From 556c6949712a5c6a8d9bac78f8c3f144f45d7b4e Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 2 Nov 2023 19:39:17 +0100 Subject: [PATCH 1/3] add Chromium usage instructions [skip ci] --- chromium/USAGE.md | 20 ++++++++++++++++++++ nginx/fulltest/index-template | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 chromium/USAGE.md diff --git a/chromium/USAGE.md b/chromium/USAGE.md new file mode 100644 index 00000000..be0587e9 --- /dev/null +++ b/chromium/USAGE.md @@ -0,0 +1,20 @@ +# OQS-chromium + +This file contains usage information for a build of Chromium configured to also support quantum-safe crypto (QSC) operations. + +All information to build this from source is contained in the [main subproject README](https://github.com/open-quantum-safe/oqs-demos/tree/main/chromium). + +For the unwary user we *strongly* recommend to use a ready-build binary (for x64 Linux) available in the most current [release of oqs-demos](https://github.com/open-quantum-safe/oqs-demos/releases). + +## Quick start + +1) Execute `./chrome` in the directory to which oqs-chromium has been built or extracted to. +2) Navigate to [https://test.openquantumsafe.org](https://test.openquantumsafe.org) and [download the current test server certificate](https://test.openquantumsafe.org/CA.crt). +3) Install the certificate in the Chromium certificate store by clicking on "..." in the upper right hand corner , then/-> "Preferences" -> "..." in upper left corner -> "Privacy and Security" -> "Security" -> "Certificate Management" -> "Certification Authorities" -> Import: Load the file "CA.crt" downloaded in step 2. +4) Return to the test server at [https://test.openquantumsafe.org](https://test.openquantumsafe.org) and click any of the supported ports representing all available quantum safe KEM and signature algorithms. A success message is returned if everything works as intended. + +Please note that not all algorithm combinations are expected to work. Most notably, none of the X25519 or X448 KEM hybrids are supported by the [underlying integration of OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl). + +Please create a [discussion item](https://github.com/open-quantum-safe/boringssl/discussions/landing) if you feel some algorithm combination that does not work should do. + + diff --git a/nginx/fulltest/index-template b/nginx/fulltest/index-template index 3b06b556..2d197c48 100644 --- a/nginx/fulltest/index-template +++ b/nginx/fulltest/index-template @@ -48,7 +48,7 @@ tr:nth-child(even) {
  1. This test server by no means should be taken as containing production-ready software. See disclaimer. Its purpose is simply to provide a best-effort facility to allow anyone to "test-drive" QSC software packages including testing protocol level interoperability.
    2. -
  2. When using the OQS-enabled Chromium build to access this web site, be aware of the limitations concerning supported algorithms as documented here. Therefore, only the following hybrid KEM algorithms will work: P256_BIKEL1, P256_FRODO640AES, P256_KYBER90S512, P256_NTRU_HPS2048509, P256_LIGHTSABER. Using the browser's search function ("CTRL-F") for these algorithm names on this page provides quick access to the ports running these algorithms. Also note that OQS-Chromium does not support any hybrid signature algorithms. Alternatively, use the OQS-Chromium algorithm list page to access these algorithms.
    3. +
  3. When using the OQS-enabled Chromium build to access this web site, please heed its usage instructions.
  4. When using the OQS-enabled GNOME Web/epiphany browser to access this web site, all ports can be accessed, provided the browser is suitably started enabling the algorithms of interest. Please read the documentation how to do this.
From 628927c5ba960f4c47585d8207db6ff5125a3d39 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Fri, 3 Nov 2023 08:48:45 +0100 Subject: [PATCH 2/3] add Win startup command to chromium usage [skip ci] --- chromium/USAGE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chromium/USAGE.md b/chromium/USAGE.md index be0587e9..e5e4b4ce 100644 --- a/chromium/USAGE.md +++ b/chromium/USAGE.md @@ -8,7 +8,7 @@ For the unwary user we *strongly* recommend to use a ready-build binary (for x64 ## Quick start -1) Execute `./chrome` in the directory to which oqs-chromium has been built or extracted to. +1) Execute `./chrome` (or `chrome.exe` in case of a Windows build) in the directory to which oqs-chromium has been built or extracted to. 2) Navigate to [https://test.openquantumsafe.org](https://test.openquantumsafe.org) and [download the current test server certificate](https://test.openquantumsafe.org/CA.crt). 3) Install the certificate in the Chromium certificate store by clicking on "..." in the upper right hand corner , then/-> "Preferences" -> "..." in upper left corner -> "Privacy and Security" -> "Security" -> "Certificate Management" -> "Certification Authorities" -> Import: Load the file "CA.crt" downloaded in step 2. 4) Return to the test server at [https://test.openquantumsafe.org](https://test.openquantumsafe.org) and click any of the supported ports representing all available quantum safe KEM and signature algorithms. A success message is returned if everything works as intended. From 8cd6bffbcf5c4dd78fb5959f8c8f2a2b61bf91db Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Fri, 3 Nov 2023 14:16:04 +0100 Subject: [PATCH 3/3] add chromium instructions to provider test server doc [skip ci] --- nginx/fulltest-provider/index-template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/fulltest-provider/index-template b/nginx/fulltest-provider/index-template index ce8a098b..1a61e65c 100644 --- a/nginx/fulltest-provider/index-template +++ b/nginx/fulltest-provider/index-template @@ -48,7 +48,7 @@ tr:nth-child(even) {
  1. This test server by no means should be taken as containing production-ready software. See disclaimer. Its purpose is simply to provide a best-effort facility to allow anyone to "test-drive" QSC software packages including testing protocol level interoperability.
    2. -
  2. When using the OQS-enabled Chromium build to access this web site, be aware of the limitations concerning supported algorithms as documented here. +
  3. When using the OQS-enabled Chromium build to access this web site, please heed its usage instructions.
  4. When using the OQS-enabled GNOME Web/epiphany browser to access this web site, all ports can be accessed, provided the browser is suitably started enabling the algorithms of interest. Please read the documentation how to do this.