js331zc/MastersThesis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add bps project

Browse Source
This commit is contained in:
josi 2024-04-14 11:18:33 +02:00
parent e05eede82f
commit 41db2659c8
48 changed files with 3529 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/ECC/certificate-authority-options.conf Normal file
View File

@ -0,0 +1,27 @@
# JS 2024-02-08
# - doplnenie rozsirujucich parametrov pre CA certifikaty podla standardu
# x509v3, ktory sa v OpenSSL 3.2 vyuzíva by default
# - parameter 'basicConstraints = CA:true' musi byt definovany!
#
# Viac informacii:
# https://www.openssl.org/docs/manmaster/man5/x509v3_config.html
[req]
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
[req_distinguished_name]
C = US
ST = Fake State
L = Fake Locality
O = Fake Company
# OU = Org Unit Name
# emailAddress = info@example.com
CN = local.dev
[ v3_ca ]
basicConstraints = critical, CA:true
#subjectKeyIdentifier = hash
#authorityKeyIdentifier = keyid:always,issuer
#keyUsage = critical, digitalSignature, cRLSign, keyCertSign

8
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/ECC/client.ext Normal file
View File

@ -0,0 +1,8 @@
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = dev.mergebot.com
DNS.2 = dev.mergebot.com.192.168.1.19.xip.io

30
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/ECC/gen_cert_ECC.bat Normal file
View File

@ -0,0 +1,30 @@
:: Meno: Martin Janitor
:: Datum: 26.2.2023
:: Verzia: 1.0
:: Uprava: Modifikacia suboru postup pre uspesne
:: generovanie ECC certifikatov s vyuzitim
:: predpripravenych konfiguracnych suborov
rem Priklad postupu na vytvorenie ECC certifikatov
::----------------------------------------------
::1. Generovanie certifikatu autority
:: 1.1 Vygenerovanie sukromneho kluca autority pomocou krivky prime256v1
openssl ecparam -genkey -name prime256v1 -out myCA.key
:: 1.2 Vygenerovanie certifikatu autority s dobou platnosti 1 rok
openssl req -x509 -config certificate-authority-options.conf -new -nodes -key myCA.key -sha256 -days 365 -out myCA.pem
::2. Generovanie certifikatu servera
:: 2.1 Vygenerovanie sukromneho kluca servera pomocou krivky prime256v1
openssl ecparam -genkey -name prime256v1 -out server.key
:: 2.2 Vytvorenie ziadosti servera o podpis certifikatu autoritou
openssl req -config options.conf -new -key server.key -out server_ziadost.csr
:: 2.3 Vygenerovanie podpisaneho certifikatu autoritou s dobou platnosti 1 rok
openssl x509 -req -in server_ziadost.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out server.pem -days 365 -sha256 -extfile server.ext
::3. Generovanie certifikatu klienta
:: 3.1 Vygenerovanie sukromneho kluca klienta pomocou krivky prime256v1
openssl ecparam -genkey -name prime256v1 -out client.key
:: 3.2 Vytvorenie ziadosti klienta o podpis certifikatu autoritou
openssl req -config options.conf -new -key client.key -out klient_ziadost.csr
:: 3.3 Vygenerovanie podpisaneho certifikatu autoritou s dobou platnosti 1 rok
openssl x509 -req -in klient_ziadost.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out client.pem -days 365 -sha256 -extfile client.ext

12
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/ECC/options.conf Normal file
View File

@ -0,0 +1,12 @@
[req]
prompt = no
distinguished_name = req_distinguished_name
[req_distinguished_name]
C = US
ST = Fake State
L = Fake Locality
O = Fake Company
# OU = Org Unit Name
# emailAddress = info@example.com
CN = local.dev

8
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/ECC/server.ext Normal file
View File

@ -0,0 +1,8 @@
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = dev.mergebot.com
DNS.2 = dev.mergebot.com.192.168.1.19.xip.io

27
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/README.txt Normal file
View File

@ -0,0 +1,27 @@
Tento priecinok obsahuje konfiguracne subory spolu so skriptom, ktory umoznuje
generovanie PQ algoritmov.
Na generovanie PQ algoritmov je nutne aktivovat oqsprovidera. Navod na aktivaciu
sa nachadza v zlozke /oqsprovider/
Dostupne PQ algoritmy (20.02.2024)
- zalezi tiez na nastaveniach kniznic liboqs a oqs-provider viď https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md
dilithium2
dilithium3
dilithium5
falcon512
falcon1024
sphincssha2128fsimple
sphincssha2128ssimple
sphincssha2192fsimple
sphincssha2192ssimple
sphincssha2256fsimple
sphincssha2256ssimple
sphincsshake128fsimple
Nepodporovane algoritmy pri defaultnom nastaveni kniznice
sphincsshake128ssimple
sphincsshake192fsimple
sphincsshake192ssimple
sphincsshake256fsimple
sphincsshake256ssimple

27
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/certificate-authority-options.conf Normal file
View File

@ -0,0 +1,27 @@
# JS 2024-02-08
# - doplnenie rozsirujucich parametrov pre CA certifikaty podla standardu
# x509v3, ktory sa v OpenSSL 3.2 vyuzíva by default
# - parameter 'basicConstraints = CA:true' musi byt definovany!
#
# Viac informacii:
# https://www.openssl.org/docs/manmaster/man5/x509v3_config.html
[req]
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
[req_distinguished_name]
C = US
ST = Fake State
L = Fake Locality
O = Fake Company
# OU = Org Unit Name
# emailAddress = info@example.com
CN = local.dev
[ v3_ca ]
basicConstraints = critical, CA:true
#subjectKeyIdentifier = hash
#authorityKeyIdentifier = keyid:always,issuer
#keyUsage = critical, digitalSignature, cRLSign, keyCertSign

8
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/client.ext Normal file
View File

@ -0,0 +1,8 @@
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = dev.mergebot.com
DNS.2 = dev.mergebot.com.192.168.1.19.xip.io

30
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/gen_PQ_cert.bat Normal file
View File

@ -0,0 +1,30 @@
:: JS 2024-02-19
:: Skript na generovanie PQ certifikatov
:: Dostupne PQ algoritmy, ktore je mozne doplnat za prepinac -algorithm, sa nachadzaju v README
rem myCA
rem .....
openssl genpkey -algorithm dilithium5 -out myCA.key
openssl req -x509 -config certificate-authority-options.conf -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
rem server
rem ......
openssl genpkey -algorithm dilithium5 -out client.key
openssl req -config options.conf -new -key client.key -out client.csr
openssl x509 -req -in client.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out client.pem -days 1825
rem client
rem .......
openssl genpkey -algorithm dilithium5 -out server.key
openssl req -config options.conf -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out server.pem -days 1825
openssl verify -CAfile ./myCA.pem ./client.pem
openssl verify -CAfile ./myCA.pem ./server.pem
del *.csr

12
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/options.conf Normal file
View File

@ -0,0 +1,12 @@
[req]
prompt = no
distinguished_name = req_distinguished_name
[req_distinguished_name]
C = US
ST = Fake State
L = Fake Locality
O = Fake Company
# OU = Org Unit Name
# emailAddress = info@example.com
CN = local.dev

8
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/PQ/server.ext Normal file
View File

@ -0,0 +1,8 @@
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = dev.mergebot.com
DNS.2 = dev.mergebot.com.192.168.1.19.xip.io

27
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/RSA/certificate-authority-options.conf Normal file
View File

@ -0,0 +1,27 @@
# JS 2024-02-08
# - doplnenie rozsirujucich parametrov pre CA certifikaty podla standardu
# x509v3, ktory sa v OpenSSL 3.2 vyuzíva by default
# - parameter 'basicConstraints = CA:true' musi byt definovany!
#
# Viac informacii:
# https://www.openssl.org/docs/manmaster/man5/x509v3_config.html
[req]
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
[req_distinguished_name]
C = US
ST = Fake State
L = Fake Locality
O = Fake Company
# OU = Org Unit Name
# emailAddress = info@example.com
CN = local.dev
[ v3_ca ]
basicConstraints = critical, CA:true
#subjectKeyIdentifier = hash
#authorityKeyIdentifier = keyid:always,issuer
#keyUsage = critical, digitalSignature, cRLSign, keyCertSign

8
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/RSA/client.ext Normal file
View File

@ -0,0 +1,8 @@
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = dev.mergebot.com
DNS.2 = dev.mergebot.com.192.168.1.19.xip.io

24
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/RSA/gen_cert_RSA.bat Normal file
View File

@ -0,0 +1,24 @@
:: JS 2024-02-08
:: Zmena velkosti klucov z 1024 ma 2048 podla novych standardov OpenSSL 3.2
:: OpenSSL 3.2: The default SSL/TLS security level has been changed from 1 to 2
:: https://www.openssl.org/docs/man3.1/man3/SSL_CTX_set_security_level.html
rem myCA
rem .....
openssl genrsa -out myCA.key 2048
openssl req -x509 -config certificate-authority-options.conf -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
rem server
rem ......
openssl genrsa -out server.key 2048
openssl req -config options.conf -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out server.pem -days 1825 -sha256 -extfile server.ext
rem client
rem .......
openssl genrsa -out client.key 2048
openssl req -config options.conf -new -key client.key -out client.csr
openssl x509 -req -in client.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out client.pem -days 1825 -sha256 -extfile client.ext
del *.csr

12
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/RSA/options.conf Normal file
View File

@ -0,0 +1,12 @@
[req]
prompt = no
distinguished_name = req_distinguished_name
[req_distinguished_name]
C = US
ST = Fake State
L = Fake Locality
O = Fake Company
# OU = Org Unit Name
# emailAddress = info@example.com
CN = local.dev

8
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CERIFICATEs/RSA/server.ext Normal file
View File

@ -0,0 +1,8 @@
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = dev.mergebot.com
DNS.2 = dev.mergebot.com.192.168.1.19.xip.io

385
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/CLIENT/client.c Normal file
View File

@ -0,0 +1,385 @@
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0
*/
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.5.3
*/
/*
JS 2024-03-04 - doplnenie funkcii pre uvolnenie nacitanych providerov
*/
/*
JS 2024-02-24 - funkcia initSSLContext() rozsirena o nacitanie OQS-providera
pre plne funkcne PQ algoritmy na kazdej platforme
- doplnene priklady nastavenia premennej DEFAULT_GROUPS
- testovane s oqsprovider 0.5.3
*/
/*
JS 2024-02-18 - testovanie PQ algoritmov s pouzitim oqs-providera
- uprava vypisu o pripojeni klienta
- pridane vypisy s informaciami o pouzivanych algoritmoch
pre KEX a certifikaty
- oprava kontroly navratovej hodnoty funkcii
SSL_CTX_use_certificate_file() a SSL_CTX_use_PrivateKey_file
*/
/*
JS 2024-02-08 testovane s aktualnou najnovsou verziou OpenSSL 3.2.1
*/
/*
MJ 2023-05-18 - Uprava funkcie printHeader()
-> Zmazanie SSL metody
-> Upraveny vypis ako spustit program
- Uprava funkcie initSSLContext() aby realizovala fixne iba TLS spojenie
-> pridanie argumentov do funkcie na nacitanie client.key, client.pem
- Uprava hlavnej funkcie main() na zaklade predoslej upravy (nastavenie fixne TLS)
-> Zmazanie premennej ctxMethod
-> Uprava argumentov [argv] - zmazanie TLS metody, pridanie suborov s klucmi
-> Pridanie premennych na nacitanie klucov: client_key, client_pem
(vid. komentare MJ)
*/
/*
MD 2021-03-29 testovane s aktualne najnovsou verziou OpenSSL v 1.1.1k
MD 2018-11-06 upravene pre linkovanie s OpenSSL 1.1.1
(pouzita metoda TLS_client_method)
MD 2018-11-02 vlozene upravy na odstraneie varovania a autentizaciu servera
vlozene upravy na realizaciu autentizacie klienta (nacitanie potrebnych certifikatov
a kluca)
odstranenie varovania o poradi hlavickovych suborov
(vid. komentare // MD)
*/
/** SSL/TLS Client
* SSL/TLS client demonstration. This source code is cross-plateforme Windows and Linux.
*/
// __unix__ is usually defined by compilers targeting Unix systems
#ifdef __unix__
# include <unistd.h>
# include <sys/socket.h>
# include <resolv.h>
# include <netdb.h>
# define SOCKLEN_T socklen_t
# define CLOSESOCKET close
// _Win32 is usually defined by compilers targeting 32 or 64 bit Windows systems
#elif defined _WIN32
// MD odstrani varovanie o potrebe prehodit poradie hlavickovych suborov
# define WIN32_LEAN_AND_MEAN
# include <windows.h>
# include <winsock2.h>
# define SOCKLEN_T int
# define CLOSESOCKET closesocket
#endif
#include <stdio.h>
#include <errno.h>
#include <malloc.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/provider.h>
#ifdef _WIN32
WSADATA wsa; // Winsock data
#endif
/* JS
Premenna na definovanie "exchange groups", algoritmov na vymenu klucov
Server moze podporovat viacero KEX/KEM algoritmov, v premennej musi byt kazdy
algoritmus oddeleny dvojbodkou, napr. "kyber512:bikel1"
Podporovane algoritmy je mozne ziskat prikazom "openssl list -kem-algorithms"
Prazdna premenna alebo naplnena neplatnymi protokolmi sposobi prerusenie aplikacie
Ak server a klient nenajdu spolocny KEX/KEM protokol, tak
SSL vyhodi chybu SSL routines:final_key_share:no suitable key share
Priklad pouzitia:
- klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072"
- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768"
Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md
POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0)
*/
#define DEFAULT_GROUPS "kyber512:X25519:kyber768"
#define DEFAULT_PORT 443
/**
* printUsage function who describe the utilisation of this script.
* @param char* bin : the name of the current binary.
*/
void printHeader(char* bin){
// JS update
printf("[?] Usage : %s <hostname> <port> <client_private_key> <client_public_key>\n", bin);
return;
}
/** JS update navratove hodnoty pri chybe
* makeClientSocket function who create a traditionnal client socket to the hostname throught the port.
* @param char* hostname : the target to connect to
* @param int port : the port to connect throught
* @return int socket ; the socket number created
*/
int makeClientSocket(const char *hostname, int port){
int sock;
struct hostent *host;
struct sockaddr_in addr;
#ifdef _WIN32
WSAStartup(MAKEWORD(2,0),&wsa);
#endif
if((host = gethostbyname(hostname)) == NULL ){
perror(hostname);
return -1;
}
sock = socket(PF_INET, SOCK_STREAM, 0);
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = *(long*)(host->h_addr);
if(connect(sock, (struct sockaddr*)&addr, sizeof(addr)) != 0){
CLOSESOCKET(sock);
perror(hostname);
return -1;
}
return sock;
}
/** JS update
* initSSLContext function who initialize the SSL/TLS engine with right method/protocol
* @param client_key name of file where is stored private key of client
* @param client_pem name of file where is stored public key of client
* @return SSL_CTX *ctx ; a pointer to the SSL context created
*/
SSL_CTX* initSSLContext(char* client_key, char* client_pem){
const SSL_METHOD *method;
SSL_CTX *ctx;
// initialize the SSL library
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
// MJ only TLS connection
method = TLS_client_method();
// create new context from selected method
ctx = SSL_CTX_new(method);
if(ctx == NULL){
ERR_print_errors_fp(stderr);
abort();
}
// MD zabezpecienie overenia certifikatu servera pomocou CA
if (SSL_CTX_load_verify_locations(ctx, "myCA.pem", 0)) {
printf("CA certificate loaded\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
}
else {
printf("\nCA certificate not loaded! Abort ...\n");
abort();
}
// MD nacitanie dat pre autentizaciu klineta
// MJ Update [Define Macro]
#ifdef AUTHENTICATION
int res = 0;
res = SSL_CTX_use_certificate_file(ctx, client_pem, SSL_FILETYPE_PEM);
if (res <= 0) {
// handle error
printf("\nCLIENT certificate not loaded! Abort ...\n");
abort();
}
res = SSL_CTX_use_PrivateKey_file(ctx, client_key, SSL_FILETYPE_PEM);
if (res <= 0) {
// handle error
printf("\nCLIENT key not loaded! Abort ...\n");
abort();
}
/* verify private key */
if ( !SSL_CTX_check_private_key(ctx) )
{
fprintf(stderr, "Private key does not match the public certificate\n");
abort();
}
printf("Certificate attached\n");
printf("\n");
#endif
return ctx;
}
/**
* showCerts function who catch and print out certificat's data from the server
* @param SSL* ssl : the SSL/TLS connection
*/
void showCerts(SSL* ssl){
X509 *cert;
char *subject, *issuer;
// get the server's certificate
cert = SSL_get_peer_certificate(ssl);
if(cert != NULL){
// JS get server's certificate algorithm name
int nid;
SSL_get_peer_signature_type_nid(ssl, &nid);
printf("Server signature algorithm: %s\n", OBJ_nid2sn(nid));
// get certificat's subject
subject = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
// get certificat's issuer
issuer = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
printf("[+] Server certificates :\n");
printf("\tSubject: %s\n", subject);
printf("\tIssuer: %s\n", issuer);
// Free memory
free(subject);
free(issuer);
X509_free(cert);
// check certificat's trust
if(SSL_get_verify_result(ssl) == X509_V_OK)
printf("[+] Server certificates X509 is trust!\n");
else
printf("[-] Server certificates X509 is not trust...\n");
}
else
printf("[-] No server's certificates\n");
return;
}
/**
* main function who coordinate the socket and SSL connection creation, then receive and emit
data to and from the server.
*/
int main(int argc, char **argv){
int sock, bytes, port;
SSL_CTX *ctx;
SSL *ssl;
char buf[1024];
char *hostname;
if(argc != 5){
printHeader(argv[0]);
exit(0);
}
// MJ Add keys for communication
char *client_key = argv[3];
char *client_pem = argv[4];
hostname = argv[1];
// Assign correct port number
port = (atoi(argv[2]) > 0 && atoi(argv[2]) < 65535) ? atoi(argv[2]) : DEFAULT_PORT;
// JS update
// Load default and OQS providers
// Default provider must be loaded before OQS provider
// Providers have to loaded before SSL/TLS engine initSSLContext()
OSSL_PROVIDER* provider;
provider = OSSL_PROVIDER_load(NULL, "default");
if (provider == NULL) {
printf("Failed to load Default provider\n");
exit(0);
}
OSSL_PROVIDER* custom_provider = OSSL_PROVIDER_load(NULL, "oqsprovider");
if (custom_provider == NULL){
printf("Failed to load OQS-provider\n");
OSSL_PROVIDER_unload(provider);
exit(0);
}
// load SSL library and dependances
ctx = initSSLContext(client_key, client_pem);
// make a classic socket to the hostname throught the port
sock = makeClientSocket(hostname, port);
// create new SSL connection state
ssl = SSL_new(ctx);
// JS set key exchange/encapsulation protocols supported by server
// Without this function, client will use default X25519 protocol
// First protocol supported by both server and client will be used for KEX/KEM
// Empty DEFAULT_GROUPS or list of unsupported protocol by server will fail communication
if (SSL_set1_groups_list(ssl, DEFAULT_GROUPS) != 1){
printf("KEX/KEM algorithms undefined - check DEFAULT_GROUPS variable\n");
ERR_print_errors_fp(stderr);
SSL_free(ssl);
SSL_CTX_free(ctx);
OSSL_PROVIDER_unload(provider);
OSSL_PROVIDER_unload(custom_provider);
exit(0);
}
// attach the socket descriptor
SSL_set_fd(ssl, sock);
// make the SSL connection
if(SSL_connect(ssl) == -1)
ERR_print_errors_fp(stderr);
else{
// JS get chosen (negotiated) key exchange/encapsulation algorithm name
printf("Used group (KEM): %s\n", SSL_group_to_name(ssl, SSL_get_negotiated_group(ssl)));
/*
if the server suddenly wants a new handshake,
OpenSSL handles it in the background. Without this
option, any read or write operation will return an
error if the server wants a new handshake.
*/
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
char msg[] = "ClientName";
printf("[+] Cipher used : %s\n", SSL_get_cipher(ssl));
// Show certificats data
showCerts(ssl);
// encrypt and send message
SSL_write(ssl, msg, strlen(msg));
// get response and decrypt content
bytes = SSL_read(ssl, buf, sizeof(buf));
buf[bytes] = 0;
printf("[+] Server data received : %s\n", buf);
// release SSL connection state
SSL_shutdown(ssl);
SSL_free(ssl);
}
// close socket
CLOSESOCKET(sock);
#ifdef _WIN32
WSACleanup();
#endif
// release SSL's context
SSL_CTX_free(ctx);
// JS Unload both providers
OSSL_PROVIDER_unload(provider);
OSSL_PROVIDER_unload(custom_provider);
return 0;
}

