Build OQS-Chromium on Ubuntu

The Open Quantum Safe project maintains a BoringSSL fork that supports quantum-safe algorithms. With this fork, we are able to build a Chromium that supports quantum-safe crypto algorithms. We will try to build the OQS-Chromium on Ubuntu since most Chromium development is done on it.

Before we start, we need to install tools that will be used later.

apt install cmake g++ ninja-build git wget golang-go python3

Next, we follow Google's instructions to install dept_tools and download the code. Once we have successfully downloaded the source code, we will switch from the Google's BoringSSL to OQS-BoringSSL. Assume <CHROMIUM_ROOT> is the the root directory of the Chromium source code.

cd <CHROMIUM_ROOT>/third_party/boringssl/src
git remote add oqs-bssl https://github.com/open-quantum-safe/boringssl
git fetch oqs-bssl
git checkout -b oqs-bssl-master oqs-bssl/master

Now choose a new directory to build and install the liboqs.

git clone --branch main https://github.com/open-quantum-safe/liboqs.git
cd liboqs && mkdir build && cd build
cmake .. -G"Ninja" -DCMAKE_INSTALL_PREFIX=<CHROMIUM_ROOT>/third_party/boringssl/src/oqs -DOQS_USE_OPENSSL=OFF
ninja && ninja install

While waiting for compilation, we can follow 5. Enable Quantum-Safe Crypto to modify the Chromium source code. Note in <CHROMIUM_ROOT>/third_party/boringssl/BUILD.gn, libs should be:

libs = ["//third_party/boringssl/src/oqs/lib/liboqs.a"]

After editing, we can generate OQS-BoringSSL build files for Chromium.

cd <CHROMIUM_ROOT>/third_party/boringssl
python3 src/util/generate_build_files.py gn

Last, we can set up the build.

gn args out/Default

Append following GN arguments:

is_debug = false
symbol_level = 0
enable_nacl = false
blink_symbol_level = 0
target_cpu = "x64"

Build OQS-Chromium.

autoninja -C out/Default chrome

If the build completes successfully, you should be able to visit https://test.openquantumsafe.org:6109/.

OQS-Chromium DevTools Security Tab
OQS-Chromium DevTools Security Tab