diff --git a/wireshark/Dockerfile b/wireshark/Dockerfile old mode 100755 new mode 100644 index 1592cb22..c903d053 --- a/wireshark/Dockerfile +++ b/wireshark/Dockerfile @@ -1,75 +1,144 @@ -# Define the wireshark version to be baked in. -ARG WIRESHARK_VERSION=3.4.9 +# This Dockerfile builds a Wireshark image with Open Quantum Safe (OQS) support. +# By integrating OQS, the resulting Wireshark build is capable of +# analyzing and handling post-quantum cryptographic protocols. -# Define the SSL naming convention: One of "wolfssl" and "oqs" -ARG QSC_SSL_FLAVOR="oqs" +ARG UBUNTU_VERSION=24.04 +ARG WIRESHARK_VERSION=4.4.1 +ARG INSTALLDIR=/opt/oqs -FROM ubuntu as intermediate -ENV DEBIAN_FRONTEND noninteractive +# Stage 1: Building stage +FROM ubuntu:${UBUNTU_VERSION} AS build +ENV DEBIAN_FRONTEND=noninteractive ARG WIRESHARK_VERSION -ARG QSC_SSL_FLAVOR - -RUN apt update && apt upgrade -y - -# Get all software packages required for building wireshark: -RUN apt install -y gcc g++ \ - libtool \ - automake \ - autoconf \ - cmake \ - ninja-build \ - git \ - curl \ - perl \ - flex \ - bison \ - 2to3 python2-minimal python2 dh-python python-is-python3 \ - python3 \ - libssl-dev \ - libgcrypt-dev \ - libpcap-dev \ - libc-ares-dev \ - qtbase5-dev qttools5-dev-tools qttools5-dev qtmultimedia5-dev \ - wget \ - libssh-dev - -# Get the source and unpack it. -WORKDIR /tmp -RUN curl --output wireshark-${WIRESHARK_VERSION}.tar.xz https://2.na.dl.wireshark.org/src/all-versions/wireshark-${WIRESHARK_VERSION}.tar.xz && tar xmvf wireshark-${WIRESHARK_VERSION}.tar.xz - -WORKDIR /tmp/wireshark-${WIRESHARK_VERSION} - -COPY wolfssl-qsc.h wolfssl-qsc.h - -# Decide on QSC naming/ID mapping -RUN if [ "x$QSC_SSL_FLAVOR" = "xoqs" ] ; then \ - wget https://raw.githubusercontent.com/open-quantum-safe/openssl/OQS-OpenSSL_1_1_1-stable/qsc.h; \ -elif [ "x$QSC_SSL_FLAVOR" = "xwolfssl" ]; then \ - mv wolfssl-qsc.h qsc.h; \ -else \ - echo "Unknown naming convention in QSC_SSL_FLAVOR ($QSC_SSL_FLAVOR). Exiting."; \ - exit 1; \ -fi - -# Patch QSC-specific ids into wireshark code base -RUN cp qsc.h epan/dissectors && \ - sed -i "s/#include \"config.h\"/#include \"config.h\"\n#include \"qsc.h\"/g" epan/dissectors/packet-pkcs1.c && \ - sed -i "s/#include \"config.h\"/#include \"config.h\"\n#include \"qsc.h\"/g" epan/dissectors/packet-tls-utils.c && \ - sed -i "s/oid_add_from_string(\"sha224\", \"2.16.840.1.101.3.4.2.4\");/oid_add_from_string(\"sha224\", \"2.16.840.1.101.3.4.2.4\");\nQSC_SIGS/g" epan/dissectors/packet-pkcs1.c && \ - sed -i "s/ { 260\, \"ffdhe8192\" }\, \/\* RFC 7919 \*\// { 260\, \"ffdhe8192\" }\, \/\* RFC 7919 \*\/\nQSC_KEMS/g" epan/dissectors/packet-tls-utils.c && \ - sed -i "s/ { 0x080b\, \"rsa_pss_pss_sha512\" }\,/ { 0x080b\, \"rsa_pss_pss_sha512\" }\,\nQSC_SIG_CPS/g" epan/dissectors/packet-tls-utils.c - -# Build wireshark -RUN mkdir -p build && cd build && cmake -GNinja -DCMAKE_INSTALL_PREFIX=/opt/wireshark .. && ninja && ninja install - -FROM ubuntu -ENV DEBIAN_FRONTEND noninteractive - -RUN apt update && apt upgrade -y && apt install -y qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libc-ares2 libqt5multimedia5 pcaputils libssh-dev - -# Only retain the ${INSTALLDIR} contents in the final image -COPY --from=intermediate /opt/wireshark /opt/wireshark - - -CMD /opt/wireshark/bin/wireshark +ARG INSTALLDIR + +# Install essential build dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + build-essential libtool automake autoconf cmake ninja-build \ + openssl libssl-dev git wget ca-certificates \ + python3 python3-pip python3-venv && \ + apt-get clean && rm -rf /var/lib/apt/lists/* + +WORKDIR /opt +# Set up isolated directories +# src for source files, build for compiling, and install for final binaries +RUN mkdir -p src/liboqs src/openssl src/oqs-provider src/wireshark \ + build/liboqs build/openssl build/oqs-provider build/wireshark \ + ${INSTALLDIR}/lib ${INSTALLDIR}/bin ${INSTALLDIR}/ssl + +# Download sources +WORKDIR /opt/src +RUN git clone --depth 1 https://github.com/open-quantum-safe/liboqs.git liboqs && \ + git clone --depth 1 https://github.com/openssl/openssl.git openssl && \ + git clone --depth 1 https://github.com/open-quantum-safe/oqs-provider.git oqs-provider && \ + wget -O wireshark.tar.xz https://www.wireshark.org/download/src/all-versions/wireshark-${WIRESHARK_VERSION}.tar.xz && \ + tar -xf wireshark.tar.xz --strip-components=1 -C wireshark && \ + rm wireshark.tar.xz + +# Build and install liboqs +WORKDIR /opt/build/liboqs +RUN cmake -G Ninja /opt/src/liboqs \ + -D CMAKE_INSTALL_PREFIX=${INSTALLDIR}/liboqs \ + -D BUILD_SHARED_LIBS=ON \ + -D OQS_USE_OPENSSL=OFF \ + -D CMAKE_INSTALL_RPATH="${INSTALLDIR}/liboqs/lib" && \ + ninja -j$(nproc) && ninja install + +# Build OpenSSL integrated with liboqs +WORKDIR /opt/build/openssl +RUN LDFLAGS="-Wl,-rpath,${INSTALLDIR}/liboqs/lib" \ + /opt/src/openssl/config \ + --prefix=${INSTALLDIR}/openssl \ + --openssldir=${INSTALLDIR}/ssl \ + shared && \ + make -j$(nproc) && \ + make install_sw install_ssldirs + +# Build OQS provider for OpenSSL integration +WORKDIR /opt/build/oqs-provider +RUN cmake -G Ninja \ + -D OPENSSL_ROOT_DIR=${INSTALLDIR}/openssl \ + -D CMAKE_PREFIX_PATH="${INSTALLDIR}/openssl;${INSTALLDIR}/liboqs" \ + -D CMAKE_INSTALL_PREFIX=${INSTALLDIR}/oqs-provider \ + -D CMAKE_INSTALL_RPATH="${INSTALLDIR}/openssl/lib:${INSTALLDIR}/liboqs/lib" \ + /opt/src/oqs-provider && \ + ninja -j$(nproc) && \ + mkdir -p ${INSTALLDIR}/openssl/lib/ossl-modules && \ + cp /opt/build/oqs-provider/lib/oqsprovider.so ${INSTALLDIR}/openssl/lib/ossl-modules + +# Set up OpenSSL to load the OQS provider +RUN CONFIG_FILE="${INSTALLDIR}/ssl/openssl.cnf" && \ + sed -i "s/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect/g" "$CONFIG_FILE" && \ + sed -i "s/\[default_sect\]/\[default_sect\]\nactivate = 1\n\[oqsprovider_sect\]\nactivate = 1\n/g" "$CONFIG_FILE" + +# Using a script from Wireshark to install required build dependencies +WORKDIR /opt/src/wireshark +RUN ./tools/debian-setup.sh -y + +# Generate `qsc.h` +WORKDIR ${INSTALLDIR} +RUN cp /opt/src/oqs-provider/oqs-template/generate.yml ${INSTALLDIR} +COPY generate_qsc_header.py ${INSTALLDIR} +COPY qsc_template.jinja2 ${INSTALLDIR} +COPY requirements.txt ${INSTALLDIR} + +RUN python3 -m venv ${INSTALLDIR}/venv && \ + . ${INSTALLDIR}/venv/bin/activate && \ + pip install -r requirements.txt && \ + python ${INSTALLDIR}/generate_qsc_header.py && \ + deactivate + +RUN cp ${INSTALLDIR}/qsc.h /opt/src/wireshark/epan/dissectors/ + +# Modify Wireshark source files for post-quantum definitions +WORKDIR /opt/src/wireshark +RUN sed -i "s/#include \"config.h\"/#include \"config.h\"\n#include \"qsc.h\"/g" epan/dissectors/packet-pkcs1.c && \ + sed -i "s/#include \"config.h\"/#include \"config.h\"\n#include \"qsc.h\"/g" epan/dissectors/packet-tls-utils.c && \ + sed -i "s/oid_add_from_string(\"sha224\", \"2.16.840.1.101.3.4.2.4\");/oid_add_from_string(\"sha224\", \"2.16.840.1.101.3.4.2.4\");\nQSC_SIGS/g" epan/dissectors/packet-pkcs1.c && \ + sed -i "s/ { 260\, \"ffdhe8192\" }\, \/\* RFC 7919 \*\// { 260\, \"ffdhe8192\" }\, \/\* RFC 7919 \*\/\nQSC_KEMS/g" epan/dissectors/packet-tls-utils.c && \ + sed -i "s/ { 0x080b\, \"rsa_pss_pss_sha512\" }\,/ { 0x080b\, \"rsa_pss_pss_sha512\" }\,\nQSC_SIG_CPS/g" epan/dissectors/packet-tls-utils.c + +# Build and install Wireshark +WORKDIR /opt/build/wireshark +RUN cmake -G Ninja /opt/src/wireshark \ + -D QT5=OFF \ + -D QT6=ON \ + -D CMAKE_BUILD_TYPE=Release \ + -D CMAKE_INSTALL_PREFIX=${INSTALLDIR}/wireshark \ + -D CMAKE_PREFIX_PATH="${INSTALLDIR}/openssl;${INSTALLDIR}/liboqs" \ + -D CMAKE_INSTALL_RPATH="${INSTALLDIR}/openssl/lib:${INSTALLDIR}/liboqs/lib" && \ + ninja -j$(nproc) && ninja install + +# Test integration of OQS provider with OpenSSL +WORKDIR /opt/src/oqs-provider +ENV OPENSSL_CONF=${INSTALLDIR}/ssl/openssl.cnf +ENV OPENSSL_MODULES=${INSTALLDIR}/openssl/lib/ossl-modules +RUN mkdir -p _build +RUN ./scripts/runtests.sh -j$(nproc) + +# Stage 2: Minimal runtime image +FROM ubuntu:${UBUNTU_VERSION} AS runtime + +ENV DEBIAN_FRONTEND=noninteractive +ARG INSTALLDIR + +# Install necessary runtime dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + libc-ares2 pcaputils libssh-4 libgcrypt20 \ + libglib2.0-0 libpcap0.8 libspeexdsp1 zlib1g \ + libqt6core6 libqt6gui6 libqt6widgets6 libqt6printsupport6 \ + libqt6core5compat6 libqt6dbus6 libqt6multimedia6 libgpg-error0 && \ + apt-get clean && rm -rf /var/lib/apt/lists/* + +ENV PATH="${INSTALLDIR}/wireshark/bin:${INSTALLDIR}/openssl/bin:${PATH}" +ENV OPENSSL_CONF=${INSTALLDIR}/ssl/openssl.cnf +ENV OPENSSL_MODULES=${INSTALLDIR}/openssl/lib/ossl-modules + +# Copy essential files from build stage +COPY --from=build ${INSTALLDIR}/wireshark ${INSTALLDIR}/wireshark +COPY --from=build ${INSTALLDIR}/openssl ${INSTALLDIR}/openssl +COPY --from=build ${INSTALLDIR}/liboqs ${INSTALLDIR}/liboqs +COPY --from=build ${INSTALLDIR}/ssl ${INSTALLDIR}/ssl + +CMD ["wireshark"] \ No newline at end of file diff --git a/wireshark/README.md b/wireshark/README.md index aa2806fd..96748434 100644 --- a/wireshark/README.md +++ b/wireshark/README.md @@ -1,31 +1,91 @@ -# DEPRECATED +This project provides a Docker image to build [Wireshark](https://www.wireshark.org/) with quantum-safe cryptography +support through the [Open Quantum Safe (OQS) provider](https://github.com/open-quantum-safe/oqs-provider). This Docker +image allows Wireshark to analyze network traffic encrypted with post-quantum cryptographic protocols. -> [!Warning] -> This integration is currently not supported due to [the end of life of oqs-openssl111](https://github.com/open-quantum-safe/openssl#warning). +## Table of Contents -This directory contains a Dockerfile that builds wireshark that is patched to understand the OIDs and codepoints in TLS 1.3 that are supported by OQS-OpenSSL. +1. [System Requirements](#system-requirements) +2. [Quick Start Guide](#quick-start-guide) +3. [Project Components](#project-components) +4. [Running Wireshark with OQS](#running-wireshark-with-oqs) + - [Explanation of Docker Options](#explanation-of-docker-options) +5. [Testing Quantum-Safe Protocols](#testing-quantum-safe-protocols) +6[Build Configuration and Updates](#build-configuration-and-updates) -## Quick start +## System Requirements -1) Be sure to have [docker installed](https://docs.docker.com/install). -2) Run `docker build -t openquantumsafe/wireshark .