56 lines
1.5 KiB
Markdown
56 lines
1.5 KiB
Markdown
# wolfSSL Post-Quantum Cryptography Example
|
|
|
|
This directory contains:
|
|
|
|
- A server application that perform a completely quantum-safe TLS 1.3
|
|
connection.
|
|
- A client application that perform a completely quantum-safe TLS 1.3
|
|
connection with the server above.
|
|
- An STM32CubeIDE project for doing quantum-safe TLS 1.3 connection over UART
|
|
and some applications that run on the Linux side to connect with it.
|
|
|
|
# Prerequisites
|
|
|
|
Build wolfSSL with support for ML-KEM (Kyber) and ML-DSA (Dilthium
|
|
|
|
```
|
|
./autogen.sh
|
|
./configure --enable-kyber --enable-dilithium
|
|
make all
|
|
sudo make install
|
|
sudo ldconfig
|
|
```
|
|
|
|
## Building the Server and Client
|
|
|
|
```
|
|
$ make
|
|
```
|
|
|
|
## Quantum safe TLS 1.3 Connection
|
|
|
|
`client-pq-tls13` will connect with `server-pq-tls13` via a completely quantum-
|
|
safe connection. Authentication will be done via the ML-DSA signature scheme.
|
|
Ephemeral key establishment will be done via ML-KEM. Both are standardized by
|
|
NIST. Please see
|
|
https://github.com/wolfSSL/osp/tree/master/oqs/README.md for instructions about
|
|
certificate generation. For your convenience, certificates and keys have already
|
|
been generated and are in this repo's `certs` directory.
|
|
|
|
In a terminal, execute the server:
|
|
|
|
```sh
|
|
./server-pq-tls13
|
|
```
|
|
|
|
In another terminal, execute the client:
|
|
|
|
```sh
|
|
./client-pq-tls13 127.0.0.1
|
|
```
|
|
|
|
The client will be prompted for a message to send to the server. Once you see
|
|
this prompt, a quantum-safe connection has already been established. Use the
|
|
client to send the message "shutdown" in order to end the execution of the
|
|
server.
|