the CMake GUI: https://cmake.org/download/ Native CMake support in
  81. Visual Studio 16 2019 (and possibly older versions) has proven buggy. We
  82. recommend using the CMake GUI in concert with Visual Studio, as described
  83. in these steps.
  84. 2) Open CMake.
  85. 3) Where is the source code: <root directory of wolfssl containing
  86. CMakeLists.txt>
  87. 4) Where to build the binaries: <build directory, e.g. wolfssl/build>
  88. 5) Hit Configure. CMake runs the code in CMakeLists.txt and builds up an
  89. internal representation of the project.
  90. 6) Hit Generate. CMake generates the build files. For Windows, this will
  91. be Visual Studio project (.vcxproj) and solution (.sln) files.
  92. 7) Open Visual Studio and select "Open a project or solution".
  93. 8) Navigate to the build directory and select wolfssl.sln to load the
  94. project.
  95. Windows (command line)
  96. ---
  97. 1) Open Command Prompt
  98. 2) Run the Visual Studio batch to setup command line variables, e.g. C:\Program Files (x86)\Microsoft Visual
  99. Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat
  100. 3) Follow steps in "Unix-based Platforms" above.
  101. 15. Building with liboqs for TLS 1.3 [EXPERIMENTAL]
  102. In order be able to use liboqs, you must have it built and installed on your
  103. system. We support the 0.7.0 release of liboqs. You can download it from
  104. the following link:
  105. https://github.com/open-quantum-safe/liboqs/archive/refs/tags/0.7.0.tar.gz
  106. Once unpacked, this would be sufficient:
  107. $ cd liboqs-0.7.0
  108. $ mkdir build
  109. $ cd build
  110. $ cmake -DOQS_USE_OPENSSL=0 ..
  111. $ make all
  112. $ sudo make install
  113. And then for building wolfssl, the following is sufficient:
  114. $ cd wolfssl
  115. $ ./autogen.sh (Might not be necessary)
  116. $ ./configure --with-liboqs
  117. $ make all
  118. Execute the following to see the liboqs-related options for KEM groups near
  119. the end of the output of these commands:
  120. $ ./examples/server/server -?
  121. $ ./examples/client/client -?
  122. For a quick start, you can run the client and server like this:
  123. $ ./examples/server/server -v 4 --pqc P521_KYBER_LEVEL5
  124. $ ./examples/client/client -v 4 --pqc P521_KYBER_LEVEL5
  125. Look for the following line in the output of the server and client:
  126. ```
  127. Using Post-Quantum KEM: P521_KYBER_LEVEL5
  128. ```
  129. For authentication, you can generate a certificate chain using the Open
  130. Quantum Safe project's fork of OpenSSL. We support certificates and keys
  131. generated by the 2021-08 snapshot of the OQS-OpenSSL_1_1_1-stable branch
  132. of the fork. You can download it from the following link:
  133. https://github.com/open-quantum-safe/openssl/archive/refs/tags/OQS-OpenSSL_1_1_1-stable-snapshot-2021-08.tar.gz
  134. Once unpacked, this would be sufficient for building it:
  135. $ cd openssl-OQS-OpenSSL_1_1_1-stable-snapshot-2021-08/
  136. $ ./config no-shared
  137. $ make all
  138. Note that installation is NOT required.
  139. There is a script for generating a Falcon NIST Level 1 and NIST Level 5
  140. certificate chain which can be found in the wolfssl-examples github repo at
  141. pq/generate_falcon_chains.sh. Please find detailed instructions on how to
  142. generate and verify the keys and certificates in pq/README.md. As a quick-
  143. start, simply copy generate_falcon_chains.sh into the
  144. openssl-OQS-OpenSSL_1_1_1-stable-snapshot-2021-08 directory and execute the
  145. script.
  146. Once the certificates and keys are generated, copy them from the
  147. openssl-OQS-OpenSSL_1_1_1-stable-snapshot-2021-08/ directory to the certs
  148. directory of wolfssl. Now you can run the server and client like this:
  149. $ examples/server/server -v 4 -l TLS_AES_256_GCM_SHA384 \
  150. -A certs/falcon_level5_root_cert.pem \
  151. -c certs/falcon_level1_entity_cert.pem \
  152. -k certs/falcon_level1_entity_key.pem \
  153. --pqc P521_KYBER_LEVEL5
  154. $ examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
  155. -A certs/falcon_level1_root_cert.pem \
  156. -c certs/falcon_level5_entity_cert.pem \
  157. -k certs/falcon_level5_entity_key.pem \
  158. --pqc P521_KYBER_LEVEL5
  159. Congratulations! You have just achieved a fully quantum-safe TLS 1.3
  160. connection!
  161. The following NIST Competition Round 3 Finalist algorithms are supported:
  162. - CRYSTALS-KYBER (KEM)
  163. - SABER (KEM)
  164. - NTRU (KEM)
  165. - FALCON (signature scheme)
  166. Links to more information about these algorithms can be found here:
  167. https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions
  168. NOTE: The quantum-safe algorithms provided by liboqs are unstandardized and
  169. experimental. It is highly advised that they NOT be used in production
  170. environments. All OIDs and codepoints are temporary and expected to
  171. change in the future. You should have no expectation of backwards
  172. compatibility.