Skip to content

Commit

Permalink
Add Khalid Alraddady (@Hayyaaf) to contributors list
Browse files Browse the repository at this point in the history 
Signed-off-by: Khalid <[email protected]>
  • Loading branch information
@Hawazyn
Hawazyn committed Nov 20, 2024
1 parent 02288bc commit c90a6b5
Show file tree
Hide file tree
Showing 4 changed files with 77 additions and 76 deletions.
42 changes: 22 additions & 20 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,32 +11,33 @@ A repository of instructions (with associated patches and scripts) to enable, th

In most cases, Dockerfiles encode the instructions for ease-of-use: Just do `docker build -t <package_name> .`. For more detailed usage instructions (parameters, algorithms, etc.) refer to the README for each package. Pre-built Docker images may also be available.

As the level of interest in providing and maintaining these integrations for public consumption has fallen, the packages are tagged with the github monikers of the persons willing to keep supporting them or the term "Unmaintained". If that tag is listed, no CI and github support for the integration is available and the code shall be seen as a snapshot that once worked only.
As the level of interest in providing and maintaining these integrations for public consumption has fallen, the packages are tagged with the github monikers of the persons willing to keep supporting them or the term "unsupported". If that tag is listed, no CI and github support for the integration is available and the code shall be seen as a snapshot that once worked only.

We are explicitly soliciting contributors to maintain those integrations labelled "unsupported".

Currently available integrations at their respective support level:

| | **Build instructions** | **Pre-built Docker image or binary files** | Support |
|-------------------|----------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -------- |
| **curl** | [Github: oqs-demos/curl](curl) | [Dockerhub: openquantumsafe/curl](https://hub.docker.com/repository/docker/openquantumsafe/curl), [Dockerhub: openquantumsafe/curl-quic](https://hub.docker.com/repository/docker/openquantumsafe/curl-quic) | Maintained: @baentsch, @pi-314159
| **Apache httpd** | [Github: oqs-demos/httpd](httpd) | [Dockerhub: openquantumsafe/httpd](https://hub.docker.com/repository/docker/openquantumsafe/httpd) | Maintained: @baentsch
| **nginx** | [Github: oqs-demos/nginx](nginx) | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx), [Dockerhub: openquantumsafe/nginx-quic](https://hub.docker.com/repository/docker/openquantumsafe/nginx-quic) | Maintained: @baentsch, @bhess, @pi-314159
| **Chromium** | [Github: oqs-demos/chromium](chromium) (limited support) | - | Maintained: @pi-314159
| **Locust** | [Github: oqs-demos/locust](locust) | - | Maintained: @davidgca
| **OpenSSH** | [Github: oqs-demos/openssh](openssh) | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh) | Unmaintained
| **OpenVPN** | [Github: oqs-demos/openvpn](openvpn) | [Dockerhub: openquantumsafe/openvpn](https://hub.docker.com/repository/docker/openquantumsafe/openvpn) | Unmaintained
| **ngtcp2** | [Github: oqs-demos/ngtcp2](ngtcp2) | Dockerhub: [Server: openquantumsafe/ngtcp2-server](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-server), [Client: openquantumsafe/ngtcp2-client](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-client) | Unmaintained
| **h2load** | [Github: oqs-demos/h2load](h2load) | [ Dockerhub: openquantumsafe/h2load](https://hub.docker.com/repository/docker/openquantumsafe/h2load) | Unmaintained
| **HAproxy** | [Github: oqs-demos/haproxy](haproxy) | [Dockerhub: openquantumsafe/haproxy](https://hub.docker.com/repository/docker/openquantumsafe/haproxy) | Unmaintained
| **Mosquitto** | [Github: oqs-demos/mosquitto](mosquitto) | [Dockerhub: openquantumsafe/mosquitto](https://hub.docker.com/repository/docker/openquantumsafe/mosquitto) | Unmaintained
| **Epiphany** | [Github: oqs-demos/epiphany](epiphany) | [Dockerhub: openquantumsafe/epiphany](https://hub.docker.com/repository/docker/openquantumsafe/epiphany) | Deprecated
| **OpenLiteSpeed** | [Github: oqs-demos/openlitespeed](openlitespeed) | [ Dockerhub: openquantumsafe/openlitespeed](https://hub.docker.com/repository/docker/openquantumsafe/openlitespeed) | Deprecated
| **Wireshark** | [Github: oqs-demos/wireshark](wireshark) | [Dockerhub: openquantumsafe/wireshark](https://hub.docker.com/repository/docker/openquantumsafe/wireshark) | Deprecated
| **Envoy** | [Github: oqs-demos/envoy](envoy) | [ Dockerhub: openquantumsafe/envoy](https://hub.docker.com/repository/docker/openquantumsafe/envoy) | Deprecated
| **Unbound** | [Github: oqs-demos/unbound](unbound) | [ Dockerhub: openquantumsafe/unbound](https://hub.docker.com/repository/docker/openquantumsafe/unbound) | Deprecated

