Bring QUIC Back

[pi-314159]

No description provided.

[pi-314159]

@bhess @baentsch Could you take a look at this?

[baentsch]

This looks complicated: Why not built to a name (and reference that below)?

[pi-314159]

updated

[baentsch]

Use name

[pi-314159]

updated

[baentsch]

Use name

[pi-314159]

updated

[baentsch]

Hmm -- this leaves users pretty much at their own devices... Other demos have USAGE.md files to help people getting going...

[pi-314159]

partially fixed by providing an example server configuration...
I think it's straightforward for users who have used nginx before...

[baentsch]

Thanks for the new integration @pi-314159 ! Do I get it right that this drops a QUIC-enabled client- and server- demo adding back only a server side?

Edit/add: I guess what I'm asking for is a (new) USAGE-QUIC.md file that tells people simply running the binary dockerimage how they can test-drive (and configure for all supported alg combinations) the image? Or don't you want to make this possible (as also the docker build-and-push CI commands are missing)?

[bhess]

Thank you for adding this QUIC-demo @pi-314159, this is really useful also as addition to the test server. Also tagging @ajbozarth who is looking at updating the oqs-demos.

Two remarks:

• Does USAGE.md warrant an update? (e.g. how to connect to nginx-quic with a client)
• Since this removes the demo in the quic-folder, does it provide the same functionality?

[baentsch]

this is really useful also as addition to the test server

Are you going to deploy this on the IBM test server instance @bhess or are you expecting someone else to write code, config and documentation?

[bhess]

Are you going to deploy this on the IBM test server instance @bhess

This was my thinking.

[pi-314159]

@baentsch @bhess

Does USAGE.md warrant an update? (e.g. how to connect to nginx-quic with a client)

I'll add a QUIC enabled curl Dockerfile in the curl folder after this PR gets merged.

Since this removes the demo in the quic-folder, does it provide the same functionality?

Previously, we were using quictls; BoringSSL lacked support for some algorithms. However, I plan to add hybrid algorithm implementations to BoringSSL this week.

Edit/add: I guess what I'm asking for is a (new) USAGE-QUIC.md file that tells people simply running the binary dockerimage how they can test-drive (and configure for all supported alg combinations) the image? Or don't you want to make this possible (as also the docker build-and-push CI commands are missing)?

One reason I didn't add such feature is that BoringSSL's bssl don't support creating X509 certificates. This means I'd also need to build the oqs-provider to generate a test certificate, which adds extra complexity. Instead, I can provide an nginx-quic-example.conf file to help with this.

[baentsch]

I'll add a QUIC enabled curl Dockerfile in the curl folder after this PR gets merged.

First removing the (old) QUIC demo completely before adding back functionality that has been removed doesn't sound good. If you'd like to proceed that way (this PR first, another PR later), then please remove the "quic removal" logic from this PR and add it to the second PR so we know the for sure we have a new demo replacing the old one functionally.

[pi-314159]

@baentsch and @bhess added curl

[baentsch]

@pi-314159 Thanks for the curl addition! I now pushed your code into the OQS repo. 2 reasons: 1) See CI run (hopefully not fail) and 2) ask you to check whether you now have the permissions to keep working on that branch (open-quantum-safe/tsc@e73b3d2 should have given you those rights). If that'd be OK, it'd be great if your new contributions could be done straight within OQS/oqs-demos such as for your jobs to also use the docker credentials upon push/PR. On that topic: Do you intend to add code to build and push the docker images? If so, also some code to test the resultant images? Examples for build-and-push in https://github.com/open-quantum-safe/oqs-demos/blob/main/.github/workflows/linux.yml and for testing in

oqs-demos/.circleci/config.yml

Lines 87 to 93 in e810c8a

	- run:
	name: Test nginx and curl generic
	command: |
	docker network create nginx-test &&
	docker run --network nginx-test --detach --rm --name oqs-nginx oqs-nginx-img &&
	sleep 2 &&
	docker run --network nginx-test oqs-curl-generic curl -k https://oqs-nginx:4433

(the latter of course just as reference; actual testing should be in GH CI as we want to move off CCI).

[pi-314159]

@baentsch I have the permission to merge.

I'm not very familiar with GitHub CI at the moment, so I'll take care of adding the code to build and push the Docker images a bit later. If that works for you, I'll go ahead and merge it now.

Also, please check the boringssl PR

[baentsch]

I'll take care of adding the code to build and push the Docker images a bit later.

Created #294 to do this "for good" for all docker image creation. So please add your code only to GH workflow files.

I'll go ahead and merge it now.

I'd have preferred to check everything's working locally (say in a docker network), but I assume you did (?) and don't find the time myself right now, so go ahead.

[pi-314159]

I assume you did (?) and don't find the time myself right now, so go ahead.

Yes I've tested these Dockerfiles on my machine. Please test them when you have time!