Adding Locust as performance OQS tool

[davidgca]

Purpose:

The primary goal of this contribution is to enable Locust to perform quantum-safe load testing scenarios, utilizing quantum-safe cryptographic algorithms in TLS 1.3. This is achieved by building a Docker image that incorporates the OQS provider into the OpenSSL library used by Locust.

Key Changes:

• Dockerfile Creation: A Dockerfile is included to build a custom Locust image using OpenSSL v3 with OQS support, allowing quantum-safe operations.
• Quantum-Safe Load Testing: Locust is now capable of negotiating quantum-safe keys and using quantum-safe authentication methods.
• Configuration Options: Several environment variables are introduced to control key settings such as log levels, the number of workers, the target host, and the cryptographic curves used (e.g., kyber768).

An example:

[SWilson4]

Thanks for the PR, @davidgca! Would you be willing to list yourself as a maintainer of this new demo in the README? Also, please feel free to add yourself to the list of contributors in the same file :)

[davidgca]

Thanks for the PR, @davidgca! Would you be willing to list yourself as a maintainer of this new demo in the README? Also, please feel free to add yourself to the list of contributors in the same file :)

I assume you say adding directly to README for OQS Demo? I also add a new line for the new tool in the table

[davidgca]

As I comment briefly in the README, I decided to use subprocess with openssl s_client in this implementation to handle post-quantum cryptographic curves. The reason for this approach is that current Python libraries, such as urllib and gevent, do not yet support these cryptographic standards.

By invoking openssl through subprocess, we can leverage its built-in support for post-quantum curves and ensure secure communication during our performance tests. This allows us to test the behavior of our endpoints with these security protocols, without waiting for native support in Python libraries.

I also performed a test by recompiling Python with the OQS (Open Quantum Safe) version of OpenSSL to enable the necessary post-quantum curves. However, even as Python libraries evolve to support these curves, they will still rely on an underlying version of OpenSSL that supports post-quantum cryptography. So, even when native Python support is available, it will still be essential to ensure that the system's OpenSSL version has the required cryptographic capabilities.

[SWilson4]

Hi @davidgca, thanks for the updates. I left a few style-related comments/questions.

I also followed the instructions in locust/README.md but got a 100% error rate. Not sure if this is expected?

[SWilson4]

There is quite a bit of duplication between this file and locust/README.md. Could they be restructured to avoid this?

[davidgca]

Done in this commit

[SWilson4]

Where does this host URL come from?

[davidgca]

It is my internal OQS host URL, Fix in this commit

[davidgca]

Thanks for the PR, @davidgca! Would you be willing to list yourself as a maintainer of this new demo in the README? Also, please feel free to add yourself to the list of contributors in the same file :)

[davidgca]

Hi @davidgca, thanks for the updates. I left a few style-related comments/questions.

I also followed the instructions in locust/README.md but got a 100% error rate. Not sure if this is expected?

Not at all, 100% error not sounds good!. The first step (and most important) is build the docker image:
docker build -t oqs-locust:0.0.1 .
what error do you have? I have recompiled this image(using my linux laptop) and I don't have any issue, maybe something with the docker version (mine is 27.3.1), maybe some stuff with docker and ARM cores(if you are using an apple laptop )?