It should be possible to use the openssl (s_client) and curl clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using `oqs-provider v0.7.0` and `liboqs v0.11.0`) but no guarantees are given for software not explicitly labelled with the name of a person offering support for it. Since [OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl) no longer maintains the same set of algorithms, software that depends on OQS-BoringSSL (e.g., nginx-quic and curl-quic) may not fully (inter)operate with the test server.
|-------------------|----------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------- |
| **curl** | [Github: oqs-demos/curl](curl) | [Dockerhub: openquantumsafe/curl](https://hub.docker.com/repository/docker/openquantumsafe/curl), [Dockerhub: openquantumsafe/curl-quic](https://hub.docker.com/repository/docker/openquantumsafe/curl-quic) | @baentsch, @pi-314159
| **Apache httpd** | [Github: oqs-demos/httpd](httpd) | [Dockerhub: openquantumsafe/httpd](https://hub.docker.com/repository/docker/openquantumsafe/httpd) | @baentsch
| **nginx** | [Github: oqs-demos/nginx](nginx) | [Dockerhub: openquantumsafe/nginx](https://hub.docker.com/repository/docker/openquantumsafe/nginx), [Dockerhub: openquantumsafe/nginx-quic](https://hub.docker.com/repository/docker/openquantumsafe/nginx-quic) | @baentsch, @bhess, @pi-314159
| **Chromium** | [Github: oqs-demos/chromium](chromium) (limited support) | - | @pi-314159 |
| **Locust** | [Github: oqs-demos/locust](locust) | - | @davidgca|
| **Wireshark** | [Github: oqs-demos/wireshark](wireshark) | - | @hayyaaf
| **OpenSSH** | [Github: oqs-demos/openssh](openssh) | [Dockerhub: openquantumsafe/openssh](https://hub.docker.com/repository/docker/openquantumsafe/openssh) | unsupported
| **Epiphany** | [Github: oqs-demos/epiphany](epiphany) | [Dockerhub: openquantumsafe/epiphany](https://hub.docker.com/repository/docker/openquantumsafe/epiphany) | unsupported
| **OpenVPN** | [Github: oqs-demos/openvpn](openvpn) | [Dockerhub: openquantumsafe/openvpn](https://hub.docker.com/repository/docker/openquantumsafe/openvpn) | unsupported
| **ngtcp2** | [Github: oqs-demos/ngtcp2](ngtcp2) | Dockerhub: [Server: openquantumsafe/ngtcp2-server](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-server), [Client: openquantumsafe/ngtcp2-client](https://hub.docker.com/repository/docker/openquantumsafe/ngtcp2-client) | unsupported
| **OpenLiteSpeed** | [Github: oqs-demos/openlitespeed](openlitespeed) | [ Dockerhub: openquantumsafe/openlitespeed](https://hub.docker.com/repository/docker/openquantumsafe/openlitespeed) | unsupported
| **h2load** | [Github: oqs-demos/h2load](h2load) | [ Dockerhub: openquantumsafe/h2load](https://hub.docker.com/repository/docker/openquantumsafe/h2load) | unsupported
| **HAproxy** | [Github: oqs-demos/haproxy](haproxy) | [Dockerhub: openquantumsafe/haproxy](https://hub.docker.com/repository/docker/openquantumsafe/haproxy) | unsupported
| **Mosquitto** | [Github: oqs-demos/mosquitto](mosquitto) | [Dockerhub: openquantumsafe/mosquitto](https://hub.docker.com/repository/docker/openquantumsafe/mosquitto) | unsupported
| **Envoy** | [Github: oqs-demos/envoy](envoy) | [ Dockerhub: openquantumsafe/envoy](https://hub.docker.com/repository/docker/openquantumsafe/envoy) | unsupported
| **Unbound** | [Github: oqs-demos/unbound](unbound) | [ Dockerhub: openquantumsafe/unbound](https://hub.docker.com/repository/docker/openquantumsafe/unbound) | unsupported


It should be possible to use the openssl (s_client), curl and GNOME Web/epiphany clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using `oqs-provider v0.6.1` and `liboqs v0.10.1`) but no guarantees are given for software not explicitly labelled with the name of a person offering support for it. Since [OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl) no longer maintains the same set of algorithms, software that depends on OQS-BoringSSL (e.g., nginx-quic and curl-quic) may not fully (inter)operate with the test server.