` to create an QSC-enabled (codepoint and OID aware) wireshark docker image. +- **Docker**: Ensure [Docker](https://docs.docker.com/get-docker/) is installed and running on your system. +- **X-Window System (for GUI Display)**: + - **Linux**: Run `xhost +si:localuser:$USER` to allow Docker to access the display. + - **Windows/macOS**: Install an X server such as [VcXsrv](https://sourceforge.net/projects/vcxsrv/) (Windows) + or [XQuartz](https://www.xquartz.org/) (macOS) and start it, ensuring to **disable access control** and **disable + native OpenGL**. -## Usage +## Quick Start Guide -Information how to use the image is [available in the separate file USAGE.md](USAGE.md). +```bash +git clone https://github.com/open-quantum-safe/oqs-demos +cd oqs-demos/wireshark +docker build -t wireshark-oqs . +docker run --rm -it --net=host -e DISPLAY=: -v /tmp/.X11-unix:/tmp/.X11-unix wireshark-oqs +``` -## Build options +Replace `` with your IP address (e.g., `192.168.x.x`) and `` with your display port, +typically `:0`. -The Dockerfile provided allows for customization of the image built: +## Project Components -### WIRESHARK_VERSION +1. **Dockerfile**: Builds Wireshark with OpenSSL, liboqs, and OQS provider. +2. **generate_qsc_header.py**: Processes `oqs-provider/oqs-template/generate.yml` with the `qsc_template.jinja2` to generate `qsc.h`, +defining post-quantum KEMs and SIGs for Wireshark. -This permits changing the wireshark code base to be used. +## Running Wireshark -Tested default value is "3.4.9". +You can run the Wireshark Docker container on Linux, Windows, or macOS using the following command: -### QSC_SSL_FLAVOR + ```bash + docker run --rm -it --net=host -e DISPLAY=: -v /tmp/.X11-unix:/tmp/.X11-unix wireshark-oqs + ``` + Replace `` with your IP address (e.g., `192.168.x.x`) and `` with your display port, + typically `:0`. -Different quantum-safe TLS implementations have different names for the same algorithms. This option permits switching between them. Permitted values are "oqs" and "wolfssl". +### Explanation of Docker Options -Default is "oqs". +- `--net=host`: Shares the host network with the container. +- `-e DISPLAY`: Sets the display variable for GUI. +- `-v /tmp/.X11-unix:/tmp/.X11-unix`: Mounts the X11 Unix socket for GUI access. + +## Testing Quantum-Safe Protocols + +Once Wireshark is running, you can capture and filter quantum-safe cryptographic traffic. +At https://test.openquantumsafe.org, most quantum-safe algorithms from the NIST PQC competition are available for TLS +testing. As a client, we recommend using an OQS-enabled curl Docker image for a quick test. + +1. **Filter by Quantum-Safe Protocols**: Use the following Wireshark display filter: + ```plaintext + tls && ip.addr == + ``` + Replace `` with the IP address of `test.openquantumsafe.org`. + +2. **Test Quantum-Safe Connections**: + ```bash + docker run -it openquantumsafe/curl sh -c "curl -k https://test.openquantumsafe.org:6069 --curves kyber1024" + ``` + You can replace the port (e.g., `6069`) and the algorithm (e.g., `kyber1024`) in the command with the corresponding + values from the [Open Quantum Safe test page](https://test.openquantumsafe.org/). + +## Build Configuration and Updates + +Customize the build using the following Dockerfile arguments: + +- **`UBUNTU_VERSION`**: Specifies the Ubuntu version (default: latest stable). +- **`WIRESHARK_VERSION`**: Defines the Wireshark version to build. +- **`INSTALLDIR`**: Sets the installation path for OQS libraries (default: `/opt/oqs`). + +Use `--build-arg ARG_NAME=value` in the `docker build` command to adjust these values. + +To keep the build up-to-date, the `Dockerfile` and `generate_qsc_header.py` are designed for easy updates: + +- Update the Ubuntu and Wireshark versions by modifying the `UBUNTU_VERSION` and `WIRESHARK_VERSION` arguments. +- The `generate_qsc_header.py` script automatically fetches new OQS algorithms, ensuring the latest definitions are + included. \ No newline at end of file diff --git a/wireshark/USAGE.md b/wireshark/USAGE.md deleted file mode 100644 index f0cacdfb..00000000 --- a/wireshark/USAGE.md +++ /dev/null @@ -1,43 +0,0 @@ -# OQS-wireshark - -This docker image contains a version of [wireshark](https://www.wireshark.org/) built to also properly display quantum-safe crypto (QSC) TLS operations. - -To this end, it contains references to algorithms supported by [liboqs](https://github.com/open-quantum-safe/liboqs) and [OQS-OpenSSL](https://github.com/open-quantum-safe/openssl) from the [OpenQuantumSafe](https://openquantumsafe.org) project. - -The image is based on Ubuntu and requires the host to run the Unix X-Window system. - -## Quick start - -Execute this command to open the wireshark window on your host: - - docker run --net=host --privileged --env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw" openquantumsafe/wireshark - -Then proceed [using wireshark as usual](https://www.wireshark.org/docs/), e.g., by selecting a network interface to monitor/dissect. - -*Note*: You may need to grant permissions for Docker to access the X display: - - xhost +si:localuser:$USER - -## Suggested test - -At https://test.openquantumsafe.org most quantum-safe algorithms that are still part of the NIST PQC competition are available for TLS interoperability testing. - -As a client, we recommend using an OQS-enabled `curl` docker image that may be executed for a quick initial test as follows: - - docker run -it openquantumsafe/curl sh -c "curl -k https://test.openquantumsafe.org:6001 --curves frodo640aes" - -For more details regarding the client-side options, we recommend reviewing https://hub.docker.com/repository/docker/openquantumsafe/curl - -### Focus on quantum-safe data traffic - -In order to focus `wireshark` on the quantum safe TLS traffic generated by the above `curl` command, we recommend setting a wireshark display filter as follows - - ip.addr == 149.81.106.123 && tls - -which is the current IP address of the OQS interop test server at https://test.openquantumsafe.org. - -Other algorithms can be configured for use as per the [documentation for OQS-curl](https://hub.docker.com/repository/docker/openquantumsafe/curl) and the [OQS test server](https://test.openquantumsafe.org). - -When digging into the TLS traffic, the actual quantum-safe KEM algorithm requested can be seen within the Client and/or Server Hello messages (check "TLS->TLSv1.3 Record Layer->Handshake protocol->Extension: key share"). - -*Note:* `wireshark` might not recognize the TLS traffic as such due to the ports used at the OQS interoperability test server. In such case, enable the port of interest within the wireshark UI by adding it to the "SSL/TLS Ports" list (Edit->Preferences->Protocols->HTTP). diff --git a/wireshark/build.sh b/wireshark/build.sh deleted file mode 100755 index 87ebe53e..00000000 --- a/wireshark/build.