158
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/CLIENT/client.key Normal file
View File

@ -0,0 +1,158 @@
-----BEGIN PRIVATE KEY-----
MIIdOgIBADANBgsrBgEEAQKCCwcIBwSCHSQEgh0gZp18fUGtbxJx3z9zyHS1mAE4
HKZ08Z+mFY/KFU+uog6t1Bar7tHIQvlRcQnaId2g7wgYymC8XmoBCbz2FRMsfPNJ
HVlC4xiFMajG62Vd5ykGDYQRMU14FFva0Xpms7ZzwMhhpIBIWaaEiESRCJNRJIJE
kBhwZBgtEiVIFLNlCyJAWSBiGpWFEjggkzINEoZFCyMyG0GNmLaEowSAFBRIYBJq
SMJR08hx47Bw0xgSTAJSWiaNmUJq4QKRCyZFjCZuEiKSGzIgnARpJAaR3EBOCJJJ
CRkApEIJWgRSlBhxETIizDQI2iZEgSBKGScKiiggoUIMgCJg4JaNIjZS0KhEAzNE
SAYGggSEVLRoYkQMIhBtw7KImQIQIQNRSThuhJRgoARBEjMwFBEGjMhxi0BqG4OJ
HDZRmMZABDmBC6IRwSQtAsgE4wIEHBJC4bYwCZSRmDBxC5QpFEVFBKNFpEIg3EIJ
i5YsyKYhU6ZsCydxoySGw0BqGKNNRMAwECRs0TAGHEYBgqKFEbKA2YYM0ZBkAqOM
2xAlSkhiyggikRJOCbQhWSAiHCktkSZyXCJOYiZS0KJlS0QgBLdJBAZSIiiOyJBk
iUaEWDQFmkAt0JiRlBZhQzgpozRlVLIxIokQgpCQUSIKIKkN0DZgmxYQYQYKJEgJ
hDSFIDCGDMZMUygqwwIFjDQMAZQQWiQuGqaJoiKEWsYRkDRJpDJtgSRy2KBp0sRo
I5kRyRABCYFRm0YAWpBRIsRBE5AMySRqhJgx1IhlEJltI6CJIcFNIzguyzQOmbYh
iqiBCClQQDiJ4gAwTAZR4IBIlAIimIABFEVlArQIDJQAAUkBgjYMGQIomAIJXEhm
gAYCBMlNjCAiIRNgA7mB4zAFCzQuDCYulEhKEygkyCSBGqhA0hAt2IgB1MSEVLYA
gBZNJBQAUBRxiDCGIJiRCAUk2ChECcRxnEKKgZBFBIEwksKAW7hMAIFBIicGiSAE
ADAsIJgIiZYQS6CMUpJtIUZAI7hB2kgQGCJFpMCJ2CAKE8WRESMmCpNBHLQJixhS
ExgiiJBlG5YgExJSI6AMwSIsGBIhGgJBBKAgCiIAw0CGSRJSk4AtApGIHJEgIgCG
S0INy4BwmjAC2zKFm6ghnJRNCpNow4Yg1KSN4ARyECQioIBBwQCRoTgmJMWMIkOE
AZSR40hyCMJJCzRNRBRMBCMqgjIy5KANIAMO4qZBlCCGQSIu08BkGoRpkEhCG0Is
lIaN4igBpIQICCWBEZNFAjAlo0SCIkglIMkl2gRIE5aAIaiBC4VRUsgRIikRCwJA
0wIQQMAsTBKRZIYoiRAEG0BMVJIFUBJm0SRiIhlGJClyYxgw2bhwhMApRMAgI6BE
IEeMQjJMFICQCUGA4xBNjMQpW5gEmqQRYSgOJJUwEpYpU5YEJImRw0CKI7OMYUIx
0ZAtmqSFmLAEmbAFALaAFJBMGzAuISRu2hZF4ZaBwwZk5DZJAiYsAyIFEjNliMBN
4iIO4SZK2MYFwwIFGDGMSDQwyUgEohZBYoYhC4UB5DYwYQYxBCRoSwgyy8REQySF
mRhKIoAoosQhoDAAIsQloTCJQsZoIkcSlDZOE5VlCDKCA7UxGDMJC4cRQIZsWCRo
JMlMCzMw4gYGUkQwIKZkyyANIjZsDJIJGpFAJBRg0pBgkAJxEyICkSICGseA26gp
GASFJJEBAEMmISUOYUBAoSBQYrJJWQQCFMMglDQABBGA4hQFIqNsoBBtE8IBGJdM
ERkq2iaFRIYpgaCMUwhk4IhECiIu5EiMWhZE27ZxhCAxkkRlAAkoCSKQiAhMGikw
2yBu26Qx1CAwCJaB0ygyCLRkYMQsI6iNzDRmiqRhURBq0Rhh27YkiZIwYECA2Lgs
HCYC40SRHKNE0DQBUJiFGhFyhBRSVCQhICcO4AIhnKYQJLRtAwgp20KFFElNIrYl
BLIMDCeQkYBsk7RgUKgpAUElAcRwGkgCVBJqkagwI0MBAigs4IghmEZIggiBIDNs
GzANAzMtwraQSMJM4BZyBLMQ4AIIGQVwzEaCHMEpoE3SW3leDi1viwTBYqogAIbG
9p+DgOf4iTkDAaqdD0vXuPjfeL2RgHLaaMN97MZhOPNdFbfoj+ko9whBd9agXCMA
UFrkpOsINCUeUZ+/ix2CPrfdWdWMIX6gKnFW3e0SluHeN0+vXopMN/ktHaH5TAyg
8XDvCG3XGC+18LdRo6ScAHkwZqwYHP5ylXakN7USxujWXzJeEl6FwlDEqZj1m8Tx
enf31juWeNzFB/lwKZl+bb8zZ6mQOa8rVO6uOAjRhYb7OSaHVbktu8StqiBHD/5S
tqoY3q0lsELb/DGFLrT8sMWI2krpvtvhCdRDDCo9UVtDzsD4EFqvgsaBV7o2tw/p
F04TvT4Z4QDvG0LAH28uMz93bAdc8UOKa2TFcFSg1Fn539UZTRwKopdExppZVPpU
USgVslL9jd9F/e0sbpjoHIL4es/JPIt4ErF9p6oQgXLfasDnvdBQlW4WZ41a/T6S
/iawArA7gc7o8oi1K7A8m8YM49oP++6OWb2wn4vMGKwYBZnpc5kPx0UUHNONhNQd
BChY1uwobmCMRDtVZY1bdNcjuGwMxPJCx2bxpqHW2rOykgLa1FE2QlLbwFx9p7b4
K0WCK9X3iAXv0//dx0nV9SwllBlu2wc+D4sfvLUDrjnzHJAMSUux0ASfylS6jBgf
ic1kQDX7cHSrsjWZRayUOgNdwhritxDe5ICqPQH5bPFBSgCIO3e+s+rVsPE3M2VV
f59zadtFJWAAGcBkx2iI0FqgPHbfqAyISEFDMX9jk3+dnCDxqLEeO78RLNsArqhs
o3OYdPkGmR58UiN03fSQyVBjICP7lTYvQzIn4ojnqj/HwLF8RsTEzqGE9hExGab5
diwp1uep0Lhp3o+/DBbMjDWjRMv6KTSUnmTg7S+uPpI6ZaEL/YqvBYl8qRRl3FUO
dukMgW3xoJGrrN2hvvAeUKq7H4Mft/p/ZXgrLyvGwSwUN/k/MKCam2r1BvX/TfBR
iHKHBOBBGBZS6TT3D3RzR7YzAFezCjc/xaDIcErA/ifriSxrbtzWAXCCmxcSB/F0
y/g7XEUd+7HK1oT6LHHzonqLhslLMetJLjufOop1yL+xuXQjve/xIVU9DRNv35eW
hjlFBtAL2JSqN9oEbpAVjo9sXE9VCtHIS/lz8DbTQqJHITe4twMzGxzSW594g02Y
L/hsLdJocCiN7RpLoMQ43/MEX6R6cIttUzQ5bK959Pfm0PbbNgywXq/Ba87Y41Sc
vgnCcAl9QTX6Dqywkw1/oFNSDK7q8QarfCJ3weVjmxbUgfnDL6rV5/+Cw1Z14uu5
lYfOIrmEJb0MZ0+fFAmaBKGiCnKVhpiKUPapbrln4QJmMZYcng4ZsN6EGlFvlWJk
2h+Hg972bGkj6qTH9GxZV81qGZXduIKW2/v18Ib6sbrQWT4W7AM7dy8WFjyCpE7B
LVSLcBEiRyURbGwUIoU+NxO48a0jHM+czygD1ePQ7fRrXO6YWFK7ax7chuuAZAwT
CfJDhgc/5O0XmgtxVPeiwRjibegsoTov8BFxULz4hPxxewEPCsBCvRPCunC/1uYR
FvYNKjC9a8d8XRrVNkaXPkr/y8dSRmSEA0OYbHyi5gC6k6sV3e6jkwCKGOOT/EFM
rm9RwU1WAWLJYiTy/ZoqWvMziA2xmLhOq13Cy/iOuAz1ExfyhBHTdF76FH4keoGq
umZ4exRx+TrdwJenz/ao/DAxxtC+zx/aJKQkhdhpfKeJIGOjRBf07XLhMTh1HGOw
AIVvpmczZWa40uZ3gFqznpZgvjIfOAGmfMMjuQm7Q+xLF3GiY63ihYlFLDn8W9+8
DCMlhq1NZdm0nHRGwI/JzdigQ/F5iATQfZKSiYXC9isizLv2mK9Hq0mvUsm8BKym
/gXgKy4MF/XzpvNYKNO6wW/wOX/DREkHTOIPfuQVUTDXoVCm0DFrZlH3HqxXrjCl
SmBsX91O/TABotKDkqP7Bvu+2J0kIQvmB+ovcJV1ryd/mAfH/sIgodrhAgNJrEBE
k08QoFxctPdW1wSRt6fDpvvCKWCzvBhZKQHCnewV2mysNlvzH4hQS0N+Zg9NVLHK
2lmm8u/Eii+0ymvQ2BF5z3ip1Q216ZyGsB476zpm8c6BZPwH192eUedilpq7k/i8
dMbYdDSdpAYD65MRWSExF+sDSSxX9PMv3Z5Ldu1EjyV3OaJeWgjnTYvoFDakG094
qsYIU+UbglTRHTibAS375CF4WwAiEhCfgI6e2KM5Vf6TNbgPFgWEWM8XaSS45Ou+
oEfDu2Fuhdy1o6QXMXXCHjO0B6UirK1RjB9lm9A8+izCLLMk378NIu+LqPU3JobG
lyGUApROo+BpRmOfbRY71Dr0DJNQBAWnJKOSmTjWpQNwI6Pd20vY8N6ns/LBYcZ/
ma7Bxr3oc2csQ/jtmlG4we6cScgzzQ/+yjPOrnkXf+W+0aXn5C/sv2JLyqvytDXp
KMv/12Y7l64kd+fJ5OaoczD+WZmSFB/mbUJqqUmeA1NOCb72T9QH4YgEW3xJ6EUx
yauQVS2nUfIQqC9taLsH5gHqFjypmcryvZ/lqmxL7gDhletZ04oHV1O1uXGdoBEZ
tEJJmOKLAL1b+SNj7t+ssXDrPMhykvpD442BDarGQREwz8ZCHRHURvyMO6w00uyi
5msnXd4Iy42di8UoK4zkCYSsiugpFuAHNRc/vFFHxFInykAdI0oVGLJHA4xrqdOn
sEdAOq58qqacC3CsZaIc9QEYApJxl2q+wxq5tcH7Dm1Ix3hC0B2hDI4DIUjx+1RR
tfBHwuS6lqromJ7L8GS3FxJaWc9VhH48Cd6dN0H7kG0U74Epy90aeVpAYH6L3QbK
5zNHDn46d/CwVOJtJJu1eHwGLl/1wrVdhaH0wW7L4QL1s9noIoNA7X0DqT6wZ5mm