## Contributing

Expand Down Expand Up @@ -64,6 +65,7 @@ All modifications to this repository are released under the same terms as [liboq
Dan Rouhana (University of Washington)
JT (Henan Raytonne Trading Company)
David Gomez-Cambronero (Telefonica Innovacion digital)
Khalid Alraddady (linkedin.com/in/khalid-alraddady)

## Acknowledgments

Expand Down
2 changes: 2 additions & 0 deletions wireshark/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ ENV DEBIAN_FRONTEND=noninteractive
ARG WIRESHARK_VERSION
ARG INSTALLDIR

LABEL version="2"

# Install essential build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential libtool automake autoconf cmake ninja-build \
Expand Down
58 changes: 2 additions & 56 deletions wireshark/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,6 @@ This project provides a Docker image to build [Wireshark](https://www.wireshark.
support through the [Open Quantum Safe (OQS) provider](https://github.com/open-quantum-safe/oqs-provider). This Docker
image allows Wireshark to analyze network traffic encrypted with post-quantum cryptographic protocols.

## Table of Contents

1. [System Requirements](#system-requirements)
2. [Quick Start Guide](#quick-start-guide)
3. [Project Components](#project-components)
4. [Running Wireshark with OQS](#running-wireshark-with-oqs)
- [Explanation of Docker Options](#explanation-of-docker-options)
5. [Testing Quantum-Safe Protocols](#testing-quantum-safe-protocols)
6[Build Configuration and Updates](#build-configuration-and-updates)

## System Requirements

- **Docker**: Ensure [Docker](https://docs.docker.com/get-docker/) is installed and running on your system.
Expand All @@ -21,58 +11,14 @@ image allows Wireshark to analyze network traffic encrypted with post-quantum cr
or [XQuartz](https://www.xquartz.org/) (macOS) and start it, ensuring to **disable access control** and **disable
native OpenGL**.

## Quick Start Guide

```bash
git clone https://github.com/open-quantum-safe/oqs-demos
cd oqs-demos/wireshark
docker build -t wireshark-oqs .
docker run --rm -it --net=host -e DISPLAY=<your_host_ip>:<your_display_port> -v /tmp/.X11-unix:/tmp/.X11-unix wireshark-oqs
```

Replace `<your_host_ip>` with your IP address (e.g., `192.168.x.x`) and `<your_display_port>` with your display port,
typically `:0`.

## Project Components

1. **Dockerfile**: Builds Wireshark with OpenSSL, liboqs, and OQS provider.
2. **generate_qsc_header.py**: Processes `oqs-provider/oqs-template/generate.yml` with the `qsc_template.jinja2` to generate `qsc.h`,
defining post-quantum KEMs and SIGs for Wireshark.

## Running Wireshark

You can run the Wireshark Docker container on Linux, Windows, or macOS using the following command:

```bash
docker run --rm -it --net=host -e DISPLAY=<your_host_ip>:<your_display_port> -v /tmp/.X11-unix:/tmp/.X11-unix wireshark-oqs
```
Replace `<your_host_ip>` with your IP address (e.g., `192.168.x.x`) and `<your_display_port>` with your display port,
typically `:0`.

### Explanation of Docker Options

- `--net=host`: Shares the host network with the container.
- `-e DISPLAY`: Sets the display variable for GUI.
- `-v /tmp/.X11-unix:/tmp/.X11-unix`: Mounts the X11 Unix socket for GUI access.

## Testing Quantum-Safe Protocols

Once Wireshark is running, you can capture and filter quantum-safe cryptographic traffic.
At https://test.openquantumsafe.org, most quantum-safe algorithms from the NIST PQC competition are available for TLS
testing. As a client, we recommend using an OQS-enabled curl Docker image for a quick test.

1. **Filter by Quantum-Safe Protocols**: Use the following Wireshark display filter:
```plaintext
tls && ip.addr == <test.openquantumsafe.org IP>
```
Replace `<test.openquantumsafe.org IP>` with the IP address of `test.openquantumsafe.org`.

2. **Test Quantum-Safe Connections**:
```bash
docker run -it openquantumsafe/curl sh -c "curl -k https://test.openquantumsafe.org:6069 --curves kyber1024"
```
You can replace the port (e.g., `6069`) and the algorithm (e.g., `kyber1024`) in the command with the corresponding
values from the [Open Quantum Safe test page](https://test.openquantumsafe.org/).
## Usage
For detailed usage instructions, refer to [USAGE.md](USAGE.md).

## Build Configuration and Updates

Expand Down
Loading

0 comments on commit c90a6b5

Please sign in to comment.