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash - -# Define the wireshark version to be used -WIRESHARK_VERSION=3.4.9 - -# Define the SSL naming convention: One of "wolfssl" and "oqs" -QSC_SSL_FLAVOR="oqs" - -if [ $QSC_SSL_FLAVOR == "oqs" ]; then - # Obtain OQS-specific ids - wget https://raw.githubusercontent.com/open-quantum-safe/openssl/OQS-OpenSSL_1_1_1-stable/qsc.h -elif [ $QSC_SSL_FLAVOR == "wolfssl" ]; then - mv wolfssl-qsc.h qsc.h -else - echo "Unknown naming convention. Exiting." - exit -1 -fi - -sudo apt update && apt upgrade -y - -# Get all software packages required for building wireshark: -sudo apt install -y gcc \ - libtool \ - automake \ - autoconf \ - cmake \ - ninja-build \ - git \ - curl \ - perl \ - flex \ - bison \ - python \ - python3 \ - libssl-dev \ - libgcrypt-dev \ - libpcap-dev \ - libc-ares-dev \ - qtbase5-dev qttools5-dev-tools qttools5-dev qtmultimedia5-dev \ - libssh-dev - -# Get the source and unpack it. -curl --output wireshark-${WIRESHARK_VERSION}.tar.xz https://2.na.dl.wireshark.org/src/all-versions/wireshark-${WIRESHARK_VERSION}.tar.xz -rm -rf wireshark-${WIRESHARK_VERSION} -tar xmvf wireshark-${WIRESHARK_VERSION}.tar.xz - -cd wireshark-${WIRESHARK_VERSION} - -# patch wireshark code base with IDs -cp ../qsc.h epan/dissectors && \ - sed -i "s/#include \"config.h\"/#include \"config.h\"\n#include \"qsc.h\"/g" epan/dissectors/packet-pkcs1.c && \ - sed -i "s/#include \"config.h\"/#include \"config.h\"\n#include \"qsc.h\"/g" epan/dissectors/packet-tls-utils.c && \ - sed -i "s/oid_add_from_string(\"sha224\", \"2.16.840.1.101.3.4.2.4\");/oid_add_from_string(\"sha224\", \"2.16.840.1.101.3.4.2.4\");\nQSC_SIGS/g" epan/dissectors/packet-pkcs1.c && \ - sed -i "s/ { 260\, \"ffdhe8192\" }\, \/\* RFC 7919 \*\// { 260\, \"ffdhe8192\" }\, \/\* RFC 7919 \*\/\nQSC_KEMS/g" epan/dissectors/packet-tls-utils.c - sed -i "s/ { 0x080b\, \"rsa_pss_pss_sha512\" }\,/ { 0x080b\, \"rsa_pss_pss_sha512\" }\,\nQSC_KEMS/g" epan/dissectors/packet-tls-utils.c -# Build wireshark -mkdir -p build && cd build && cmake -GNinja .. && ninja - -# Install wireshark -# ninja install - diff --git a/wireshark/generate_qsc_header.py b/wireshark/generate_qsc_header.py new file mode 100644 index 00000000..61b7ea05 --- /dev/null +++ b/wireshark/generate_qsc_header.py @@ -0,0 +1,15 @@ +import yaml +from jinja2 import Environment, FileSystemLoader + +with open("generate.yml", "r") as file: + data = yaml.safe_load(file) + +env = Environment(loader=FileSystemLoader(".")) +template = env.get_template("qsc_template.jinja2") + +output = template.render(data=data) + +with open("qsc.h", "w") as output_file: + output_file.write(output) + +print("qsc.h has been successfully generated!") \ No newline at end of file diff --git a/wireshark/qsc_template.jinja2 b/wireshark/qsc_template.jinja2 new file mode 100644 index 00000000..443e133e --- /dev/null +++ b/wireshark/qsc_template.jinja2 @@ -0,0 +1,49 @@ +#ifndef QSC_H +#define QSC_H + +// (QSC_KEMS) +#define QSC_KEMS \ +{%- for kem in data.kems if kem.nid and kem.name_group %} + { {{- kem.nid -}},"{{- kem.name_group -}}"},\ {# Notice the removal of space before `}` #} + {%- if kem.nid_hybrid %} + { {{- kem.nid_hybrid -}},"p{{- kem.nid_hybrid|int('16')|length * 64 -}}_{{- kem.name_group -}}"},\ + {%- endif %} + {%- if kem.extra_nids %} + {%- for extra in kem.extra_nids.current if extra.nid and extra.hybrid_group %} + { {{- extra.nid -}},"{{- extra.hybrid_group -}}_{{- kem.name_group -}}"},\ + {%- endfor %} + {%- for extra in kem.extra_nids.old if extra.nid and extra.hybrid_group %} + { {{- extra.nid -}},"{{- extra.hybrid_group -}}_{{- kem.name_group -}}"},\ + {%- endfor %} + {%- endif %} +{%- endfor %} + + +// (QSC_SIGS) +#define QSC_SIGS \ +{%- for sig in data.sigs %} + {%- for variant in sig.variants if variant.oid and variant.name %} + oid_add_from_string("{{- variant.name -}}","{{- variant.oid -}}");\ + {%- if variant.mix_with %} + {%- for mix in variant.mix_with if mix.oid and mix.name %} + oid_add_from_string("{{- mix.name -}}_{{- variant.name -}}","{{- mix.oid -}}");\ + {%- endfor %} + {%- endif %} + {%- endfor %} +{%- endfor %} + + +// (QSC_SIG_CPS) +#define QSC_SIG_CPS \ +{%- for sig in data.sigs %} + {%- for variant in sig.variants if variant.code_point and variant.name %} + { {{- variant.code_point -}},"{{- variant.name -}}"},\ + {%- endfor %} + {%- for variant in sig.variants if variant.mix_with %} + {%- for mix in variant.mix_with if mix.code_point and mix.name %} + { {{- mix.code_point -}},"{{- mix.name -}}_{{- variant.name -}}"},\ + {%- endfor %} + {%- endfor %} +{%- endfor %} + +#endif // QSC_H diff --git a/wireshark/requirements.txt b/wireshark/requirements.txt new file mode 100644 index 00000000..c664af5e --- /dev/null +++ b/wireshark/requirements.txt @@ -0,0 +1,2 @@ +Jinja2 +PyYAML \ No newline at end of file diff --git a/wireshark/wolfssl-qsc.h b/wireshark/wolfssl-qsc.h deleted file mode 100644 index da21f895..00000000 --- a/wireshark/wolfssl-qsc.h +++ /dev/null @@ -1,36 +0,0 @@ -/* wolfSSL naming convention */ - -#define QSC_SIGS \ - oid_add_from_string("falcon_level1", "1.3.9999.3.1"); \ - oid_add_from_string("falcon_level5", "1.3.9999.3.4"); \ - oid_add_from_string("dilithium_level2", "1.3.6.1.4.1.2.267.7.4.4"); \ - oid_add_from_string("dilithium_level3", "1.3.6.1.4.1.2.267.7.6.5"); \ - oid_add_from_string("dilithium_level5", "1.3.6.1.4.1.2.267.7.8.7"); - -#define QSC_KEMS \ - { 532, "ntru_hps_level1" }, \ - { 533, "ntru_hps_level3" }, \ - { 534, "ntru_hps_level5" }, \ - { 535, "ntru_hrss_level3" }, \ - { 536, "saber_level1" }, \ - { 537, "saber_level3" }, \ - { 538, "saber_level5" }, \ - { 570, "kyber_level1" }, \ - { 572, "kyber_level3" }, \ - { 573, "kyber_level5" }, \ - { 12052, "p256_ntru_hps_level1" }, \ - { 12053, "p384_ntru_hps_level3" }, \ - { 12054, "p521_ntru_hps_level5" }, \ - { 12055, "p384_ntru_hrss_level3" }, \ - { 12056, "p256_saber_level1" }, \ - { 12057, "p384_saber_level3" }, \ - { 12058, "p521_saber_level5" }, \ - { 12090, "p256_kyber_level1" }, \ - { 12092, "p384_kyber_level3" }, \ - { 12093, "p521_kyber_level5" }, \ - { 0xfe0b, "falcon_level1" }, \ - { 0xfe0e, "falcon_level5" }, \ - { 0xfea0, "dilithium_level2" }, \ - { 0xfea3, "dilithium_level3" }, \ - { 0xfea5, "dilithium_level5" }, -