Prerequisites
The following instructions are for Debian/Ubuntu systems. Other modern Linux/BSD/UNIX systems should work with minor adjustments to the instructions. These instructions need the following packages:
gcc
and other compiler tools:apt install build-essential
- OpenSSL header files:
apt install libssl-dev
- GMP header files:
apt install libgmp-dev
- Python 3:
apt install python3
Check that df /home/
shows at least 300000 1K-blocks available,
and that df -i /home/
shows at least 30000 inodes free.
Currently a typical compile-and-test run
uses about 200MB and about 15000 inodes.
Download, unpack, compile, test, install
In a root
terminal,
create a libpqcrypto
user:
adduser --disabled-password --gecos libpqcrypto libpqcrypto
Run a shell as that user:
su - libpqcrypto
As that user,
download and unpack the latest version of libpqcrypto
:
wget -m https://libpqcrypto.org/libpqcrypto-latest-version.txt
version=$(cat libpqcrypto.org/libpqcrypto-latest-version.txt)
wget -m https://libpqcrypto.org/libpqcrypto-$version.tar.gz
tar -xzf libpqcrypto.org/libpqcrypto-$version.tar.gz
cd libpqcrypto-$version
ln -s $HOME link-build
ln -s $HOME link-install
Compile, test, and install (this takes time):
./do
Exit the user shell:
exit
That's it.
Options
Remote installation
The download-unpack-compile-test-install process
runs entirely from the command line.
The process is compatible with the root shell being run under screen
,
and is compatible with this screen
being run on another machine
accessed through ssh
.
Skipping prerequisites
If OpenSSL and/or GMP are not present,
libpqcrypto
will continue compilation,
but it will limit the installation to what it can test.
For example, the ramstake
functions need GMP,
and if you compile without GMP then libpqcrypto
will omit ramstake
.
You can install GMP later and recompile libpqcrypto
.
Skipping primitives
./do
will skip
a signature system or encryption system
if you set the sticky bit on the relevant
crypto_sign
or crypto_kem
subdirectory.
For example,
chmod +t crypto_sign/*/
skips all signature systems;
chmod -t crypto_sign/*/
undoes this.
Similar comments apply to lower-level directories
for particular implementations.
Compiler options
./do
tries a list of compilers in compilers/c
,
keeping the fastest working implementation of each primitive.
Before running ./do
you can edit compilers/c
to adjust compiler options
or to try additional compilers.
Beware that each compiler takes time and disk space.
Multi-ABI support
If you put both 32-bit and 64-bit compilers into compilers/c
then ./do
will produce both 32-bit and 64-bit libraries,
available through lib-x86
and lib-amd64
(on Intel/AMD CPUs)
or lib-armeabi
and lib-aarch64
(on ARM CPUs).
You should put the 64-bit compilers first
so that they are used (if possible) for the command-line tools.
Future possibilities
Fewer prerequisites
Not many functions in libpqcrypto
use OpenSSL,
and eliminating the OpenSSL dependency
will not take much more work.
There are already alternative non-OpenSSL implementations for
crypto_stream_aes256ctr
and
crypto_hash_sha512
.
OpenSSL is also used for AES-128-CTR in frodo*
;
for SHA-256, SHA-384, and SHA-512 in gui*
and rainbow*
;
and for SHA-256 in sphincs*sha256
.
Faster compilation and testing
Some effort will allow compilation and testing
to be parallelized on multi-core systems.
Speed improvements to libpqcrypto
will also save time in testing,
and increased sharing of internal subroutines will save time in compilation.
Cross-compilation
libpqcrypto
already has some internal support for cross-compilation.
The first stage of ./do
, namely ./build
,
only generates .o
files without running any.
The next stage, namely ./test
,
links and runs binaries and creates libraries
but does not make any new .o
files.
Version: This is version 2018.03.15 of the "Installation" web page.