1zE3Pw0qqlWYzp97BlYJi+bgvpqvOKrOghtshSIe6WaFyxIcLZxT1u65G9fwJXFJ
g/i2IkCAHLKmTjuUk/2xtQ6o/WgEozY8U3tZAoEhcWp/EuoQ0hswZFOpQtk/a+6d
b8MDbOrpa8wV1D9DH7//GX/1oR3xnN7Ft2kFrQloAII7uutjtPfSrr9JpijqdONo
10GbJ4sANTgKpDc1sRLdAGeJJ7FbSqj1+tlOOohkCYjdyUK46pQ+SpvubYG5eXjS
b414J98o9hCbNOI4pGJiYHfxAoA7kknMruW2wqbP3szYjZt8vyM0GU1X0UfSEKQS
Ui5LY55qQsVhk+l45eXrSmy9nAMXXYnE8+GRrx1o+vfY8z7RYw1D6D6XtmT+wTto
exAmNiZvIaJIiAHkZysrToixag46Y6QFv6EGkKCVRMhzH1FCMI2MVWIabbwaNdA/
L8FLv5YgWtPk8H+Jxn0xUIAm/CsxML/I7QxEmO5FpnRlrjeZHqCP1LLB5kcan/mZ
3XkYBC4ogCxYcL+sjuO8SjtZ0gTEdA3ii5XpmNwAw4/CGZou3/r+jc3sZHCYm6sm
zN5mUkmQF/y3An7U0pMU15O7siV1cyq/+Y7WaJHMsC/Rkkp5H/rRE48H3G4FgBnk
1236yufmebkYgTzt5A4lNg5yTXeAOwA/eS4OZ0ZNJ7cIwU7nu1F4be/N3lqCyRUr
yDcrFOAtL7fVLFyhCXipua9qCo8RDtRbUBWZTG1ObiDTHLR5fpSq0IrECc1v9jvo
F1ja/YzzvdfZN3t4ZAiEzQLBXUgiMtfwN7c+zot6V/LTaDk+gWMLaE7nnFMS5Leg
SRehg04Z64RK9rXXJFBvMZDO1Q1tvoi2oNMAHixkyOqq7PhHTF4Cxrx3gMeY8tIt
lDij6ZiwY5SdhjzrWePX5jbM4RW69ntZJUa/LJ/QVb8ALcMI+fAUftJnDpitbGRE
mqMVmllZNdzRzvgxh2Dp9uhmcxqNhbLwdWZdghRFcsXAYydQIQLOvZEenEAjCOFX
Rn/Isde7qmWcFHHrrazfetl/DRmK7IPvhe9r7SYNPHsLknCzT7vDwrc9fLDiHtMB
4oe0ykM7r32ZKeby1L+BLBl9ESQPt5dxpE1/f2tlxfuFEJSK1+NBoxpMSRxHNQ6D
iudsp1cs4lODXzz53+Zju2Q0maP5Fd9oCRoGrotADW84ZmY/KtWgh2d3908JF8OJ
QMwc1bGTNttdexHNq/JUciOGN8fcfTP6h3WphTgqXsT2gmTOk3UfXIYJyf3tN81P
NNQSBAkwmNgW21k4ubkFbcZepcidpKLyYA+oF4wW8zkT5PIQdDzs4YFyfjCUhyKK
j1sog+lyAhfZDa1jEvZP+cNaMckCGESJO7a0ndLL1s5+t6cSNSRWkZba6C+gtqQw
QA+nGPY9wtQpyRE+qyrXy8HI+5ySNLXjlv2cxHvgH3UIXvWF+BCrZp28ViryTORn
T8aBQkxGiSH4Z2D74gONENfhPL+PalI11mDeL22gdNavU1YKCOiUcxQNHyOrTGad
fH1BrW8Scd8/c8h0tZgBOBymdPGfphWPyhVPrqIOtaElsEr5Mrv8CAHzey1mhyq5
KMGzQWm05liILYp10S9rQpfrA1nrGfUoTzuKGjIK/tlyy9CqmO8rTYlD+cHvk/P4
0W99QyNt/Z8qBQlG4uTePPkGG4gT1GDZNFZMDDdyVMZiZRreZNsQzf5N6l3dH4Iw
ZFuFtSk3YFLuKqPB3OBaqLx28VxMzT0oiXlhdZzP26wC2t+6R2nJFM0HNBFVAFEB
0WheaXUJMvm5A/64iQYZt5/vGc40feSXj6G2rhjAq7TUO34j+/InQe/fxks/+1Jm
JjzoM/xlSFpXjy8haLtt7NuE9pIZUt48ff0648gc/jS+JcYCq09prAES5Eqimyo6
uBTnLx8NXIX2FJUPGOA36qL/+tkb8uHxSTbvqU3DOOiEWhNpdjC8z5AVrA4G827G
is8ebw/4h5AhlAtE8BL+Ke1x0ft1bGgdu1inJ1Is8hZWil0GSOGg9JKeCN+Eb4S5
tDrKq+zZVIj+/tZDEyHg3uuuFxqXBiIIHieiJ2qxfAL0YJ/ydT5SaSVjT+HM0y7d
u/OdVjOAv98f8iNhyAWN9Nh1fqB28Z0zbVs1+hGpduQT/uUFIyrMukFTkOH4uWlL
VU3y5MDdy5gB5K1bFZE5VtggdmjgOvRP6PitS2e2NoI0LQZB2fZ1b4qrh1WoBHUi
BSiXcqaYNIOh1ODw8cYQI+4UkX/L3CxRBVwNqXyZGCSXL8nqpDP19Qkd1Sgoq36b
pm8wDV5Pt4QjSFSg+dD+teg345yszulrcccFoeyuqVJtwfeJmcGXcSwgK1WR3g71
PHZtHAHqqOSd/ZoddB6p/HpzVgMZYJmbDuwuUlUq9qMlzg9NFh/U4hqaKWno/Ejk
o+09geQ80nILmgNqCUjWEGJVFb2aPJeeHTKAF1abkZhp6PCzlbvPnHI6OF1kFDGt
6x4D51sHW4pBFOo26L8S1pEeNiaXwWVLcWt8gg6nsnzQ2SilfcNXUA8kId0TDpEv
5Lf6B5XFiXvjWq+oSYTgBEhHiYg1QQ3xi43KSNanmYdTUPlCWtfurclsihP1uVRn
8kFZDn2R77Mtv/M6Nw152XaN3Rsmcm7tGsdsyNFBEwFEhZYG3dw6T8At+kA5AQe0
5eW1QnBZRllTxDuP7EZ1afPAhknmT6zKLeuMd+z4ljVI9CBsy9fYRIHAuFuacicT
Il59tl0N5PUmEchhsD6doD6r7RVTA5XqMtkP6QNrLq7f+q4fLfRizE6Eqj5PE40S
TL+xhungduvxfcjHVKwpwuoYL3lnSt6CnEBBrAEG0ase1MGkW67KqRa6ltV0i9Mz
bl0fU5ShqwGJuqqXHh9e0yymVZkKWlY09aXayeBnwCisz2Q4kPgeBYjEYyJGJpDj
Y3KIOZNGpWJXYRECgFkU+/QBVBz+4rdUTBEzaD1uYFQ20WKX+afpi/7M//+DSYDk
oZadRR7j0B0B3yFVcz2/n8uPEK+zWSEhJ6teJYEz7VUdpJpCIlKLIw8sGdYrtCQ9
qwhJLjXBFfmaGdVqKlbjlVdpbTGMd3qwOmhYKvsZcbtVBficAn4Fm6WXf6CitRlM
0lODSuK0zB0AWvSGDver2/upMEDPtkJ4AKVu0MLfIliYBKoGZiQeAxapDfE88daz
5AkNw+zXKGDrUveED1khfN62hKdOhlQjmUm2y1oqbe+PbvGd04Tg43DOX5fTFeTS
0mL8N6OQplEt/5VU5Zedj1kvYW8YnNvWtCRc7RLAOvrpX+jrdAbs4l2qvX/IGS9f
FVokitMG+fV56KRAgS3YLBPe7sTazMJCZ1LhHK1fbuB/iqMHX3LwnEKTi3yec3Nc
2GO5USQvfZCguY55MzC4iDBTj9U7z8yYGpK1k3Gx1IwXsqOON/VIXrQqY9FAZLuY
P7yJ+Nqd2JcdjYSBIVO4nNx2l7fwvtJFfsxt20Hxg/dt0xkL8EiNNTDA8E3NLDSV
fiUXuWlm1fVYL07BJcvvQL58R9deAXMt/ErJs3H+DScdRuCk8ep037kuLnVFwVAy
OeEKkzb+MiZf63yGSswLR7vG8+xiZaSi0XFvRKJ61ihjOHCPUxDeLN7397Uuz2US
EZfaiDmh/c4Kw9JLISmZi2XbLCT3EEMH1mKX1sJQALzS1hHyqy08NilMb3UadCXu
IFCVdIZkVHr2KzrIW3mcbpV2FhiBKNGEO0UBA7cxehGMSLHEtNZXlctIsixqLeXV
3cW7AG0ZvNmIxJdL89g6OEOxeYcUhVzMsSXXGx8zA43HW+gvEp6ThUBqIbTBmze7
zNdT7xSyyD5O1KFgQA72zge/NLzZDo4GjH5nbD0zlRLkRJgVyi8VXZD5aujSX+X+
elR5LsSqN1r9mMPdqHtTz9cyidkg+XUxpVtRPJHm+woJF45ByYyv7pQBD8LuVEu5
gCnIjjxqhWfmVsVpJh4SvSpFGocy6tn4AJXMERN7eU0j0y8fJAoijJQblYpILAN8
qtIBa+Wv/Tbn9f2CtnkGn5MRfbM/v4U4FMP3H43m1Envh1YoiN5dN1PW10U+YkHk
30UjBs0xGin6PvgqM8ZP4X40v+MsbKO4uC0e0CT7SBeEgMesDU/xA7I8sxquQJ+6
u4sWbUOi70zY+QfhwuLceNk7fVsjZ/SEfallBbtxFQihApGSHmbLqrp4UD4qxtP+
QG0Kt8eB1BdwdfqzlFFi2QUWwKcQwYamNzKzARmDNMbM9PqG2XUIgduRdjjTbdLX
JoFoPhVzFQM+p9ISMfQXP9gH5xa38Y1hRUdMjpWSqThRRJ4CHGn8zW+N3C2L6KGa
yhKcFXxzi1sHhvplfFWlPzIEUPQ4mKvPvM7ya+Vqk2YrgrqpgxYZbd/2Z46cPHk8
OZAnseVFN9f+IIQp1Jv0FNXqctMIp7FLKLrxqIgwCORCkuBQeNF0CnxyBHr+ERyz
nJm3JKlAs+dOQ5IyV0fZa1feNWF3AW9gm/su5YTZQBRZQEG6tovwBQNIDp0k/u8g
C7vaODHE5/opXJNP/wwBIbVN1louLGY0LRuA+hNwW+dNgChARUu8aS3jpgaHMIm4
tDQ/MI10NdjJ/lgiZTGg0SgNtMu16Z/4+34BZXUYFK7eL0jXrFN6+FrxiPXCXGtI
6FUy7WtWFE+Qwzmcnwn30dL0CepqhtW8v7PIwXYQQrSkqpBls0bgMIHRzRJSMk15
KQuKQqOCOXHfmMOQRl1M1Bm+Q3S78yWsJwG8luTX96px/w81U8XWgafi3eo6dxAP
Ype3fHXIwNnxpbVbaLEnQRR17r9OcbUNowS6HE0yf8Bt/6eEHtKvgqSWiOuKQAqF
EspmOlWZA+g2RLbSYvDKddHD+LJklbpjWZti+ozWyipKZVCwc9zMVKQwmqsQ3gDQ
4NmurjIFqrwfhWgDOgtGAJn2DzktJJr/4mZPYwet13ZG/HKzAV1H28B5Kj+OFw==
-----END PRIVATE KEY-----

161
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/CLIENT/client.pem Normal file
View File

