Download OpenPACE¶
You can download the latest release of OpenPACE on Github. Older releases are still available on Sourceforge.
If you plan to make contribution, you can clone our git repository to later make a pull request on Github:
git clone https://github.com/frankmorgner/openpace.git
Alternatively, the current developement version is available as zip file or as precompiled Windows 32 bit binaries and 64 bit binaries.
Compiling and Installing OpenPACE¶
Setting up a development environment using Vagrant¶
The easiest way to setup a development or test environment is to use Vagrant 4 with VirtualBox 5. OpenPACE comes with a Vagrantfile which lets you setup a working environment with just one command. To create a Ubuntu based virtual machine, install all dependencies and compile OpenPACE, run the following command in the OpenPACE directory:
vagrant up
You then need to vagrant ssh
in order to access the VM. The
openpace
folder is shared between the host and the VM so any
changes you make on the host are immediately visible in the VM and vice versa.
Compiling on Linux, Unix and similar¶
OpenPACE uses the GNU Build System to compile and install. If you are
unfamiliar with it, please have a look at INSTALL
. If you can not find
it, you are probably working bleeding edge in the repository. Run the
following command in openpace
to get the missing standard
auxiliary files:
autoreconf --verbose --install
To configure (./configure --help
lists possible options), build and
install OpenPACE now do the following:
./configure
make
make install
OpenPACE depends on the OpenSSL 2 library. Since PACE uses CMAC and the Brainpool curves, OpenSSL is required with version 1.0.2 or later.
Furthermore, additional object identifiers from BSI TR-03110 1 are required. You have two options to get them to work:
Let OpenPACE load the object identifiers at runtime
Patch OpenSSL to include the identifiers
The first option allows you to install an unchanged version of OpenSSL to your
system. However, performance will be slightly worse and there are some
limitations. For example, you won’t be able to use the new NIDs as labels in a
switch statement and you need to make sure to call EAC_init()
first. For
patching OpenSSL we provide bsi_objects.txt
. You can configure
OpenPACE with --enable-openssl-install
, which will
automatically download, patch, build and install OpenSSL if needed.
The language bindings for Python, Java, … are currently disabled by default.
You need to explicitely configure OpenPACE to install them by using
--enable-python
, --enable-java
, … This requires SWIG to
be installed along with the language’s toolchain to build the bindings.
Compiling for Windows¶
Compiling with Visual Studio¶
A quick and dirty way without wasting too much time on setting up the development environment would be to compile the library by hand in the OpenSSL Windows binaries 6:
with installed - cd src
- cl /I%OPENSSL_DIR%\include /I. /DX509DIR=\"/\" /DCVCDIR=\"/\" %CL_OPTIONS% %OPENSSL_1_1_0_FLAGS% /c ca_lib.c cv_cert.c cvc_lookup.c x509_lookup.c eac_asn1.c eac.c eac_ca.c eac_dh.c eac_ecdh.c eac_kdf.c eac_lib.c eac_print.c eac_util.c misc.c pace.c pace_lib.c pace_mappings.c ri.c ri_lib.c ta.c ta_lib.c objects.c ssl_compat.c
- lib /out:libeacMT.lib ws2_32.lib ca_lib.obj cv_cert.obj cvc_lookup.obj x509_lookup.obj eac_asn1.obj eac.obj eac_ca.obj eac_dh.obj eac_ecdh.obj eac_kdf.obj eac_lib.obj eac_print.obj eac_util.obj misc.obj pace.obj pace_lib.obj pace_mappings.obj ri.obj ri_lib.obj ta.obj ta_lib.obj objects.obj ssl_compat.obj
- cl /I%OPENSSL_DIR%\include /I. libeacMT.lib %OPENSSL_DIR%\lib\VC\static\%LIBCRYPTO% user32.lib advapi32.lib crypt32.lib gdi32.lib %CL_OPTIONS% %OPENSSL_1_1_0_FLAGS% eactest.c vc.c ssl_compat.c
# The following has already been performed by make (see above)
# gengetopt.exe --include-getopt --file-name=cvc-print-cmdline --input=cvc-print.ggo
- cl /I%OPENSSL_DIR%\include /I. libeacMT.lib %OPENSSL_DIR%\lib\VC\static\%LIBCRYPTO% user32.lib advapi32.lib crypt32.lib gdi32.lib %CL_OPTIONS% %OPENSSL_1_1_0_FLAGS% cvc-print.c read_file.c cvc-print-cmdline.c vc.c
# The following has already been performed by make (see above)
# gengetopt.exe --include-getopt --file-name=cvc-create-cmdline --input= cvc-create.ggo
- cl /I%OPENSSL_DIR%\include /I. libeacMT.lib %OPENSSL_DIR%\lib\VC\static\%LIBCRYPTO% user32.lib advapi32.lib crypt32.lib gdi32.lib %CL_OPTIONS% %OPENSSL_1_1_0_FLAGS% cvc-create.c read_file.c cvc-create-cmdline.c vc.c
- cd ..
The setup of the environment variables can be found in our Windows CI script which includes all steps of this procedure.
Compiling the Python Bindings¶
Again, without further ado, we compile the bindings with the Developer Command prompt with installed Python 3:
- swig -python -outdir . -I.. eac.i
- cl /I%OPENSSL_DIR%\include /I%PYTHON_INCLUDE% /I..\..\src %CL_OPTIONS% %OPENSSL_1_1_0_FLAGS% /c eac_wrap.c ..\..\src\ssl_compat.c ..\..\src\vc.c
- link /out:_eac.pyd /dll eac_wrap.obj ssl_compat.obj vc.obj %PYTHON_LIB% ..\..\src\libeacMT.lib %OPENSSL_DIR%\lib\VC\static\%LIBCRYPTO% user32.lib advapi32.lib crypt32.lib gdi32.lib
- cd ..\..
The setup of the environment variables can be found in our Windows CI script which includes all steps of this procedure.