The Open Quantum Safe project maintains a BoringSSL fork that supports quantum-safe algorithms. With this fork, we are able to build a Chromium that supports quantum-safe crypto algorithms. We will try to build the OQS-Chromium on Ubuntu since most Chromium development is done on it.
Before we start, we need to install tools that will be used later.
apt install cmake g++ ninja-build git wget golang-go python3
Next, we follow Google's instructions to install dept_tools and download the code. Once we have successfully downloaded the source code, we will switch from the Google's BoringSSL to OQS-BoringSSL. Assume <CHROMIUM_ROOT> is the the root directory of the Chromium source code.
cd <CHROMIUM_ROOT>/third_party/boringssl/src git remote add oqs-bssl https://github.com/open-quantum-safe/boringssl git fetch oqs-bssl git checkout -b oqs-bssl-master oqs-bssl/master
Now choose a new directory to build and install the liboqs.
git clone --branch main https://github.com/open-quantum-safe/liboqs.git cd liboqs && mkdir build && cd build cmake .. -G"Ninja" -DCMAKE_INSTALL_PREFIX=<CHROMIUM_ROOT>/third_party/boringssl/src/oqs -DOQS_USE_OPENSSL=OFF ninja && ninja install
While waiting for compilation, we can follow 5. Enable Quantum-Safe Crypto to modify the Chromium source code. Note in <CHROMIUM_ROOT>/third_party/boringssl/BUILD.gn, libs should be:
libs = ["//third_party/boringssl/src/oqs/lib/liboqs.a"]
After editing, we can generate OQS-BoringSSL build files for Chromium.
cd <CHROMIUM_ROOT>/third_party/boringssl python3 src/util/generate_build_files.py gn
Last, we can set up the build.
cd <CHROMIUM_ROOT> gn args out/Default
Append following GN arguments:
is_debug = false symbol_level = 0 enable_nacl = false blink_symbol_level = 0 target_cpu = "x64"
autoninja -C out/Default chrome
If the build completes successfully, you should be able to visit https://test.openquantumsafe.org:6109/.