@ -0,0 +1,161 @@
-----BEGIN CERTIFICATE-----
MIIdnzCCC5SgAwIBAgIUJ85yF8KSw0QrCNIkQdmFpQeyNiUwDQYLKwYBBAECggsH
CAcwZTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcM
DUZha2UgTG9jYWxpdHkxFTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJ
bG9jYWwuZGV2MB4XDTI0MDIyMzEyMTMxNVoXDTI5MDIyMTEyMTMxNVowZTELMAkG
A1UEBhMCVVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcMDUZha2UgTG9j
YWxpdHkxFTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJbG9jYWwuZGV2
MIIKNDANBgsrBgEEAQKCCwcIBwOCCiEAZp18fUGtbxJx3z9zyHS1mAE4HKZ08Z+m
FY/KFU+uog61oSWwSvkyu/wIAfN7LWaHKrkowbNBabTmWIgtinXRL2tCl+sDWesZ
9ShPO4oaMgr+2XLL0KqY7ytNiUP5we+T8/jRb31DI239nyoFCUbi5N48+QYbiBPU
YNk0VkwMN3JUxmJlGt5k2xDN/k3qXd0fgjBkW4W1KTdgUu4qo8Hc4FqovHbxXEzN
PSiJeWF1nM/brALa37pHackUzQc0EVUAUQHRaF5pdQky+bkD/riJBhm3n+8ZzjR9
5JePobauGMCrtNQ7fiP78idB79/GSz/7UmYmPOgz/GVIWlePLyFou23s24T2khlS
3jx9/TrjyBz+NL4lxgKrT2msARLkSqKbKjq4FOcvHw1chfYUlQ8Y4Dfqov/62Rvy
4fFJNu+pTcM46IRaE2l2MLzPkBWsDgbzbsaKzx5vD/iHkCGUC0TwEv4p7XHR+3Vs
aB27WKcnUizyFlaKXQZI4aD0kp4I34RvhLm0Osqr7NlUiP7+1kMTIeDe664XGpcG
IggeJ6InarF8AvRgn/J1PlJpJWNP4czTLt27851WM4C/3x/yI2HIBY302HV+oHbx
nTNtWzX6Eal25BP+5QUjKsy6QVOQ4fi5aUtVTfLkwN3LmAHkrVsVkTlW2CB2aOA6
9E/o+K1LZ7Y2gjQtBkHZ9nVviquHVagEdSIFKJdyppg0g6HU4PDxxhAj7hSRf8vc
LFEFXA2pfJkYJJcvyeqkM/X1CR3VKCirfpumbzANXk+3hCNIVKD50P616DfjnKzO
6WtxxwWh7K6pUm3B94mZwZdxLCArVZHeDvU8dm0cAeqo5J39mh10Hqn8enNWAxlg
mZsO7C5SVSr2oyXOD00WH9TiGpopaej8SOSj7T2B5DzScguaA2oJSNYQYlUVvZo8
l54dMoAXVpuRmGno8LOVu8+ccjo4XWQUMa3rHgPnWwdbikEU6jbovxLWkR42JpfB
ZUtxa3yCDqeyfNDZKKV9w1dQDyQh3RMOkS/kt/oHlcWJe+Nar6hJhOAESEeJiDVB
DfGLjcpI1qeZh1NQ+UJa1+6tyWyKE/W5VGfyQVkOfZHvsy2/8zo3DXnZdo3dGyZy
bu0ax2zI0UETAUSFlgbd3DpPwC36QDkBB7Tl5bVCcFlGWVPEO4/sRnVp88CGSeZP
rMot64x37PiWNUj0IGzL19hEgcC4W5pyJxMiXn22XQ3k9SYRyGGwPp2gPqvtFVMD
leoy2Q/pA2surt/6rh8t9GLMToSqPk8TjRJMv7GG6eB26/F9yMdUrCnC6hgveWdK
3oKcQEGsAQbRqx7UwaRbrsqpFrqW1XSL0zNuXR9TlKGrAYm6qpceH17TLKZVmQpa
VjT1pdrJ4GfAKKzPZDiQ+B4FiMRjIkYmkONjcog5k0alYldhEQKAWRT79AFUHP7i
t1RMETNoPW5gVDbRYpf5p+mL/sz//4NJgOShlp1FHuPQHQHfIVVzPb+fy48Qr7NZ
ISEnq14lgTPtVR2kmkIiUosjDywZ1iu0JD2rCEkuNcEV+ZoZ1WoqVuOVV2ltMYx3
erA6aFgq+xlxu1UF+JwCfgWbpZd/oKK1GUzSU4NK4rTMHQBa9IYO96vb+6kwQM+2
QngApW7Qwt8iWJgEqgZmJB4DFqkN8Tzx1rPkCQ3D7NcoYOtS94QPWSF83raEp06G
VCOZSbbLWipt749u8Z3ThODjcM5fl9MV5NLSYvw3o5CmUS3/lVTll52PWS9hbxic
29a0JFztEsA6+ulf6Ot0BuziXaq9f8gZL18VWiSK0wb59XnopECBLdgsE97uxNrM
wkJnUuEcrV9u4H+KowdfcvCcQpOLfJ5zc1zYY7lRJC99kKC5jnkzMLiIMFOP1TvP
zJgakrWTcbHUjBeyo4439UhetCpj0UBku5g/vIn42p3Ylx2NhIEhU7ic3HaXt/C+
0kV+zG3bQfGD923TGQvwSI01MMDwTc0sNJV+JRe5aWbV9VgvTsEly+9AvnxH114B
cy38Ssmzcf4NJx1G4KTx6nTfuS4udUXBUDI54QqTNv4yJl/rfIZKzAtHu8bz7GJl
pKLRcW9EonrWKGM4cI9TEN4s3vf3tS7PZRIRl9qIOaH9zgrD0kshKZmLZdssJPcQ
QwfWYpfWwlAAvNLWEfKrLTw2KUxvdRp0Je4gUJV0hmRUevYrOshbeZxulXYWGIEo
0YQ7RQEDtzF6EYxIscS01leVy0iyLGot5dXdxbsAbRm82YjEl0vz2Do4Q7F5hxSF
XMyxJdcbHzMDjcdb6C8SnpOFQGohtMGbN7vM11PvFLLIPk7UoWBADvbOB780vNkO
jgaMfmdsPTOVEuREmBXKLxVdkPlq6NJf5f56VHkuxKo3Wv2Yw92oe1PP1zKJ2SD5
dTGlW1E8keb7CgkXjkHJjK/ulAEPwu5US7mAKciOPGqFZ+ZWxWkmHhK9KkUahzLq
2fgAlcwRE3t5TSPTLx8kCiKMlBuVikgsA3yq0gFr5a/9Nuf1/YK2eQafkxF9sz+/
hTgUw/cfjebUSe+HViiI3l03U9bXRT5iQeTfRSMGzTEaKfo++Cozxk/hfjS/4yxs
o7i4LR7QJPtIF4SAx6wNT/EDsjyzGq5An7q7ixZtQ6LvTNj5B+HC4tx42Tt9WyNn
9IR9qWUFu3EVCKECkZIeZsuqunhQPirG0/5AbQq3x4HUF3B1+rOUUWLZBRbApxDB
hqY3MrMBGYM0xsz0+obZdQiB25F2ONNt0tcmgWg+FXMVAz6n0hIx9Bc/2AfnFrfx
jWFFR0yOlZKpOFFEngIcafzNb43cLYvooZrKEpwVfHOLWweG+mV8VaU/MgRQ9DiY
q8+8zvJr5WqTZiuCuqmDFhlt3/Znjpw8eTw5kCex5UU31/4ghCnUm/QU1epy0win
sUsouvGoiDAI5EKS4FB40XQKfHIEev4RHLOcmbckqUCz505DkjJXR9lrV941YXcB
b2Cb+y7lhNlAFFlAQbq2i/AFA0gOnST+7yALu9o4McTn+ilck0//DAEhtU3WWi4s
ZjQtG4D6E3Bb502AKEBFS7xpLeOmBocwibi0ND8wjXQ12Mn+WCJlMaDRKA20y7Xp
n/j7fgFldRgUrt4vSNesU3r4WvGI9cJca0joVTLta1YUT5DDOZyfCffR0vQJ6mqG
1by/s8jBdhBCtKSqkGWzRuAwgdHNElIyTXkpC4pCo4I5cd+Yw5BGXUzUGb5DdLvz
JawnAbyW5Nf3qnH/DzVTxdaBp+Ld6jp3EA9il7d8dcjA2fGltVtosSdBFHXuv05x
tQ2jBLocTTJ/wG3/p4Qe0q+CpJaI64pACoUSymY6VZkD6DZEttJi8Mp10cP4smSV
umNZm2L6jNbKKkplULBz3MxUpDCaqxDeANDg2a6uMgWqvB+FaAM6C0YAmfYPOS0k
mv/iZk9jB63Xdkb8crMBXUfbwHkqP44Xo0IwQDAdBgNVHQ4EFgQUfwycYoZUFi62
NP6OlzPieGnT7dgwHwYDVR0jBBgwFoAUhYbPRDALyI1ALGoCVaAj4E8o8WcwDQYL
KwYBBAECggsHCAcDghH0AMax/S4g9OeWs5GQoOJfFEuAhyKcWkH7UMpuxvxjT5ES
GWG8bEH99QeSCOsV9VyzHpD1YFJj9mC/gZWf/nd8YxixJZHmZHdXzY622Mdfc04O
OILiQg27yjYBGOfXB5lg4xkB61uFGVfJ/d+4BVL1VrYbnUZxAbTS9Vu1kspSkmYd
PhyhWx7TvzvPuO2lX5PVSobSwDAKq5YVpeNbzJoMvOXNhCnY/r+QGMCiw9B6hYlW
DQ+YaQWtTBNDI0619MaltmKdbqT1glexvi6vg2NTtZV4qgdNYkpS7DwvpjE0G2Y2
ZTRjUfAhzc3uD/Q5nFqUzIjeTyFt/+KM3S7yWfarEreKekc9Nb9w2WZWsZEy2QbN
KTTw5O1D4Hyp0YTBvfWyEMbLhI4j3eXn5tobqKf71aIhAI5eMxxeFymL2+fxQW2j
hJ4H15kCYWtenerBszwWYdV0+wBraSTWlU382WdfrA9RC/wjw7+DpDr1c42uQkJT
uxoBAxf5RUC10x+/SDY7Nk07rAzJuQm1WT9LdQ9/hLhgKp9axBO33ihrrA+QTrPt
kRQCItrdSOjHQCT/yjgoR81C/k9quGPFrpbYJsRhrBEWv6Re2OrRqM+S+z1bEsKy
0xCEp/dYxmFHQG4j0yx95Zud48AxwM5Aa+WHBQhoLg/mKegYsMhSlcc8WZp3LP0z
w9/VydD/0NRLrJNO9QRKTubO7nkSQLJTIsIlSOkIEkhKXjdZcPEkbwKBx1Hg5N0n
kytz3akjKTqRAj+yB1HsveLZ1qL/K/qZwo1gKCX/52VfFcq4HKSEZKxyqQgpp7aS
NMqjrBU6QzI8L1yLbCqqRJHK3QmMwKpu+ejMciPfxAM4Gbjc7Ew+6Vr6aGiqFko1
4QP2VhvLGDQDzOPs1bYmyLX+IS1tbUUeYW01fOnrsIEPNHai6xz4CpLtwD/SF8fq
8Ycl+HcjUcAdHiM1Ho/5jIhiI8NxAFLX3mvEoyaS9/XMP43nknWiYeZ3iwigOpQ1
EU0sBeTzk/FLdKf7Qlz/8ia7USbPE+N40+VOL82xLw6nergRtB8z31iO/B1keJEH
E68tL1xXGf+klk+cAbxXbEfDX6t+l67rVBZW8pZUz7tytG3UpwbNAEYE93tcjDB7
5jpTuwXtbzVWAUHdD7iHUDXvYix37dBHggqLIkIMZ1EhisRPp44HrBgO8ssR1/bI
zGKmBr8C3vMMuYpKwFval5g2zy+jxhxRsiQlPJIs5dz1d0m3n3DOe1qpUWUe1AM1
SYcixMCRr/L8gz++ioQEj6wUi57wqyYnwT6b05uqLG4rrSNvIseCAnwIYhTj/fdc
gfsULbmD/3XtALGyvgcuCtiCks5N25EqRW01V/tKWZ0dOfy/Ffix3/PZYmjjv7te
f/pyYeAk3c/hklaJ2PTzJD8x0LYk5YEVg7pbPaNfqzLLPAcz1d3ZJ73UYHybsElY
oWCoKD4fM9BmXYaLTTJoxA8C2ve3OUszM9WRtZI25N9QnGJiUOxqur8F6svHjAjN
o9W3gW9ZRkhn2Z/rM20qNLIInr3WhYqBGJUUBgd/b1r3VaP2vMZvKqNKl4Zw5LmE
VcnYWOlSzBnZ1sr3XyEdErYUGAaKLDCpFNJZc4d7d4eysaw8OB5jzMyKNc+aBR1e
0ro1RsLv9C9+A2oUK+sHc7MLiywlTKfmUlZ4EUQfJARITB+rdfQpqk+njS9BuDmi
kCAliRc1DFGJlKLKPdUVek5GQwWw2NEfiq87Nqt37vWbY6WNykHjrNynfLnKA3Wl
wK9Bs7OOKz3IFPo06R+eMYr+S3mQEmzGBC8Tq4CZaW1HJDfPM/271/DovuUmQNDH
xMMpPeRYx/6yvSo/WAnPZONyRSJW2daLfOPyL63F9v9LNEQgBT2DtWD9/SaTKIe9
CG29y54pIyn874wCwMYo3v4XLQ24BPMAtyKtCkkKsZStC0ByqYTrDZ8gvE6a7A5U
Xz7/deo9BIMFiMexHfrfXcRsbM3GoQkzXd7Lha9OMVu69+urSvqTPFSIzRXL/qDW
n8pIyxiRtLkUTKryCLgVHI99DbgVpthfBe7rpMXkOoeWtf9i64LG5D4yFhH/5Ney
sY/cm0eBLer2TEqN8G9KTYBQFcokUr+b6bx9kHMs9p+8iABZejDthxPZtqxQafNW
3DRjl+NEpoFYXx6o7RaR/YYSnKqcI6hHJGbmLNEsw44d0qhXnhP201hc0p8+aY9s
ex0tQsMpEM4oVckbUPpNLj34hvEgpzhPFMAUqbv34ggZlN+esap6MhbLkKVZNbu1
KzV7CWvC5o6sUtscSGG5rmWOLh7mj9yPkhZ81D48xbfttx3t/H9iyrus0YyrPBXi
fzkfQFyWFaFKqUP42uYxx7mLsjR4iEPsgqCdvRWKJ1keSN87PKiUF0T388XQndOI
KlUUpWR6jJQZ/ex4idKtXRD0mvZ5N61UxUoARqKfKlYMMudvoWUd+boMNzMxoXgD
CTJbjTLoFRLzFCVEF3wcowHj00wJ8OOua53NuX5rCYiJJEnFpwBLfS1l9cGfdfk2
dyUGT2g1v6KSQv0Bn4uxOoiVlrQDcg2lMr+EyJkhmKhBNiF9r0aKypXU13WCOmXZ
CGowVrdeDe1XKgMU1N70NY4kv+ZKFHIF2WRKqE+/pvv/WV3Ve7P9HwNBCinMUkr6
Qw99WzIpdM74BbIUTw4YnULbPYknPdmDF79JezdoCppBI/3IWuWIHPrnnC52RRKX
YZmfHU4zkDdebwNh1ZvvaABqh3h7db6oevvVyxnWVbyo6qiybArTE2zHttTha+pj
PAGQtdYGvqXQl4qsWWuIwALuehZ8AF4x0Y5POBXxHDoTM5uj+4EqLfiFG4yqqoTY
Zeg4NVYpXWVTqgn/B32qeg2fxUgDjnoJw25yKWEiIFgiz0gheyTSitLmNWl6IK3s
kcx94zp72jqRYUT1Sq/bG3zThzN0YC5SOL49FZEUTjSVQp/VF7tSRQIhzcGIAgqu
gYVknDCn+VY4seR5KsATjAUPK2rvn1US0k1jqhhDhX5Z3F52q8LWfWThV2AImJkF
r4BBjp8zcVBxxCzvM6rCQ0l8gNHOrb4DqcsSw2FYxhDLUsBbfjRny7xEom1KOdj0
+/JdjEb9Nc6Bv5hjeU9fvr3kzb5ar6qQltjE3sEe0+e547u/D4f4WUruKvKvKvPa
6zVXRbTxWyZ/zORxnXGCXrfXuANlC4u+9mjvo6OKUSJ93Y2M9TIkmYXztW1f+Qzw
e830cjA0Un5+3V2B7jlVlJEqJd513I2H1HljuyFdnW9E0WP4wmZ63Y/S0CX5+6F7
MV4pkPzT1Ewgm1nkxizfk/u2QsMtiE2p5FgQytMBeiMcYFEJVG3mbBOUgcvc0UYs
Iqc1p0edq5rZ7dLBKP+23sbda3P2Zd1k6hU0qJOKpCctZA0lA7B4rDHz9yXxXfvf
z7pjdPGpN704MAWa9KQpjP/iHakHdMJZgOh0IEEFynhsnREw1IfbQkIa2gQrnmcy
QC1/UfF2i/K8K6mygK096xpqVDA1O61pMiQxCmrvIeuDK15HAyCziP4ggqm1j+Hp
zEBtX2V1xCBCtFYwV4SI1LtJsJrc0BZyzhtbQyVNmESn0HBLCrtZWnK9la561Z7H
maUchZeYnoZ4ije19Kc5543g+rU0nSetgUnIY5tbPGiHVQ52GLivmpXyPoGcJYSW
mMda+qLa/SMhyf3vjzfnu5a3jJRH9aVN8fnfn4q91LpHohbYwMgoQ7XYo3/HhFxe
Jpddt9Ej5Iy8A+yOc1NFKbr4jscyY4Me0E8+Jr2/Xa0niHDdzPkyzE4xuHTzKVwN
hpXWPSAN+b0e2OqH45opR8b2Snm2e1hJdsg2UkJZvbHxWZvBiWlQcR0Q5vPiJD23
OxeGoE79N4wUYe0crtxpABlfUL/gSx7ySPYyICF1hP6rKWa2LVxcqkxq7QRutT9+
GOZ5M6McbMVeYdxeh81Y4FZkfl+ljNX8MS4ofdmj2BlZw5OMouJ+AAuV3HR2PBvc
wJ/H0ZNM/zavr98Zy7IWZFiTG+f2c1jWKUwt/8VL6LlrRjUB5KyOd538jIJgO+BU
bv8KDDTyG6L0gVqYIsrh8qaKL4391XlTxG0aZ9s5zMPUKZU9z7R3M2t4b+B8/5sQ
OWlpIUWZVG+e3cpOBwQh81jhpyCUabJPSAlkUMLkinqX/lZm3hBSVX+pGLSuFCzi
edQBFxMkRuT+jG4xk8gT81Dx5E8MIzfFXbx/kS6Voki7OTS7K84K/J4ymMwz+DF9
Ew6PcQtU+mmBS678i1rC84XqmWaNGcE3aSGhj5/w/+TGvtg51QtSUIp0sL7cfksw
MbterlXqAMREk/n73X0EdFJRmFo2VmqWP1Tj/+cHGs6ECof6mhxHK0l1zmO/knWW
LevwxwDvFK1HO9QvXMsq3lmeiQ6jkfekmE8w5wfyUFGIL8Ks/sc0cyuBw6UBOs3G
eqGnAPtnb7qkjwMF6/e8rwFuhplUPph/4U6QI2ektoMC/lIZwP7edu/nUAkNQBCx
1rwb4SFT3MSVNE4ka42Uxhxk8IZ/GPosrSqPHhy9V2jS+nIGxjOVRPsKC1ktKAjF
/tDgPR/7eboIA8QZtsYCC/V/wjV53hYJk+SYT2hyrjqP+QGwJpz+566Nh++X5quN
oTLtiwsmV2WBKuGj/T7SwE+VhDMRsarzUNWJj3FLjmt6+f4l+it39IusdpN6QrCA
LfifmWgvJx0jzo4dy5HU4BYZ+/S6LNdblwrSADvx4a/i7BqHYDid++/nEb4BTFco
3aMy5V9iU803tbVIgoVqHlZiKOFJ8/itBhYdQrQPQODYj9Pr+3ed1Pv0/z30qume
h7qWsJq1Qub5jS2MkIlH3cVUCeST6YVCwMhccNQh3aQQW7ycGXzH0PdMnNVUet9n
z3W1aKVtZO0hH4IhOB7PRIGpVK97o5ZUVSMmfLDkk0RenAxWsS8TQtZZS+0ELvOF
V5fpvSVvN7HNk651PLyPGmPfPkdTb7hR1uAWQtI6o88IjfOS4KdZTMCdsatpbeg5
GGKejhMWxAQecC8ngMY55YwsFqDbJj3SeBwqfGCqHJz5kh0qRiBxTiO2KQEaddBQ
pcSIBSlD7jzQF5lQi9YjWJJxbxmFqAbzAgHIqPHf1N1D+pAvYUGcCD5MVeNaPHMq
ixEvYjbl8Xw62Dq8S4I6RFWsEh7E5geGNIvIxqbBEAK3q699Pj20hLYhOy4N/iBa
5m4A3K0Zz3aNERrVNVdnKNTITO1X162U5rRIjEEA/Hfmzf4g0ba88ipzQlUOteKU
9B2EHlJwkfRCaMM+tJnuZljsDs2Xcgu18YMHsjAtnIWHXolOEDLGoTI2y43FaOR4
RKUTAWgH0UA8/XTOl/gy0r16KkmyYMAHeLUCAGyD9ssJnlRZqzPp2q+RusgVmAJD
ZTJn96AJjxWX7h4e4QIYmdwAdqcMhKreTTj8Gd6dSsMrSz0/qmNCYE+XOk03pKJK
JUEmxBEyG+/ZZANDazsEdPkGYbUGUEA5aHCy//ubqh5IIdOpahgndG7O6W5TcmpW
dumnBG0eRPQAZVPPzZI2ZitYykgwCKEzatUmRgP6Ke5wgLF4zM/n2roJJ5ocw35/
UwgJ85eCGgtDz6K2/DtHx4o50f3ioqXb5wF+xIhLn6mfrtkEfMkeFMGD0KVHiZK/
4Ry2mh41i1Fw45oNRfd55j/tYaZmHG5vl9RZ0TuzM6muPmWNpiafNV60cjxa2Bvz
cZg/jPBwRLTmHiI2pDkTbQF4C/GORMC9cUsl7vwwF+KQwClFSy5F1AekCkIe74CZ
J/YvZuZ+PY3XXyMs5yXijr0bEV1GmzKDK9Qp5W8OPG6OlzMdL8aBudJCFVUy73oL
N7UHwbKc8awUs8i8A1xchzM/v/3ysIafjlFw9kXpOC1FpHIhBqvk295bv8tn+MlL
vaHwHedrxnB23D3lavs54snXqAoq0FaWa8/neXfKLKiHIOGWGhNxBS9Wzrgg4pP0
jUHWcm5jd2QDqUpsA38fhDpjZ+LlG0dcnswiPlJew+TlXoHAws0FEVXF4CgwQlxk
tM7ZOkNYanmL6ys/X2VmkaKz1Nvi6wAAAAAAAAAAAAAAAAAAAAAAAAAAAAUKERYb
Iyo2
-----END CERTIFICATE-----

