Software Setup

This page describes the software setup of our experiments. Therefore, we list the dependencies and scripts to setup our ecosystem.

Software Versions

Experiment tools:

• Operating system: Debian bullseye (Kernel ver 5.10)
• liboqs: A Library for Open-Quantum-Safe-Cryptography, Commit: 2e2ddb4e0493014694820471396984b30d59cf97
• OpenSSL Fork for Liboqs: Based on OpenSSL Version 1.1.1, Commit: 82b5b1dcd786e13e3af8fe23823dedf2ed25d206
• Patch for OpenSSL with liboqs: This patch is needed to support the used Sphincs versions, to include the forced TCP pushes and can be retrieved from this repository: patches/openssl-sphincs-psh.patch
• Patch for OpenSSL with liboqs only for Figure 3a: This patch is needed to support the used Sphincs versions and can be retrieved from this repository: patches/openssl-sphincs.patch

Measurement tools:

• Operating system: Debian bullseye (Kernel ver 5.10)
• MoonGen: A software packet generator used for capturing the packets with hardware timestamping, Commit: 89b01d2205c55db43651701001bb60486e93ecb1
• Linux perf: A performance monitoring tool, ver 5.10
• Flame Graphs: A tool to visualize the results from Linux perf, commit: d9fcc272b6a08c3e3e5b7919040f0ab5f8952d65

Evaluation Tools

• Operating system: Debian bullseye (Kernel ver 5.10)
• PostGreSQL version 13 for database analysis
• Pypacker, see https://gitlab.com/mike01/pypacker, for extracting PCAPs into PostGreSQL
• GNU Parallel, see https://www.gnu.org/software/parallel/, for parallelizing our analysis.
• TexLive Full, version 2020.20210202-3, for building our Figures.

Docker Setup

To execute our Docker scripts, we have the following requirements to be installed first:

• Installed Docker (https://docs.docker.com/engine/install/debian/)
• Python3

  apt-get install python3

• Python3 Libraries:

  apt-get install python3-click python3-yaml

Setup

For reproducibility, are we presenting a dockerized evaluation infrastructure to repeat our methodology of analyzing PCAPs.

Following Variables can be set for the Docker files, see the docker-compose-file for the defined variables: Docker Compose File

Client

Variables

        OPENSSL_REPO: "https://github.com/tumi8/openssl-pqc.git"
        OPENSSL_BRANCH: "basic-sphincs-psh"
        LIBOQS_COMMIT: "2e2ddb4e0493014694820471396984b30d59cf97"
        FLAME_GRAPH: "False"

Script

FROM debian:bullseye

# Docker Arguments
ARG OPENSSL_BRANCH
ARG OPENSSL_REPO
ARG LIBOQS_COMMIT

# liboqs build type variant; maximum portability of image:
ENV LIBOQS_BUILD_DEFINES "-DOQS_DIST_BUILD=ON"
ENV OPENSSL_BUILD_DEFINES "-DOQS_DEFAULT_GROUPS=p384_kyber768:X25519:kyber768"
ENV OPENSSL_PATH /opt/openssl
ENV OPENSSL_SRC_PATH /opt/openssl-src
ENV MAKE_DEFINES "-j 18"
ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt-get upgrade -y

RUN apt-get install -y build-essential iproute2 \
            libtool automake autoconf cmake ninja-build dnsutils tcpdump \
            make \
            openssl libssl-dev \
            git wget libpcre3 libpcre3-dev

RUN mkdir -p /opt $OPENSSL_PATH $OPENSSL_SRC_PATH /out
WORKDIR /opt

RUN git clone --branch main https://github.com/open-quantum-safe/liboqs && \
    git clone --depth 1 --branch ${OPENSSL_BRANCH} ${OPENSSL_REPO} ${OPENSSL_SRC_PATH}

WORKDIR /opt/liboqs

# Build LibOQS
RUN git checkout $LIBOQS_COMMIT && mkdir -p build-static
WORKDIR /opt/liboqs/build-static
RUN cmake -G"Ninja" ${LIBOQS_BUILD_DEFINES} -DBUILD_SHARED_LIBS=OFF -DCMAKE_INSTALL_PREFIX=${OPENSSL_SRC_PATH}/oqs ..
RUN ninja
RUN ninja install

