Native client

The communication with the remote QRNG is performed by means of web sockets, where for authentication and key exchange, quantum-resistant algorithms (PQC) are used.

An example of such remote QRNG service is our qrng.lumii.lv.

Prerequisites

GraalVM

You will need GraalVM based on JDK16+ to compile the native client library (“qrng.dll”, “qrng.dylib”, “libqrng.so”). You can download GraalVM by means of our scripts. Add (as the first element) /path/to/graalvm/bin to your PATH variable. In Windows, use the semicolon ; as PATH delimiter. In other operating systems, use the colon :.

In Linux, specify the LD_LIBRARY_PATH=/path/to/graalvm/lib environment variable.

In MacOS, specify the DYLD_LIBRARY_PATH=/path/to/graalvm/lib environment variable.

Native Image for GraalVM

gu install native-image

Dev Tools

In Windows, you will need

  • Git for Windows

  • Visual Studio Community with C++ tools. Visual Studio is free for academic reseach and open source development. However, it is a paid software, if used for commercial purposes.

  • CMake tools: https://marketplace.visualstudio.com/items?itemName=ms-vscode.cmake-tools

In other operating systems, install dev tools and git using the appropriate package manager (such as apt or brew). See Native Image docs.

Clone the Sources

git clone https://github.com/LUMII-Syslab/qrng-client.git

Building the Native Library in Windows

Launch cmd and initialize Visual Studio environment variables (use your version in the path):

"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvarsall.bat" x64
cd C:\path\to\qrng-client
gradlew nativeCompile

If you get an error like

Fatal error: Unsupported OptionOrigin: C:\Users\SysLab\AppData\Local\Temp\native-image822152195599878649args

then this is a GraalVM bug. Split the path shown in the error message into two parts, and invoke:

cd C:\Users\SysLab\AppData\Local\Temp
native-image @native-image822152195599878649args

In build.gradle, comment the line (otherwise you won’t be able to run tests due to the bug mentioned above):

// dependsOn nativeCompile

Building the Native Library in UNIX (Linux/MacOS)

cd /path/to/qrng-client
./gradlew nativeCompile

Testing the Native Library

You will need these files:

  • ca.truststore (the root CA certificate used to sign the QRNG server HTTPS certificate and client sertificates)
  • token.keystore (your client certificate, signed by the CA that serves the QRNG server)
  • qrng.properties (key passwords and other settings)

Obtain these files from the administrator of the remote QRNG service and put them into the same directory, where the native library has been built (i.e., into build/native/nativeCompile).

Then run (from the project root):

./gradlew testNative

That will build the test.exe program (from src/test/cpp/test.cpp) that tries (twice) to get random numbers from the remote QRNG via a quantum-safe link. The first try is expected to return 10 random bytes. The second try is expected to return an error message.

Work in Progress…

For Linux, we are going to provide the “qrng” systemd service and the “qrng” Linux kernel module, which creates the /dev/qrandom0 device, which communicates with a remote QRNG web service.

On Windows, we are working on qrng.dll, which will provide hooks for Windows API functions CryptGenRandom, BCryptGenRandom, and RtlGenRandom. These functions are used by programs compiled for Windows (e.g., openssl.exe) for obtaining random numbers. We re-implement these functions by returning random numbers obtained from a remote QRNG device.

Contributors

  • Sergejs Kozlovičs

    (Institute of Mathematics and Computer Science, University of Latvia)

License

MIT + third-party licenses for third-party code (e.g., Apache 2.0 license for the nl.altindag.ssl package, GPLv2 with Classpath exception for GraalVM-related code that will be compiled into the client, etc.)

results matching ""

    No results matching ""