453
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/SERVER/server.c Normal file
View File

@ -0,0 +1,453 @@
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0
*/
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.5.3
*/
/*
JS 2024-03-04 - doplnenie funkcii pre uvolnenie nacitanych providerov
*/
/*
JS 2024-02-24 - funkcia initSSLContext() rozsirena o nacitanie OQS-providera
pre plne funkcne PQ algoritmy na kazdej platforme
- doplnene priklady nastavenia premennej DEFAULT_GROUPS
- testovane s oqsprovider 0.5.3
*/
/*
JS 2024-02-18 - testovanie PQ algoritmov s pouzitim oqs-providera
- uprava vypisu o pripojeni klienta
- pridane vypisy s informaciami o pouzivanych algoritmoch
pre KEX a certifikaty
- oprava kontroly navratovej hodnoty funkcii
SSL_CTX_use_certificate_file() a SSL_CTX_use_PrivateKey_file
*/
/*
JS 2024-02-08 testovane s aktualnou najnovsou verziou OpenSSL 3.2.1
*/
/*
MJ 2023-18-05 - Uprava funkcie printHeader()
-> Zmazanie SSL metody
-> Upraveny vypis ako spustit program
- Zmazanie funkcii spojene s generovanim certifikatov
-> callbackGeneratingKey()
-> makekCert()
- Uprava funkcie loadCertificates() aby nacitavala kluce klienta a servera zo suboru
- Uprava funkcie initSSLContext() aby realizovala fixne iba TLS spojenie
- Uprava hlavnej funkcie main() na zaklade predoslej upravy (nastavenie fixne TLS)
-> Zmazanie premennej ctxMethod
-> Uprava argumentov [argv] - zmazanie TLS metody, pridanie suborov s klucmi
-> zmena nazvoslovia premennych na ulozenie klucov
MJ 2022-12-28 - Oprava Warningu vo funckii routine() vid tag MJ (vid. komentare MJ)
*/
/*
MD 2021-03-29 testovane s aktualne najnovsou verziou OpenSSL v 1.1.1k
MD 2018-11-07 Upravene pre linkovanie s OpenSSL v. 1.1.1
(pouzitie novej funkcie TLS_server_method)
MD 2018-11-02 Odstanene varovanie
dodane nacitanie CA certifikatu
dodany kod na realizaciu autentizacie klienta
(vid //MD)
*/
/** SSL/TLS Server
* SSL/TLS server demonstration. This source code is cross-plateforme Windows and Linux.
* Compile under Linux with : g++ main.cpp -Wall -lssl -lcrypto -o main
* Certificat and private key to protect transaction can be used from :
* - External(s) file(s), created with command : openssl req -x509 -nodes -newkey rsa:2048 -keyout server.pem -out server.pem
* - Internal uniq hardcoded certificat and private key, equal into each server instance
* - Randomly generated certificat and private key, best solution to used dynamic keying material at each server lauching.
*/
// __unix__ is usually defined by compilers targeting Unix systems
#ifdef __unix__
# include <unistd.h>
# include <sys/socket.h>
# include <arpa/inet.h>
# include <resolv.h>
# define SOCKLEN_T socklen_t
# define CLOSESOCKET close
// _Win32 is usually defined by compilers targeting 32 or 64 bit Windows systems
#elif defined _WIN32
// MD, odstrani varovanie o potrebe prehodit poradie hlavickovych suborov
# define WIN32_LEAN_AND_MEAN
# include <windows.h>
# include <winsock2.h>
# define SOCKLEN_T int
# define CLOSESOCKET closesocket
#endif
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include <malloc.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/provider.h>
#ifdef _WIN32
WSADATA wsa; // Winsock data
#endif
/* JS
Premenna na definovanie "exchange groups", algoritmov na vymenu klucov
Server moze podporovat viacero KEX/KEM algoritmov, v premennej musi byt kazdy
algoritmus oddeleny dvojbodkou, napr. "kyber512:bikel1"
Podporovane algoritmy je mozne ziskat prikazom "openssl list -kem-algorithms"
Prazdna premenna alebo naplnena neplatnymi protokolmi sposobi prerusenie aplikacie
Ak server a klient nenajdu spolocny KEX/KEM protokol, tak
SSL vyhodi chybu: "SSL routines:final_key_share:no suitable key share"
Priklad pouzitia:
- klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072"
- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768"
Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md
POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0)
*/
#define DEFAULT_GROUPS "kyber768:frodo976aes:kyber1024"
#define DEFAULT_PORT 443
/**
* printUsage function who describe the utilisation of this script.
* @param char* bin : the name of the current binary.
*/
void printHeader(char* bin){
// JS update
printf("[?] Usage : %s <port> <server_public_key> <server_private_key>]\n", bin);
return;
}
/**
* makeServerSocket function who create a traditionnal server socket, bind it and listen to it.
* @param int port : the port to listen
* @return int socket : the socket number created
*/
int makeServerSocket(int port){
int sock;
struct sockaddr_in addr;
#ifdef _WIN32
WSAStartup(MAKEWORD(2,0),&wsa);
#endif
sock = socket(PF_INET, SOCK_STREAM, 0);
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
if(bind(sock, (struct sockaddr*)&addr, sizeof(addr)) != 0){
perror("[-] Can't bind port on indicated port...");
abort();
}
if(listen(sock, 10) != 0){
perror("[-] Can't listening on indicated port...");
abort();
}
printf("\n");
printf("[+] Server listening on the %d port...\n", port);
printf("[+] Waiting for connection\n");
printf("\n");
return sock;
}
/** JS update
* initSSLContext function who initialize the SSL/TLS engine with right method/protocol
* SSL/TLS engine provided by PQ algorithms functions of OQS provider
* @return SSL_CTX *ctx : a pointer to the SSL context created
*/
SSL_CTX* initSSLContext(){
const SSL_METHOD *method;
SSL_CTX *ctx;
// initialize the SSL library
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
// MJ only TLS connection
method = TLS_server_method();
//printf("[+] Use TLS server method.\n");
// create new context from selected method
ctx = SSL_CTX_new(method);
if(ctx == NULL){
ERR_print_errors_fp(stderr);
abort();
}
return ctx;
}
/**
* loadCertificates function who load private key and certificat from files.
* 3 mecanisms available :
* - loading certificate and private key from file(s)
* - use embed hardcoded certificate and private key in the PEM format
* - generate random and dynamic certificate and private key at each server's launch instance.
* @param SSL_CTX* ctx : the SSL/TLS context
* @param char *server_pem : filename of the PEM certificat
* @param char *server_key : filename of the PEM private key
*/
void loadCertificates(SSL_CTX* ctx, const char* server_pem, const char* server_key){
if (SSL_CTX_use_certificate_file(ctx, server_pem, SSL_FILETYPE_PEM) != 1 ||
// namiesto MD SSL_CTX_use_RSAprivateKey_file
SSL_CTX_use_PrivateKey_file(ctx, server_key, SSL_FILETYPE_PEM) != 1)
{
ERR_print_errors_fp(stderr);
abort();
}
else
printf("[*] Server's certificat and private key loaded from file.\n");
// verify private key match the public key into the certificate
if(!SSL_CTX_check_private_key(ctx)){
fprintf(stderr, "[-] Private key does not match the public certificate...\n");
abort();
} else
printf("[+] Server's private key match public certificate\n");
// JS get server's signature algorithm name
X509 *cert = SSL_CTX_get0_certificate(ctx);
int pknid;
if (X509_get_signature_info(cert, NULL, &pknid, NULL, NULL) != 1){
printf("Certificate signature algorithm: Unknown algorithm");
}
else{
printf("Certificate signature algorithm: %s\n", OBJ_nid2sn(pknid));
}
// MD kod na autentizaciu klienta
// MJ Update [Define Macro]
#ifdef AUTHENTICATION
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
// load the trusted client CA certificate into context
if (SSL_CTX_load_verify_locations(ctx, "myCA.pem", NULL) != 1)
{
fprintf(stderr, "[-] CA certificate not loaded...\n");
abort();
}
#endif
return;
}
/**
* showCerts function who catch and print out certificate's data from the client.
* @param SSL* ssl : the SSL/TLS connection
*/
void showCerts(SSL* ssl){
X509 *cert;
char *subject, *issuer;
// get the client's certificate
cert = SSL_get_peer_certificate(ssl);
if(cert != NULL){
// get certificate's subject
subject = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
// get certificate's issuer
issuer = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
printf("[+] Client certificates :\n");
printf("\tSubject: %s\n", subject);
printf("\tIssuer: %s\n", issuer);
// Free memory
free(subject);
free(issuer);
X509_free(cert);
}
else
printf("[-] No client's certificates\n");
return;
}
/**
* routine function who treat the content of data received and reply to the client.
* this function is threadable and his context sharedable.
* @param SSL* ssl : the SSL/TLS connection
*/
void routine(SSL* ssl){
/* MJ char buf[1024], reply[1024];
-> buf must be smaller than reply array because arrays are copied in sprintf function,
which have some additional string
-> buf_size + (string in sprintf)_size > reply_size = Can do overflow
-> 1024 bytes (buf) + "Enchante %s, je suis ServerName.\n" + some string(s) > 1024 bytes
(reply)
-> solution is change size of buf array
*/
char buf[1024/2], reply[1024];
int sock, bytes;
const char* echo = "Enchante %s, je suis ServerName.\n";
// accept SSL/TLS connection
if(SSL_accept(ssl) == -1)
ERR_print_errors_fp(stderr);
else{
printf("[+] Cipher used : %s\n", SSL_get_cipher(ssl));
// JS get chosen (negotiated) key exchange/encapsulation algorithm name
printf("Used group (KEM): %s\n", SSL_group_to_name(ssl, SSL_get_negotiated_group(ssl)));
// JS get client's certificate algorithm name
int nid;
SSL_get_peer_signature_type_nid(ssl, &nid);
printf("Peer signature name: %s\n", OBJ_nid2sn(nid));
// Show certificats data
showCerts(ssl);
// read data from client request
bytes = SSL_read(ssl, buf, sizeof(buf));
if(bytes > 0){
buf[bytes] = 0;
printf("[+] Client data received : %s\n", buf);
// construct response
sprintf(reply, echo, buf);
// send response
SSL_write(ssl, reply, strlen(reply));
} else {
switch(SSL_get_error(ssl, bytes)){
case SSL_ERROR_ZERO_RETURN :
printf("SSL_ERROR_ZERO_RETURN : ");
break;
case SSL_ERROR_NONE :
printf("SSL_ERROR_NONE : ");
break;
case SSL_ERROR_SSL:
printf("SSL_ERROR_SSL : ");
break;
}
ERR_print_errors_fp(stderr);
}
}
// get traditionnal socket connection from SSL connection
sock = SSL_get_fd(ssl);
// release SSL connection state
SSL_shutdown(ssl);
SSL_free(ssl);
// close socket
CLOSESOCKET(sock);
}
/**
* main function who coordinate the socket and SSL connection creation, then receive and emit
data to and from the client.
*/
int main(int argc, char **argv){
int sock, port;
SSL_CTX *ctx;
const char *server_pem, *server_key;
if(argc != 4){
printHeader(argv[0]);
exit(0);
}
port = (atoi(argv[1]) > 0 && atoi(argv[1]) < 65535) ? atoi(argv[1]) : DEFAULT_PORT;
// JS
// Load default and OQS providers
// Default provider must be loaded before OQS provider
OSSL_PROVIDER* provider;
provider = OSSL_PROVIDER_load(NULL, "default");
if (provider == NULL) {
printf("Failed to load Default provider\n");
exit(0);
}
OSSL_PROVIDER* custom_provider = OSSL_PROVIDER_load(NULL, "oqsprovider");
if (custom_provider == NULL){
printf("Failed to load OQS-provider\n");
OSSL_PROVIDER_unload(provider);
exit(0);
}
// load SSL library and dependances
ctx = initSSLContext();
// MJ Update argv parameters
server_pem = argv[2];
server_key = argv[3];
// load certificats and keys
loadCertificates(ctx, server_pem, server_key);
// make a classic server socket
sock = makeServerSocket(port);
while(1){
struct sockaddr_in addr;
SSL *ssl;
SOCKLEN_T len = sizeof(addr);
// accept connection of client
int client = accept(sock, (struct sockaddr*)&addr, &len);
printf("[+] Connection [%s:%d]\n", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
// get new SSL state with context
ssl = SSL_new(ctx);
if (ssl == NULL){
ERR_print_errors_fp(stderr);
break;
}
// JS set key exchange/encapsulation protocols supported by server
// Without this function, client will use default X25519 protocol
// First protocol supported by both server and client will be used for KEX/KEM
// Empty DEFAULT_GROUPS or list of unsupported protocol by server will fail communication
if (SSL_set1_groups_list(ssl, DEFAULT_GROUPS) != 1){
printf("KEX/KEM algorithms undefined - check DEFAULT_GROUPS variable\n");
ERR_print_errors_fp(stderr);
break;
}
// set traditionnal socket to SSL
SSL_set_fd(ssl, client);
// apply routine to the socket's content
routine(ssl);
// JS remove break if you want server running in loop
break;
}
// close socket
CLOSESOCKET(sock);
#ifdef _WIN32
WSACleanup();
#endif
// release SSL's context
SSL_CTX_free(ctx);
// JS Unload both providers
OSSL_PROVIDER_unload(provider);
OSSL_PROVIDER_unload(custom_provider);
return 0;
}

