Create a binary of Chromium about oqs-demos HOT 11 CLOSED

Binary created for ubuntu18.04 and accessible at http://oqs-chrome.s3-website.us-east-2.amazonaws.com (I'm using this to learn S3...).

Caveat: This (256MB) binary won't run as-is :-(. Only when running with all build-components (config files, shared libs, etc), it runs OK. Problem: All this "stuff" is 2.2GB (also accessible over the above S3 location). I'm just not sure we want this: Who wants to download that much? Where do we want to store it? @dstebila @xvzcf : Comments?

from oqs-demos.

@dstebila @xvzcf Update: After failing with piecemeal additions to the main executable, I now removed piece-by-piece stuff from the full build that I thought isn't necessary to run chromium and it looks like I might have been successful: Please navigate to http://oqs-chrome.s3-website.us-east-2.amazonaws.com and you'll be given the opportunity to download a 118MB tar.gz: Please unpack that into a directory of your choice on an ubuntu18.04 Desktop installation and run "./chrome https://test.openquantumsafe.org": If all goes well, this will allow you to (QSC-)connect to the supported algorithms, e.g., https://test.openquantumsafe.org:6040/

from oqs-demos.

I was able to download and run Chromium, and I installed the OQS certificate. When I visit ecdsap256-x25519 (port 6001), it connects successfully. When I visit a post-quantum port, I get the attached error. Running on Ubuntu 18.04.5 after running apt update and apt upgrade.

from oqs-demos.

@dstebila Thanks for the test. That's not unexpected: My take is that this is a result of our "way-back" decision to eliminate on client-side indicating support for all OQS algs/curves. For BoringSSL (and thus also Chromium), the supported list is shown here if I understand things correct. @xvzcf : Correct?
All that said ---- I just realized the test server runs liboqs 0.4.0 and I built BoringSSL within Chromium against master which could cause arbitrary problems, of course. Whatever, I just now built a new Chromium using liboqs 0.4.0 (and the corresponding boringssl "1a39df938"): The behaviour doesn't change -- but again, as expected as per the above (also documented in the Chromium README and the BoringSSL Wiki). Ideas/suggestions welcome!
So I'm afraid, the answer is "Works as expected/designed". I'm also not happy, though, and would love an alternative way to enable all algorithms (like setting --curves in openssl).

from oqs-demos.

I'd forgotten that not all of the ports were supported in our Chromium. I was able to successfully connect to ecdsap256-p256_frodo640aes. Can you think of an easy way to make it clear which ones are supported? A start page in our custom Chromium? A big red box on the test.openquantumsafe.org landing page? Some kind of flag on the big table of algorithms?

from oqs-demos.

The easiest would be a link on the test server landing page pointing to the list of supported algorithms here. For those folks not reading text we could also add a flag "Chromium support" to the ports list -- but it would be set embarrassingly rarely. A more complete option to enable all algorithms would be to add an option to Chromium to change the default curves list via SSL_CTX_set1_groups_list. That however would necessitate understanding Chromium logic much more -- and necessitate people to read the documentation on (how to) set(ing) the curves list.
For now, I'd do option 1 and create an issue for option 3. Please let me know if you'd prefer option 2 (flags): I'd add that at the same moment then, too.

from oqs-demos.

I am not proposing we add an option to Chromium to change the default curves list.

Linking to a C file for the list of supported algorithms is slightly unfriendly; perhaps we can just manually type a list of supported algorithms into the landing page, and try to remember to update it if we ever make changes to the enabled algorithms in Chromium.

from oqs-demos.

The default curves list adaptation was my suggestion for a more flexible alternative to what we have now. I might create a low-priority issue.

For now, please check out the updated Caveats section at https://test.openquantumsafe.org : If OK, I'll change the generator code accordingly (but then again, maybe another issue to create a more sexy Web page for the test server would be in order, too).

from oqs-demos.

For now, please check out the updated Caveats section at https://test.openquantumsafe.org : If OK, I'll change the generator code accordingly (but then again, maybe another issue to create a more sexy Web page for the test server would be in order, too).

Good to me.

from oqs-demos.

@dstebila Please check https://github.com/open-quantum-safe/oqs-demos/releases/tag/v0.4.0 If this runs OK for you, let's close this issue.

from oqs-demos.

Works for me, thanks Michael!

from oqs-demos.