Skip to content

This project explores how next-generation, quantum-resistant cryptographic algorithms can be integrated into real-world applications by leveraging the liboqs library from the Open Quantum Safe (OQS) project.

Notifications You must be signed in to change notification settings

hayyaaf/oqs-demos

 
 

Repository files navigation

openssl QUIC

oqs-demos

Purpose

A repository of instructions (with associated patches and scripts) to enable, through liboqs, the use of quantum-safe cryptography in various application software.

In most cases, Dockerfiles encode the instructions for ease-of-use: Just do docker build -t <package_name> .. For more detailed usage instructions (parameters, algorithms, etc.) refer to the README for each package. Pre-built Docker images may also be available.

As the level of interest in providing and maintaining these integrations for public consumption has fallen, the packages are tagged with the github monikers of the persons willing to keep supporting them or the term "Unmaintained". If that tag is listed, no github support for the integration is available and the code shall be seen as a snapshot that once worked only.

We are explicitly soliciting contributors to maintain those integrations labelled "Unmaintained".

Currently available integrations at their respective support level:

Build instructions Pre-built Docker image or binary files Support
curl Github: oqs-demos/curl Dockerhub: openquantumsafe/curl, Dockerhub: openquantumsafe/curl-quic curl Maintained: @baentsch, @pi-314159
Apache httpd Github: oqs-demos/httpd Dockerhub: openquantumsafe/httpd httpd Maintained: @baentsch
nginx Github: oqs-demos/nginx Dockerhub: openquantumsafe/nginx, Dockerhub: openquantumsafe/nginx-quic nginx Maintained: @baentsch, @bhess, @pi-314159
Chromium Github: oqs-demos/chromium (limited support) - Maintained: @pi-314159
Locust Github: oqs-demos/locust - locust Maintained: @davidgca
Wireshark Github: oqs-demos/wireshark Dockerhub: openquantumsafe/wireshark wireshark Maintained: @hayyaaf
OpenSSH Github: oqs-demos/openssh Dockerhub: openquantumsafe/openssh openssh Unmaintained
OpenVPN Github: oqs-demos/openvpn Dockerhub: openquantumsafe/openvpn openvpn Unmaintained
ngtcp2 Github: oqs-demos/ngtcp2 Dockerhub: Server: openquantumsafe/ngtcp2-server, Client: openquantumsafe/ngtcp2-client ngtcp2 Unmaintained
h2load Github: oqs-demos/h2load Dockerhub: openquantumsafe/h2load h2load Unmaintained
HAproxy Github: oqs-demos/haproxy Dockerhub: openquantumsafe/haproxy haproxy Unmaintained
Mosquitto Github: oqs-demos/mosquitto Dockerhub: openquantumsafe/mosquitto mosquitto Unmaintained
Epiphany Github: oqs-demos/epiphany Dockerhub: openquantumsafe/epiphany Deprecated
OpenLiteSpeed Github: oqs-demos/openlitespeed Dockerhub: openquantumsafe/openlitespeed Deprecated
Envoy Github: oqs-demos/envoy Dockerhub: openquantumsafe/envoy Deprecated
Unbound Github: oqs-demos/unbound Dockerhub: openquantumsafe/unbound Deprecated

It should be possible to use the openssl (s_client) and curl clients with all algorithm combinations available at the Open Quantum Safe TLS/X.509 interoperability test server at https://test.openquantumsafe.org (set up using oqs-provider v0.7.0 and liboqs v0.11.0) but no guarantees are given for software not explicitly labelled with the name of a person offering support for it. Since OQS-BoringSSL no longer maintains the same set of algorithms, software that depends on OQS-BoringSSL (e.g., nginx-quic and curl-quic) may not fully (inter)operate with the test server.

When updates to an integration with a Dockerfile are pushed to main, an updated latest image is pushed to DockerHub and ghcr.io with support for both x86_64 and arm64.

The build and test CI is run against the latest code in liboqs and oqs-provider weekly.

Contributing

Contributions are gratefully welcomed. See our Contributing Guide for more details.

License

All modifications to this repository are released under the same terms as liboqs, namely as described in the file LICENSE.

Team

Contributors to oqs-demos include:

Christian Paquin (Microsoft Research)
Dimitris Sikeridis (University of New Mexico / Cisco Systems)
Douglas Stebila (University of Waterloo)
Goutam Tamvada (University of Waterloo)
Michael Baentsch (baentsch.ch)
ISE @ FHNW (Fachhochschule Nordwestschweiz)
Anthony Hu (wolfSSL)
Igor Barshteyn
Chia-Chin Chung
Keelan Cannoo (University of Mauritius / Cyberstorm.mu)
Dindyal Jeevesh Rishi (University of Mauritius / cyberstorm.mu)
Dan Rouhana (University of Washington)
JT (Henan Raytonne Trading Company)
David Gomez-Cambronero (Telefonica Innovacion digital)
Khalid Alraddady (linkedin.com/in/khalid-alraddady)

Acknowledgments

Most effort in this project has been provided by individual contributors working in their own time and out of personal interest to see how PQ crypto integrates into existing software stacks.

This project is part of Open Quantum Safe.

About

This project explores how next-generation, quantum-resistant cryptographic algorithms can be integrated into real-world applications by leveraging the liboqs library from the Open Quantum Safe (OQS) project.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Dockerfile 55.4%
  • Shell 24.8%
  • Python 17.0%
  • Jinja 1.3%
  • Scala 1.2%
  • HTML 0.3%