158
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/SERVER/server.key Normal file
View File

@ -0,0 +1,158 @@
-----BEGIN PRIVATE KEY-----
MIIdOgIBADANBgsrBgEEAQKCCwcIBwSCHSQEgh0gvTK6AtK0Q9jgF8fkD3bhK+mq
crSGaTsr+M3dEpgFL3bhWKkwAKVvZkcQtq1EO/PjghbhsqWSfPpCfH+aUsMtmfMh
rfc49qdfHMCOV2xrnab/JWaaehQlCHKLHwljYEo2ICUKi4ApgDKBIjBlC5VFWpgM
0ShqwTgEUYYQWEAl2YJwmwKGGhMywpYxAoiIIqOFAYho3IIIXDYGCEYSwkgi5DQK
HAKIEYURABQEHKIBHIAxkLJkWsBtZDRA1AZSYSQOogRIirAwABBIJAOFkbYA0CRk
ChQuW7BR4LiRiyCNYYRwBKFgmqiQmwZsIbZoFCgikEgm0kIlATYlRAQQCYZoGLMI
BKJkShZGkACBJAYoIAaAEsRMSyZiEbkIygRS2ShsiQIhySYAVJJkE5dRAyEgmyCK
AzRqkiRK40ZiyyRMGiRQigBFCREt4LAwCoMoWYJRU8AlQCBOwyQx0sgQWziBoJYE
GQdF0hYlCwVMIrdACiBqELUpSyRpUhZEEAMkGkQQEQGKUqQQW6iNAABqAwaCAMEx
WoZEoAZEEjICikZAGqUM2RQFBBBGCjUs3JRJkJYEC4ANGwZiECcxEilgTBKOAiCB
hECCyTQQWgYpYraFwRBIk6KRjIKRisQg0EZxQBQRwyByCaaIAUkKwoAxIKYoYoZs
UEJt4EQKJIUhCDOOHAdpATFxBImRGUFACpCJ4wByHBBSSziO0iJxmChyTKZNGYFI
0waNoURQAkOMkkAqGcaBJDFgDBRkyohsQBSKIzgEARKJSARCpLQhQERypEBkCklu
jIZMoLYNIYNowyYykASRwRJiQIBoI5EQU7BsGLCAHBgwGxEliqZkCiZQYphIpBAB
wIaR08YRhCYqoUZIIiNK24IFjDZFATOK2AIqohho0jiOAgks2zIqoLaJGbUM0hRA
g0ZCAyFFCoYowUZi2jhSUhBG3BgN2AYFS5RpGykuVAQKUEJmW5BFGLCBoUCJAaEl
xBgyIQdRGyAqo0RJI0By4kRJw4ZABACEFAYEI8IImACRCQEmIsEhkRCEAiFRCDgF
orIlw7hIEEJMEAMqCSlAApUBVIQIGECFGJVxkIJsYQSKozSG0whqEbBBCQZqIiAw
W8JJiSZoExJAw8Jg4aBg0DRuDMIRIyMGUcaMikAJCcBEUhYhwDhipMgFEKhsSUBJ
CoYpEydtFJKBorZRxKhEQoJEGUgMQgQtTIIljLaRSbQpIicNEAQEwjggAEluRAiB
ASEyGjFinDZlUCZwW6YAiMJNgSQtVDJM2jCJYDCNAwMCUAJiCAdF4pIQFEkw2QSG
m7BswCQCEhhhQDKQlEZEEYElWMZQ1AIkTKhk1AJpGCUhGskBBAdJyBRxSURtjCKC
i5gIgpgxSRiGw5ZtCTeFASgBEocsGbVsE0WSUEYyDIMRiTaBEBkxUUaREhUR4iAB
5MgImThEpAYs0cJFGUYC4gJtCiBo4QJRlAIClEJAISFBnJJR4LBAGbRJYBgtHDUp
yjZygcJklDhxCrCFWcJllDZQIxYQokSMkSARCBQR3AYNEjBJ0aJACTEQYBhEwDKM
Q7RkQQZIWUZIIBlCBMhIASJKIRlw25YxCBhimJZsSLZxgCgNWDIyECBoIshtAzgs
gzAQwcBkGgVFAzAoSrhlZARhEghwyhQhCRIiYDJFUyAiwBSF2jBMIRQwg0RCChEF
YqgFADCNWJBpDJNBAyNNWIZg3AYSI0dBYBBNCxgRI8GMDDkRYYYA2DBIShgxTMho
mYQAQDKAG4kQA8Rp2gYx0IZwWCRpAyYlI0FNAbYICqgtYCYCWAgm25goYKBg0oaE
EcIoIoGECRclISOEWKaIIyNQyqYhCDRqi0IRSrQFJAhhkRKMJBSRAAMtUTIsEkaJ
2Ahy0SAhErOA0MQBo6YlwzCN2zQtWjAAWLRtJBIpC6Et4oZkEUVCgqSAGwAKDKEB
lLAkSSJQkpBEIEgSGRVCwjQSU6hhWUBMo4ZJmEZmGJVxEoiRohJJCwIC4ZhpwAIg
CiMmARVJyARNEyQR5AYq0yiCQUYECEAplDYIGxlir6nmSsdnwQE4aIyLcH8G+e9A
JMh4VleqODjUui8wPwVJ8p9EeE4WFmSeCmtkodQHF7OqVP7LmatI0zQAoW2xKKJl
arQN4R0buSgB15lkAJDMJd9ACMJQm0nGwP1yJSgbTHTuLa6Q+h/Ur1j7okiM5AXl
03HhG5I9p+K4SCBGYNqyWGKYzTgTAfDWN69JPw/host6PI56xH2yhRv1TCWHmSnw
OdCLesM5yt6F22aSrjlTodVMTAbFbrOl3M+M/Him1QfRdC3Vs8wx73nQvJWl6xy0
Z3IFgEqz7wXnD2kMZAPes41naps3Ef7N7kAYNFtqN28C1v/SAcYgJFO26uneApLh
+y7RhdsQ6ruwt/fV59C6btDyGtLouR/gAGZ3ClDulayVP3khlrjd+CHv+ZU9nbkw
yoBBwA+CNrCLaHuXNPxbkHCwcBOmDF2mJnIYoYjLgsBIsiEmY5LisBl8xKc5N9gp
fpcYRlGxBCs7QI5J2ShG/9BzMx8tQl9EviyvEbNxYMiYPxMebsqFizSt2n+/B62o
1qeeMSnVDVqTDNg4p21393qGuz5qa36S0uwVB2BOvRIXC3Sq4hz5JCyUROR3inlc
pl2zzHSeSbx+R+/Dh9XmEfdG1oMBJJgIjorwt64wPRU7a3GGH88uIcxhxLWG1r0U
PT/Hf8kMcTfMj+ttMZotk6kuqbrnsuazxt2c8CYuzKWS0NdzaMBMA89iT+enZVhw
RXz8D72OrT9iwTNVQ6nwTW3wsIgb1DZHwxp5Tyo93MV0dalV8zGnUl7ovGwO2em8
7gQ7scXMtZVBT7/Y3bZnq7h9XKTjNYaz99Q7RLtm59cdKsD4fgNm1Ic7u5CmQYM2
TWrgbe6wp9kIL/lfarNb5fYaTT0rn+wGG0tlBT4oo2Oi1MwCxVhDB2s5j0bdWNCY
Ef/UXGVJVwr+rCauoRYab/Dm6Pq1PBuEiTSKywijlGCnNreeXrvpDvq1nrEN7sjR
Qi+DG/teSd+NaEbrb1BEy4AoJ7VlyehJncdBzBFNTG6TB+inDNLyAUwuB8LxStHO
kyKAcTsubnAl0FCA6Cg5niuHsC4I2kM2Zq5Xhve6lGatJmwrYEgQ/0sfk8TZszHy
GkRCD5yOcwRLdES3MKeyFjWtGJToe0quwe+PhWpFQibWL2ExFfk9LG/6T8Ru0YsZ
Di2hBgLJHoS0sBKkHjeKc+WsApIsI7X0yf2r6GNJFNYagRDkko2Riq7wv7uAhp9s
Uy/5raWf1WeVVJ5Sr4hjlvo0lHzRtThiWlQoHAOzuBMyiuSHW+1lT4By/21CXTM5
Y7SxE0CuLQnRQJsImo9m9dh7t9V+IKNwg/DnPjI4xldXP1Nlvrlv8ypHV9K7V+/Y
e3yQVeuMENIvKDxNsjPye6VIKEduqyWZVeHNs6M21rg6lYkhrXQtP2FT4gN+UnNO
a0IKYbCfvXzKczPYUAOGIbCsUQZgWBI6agdGnH3kmfD6Qxf+ILZriRfJYd15EvH7
6WNYVFTqfHBJeq9eJk270T3miL25NhonSHT2+THMQsFmtRD7G9GvMbt4K7WU2QWA
TEobCGxPncKoTNZ13jAiVUwgmJX0VGqjC/VJAlPM7wJkPsmUNzq6GX24P0To9/tK
vP4j+X19zNH/JljI6rxHsvscq0yUlL8Z/9c8VbV1DEC+bcKfFsv6CZv/fqCL8hny
XHhIPNddGgZcpgEjZ3R5Z9lv5JOWrLydOnA8d4ZhXpF5H4qxqETROfk8OW/zKC+U
Z6T26I66AaIJG5OgHmIlz4bfHeg3zXev71UPskRQxHxVHeDPPontQwUqa8STMjwo
sQ2XRINkV7O/Ol/vGNBgwLfxWQwzn6a3MTOpusVrfQbMexwl7PHGsqEf1X6X7b8f
Xm0ckF9OP93T2NeuBYgA6fhh0dfNtz0xxoRVaad09ZI92lSNvOIEvXOcQXKjoGdR
ZDATE1uczDKtShKqNkF0Q7Q5oDYwHv0Up7J+Wd8Zmj5JenJmXYsN+vNtt7op9YEP
K31OtHJv1Dliotwi4YPv6bFjThwImO6FQbwFgwF74+GVZRT+hJ9Bpo8uS3wYJNMf
6iiCxEVl9L7b6I5OhLKqMbqilMn87nKnXkCfVoKdyj/pftif2OLqBVj02fXy3XhN
RcIxjwh+Q+UMT0Vfgm0Z8EYabFjkez4i3TR+2YsYn1pLu865licRw7HB0R9Kikj3
rnC1mo1QTzoguAYdx5fEUG/BcUcruriBUg7qdTRaUB+NfIVplXar/za7yp3YLNa3
EHueU7Z7lByzdeoIII1jIhNaVmfei9ZwQQPJiXmqnIIAKQCPm6piTaEadnwtmGMB
uNSTgKNrdWac+sXzMAIUd39m9lY+s2BuTIRvwySHHE+hZVSGY5BaW9DLLLYtDtUF
k+fKiGwtNdiwgdnKDqpj3dihhKNJN36xB3SyXeUV3l7cbZ8xOCpIaJLxH/f3t+3h
EqLJPwzt8zBTqeHG3ta0Zx2IoRLUg7NcOOmO3lD//IdnspTk4BftD5KKq1+IZ7es
RFob4FdtH7/9pdchRuUwgXdqgJwMM1FGiWD9Ef1MmNucsMvOYFoSl0VuHqgtjtum
rzHPOq5Ifpo8AVIJN73SuQQFKej9F/4bfySFEvuB15HKEg8NRri4yE3yl7Ul7eK8
lY5AFJ250E3qEysGIco8MTUvqo+aH6Azf+gyUOnlpwWxM5kYrw/eSy9etCUbAWve
3B7YTKXmR8t/23upM16qPazEYtRbJo9Y0yLknsPc41Ut0WmUMlf7Yhvq4n9UsC/C
WnDy6Hso+3Dy/5mIOidVzoN/oKwt3HqHUvgHYyKzuvxL/2nBPMEs0VJNnqqgjq3r