WORKDIR /opt/liboqs

RUN mkdir -p build && cd build  && \
    cmake -G"Ninja" .. ${LIBOQS_BUILD_DEFINES} -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=/opt/ossl-src/oqs && \
    ninja install

# build openssl
WORKDIR $OPENSSL_SRC_PATH
ENV LDFLAGS "-Wl,-rpath -Wl,${OPENSSL_PATH}/lib"

RUN ./config shared ${OPENSSL_BUILD_DEFINES} --prefix=${OPENSSL_PATH} && \
    make generate_crypto_objects && \
    make ${MAKE_DEFINES} && \
    make install

ARG FLAME_GRAPH
RUN if [ "$FLAME_GRAPH" = "True" ]; then \
    apt-get install -y linux-perf; fi

ENV OPENSSL "${OPENSSL_PATH}/bin/openssl"
ENV OPENSSL_CNF "${OPENSSL_PATH}/ssl/openssl.cnf"

WORKDIR /opt
COPY measurement-openssl-client.sh /opt/
COPY measurement-openssl-server.sh /opt/

Server

Variables

        OPENSSL_REPO: "https://github.com/tumi8/openssl-pqc.git"
        OPENSSL_BRANCH: "basic-sphincs-psh"
        LIBOQS_COMMIT: "2e2ddb4e0493014694820471396984b30d59cf97"
        FLAME_GRAPH: "False"

Script

FROM debian:bullseye

# Docker Arguments
ARG OPENSSL_BRANCH
ARG OPENSSL_REPO
ARG LIBOQS_COMMIT

# liboqs build type variant; maximum portability of image:
ENV LIBOQS_BUILD_DEFINES "-DOQS_DIST_BUILD=ON"
ENV OPENSSL_BUILD_DEFINES "-DOQS_DEFAULT_GROUPS=p384_kyber768:X25519:kyber768"
ENV OPENSSL_PATH /opt/openssl
ENV OPENSSL_SRC_PATH /opt/openssl-src
ENV MAKE_DEFINES "-j 18"
ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt-get upgrade -y

RUN apt-get install -y build-essential iproute2 \
            libtool automake autoconf cmake ninja-build dnsutils tcpdump \
            make \
            openssl libssl-dev \
            git wget libpcre3 libpcre3-dev

RUN mkdir -p /opt $OPENSSL_PATH $OPENSSL_SRC_PATH /out
WORKDIR /opt

RUN git clone --branch main https://github.com/open-quantum-safe/liboqs && \
    git clone --depth 1 --branch ${OPENSSL_BRANCH} ${OPENSSL_REPO} ${OPENSSL_SRC_PATH}

WORKDIR /opt/liboqs

# Build LibOQS
RUN git checkout $LIBOQS_COMMIT && mkdir -p build-static
WORKDIR /opt/liboqs/build-static
RUN cmake -G"Ninja" ${LIBOQS_BUILD_DEFINES} -DBUILD_SHARED_LIBS=OFF -DCMAKE_INSTALL_PREFIX=${OPENSSL_SRC_PATH}/oqs ..
RUN ninja
RUN ninja install

WORKDIR /opt/liboqs

RUN mkdir -p build && cd build  && \
    cmake -G"Ninja" .. ${LIBOQS_BUILD_DEFINES} -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=/opt/ossl-src/oqs && \
    ninja install

# build openssl
WORKDIR $OPENSSL_SRC_PATH
ENV LDFLAGS "-Wl,-rpath -Wl,${OPENSSL_PATH}/lib"

RUN ./config shared ${OPENSSL_BUILD_DEFINES} --prefix=${OPENSSL_PATH} && \
    make generate_crypto_objects && \
    make ${MAKE_DEFINES} && \
    make install

ARG FLAME_GRAPH
RUN if [ "$FLAME_GRAPH" = "True" ]; then \
    apt-get install -y linux-perf; fi

ENV OPENSSL "${OPENSSL_PATH}/bin/openssl"
ENV OPENSSL_CNF "${OPENSSL_PATH}/ssl/openssl.cnf"

WORKDIR /opt
COPY measurement-openssl-client.sh /opt/
COPY measurement-openssl-server.sh /opt/

Evaluator

Script

FROM debian:bullseye

ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt-get upgrade -y

RUN apt-get install -y zstd

RUN mkdir -p /opt
WORKDIR /opt

COPY run.sh /opt/