You can download the latest release of OpenPACE on Github. Older releases are still available on Sourceforge.
If you plan to make contribution, you can clone our git repository to later make a pull request on Github:
git clone https://github.com/frankmorgner/openpace.git
Alternatively, the current developement version is available as zip file or as precompiled Windows 32 bit binaries and 64 bit binaries.
The easiest way to setup a development or test environment is to use Vagrant [8] with VirtualBox [9]. OpenPACE comes with a Vagrantfile which lets you setup a working environment with just one command. To create a Ubuntu based virtual machine, install all dependencies and compile OpenPACE, run the following command in the OpenPACE directory:
vagrant up
You then need to vagrant ssh
in order to access the VM. The
openpace
folder is shared between the host and the VM so any
changes you make on the host are immediately visible in the VM and vice versa.
OpenPACE uses the GNU Build System to compile and install. If you are
unfamiliar with it, please have a look at INSTALL
. If you can not find
it, you are probably working bleeding edge in the repository. Run the
following command in openpace
to get the missing standard
auxiliary files:
autoreconf --verbose --install
To configure (./configure --help
lists possible options), build and
install OpenPACE now do the following:
./configure
make
make install
OpenPACE depends on the OpenSSL [4] library. Since PACE uses CMAC and the Brainpool curves, OpenSSL is required with version 1.0.2 or later.
Furthermore, additional object identifiers from BSI TR-03110 [1] are required. You have two options to get them to work:
The first option allows you to install an unchanged version of OpenSSL to your
system. However, performance will be slightly worse and there are some
limitations. For example, you won’t be able to use the new NIDs as labels in a
switch statement and you need to make sure to call EAC_init()
first. For
patching OpenSSL we provide bsi_objects.txt
. You can configure
OpenPACE with --enable-openssl-install
, which will
automatically download, patch, build and install OpenSSL if needed.
The language bindings for Python, Java, ... are currently disabled by default.
You need to explicitely configure OpenPACE to install them by using
--enable-python
, --enable-java
, ... This requires SWIG to
be installed along with the language’s toolchain to build the bindings.
Our Makefile
includes scripts for cross compilation for Windows
on Debian wheezy:
test -x configure || autoreconf --verbose --install
./configure --enable-openssl-install
make win
gendef [7] should be installed to generate the library definitions.
On successfull compilation, the Windows binaries can be found in
openpace-1.0.2_win32
. For customization you
may pass the following make variables:
Make Variable | Default | Meaning |
---|---|---|
WIN_TOOL |
i686-w64-mingw32 |
cross compiler |
WIN_TOOL_DIR |
/usr/${WIN_TOOL} |
root directory of the cross compiler containing the lib and include folders |
A quick and dirty way without wasting too much time on setting up the development environment would be to compile the library by hand in the OpenSSL Windows binaries [13]:
with installedThe correct™ process combines Visual Studio, MSYS2 [11] with cccl [12] and allows using the same procedure and features that we are used to when Compiling on Linux, Unix and similar. We will not depict it here. If you’re interested, have a look at our Windows CI script which includes all steps of this procedure.
With the cross compiled or native binaries you may now compile the Python bindings. For this you need to setup your Windows as following:
Check out the git repository to the directory C:\openpace
Install Visual Studio 2013 [10] and open
Install SWIG [5] and modify the PATH
so that swig.exe
can be found:
set PATH="C:\swig";%PATH%
Install Python [6] and set PYTHON_INCLUDE
and
PYTHON_LIBD
/PYTHON_LIB
accordingly:
set PYTHON_INCLUDE="C:\Python27\include"
set PYTHON_LIBD="C:\Python27"
set PYTHON_LIB="python278.lib"
Copy the cross compiled OpenPACE libraries to Windows and set OPENPACE_ROOT
:
set OPENPACE_ROOT="C:\openpace\openpace-1.0.0_win32
Create OpenPACE’s and OpenSSL’s import libraries:
lib /def:"%OPENPACE_ROOT%\lib\libeac-2.def" /OUT:"%OPENPACE_ROOT%\lib\libeac.lib"
lib /def:"%OPENPACE_ROOT%\lib\libeay32.def" /OUT:"%OPENPACE_ROOT%\lib\libeay32.lib"
Build the Python bindings:
cd "C:\openpace"
msbuild "bindings\win32\eac.sln"
If you can successfully build the solution, you can find the python in
%OPENPACE_ROOT%\bindings\win32\Release
. Put them all together
with the cross compiled OpenPACE library:
copy "C:\openpace\bindings\win32\Release\_eac.pyd" "%OPENPACE_ROOT%\bin"
copy "C:\openpace\bindings\win32\Release\eac.py" "%OPENPACE_ROOT%\bin"
copy "C:\openpace\bindings\python\chat.py" "%OPENPACE_ROOT%\bin"
copy "C:\openpace\bindings\python\pace_entity.py" "%OPENPACE_ROOT%\bin"
Now for testing, you may try:
cd "%OPENPACE_ROOT%\bin"
"%PYTHON_LIBD%\python.exe" "C:\openpace\bindings\python\example.py"
Our Makefile
includes scripts for cross compilation for Android on
Debian wheezy:
test -x configure || autoreconf --verbose --install
./configure --enable-openssl-install
make android
Make Variable | Default | Meaning |
---|---|---|
ANDROID_ARCH |
arm |
target Architecture |
ANDROID_TOOL |
${ANDROID_ARCH}-linux-androideabi |
cross compiler |
MAKE_STANDALONE_TOOLCHAIN |
${HOME}/.local/opt/android-ndk-r10e/build/tools/make-standalone-toolchain.sh |
location of the NDK script for creating the toolchain |
On successfull compilation, the Android binaries can be found in
openpace-1.0.2_$ANDROID_ARCH-linux-androideabi
.
Technically the process for getting OpenPACE into Javascript is similar to cross compiling. With Emscripten [2] the library is compiled into LLVM bytecode and then translated into Javascript. Use the following command:
test -x configure || autoreconf --verbose --install
./configure --enable-openssl-install
make emscripten
Make Variable | Default | Meaning |
---|---|---|
EMSCRIPTEN_ROOT |
${HOME}/.local/src/emscripten |
root directory of emscripten containing the system/include/libc |
On successfull compilation, the compiled bitcode files can be found in
openpace-1.0.2_js
. You can run our testsuite
completely in Javascript or in your browser:
nodejs openpace-1.0.2_js/bin/eactest.js
firefox openpace-1.0.2_js/eactest.html
Warning
Javascript cryptography is considered harmful [3]. You may want to think twice before using the Javascript version of OpenPACE.
[1] | https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html |
[2] | https://github.com/kripken/emscripten |
[3] | http://www.matasano.com/articles/javascript-cryptography |
[4] | http://openssl.org |
[5] | http://www.swig.org/download.html |
[6] | https://www.python.org/downloads/release/python-278/ |
[7] | http://sourceforge.net/p/mingw-w64/wiki2/gendef/ |
[8] | https://www.vagrantup.com |
[9] | https://www.virtualbox.org/ |
[10] | http://msdn.microsoft.com/library/dd831853.aspx |
[11] | https://msys2.github.io/ |
[12] | https://github.com/frankmorgner/cccl |
[13] | https://slproweb.com/products/Win32OpenSSL.html |