p6/UEgGJDeqcFYB/OeW5OzLmsw3VAKyIfTW2e4C5bW4Od0XkYFrfhGu72SKhna9P
Rzi0eKOO667TDnEKJ4fK67bevyqXTdVJM8w3Rzv7JHdBNqUUGyB2neQSM0FkZe2g
zFas6TUzEi4rnjUQ3vp5zxbL2Ogft4k+aiKKGSZoxN34KreSn0gQAA//Sziiejxi
68lu9aKwiy9eUCTJacmAuMd246XdFD6CTCiuPbudVItolo/IsUkacLl+dX5sKeu5
D7zZrvNw0TmGCgShOCirgIiHIOCSqZhL2xYQhLxhY6+coiCSbOvzgknJowzw3vbT
KTm3UbP9gSBs8GC7z7pt1UBqAN4DWboFVONAoInnFprDGf0DToeHWIHEfwfTdLqz
OJvpSWnUeqCQr+0qlBvHg1shew5eIRA0OpdlfzYHE42OIXJ2hbPRA/I1c+u097ri
CdBQGeLNUQe0OhPxo4/Ck/rDMZnonUPuvsXF6asP+H3TPPh7C1DTBm56waarlL/Y
pCIZQoNJm7/UAGpJa3GFKjY7Q08ncQf13XnzSZXbkg1BrxxzzbgDuhIXwhZVx6YT
jfu+CLZj/9I094az4v4VpAaPMI9XwHaVQIt2azSLO7Sb4gXmYgSoGX6YO2/mL0b6
XwcQmeCEedtOKDPmK9a4wKHONHl7/c0B5GaUTexQkNUQTKVnI6vEB310zOKNEo7B
O731+kSOETiKDLHXYskMPimw/aVkSBVI2cQwK+WH85a9sk+ruuefPuhlGZMT/BMs
RznyI6ZgRsE/+bOICIKo8MX9PtSYjARz1UCcdaoIWp7chE35eX2+aUMcGuw5I/Y+
lwkYEoZx9NOjpp4C4795lgdj9q0mD99QrwckO9EcM00Bdd2WeDyfQJa0+slY3Ls3
YmsVdsIA71xpcLGsC+36KfC2fzR+gZGG/7rT5mW40qGHU4rFKkkmDw1CsvqfhxOE
lthyzNf0jLzWaBoxZZGxdTNtFreM9UQNdoF0HWu7pY9nJB694DkXYapcfrw0EPc8
F759gJrKh57aPntGsu96K0ZuDYuhaHi5NSBgjDluDjUh218EH3ISJe3UlnJrSwcG
C4midDPQ4fHe8nLLd2hJmKUX96Cx3Ytz2RQzI5RMV6fbPQwcuX0fZD0gxxFtcj7X
awjSbC5ERiSIV88CgSOU6KKpv7GdJjYx3QHXHL5R4868zPixbhzwBD7zVj9cKKIq
WDV+FRvWCkQHv5kL2446CpZM4QoeG4NpCNZXhsO+NtLcZg/QRXgb3A2CTQsRgZoW
UWBYKCQuKW2DP+BGQRd03i19ihe1oYGqc4C50j91rW72Sz1ffp7kGPRGcjTgJIO3
AWSN7xOe4OXBGUkAe7llVpgzaZhrYdOm/Zif3IJ/BX4G8drjZPrfkVbJRX+HOvOh
8l5rRwJlNIOFYsikfB9NY6PDdv8yCGXbuRnxrKaX91K644OgO3ecUZW4x7C2BU8N
HRNo/v8LV9f5URm8eCLE2rTTTyS+Z2q8k0mAQCSb8p19vWb8OoHG35y8dKwo2V/r
1RiaZRz0NDutCXyH0fNhACRljlBykPs4Dg2GOXyjlNsnYKx7KKEiNGXcz6jSnr0y
ugLStEPY4BfH5A924SvpqnK0hmk7K/jN3RKYBS92RlG/Rply0aZWZCtiY3mFR7+2
T47cRmLdDTAm8oqLVmA5L9psXw76DjsG4fWW/6sViN8KMHq5zxNUvEy8ndiNkoip
XS0A+SEvKq1njzVBGpK3DQx1NOdL8CROXnPcUNcDlpf9h55VziEIuYLvyjL1UK03
NGnyNvjWSaTwKYbGMTk0T81oKXXZf7YNKR5tUpdijBPRjcXrE6Rou+qNFMN7Gcfv
zJomfoaS7h4aad3K5DltzaQakRm7R92r8YeU9GQOKx1oPU0708PJ30KBlmeUb8xn
OgYzsXklWIRRmdXSBUT9lWgvIAf2paF8PrF3llyAjo8XIOoCQyAl0KzDR8XBUVpC
ImjkBOkODFKQc4XG14bnwMmFSbDRtBOWmucr6L/lYcmrqVXH5TmbPAY4FdFYXxCg
YRQ8KwZZtoVHKYIby+J+iXm8rjzpqm734iqdfYbDZSAUOhy7okWAvBs+7XRe9GJl
plMgcsZeRgPKF7J3yfeV2JPib/l7jDe+lbThRJVzxH7Wjh/0hLrx5vjRpGYHUksv
b47LqFBRCtB/1kJRfpTUvdfuZPIEv4JFZ+uSXG1q6dsHMgSO1atkksRZjn1X71Rs
vd7OFaKLavx9Q6qnF4s4RTsr88dHjY87SXvBkGPCdjva5Zm3VkysegJsXMPSYsRH
6L7pwVQ9yWo4kFgxS4B25zZvUPOKaclGC2s1ImT3qx8dj1KWP00eu8vxrZX34u+6
nMC4+9mw11uW6GIJvBFwIgSMb2R66KyPqi3G6pTPfWbT5XBLobUONg8y5/MsnEY3
tafgxRK1iMTLLpQwRfmb0fB5UizptZEPjKS21rML07Ycfo6viFVwwOGm7V1URDnS
yM5Yj7hwUfxSa+WFoyNf0+fJStIBHiI1XOQQLPj/YIGnsx83aM04AimffDwXXycC
xHSFAZK5MJEUwt46nAFFdX3rZnkt0++eMRX/HB+a0IW5akg0palO82e/8UjqZeRv
PyvQhIgxNZCbfJD1XJhV9i6ly/m2N0J7GLMDFkWCw9PI6juhkKR8pn4GM3VnPxsl
FupJudsL804HY9D5OioT+b5pW2ExYW3RO7pb8mOoCWeiO2nCcVzrglqh2S45X24X
CbJXp/CNUJ5CCZw5oOlQEYE+O7+2h3fECfHdni7idCSme8RGH4ZKlmAKvb25Egr7
31nKuNScUnL3fWCIATzGCcX1riyxchHEQVMuduPBSS/qwWI7VGWOF/yqoKZ4xxPo
4GPTba0Aebes/UhE48P0iLKmGmpCqvCx1Pcd0YZk6z5M8IPYx0+fVp1QYHNaCATx
Tj/3nDTg6YtA1l8coBYwW8Wl6Fsv4krpZ0QV9fFz2qYW1NJXaybSwWiQ2lXrsZCQ
vgeYmmBSnrCS9maNpjhFbTKMCfG+kcwYYS/ZdBH8Y22ntS5Ru7NMVY0L7A97/mv+
/jnM5PE0iwlonfPaL48go1e1Kzi8HCa+GFypUyH8D5DstzIDmrSNZXINDsmHQsHM
quAPYBaCgKIC9hfx0bWzzzxQWFItWL8ykhgnkuQ0j8KNI0di7ziyPUFw0KrH+zPw
P3aRoe1CNO+Nr47hhcKbge9rTk0MN8j/K/sUxFlyuKSGxdn80L9TokUJHYh1Hxu8
MG0itTZBCR486wj/ULCWOxfUTYgjV/og5oza/qDgkx7xsy8+iiznRoCkquEO6HVb
QH/+aFzjnXFto1aKpb1QrpHZXqUpBF0veeeMDtifHoE5ZsZ8goZVE7DIfFgbCawK
FS7MaAzBV3Jfb6VuRbWu3hUtjepwPkCCn7QfmUZXbm9WZtW0gMuFdBMuJ64CVWWY
EW2YgG2H/zkw3Cg/fXXJZtmaAQzaeeh1r/TNypCd1QN6a30RMivp8dHx0s4JLLBY
36k5dhnwGzZWLFUaMz85kovbQXkZ+8DjzVLJPsuYGQveVRrujtN2e+6O/lftupjx
pRUZNhYIwnzjpUOXSeoNiQqOIXbUERebol5cnX6CLJVOsTgEzHbwwY4izutzHHvd
3gReJVlJLWuh6Qz6uLxDW9asG44bihlcLWOYy9hB/Q+eJixlDeVTtQy8IrWagFAR
Z6GUpV4h6fbRfAtQQA0XEWdusrLZbKlPfC5SUIOP0Jvbd2w8y6S9K2Jwcqs68usk
EMe7m33Qlr30Kqbp6d0D8Qxi3sOdJ/u1ECh3onnyakWAZW+wYZ1aTdpW7v3/FnFZ
DweU5LJayfiSGlMQ22W/mDdAhqseadbt08lLo8p0/jjP8CjK+WlptYXm/TYCrr1Q
R9RhVC8n/k26lNnZFMU6Vv2TVHTxwFxfB6VCPgASIvx+csCvgbTrerPdjBuLK/me
uxz2mTqP0m+2YsaXhIYca3g/rrDNEJ7gxr0zRK2/H/DCbDrjrSXX5BrkYPJc+t5j
PhkJ7ocZ1e8/lrmpX/UPVrqoPUf8qY+S87l6ntQYIA2FXHKesMDLqv4XCnpRFQJa
lLr83cwWPPdLorm7C8Wu6Pi4PySGcVOdvXFM94tNR9j6fgyraSoe8PyXo43JrDCv
hJrSeq5o7Xi8bMRJHP5/6zpVkgQHKPc8FrVWP3QNsFy7kVJdFpqXhJjq05CJGup4
WKe6Jh9Mn5dv5tYlDqMwRgb26jBWLXzhSi1QtJSalSa4kyVrdLjTLGEtKoDNIiI9
I/32+ki/MQ5KAIkVbB+Zad6NmHbWXO+b+O3EuoUToIaSnZMpWpC7/ds/E8aIF3E3
7ortKOz0O665mwV/eDWan8Zy7Yn3QaasutZ/qILuQ6fjTX5Ccq9DReakphFmGTHV
TZjMFbizetonT7NywIGcErneYdWKYeDv+186YXCxLOs6zNcP/UkaXveXgtgD9DUm
SXHEdrhv4Bo+nl9Q0B82DajY42dLzvX9XkbJ52LQGzaK8RI6+1L5x5kgheToo0R7
oJZ4nOe5NrEccfv1u23U3ASNsEfOSNXvY8xGO31ksaNd9IXyCBQfygE666OLlMcb
EEt9h7UjOswHnxLNPuL3UhNm8sNl5qom7gkApHpCsQFPgDavxIXGHviRBwNMowzs
GUcBKPOExvDMY8ip1dMgo1otlBlSh//sOlAp8BgXoTQMi2nvtSnDL5anX6zme3tU
aNBWaW+LF6iWeSXCov16K9dNA/Yi2b+CC2Wewo3IsP7bmtBXI7i/HhdWJ5dj5DJM
GDocf22pUmaKkZs1AWV7+GiKLRgxiwqMHushKqx0/m1DT5HwlbwSQn8utiwmr/FM
lP/bs8rRBsCIieR14N0dJTL7OQ+4srrysk7TfvV9UuTFg+IaoyjK1j+FgNtxMQ5Y
7E63ulGO5dogiTxAmxrYOtzxcUat6TZp7vAXoBuGcxf2foV2dEIzMS4XIiVWMyOv
jghCWfI5DGIe0lB7H7I7PXFV9EmV43P04GNPRyVXkMeSUrkQw++HDsS4oH7AqQ==
-----END PRIVATE KEY-----

