Bring QUIC Back

[pi-314159]

@bhess @baentsch Could you take a look at this?

[baentsch]

Thanks for the new integration @pi-314159 ! Do I get it right that this drops a QUIC-enabled client- and server- demo adding back only a server side?

Edit/add: I guess what I'm asking for is a (new) USAGE-QUIC.md file that tells people simply running the binary dockerimage how they can test-drive (and configure for all supported alg combinations) the image? Or don't you want to make this possible (as also the docker build-and-push CI commands are missing)?

[bhess]

Thank you for adding this QUIC-demo @pi-314159, this is really useful also as addition to the test server. Also tagging @ajbozarth who is looking at updating the oqs-demos.

Two remarks:

• Does USAGE.md warrant an update? (e.g. how to connect to nginx-quic with a client)
• Since this removes the demo in the quic-folder, does it provide the same functionality?

[baentsch]

this is really useful also as addition to the test server

Are you going to deploy this on the IBM test server instance @bhess or are you expecting someone else to write code, config and documentation?

[bhess]

Are you going to deploy this on the IBM test server instance @bhess

This was my thinking.

[pi-314159]

@baentsch @bhess

Does USAGE.md warrant an update? (e.g. how to connect to nginx-quic with a client)

I'll add a QUIC enabled curl Dockerfile in the curl folder after this PR gets merged.

Since this removes the demo in the quic-folder, does it provide the same functionality?

Previously, we were using quictls; BoringSSL lacked support for some algorithms. However, I plan to add hybrid algorithm implementations to BoringSSL this week.

Edit/add: I guess what I'm asking for is a (new) USAGE-QUIC.md file that tells people simply running the binary dockerimage how they can test-drive (and configure for all supported alg combinations) the image? Or don't you want to make this possible (as also the docker build-and-push CI commands are missing)?

One reason I didn't add such feature is that BoringSSL's bssl don't support creating X509 certificates. This means I'd also need to build the oqs-provider to generate a test certificate, which adds extra complexity. Instead, I can provide an nginx-quic-example.conf file to help with this.

[pi-314159]

@baentsch and @bhess added curl

[baentsch]

@pi-314159 Thanks for the curl addition! I now pushed your code into the OQS repo. 2 reasons: 1) See CI run (hopefully not fail) and 2) ask you to check whether you now have the permissions to keep working on that branch (https://github.com/open-quantum-safe/tsc/commit/e73b3d2147e704ce9686981f5a4a6239abf3eecf should have given you those rights). If that'd be OK, it'd be great if your new contributions could be done straight within OQS/oqs-demos such as for your jobs to also use the docker credentials upon push/PR. On that topic: Do you intend to add code to build and push the docker images? If so, also some code to test the resultant images? Examples for build-and-push in https://github.com/open-quantum-safe/oqs-demos/blob/main/.github/workflows/linux.yml and for testing in https://github.com/open-quantum-safe/oqs-demos/blob/e810c8a472b13b05b7505cafea10be816239df08/.circleci/config.yml#L87-L93 (the latter of course just as reference; actual testing should be in GH CI as we want to move off CCI).

[pi-314159]

@baentsch I have the permission to merge.

I'm not very familiar with GitHub CI at the moment, so I'll take care of adding the code to build and push the Docker images a bit later. If that works for you, I'll go ahead and merge it now.

Also, please check the boringssl PR

[baentsch]

I'll take care of adding the code to build and push the Docker images a bit later.

Created #294 to do this "for good" for all docker image creation. So please add your code only to GH workflow files.

I'll go ahead and merge it now.

I'd have preferred to check everything's working locally (say in a docker network), but I assume you did (?) and don't find the time myself right now, so go ahead.

[pi-314159]

I assume you did (?) and don't find the time myself right now, so go ahead.

Yes I've tested these Dockerfiles on my machine. Please test them when you have time!