Home Explore Help
Register Sign In
Apq
/
SoftEtherVPN
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #2002 from siddharth-narayan/quantum-safe-key-agreement

Add Post Quantum key agreement
Ilya Shipitsin 1 year ago
parent
26c61b3213 68964ab0d7
commit
bc31a5cfd3
3 changed files with 17 additions and 1 deletions
Split View Show Diff Stats
  1. 8 0
      src/Mayaqua/Encrypt.c
  2. 5 1
      src/Mayaqua/Network.c
  3. 4 0
      src/Mayaqua/Network.h

+ 8 - 0
src/Mayaqua/Encrypt.c
View File 

@@ -88,6 +88,7 @@ int ssl_clientcert_index = 0;
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L

 static OSSL_PROVIDER *ossl_provider_legacy = NULL;

 static OSSL_PROVIDER *ossl_provider_default = NULL;

+static OSSL_PROVIDER *ossl_provider_oqsprovider = NULL;

 #endif

 

 LOCK **ssl_lock_obj = NULL;

@@ -3974,6 +3975,12 @@ void FreeCryptLibrary()
 
 		OSSL_PROVIDER_unload(ossl_provider_legacy);

 		ossl_provider_legacy = NULL;

 	}

+

+	if (ossl_provider_oqsprovider != NULL)

+	{

+		OSSL_PROVIDER_unload(ossl_provider_oqsprovider);

+		ossl_provider_oqsprovider = NULL;

+	}

 #endif

 }

 

@@ -3996,6 +4003,7 @@ void InitCryptLibrary()
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L

 	ossl_provider_default = OSSL_PROVIDER_load(NULL, "legacy");

 	ossl_provider_legacy = OSSL_PROVIDER_load(NULL, "default");

+	ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, "oqsprovider");

 #endif

 

 	ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL);

+ 5 - 1
src/Mayaqua/Network.c
View File 

@@ -11905,6 +11905,10 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 
 		Unlock(openssl_lock);

 	}

 

+	#if OPENSSL_VERSION_NUMBER >= 0x30000000L

+		SSL_set1_groups_list(sock->ssl, PQ_GROUP_LIST);

+	#endif

+	

 	if (sock->ServerMode)

 	{

 //		Lock(ssl_connect_lock);

@@ -11984,7 +11988,7 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 
 		//		Unlock(ssl_connect_lock);

 	}

 	else

-	{

+	{	

 		prev_timeout = GetTimeout(sock);

 		SetTimeout(sock, ssl_timeout);

 		// Client mode

+ 4 - 0
src/Mayaqua/Network.h
View File 

@@ -59,6 +59,10 @@ struct DYN_VALUE
 
 

 #define	DEFAULT_CIPHER_LIST			"ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDHE+AES256:DHE+AES256:RSA+AES"

 

+#if OPENSSL_VERSION_NUMBER >= 0x30000000L

+#define PQ_GROUP_LIST				"p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"

+#endif

+

 // SSL logging function

 //#define	ENABLE_SSL_LOGGING

 #define	SSL_LOGGING_DIRNAME			"@ssl_log"