161
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/SERVER/server.pem Normal file
View File

@ -0,0 +1,161 @@
-----BEGIN CERTIFICATE-----
MIIdnzCCC5SgAwIBAgIUJ85yF8KSw0QrCNIkQdmFpQeyNiYwDQYLKwYBBAECggsH
CAcwZTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcM
DUZha2UgTG9jYWxpdHkxFTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJ
bG9jYWwuZGV2MB4XDTI0MDIyMzEyMTMxNVoXDTI5MDIyMTEyMTMxNVowZTELMAkG
A1UEBhMCVVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcMDUZha2UgTG9j
YWxpdHkxFTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJbG9jYWwuZGV2
MIIKNDANBgsrBgEEAQKCCwcIBwOCCiEAvTK6AtK0Q9jgF8fkD3bhK+mqcrSGaTsr
+M3dEpgFL3ZGUb9GmXLRplZkK2JjeYVHv7ZPjtxGYt0NMCbyiotWYDkv2mxfDvoO
Owbh9Zb/qxWI3wowernPE1S8TLyd2I2SiKldLQD5IS8qrWePNUEakrcNDHU050vw
JE5ec9xQ1wOWl/2HnlXOIQi5gu/KMvVQrTc0afI2+NZJpPAphsYxOTRPzWgpddl/
tg0pHm1Sl2KME9GNxesTpGi76o0Uw3sZx+/MmiZ+hpLuHhpp3crkOW3NpBqRGbtH
3avxh5T0ZA4rHWg9TTvTw8nfQoGWZ5RvzGc6BjOxeSVYhFGZ1dIFRP2VaC8gB/al
oXw+sXeWXICOjxcg6gJDICXQrMNHxcFRWkIiaOQE6Q4MUpBzhcbXhufAyYVJsNG0
E5aa5yvov+VhyaupVcflOZs8BjgV0VhfEKBhFDwrBlm2hUcpghvL4n6JebyuPOmq
bvfiKp19hsNlIBQ6HLuiRYC8Gz7tdF70YmWmUyByxl5GA8oXsnfJ95XYk+Jv+XuM
N76VtOFElXPEftaOH/SEuvHm+NGkZgdSSy9vjsuoUFEK0H/WQlF+lNS91+5k8gS/
gkVn65JcbWrp2wcyBI7Vq2SSxFmOfVfvVGy93s4Vootq/H1DqqcXizhFOyvzx0eN
jztJe8GQY8J2O9rlmbdWTKx6Amxcw9JixEfovunBVD3JajiQWDFLgHbnNm9Q84pp
yUYLazUiZPerHx2PUpY/TR67y/Gtlffi77qcwLj72bDXW5boYgm8EXAiBIxvZHro
rI+qLcbqlM99ZtPlcEuhtQ42DzLn8yycRje1p+DFErWIxMsulDBF+ZvR8HlSLOm1
kQ+MpLbWswvTthx+jq+IVXDA4abtXVREOdLIzliPuHBR/FJr5YWjI1/T58lK0gEe
IjVc5BAs+P9ggaezHzdozTgCKZ98PBdfJwLEdIUBkrkwkRTC3jqcAUV1fetmeS3T
754xFf8cH5rQhblqSDSlqU7zZ7/xSOpl5G8/K9CEiDE1kJt8kPVcmFX2LqXL+bY3
QnsYswMWRYLD08jqO6GQpHymfgYzdWc/GyUW6km52wvzTgdj0Pk6KhP5vmlbYTFh
bdE7ulvyY6gJZ6I7acJxXOuCWqHZLjlfbhcJslen8I1QnkIJnDmg6VARgT47v7aH
d8QJ8d2eLuJ0JKZ7xEYfhkqWYAq9vbkSCvvfWcq41JxScvd9YIgBPMYJxfWuLLFy
EcRBUy5248FJL+rBYjtUZY4X/KqgpnjHE+jgY9NtrQB5t6z9SETjw/SIsqYaakKq
8LHU9x3RhmTrPkzwg9jHT59WnVBgc1oIBPFOP/ecNODpi0DWXxygFjBbxaXoWy/i
SulnRBX18XPaphbU0ldrJtLBaJDaVeuxkJC+B5iaYFKesJL2Zo2mOEVtMowJ8b6R
zBhhL9l0Efxjbae1LlG7s0xVjQvsD3v+a/7+Oczk8TSLCWid89ovjyCjV7UrOLwc
Jr4YXKlTIfwPkOy3MgOatI1lcg0OyYdCwcyq4A9gFoKAogL2F/HRtbPPPFBYUi1Y
vzKSGCeS5DSPwo0jR2LvOLI9QXDQqsf7M/A/dpGh7UI0742vjuGFwpuB72tOTQw3
yP8r+xTEWXK4pIbF2fzQv1OiRQkdiHUfG7wwbSK1NkEJHjzrCP9QsJY7F9RNiCNX
+iDmjNr+oOCTHvGzLz6KLOdGgKSq4Q7odVtAf/5oXOOdcW2jVoqlvVCukdlepSkE
XS9554wO2J8egTlmxnyChlUTsMh8WBsJrAoVLsxoDMFXcl9vpW5Fta7eFS2N6nA+
QIKftB+ZRldub1Zm1bSAy4V0Ey4nrgJVZZgRbZiAbYf/OTDcKD99dclm2ZoBDNp5
6HWv9M3KkJ3VA3prfREyK+nx0fHSzgkssFjfqTl2GfAbNlYsVRozPzmSi9tBeRn7
wOPNUsk+y5gZC95VGu6O03Z77o7+V+26mPGlFRk2FgjCfOOlQ5dJ6g2JCo4hdtQR
F5uiXlydfoIslU6xOATMdvDBjiLO63Mce93eBF4lWUkta6HpDPq4vENb1qwbjhuK
GVwtY5jL2EH9D54mLGUN5VO1DLwitZqAUBFnoZSlXiHp9tF8C1BADRcRZ26ystls
qU98LlJQg4/Qm9t3bDzLpL0rYnByqzry6yQQx7ubfdCWvfQqpunp3QPxDGLew50n
+7UQKHeiefJqRYBlb7BhnVpN2lbu/f8WcVkPB5TkslrJ+JIaUxDbZb+YN0CGqx5p
1u3TyUujynT+OM/wKMr5aWm1heb9NgKuvVBH1GFULyf+TbqU2dkUxTpW/ZNUdPHA
XF8HpUI+ABIi/H5ywK+BtOt6s92MG4sr+Z67HPaZOo/Sb7ZixpeEhhxreD+usM0Q
nuDGvTNErb8f8MJsOuOtJdfkGuRg8lz63mM+GQnuhxnV7z+Wualf9Q9Wuqg9R/yp
j5LzuXqe1BggDYVccp6wwMuq/hcKelEVAlqUuvzdzBY890uiubsLxa7o+Lg/JIZx
U529cUz3i01H2Pp+DKtpKh7w/JejjcmsMK+EmtJ6rmjteLxsxEkc/n/rOlWSBAco
9zwWtVY/dA2wXLuRUl0WmpeEmOrTkIka6nhYp7omH0yfl2/m1iUOozBGBvbqMFYt
fOFKLVC0lJqVJriTJWt0uNMsYS0qgM0iIj0j/fb6SL8xDkoAiRVsH5lp3o2YdtZc
75v47cS6hROghpKdkylakLv92z8TxogXcTfuiu0o7PQ7rrmbBX94NZqfxnLtifdB
pqy61n+ogu5Dp+NNfkJyr0NF5qSmEWYZMdVNmMwVuLN62idPs3LAgZwSud5h1Yph
4O/7XzphcLEs6zrM1w/9SRpe95eC2AP0NSZJccR2uG/gGj6eX1DQHzYNqNjjZ0vO
9f1eRsnnYtAbNorxEjr7UvnHmSCF5OijRHuglnic57k2sRxx+/W7bdTcBI2wR85I
1e9jzEY7fWSxo130hfIIFB/KATrro4uUxxsQS32HtSM6zAefEs0+4vdSE2byw2Xm
qibuCQCkekKxAU+ANq/EhcYe+JEHA0yjDOwZRwEo84TG8MxjyKnV0yCjWi2UGVKH
/+w6UCnwGBehNAyLae+1KcMvlqdfrOZ7e1Ro0FZpb4sXqJZ5JcKi/Xor100D9iLZ
v4ILZZ7Cjciw/tua0FcjuL8eF1Ynl2PkMkwYOhx/balSZoqRmzUBZXv4aIotGDGL
Cowe6yEqrHT+bUNPkfCVvBJCfy62LCav8UyU/9uzytEGwIiJ5HXg3R0lMvs5D7iy
uvKyTtN+9X1S5MWD4hqjKMrWP4WA23ExDljsTre6UY7l2iCJPECbGtg63PFxRq3p
Nmnu8BegG4ZzF/Z+hXZ0QjMxLhciJVYzI6+OCEJZ8jkMYh7SUHsfsjs9cVX0SZXj
c/TgY09HJVeQx5JSuRDD74cOxLigfsCpo0IwQDAdBgNVHQ4EFgQUTjGffRm6tMlF
9wDEy5Sqa/WGZpgwHwYDVR0jBBgwFoAUhYbPRDALyI1ALGoCVaAj4E8o8WcwDQYL
KwYBBAECggsHCAcDghH0AERlsw/HzjkRFsg48aRqr+rqa0QANoQOritVtth0rRok
tkkwJTBhGOdRBSYE0JcpsKDNspCLCC1Nre6ktz/Tm8STY4eIGKXvD1eO48CqfIRV
2+UfR8MEhG/EGpdDz1Ib+pwtxb6DLvf3k/DkMyT8+UUhlLp4M9w5VcTZLy7V5OUb
0LCVRFr1QRrGiWCY1jrKiXc2oyVySLhYAORJWOPJeSl2OBah6JAYTnxjfyyJRMkh
0eces5KGwWaX/v0B3YHj0nQaqGryItjGSlAEOIH/5fmEoWiWmZQk5yb4nPVf2isB
64o55E1alsgwy5aL7zq/in6g+f2bmbX1xmordok+UqHdtmvNiUP/IIITadBVneoP
aEaC4lJrbKzYDXqPoP99KMTNWPMtSF2Lg2lU1gbn5+yluP7HlNGpeEWnSVtRX+4B
REaYqtdhfz+UkcGJHbr+V4H0HS33Cn8lr6yG8XlmG5iEIemtwghBKFBjzkMp3DRx
K1e6OURNgZIcI9nX0ABZaSz21VtcleINlbkpCt7sZHE3DCgT7CGMa4FJcq8bhZkf
0tbEueTCa6Z0dvVgrHsErr/jvW7Yru30csqZElMf9AAki5zHHdOuPaOu/9E0Wx+J
MGiIPXEjIP3TSKw5WbVEVhex/JOsPDJV/CJ90cFRS+bFGMTqcz88az+PtGeH6gRp
UdyIfWuLTcU5yQG0e6t114uk2L06YJsUcTS1rEHkE1EoWYxNYVkYtqASOfnkqm/6
oTRWAG4s2sa3OYV+xV2hsA5rvs+jryfgpnoGdWWjdNDU+QKpkhsYw6trRaCkxYRn
sW7mLIME7lM9Tkj/aC1464Eoj2noIlVJ+Kaw4gOLGmqY/Ipw0kbhR6doxg6BhYIa
5ZB+MlC7DM8vXfQEc8dkmUEL5JuSpMBHOcMYrrq3jjCwOgnjcSub35wDGk09tRrc
iOpfc+3i4V9ezbdAFOHZUMI5KC/k8brlbRxoARRoR01d1NUP+e0q1DnWTOOtdhjQ
KoaXnTyfNrPCIph8pmu81w5fUhymhmVTwTBK9CySrCS2Jo6MEEyLSY7eie2QcIMK
6FQelpcyg12P6Ta6dSVShEsR4ewSOw39xSYVTZxBaKaEKrkzxt95tvh+QauDG1mu
rOhHzIq69/oGxfMaNWqzbJYkBBLMpkzTTr52tLeqLSo9fdD6q5goRlQbQuY8AJj8
/LNQTJECYjNbN9Ow0YNXJyrsjBnK5EnmFU0a587nBabfQNz1tUrM+/ZkvKDBfeA8
BioG1oegt36pSS4QmgvgcHP1E1BA7inM6ey7YbbgN8pt3FVyXKorqCQ0nZctvQmY
5VRRAusmSr/xMFBOZTM/IeReA+yh6t9v77JfcHC+FV7KjDo1ATgmXjiyPz8o3g4z
eWJj84R9jaZjAGD8w8P2okZQBCFxedXWZDFk2Sz7Vm7ruHOGyBuwuWIwcCfNiAiU
YBfnB4QPQwY8xDEZCUU8rU8JtMsj8j5bh8asblVPuvn7kgmW9cU7JmwmM4N4JqsN
rIAUlla08JEnlyR0068L3BusLdLx4b3Qa+Dm0jT8IhUvJRxjlSvmwM8ULnXkwiu+
0zVJc6q9es1Z7ZVIHTq3nF7cg5hMYQoKvFPqanQww2kAfskuLDZ/Yg9YzSy9ISfD
knfA7Hc5d8UA7qWLknZ1jb20jmOVXV8cXChUGVISbwcdOM32L+xwplzLNvm/6jZW
e1WyeakM/slDoPZ9oMzK+5mQQmCn3TKQIa62JHM1diwAh2TV5BF3WzD8W694gv3e
uwJS/OjnDF87VIPj/1JO71j+U7/skHU0+/jKKqOrLFKn7b1stRQg7NAjh8PxP5GN
TbbuykXqDxLU7BvuZKN+dmFwMezr/3KJ3gOGAsFrgygdgPc3LQ1V9BXm7DlcsfA+
5FX3GaCE2by5d8GlXhFx/NQmY/CXlvY0Q9+d6inETcambEUC/BfxPDvl+kQJ2EmC
sfgeQmuq7TsCgOZqOZvLAlO2gEtrZQDAsmAPzN8CmkwTEl7D/e2uK5bDSJEKHMRf
j43LkjULHRvL7necR7esxWSokfeouYSe6hFgB3b1KHxMX++GHkccAWSV8t2GiVhn
jdnc8b6avfAfkGqkyEmRanmV0RhvtzsEuGLtFAPXtJQPULWhlt2Sg+EyXviqXSkf
KOU7wQgpvb2dkrl0qvJD5dBCFxawCHHFfpj2Y0N/z3kQLUAh+cxcb5SuVcja340h
ajw9qApuCPrq7YGwkj+AqQ5Xuuu5QSPketqfIj1QmRVyE2i0wvNk6MHmjWdikymg
2w3PTmxZ3veMQo5ADZsodgsmmapIw//hjkuBsALmfuMlpEPGWTx4Q2ck7inE9QM9
0wvVvW5I9SVYKodniDmHP4/U4o8Ep5OZvKSDbiJVC5j0j8rbiZdI4HfZMJ5+wf1h
1zIOcdOLqbz8QxAij17NCCTM37V0yckLtHe30tbMakcUybvSS+8bH/sq44F+EHiL
WMWQbjNy3lZKc4xwt7xtK5Gi9C679iGjlgWqUFveYGU0S7S34uFtCDHOYROC67ZW
Z2V1r00VUIOfGLy3OdneVKpZlQngKwUSa4BNKJNazhvD36xu/Tn+Vz14WSEmXNQe
OJvqXsS4cG/LBGxr9NY1M1Yzve91EnMcyKbmEeOa5tFyszbEkSFnNlCW+tebZTwP
SjGEp0qMe59RwpE9UMCxIfC8WFuJQivZWaYGUjI75IHJbKyfm/3cMfsTNVjuqZj9
wHpf+yySOYNWaZelAMYz9N/GtwrSAH3MmHNyrCKMJ3z64jbvwTKCBWXScDooDyfN
HD6TMq6rbu66RdS1QRXtPhlLVRzxihJH8VRq6sr/ewDQztLVqsl0Ow7uFN1utjII
+ID7ecVKiy7Cc2SBeIJOqHm+8G5aMLOb70etE6E5roO2/koadAgIuOXJoRHGGTil
tj6JWqKdaMA2ldKGPtAGlpe208xMfNRB12Wk/Vr+ZFeucv9St+GakVqMaAU4gLJK
pYfvSWdX4zXbKo8kOIAy/HLu+xq+nHIOgBL3VzAo+YY7J91sSy/mACTtBwtUnuk7
1l/3YyIWvbfxPlf7kfym3LeFlrjFOlaUi/JQiW/23kb6jovLtJjhMJMO8c0yuobi
eWENzygFrZnPlv/jKEzGb4bCkymK3oYhEtynOyQ+JknqylFBF8aA6eeNKNev8OjH
QWIFgBt0XYeIKxl5lYhq5J6ULX0ZwcQxS93t+iKwWvKw3NKqt2D7VvWogZC89WNy
GMabcEU+unbGFqplmEe9SV6UU3cyWmUFEfqJmBKXyCvRtDilV2NxHCfArguqHduv
o+mA/r0TdEEPLBDm3BodGKTrszsate3qBnKZWjrdQ/Dx9f1IbTjqgKOYx3g0X2nq
kZ8YaEUmO0lHVuJRTsaSA1w8RgXppFN90Hr3mMFRHSUYYpIi0ORUHfGbtz8akkD3
bwBo5OfLDjtJQ3i+ZKyNpgBBEKJQ3VpiKKwwi3C010cGxWC0R5tJoOYs3B3jKha6
oQAnv7Pd8ScbHcIRCqVDKFDvGrhOHYOMhRQul8aSGITRHg5UV0H9M1JuE7R//qpB
aRAMXi/GSMAAlT/vuu/FU7s4kyjAuTxQcWYlz4yBwP+tpUMCmkCCR7MYb7b9QTGv
e7ms8jLmoHPM5ZvEucHp2/iZkOdouLn8qnKFRjVAJaE20smfB14WdB1dwQVQfR3Q
3dDRDbl8Ug52nK03Jr13BPL56U7IS2B2J5/QLA3bbTtbe1X87ZYTkW63ZvtqKR2U
kxkkJd8TWWiQJpFeHkDN3GCAs+4mlwEw7fBVEuyFbk5LFl/dJsaUGZTWvftRODHj
AQSIewOdHTbSwTMvrDxFBc2wErAl2a8NNd6tN6VySGFPozVFGKdRt3GXL+/ZFVED
Xx7nEMWJp69zEYFnW0Lk0JczP8MWdOd/AkZvJ1zcc9TfezMx0v4xaOH3KLqlz0hJ
BY2oJGPny3K/i0ZzLTdcWqXx7BqLd4OhWcNo2dS6sW7009lBadNqyGb9upk3FMR7
ArHg6GOqBSUV4vw/xo5hbH/hzeu1Vx2nqxDBDQAjQK5dF79aDcZZI6Sy0wmHOMKd
/nH+57k1NzOCy2TLrPdzXY6YNgkVllZMCEgW0a7xpTRNh73ibI6n9StEORSngh5n
PSDZK7TB8vC10z6kPYoHe6ihdqdpQdJI5npFpIH3C0Ok1RCjD7ujhnLVPxtTYBQi
RqXXyW3S846kXaAl7umwbKvnHYmEk0UgzVlLQVugCb+mMa77MEZpEpLmthDLQJDC
504y3oV5uj5uYN8FE9dXAlPJ1BtrOlp5xj5Z9NINUJK+wW0ElgdryopbFqEoaW7S
VDMHeEf4ofGm25aeiD9ybfWLmxBZyyoT7x3B76Q10grXIHS5pvFA/7/xblXdFK/C
vp/gMXe+FJjS8Ot83sxvuvrEbZkLYwmGNqTM4zMhzz3uJyhtd4noAcSWE0vuDdu3
X8MZ12Dh0hUHYkQRMRpY4oq8xdHKflXcTVaztP+wmzytG1Tuaq/JA7196ljxJY8O
T2JbNnarvlqjmQnkvh2rVlQovZFCcFLPodTV2MuOrGfrb4wtgGlLDYkdGDcpo1ZT
XoXxwcNtKnOcAzC30LruQK+rkIPZHBuylxjp7lKIXhguYFgvtlXRVYihVm8yiXXu
f2cPQfytadXxpeQJv55DAZWXhZpLOlDo9Ev/8agHHh8HCbznGYa47XaiVV90SxiL
XNRbtsoXIhe86z5deF07pGT+YHElhRjEkxPIanCYcxJ3r/ZfRF91QGZ7vIEs0RLJ
mNLcGC1UuyUoDa/ArVnesvKSVkwm8NpOvg95kzBWZQuwnOWkrf/dgirWYKE0+y2j
OmXCdbtq+JUtgrQd8FmNv1LltyrZzRqpDiO9chyn4sJHorFv81wW3VeVzViSIySV
reVPXetHvjjoJUcVUtN0BP0HUgy5R+0jzKY/JoIafAcb5rTgIanRIUffYNcyrcU8
HEzhpxAsrAwlmf87IRcxz/v+GM/dejUMCYKprXcl+4NIvwNB0+CKbAntFw7wwLKV
AhREDE/Fcu70KnwlL9T2g4uY9qVkL060fjlJhkrK2KAZ1GUBW4EpXQGsZgr0o6Mw
XB7mFeIfe/PTszl0QyyC5ZavKNQk79Fszuu7ppVKTG81Ik5UD/uDTeuMLCe637oV
9HMJ4Q+e98sy3TNcxcuXxg61imE3TAXfjwWnUsdn16qCak8RS/Q1tI1STSyYYv3B
qIfngui3ZZamw4ZBvMgtXwfy6h9R774djeBGemMEAuP72KMh9m5BPU5w/K0bKXaW
1uuWAOv8XiglxfZk9uIiIU4EPZtjGkfrSRTZq9996JeO16SVUTUenE7UhfkLFqsU
2BnkHU3s4PjIXyZYSEiH+pkmdr/RUjFN4EmpkxvGjHhUVmvsLVrpXw2CA1JWg+kE
SoRzcZ5g+yCow9rNiJr8L5fRp4qCm3gq8NC4DE4Jhj2sQdpnP7h/BYTcVvQsePBM
99k0hZyWJKkBXBZuszFEqm66xeNArxGFxiBJY9hPFHGB0j//QDRpQJrHq+2Uwgcf
xKYqpP1h83hkvZtCv/JwakAHykogDfDMOlRAWjczJzIZ0BbH7p9ckRAU0pGQ1jWs
H8otcl69wVaM1aEGewhX4PiCjYBYDdHqhSTSda797YMVf9gydAh+C7BnmWZfo0Pu
nVCyT66GoMLCvKnYFx/Zs/izXzPXv46HrRS7yW4ruz1LXYA2fFtj2EDR+LFK8l3F
ZJ8sWxSlM7LNnJYrS701Je+H8nxFONedjoqn+EvTnuHe7e3SIFSSUXjV+hZ5qSL/
NXRUHLLphcgvyz5/5QgOOJQbdZBSAd17jKkV860QPMj5ZAuhU4qx7yHVUP7PIlWn
ZYTq4zY716AA96Z8xK5uqT3pN8ZvxN8eg6ZR+lLUpiHJa3pkVXbp3oh9L+F6uRlN
dhtgHHC4Y1Qy/Snu1h3/RAZeD1T0p0wk59uL+roPyVFOd2QhNLwHbriHftOTvsfc
qXIZM5tDK09z2OZBQKgpmi8zTHZ4oMfKLENbbICMkJGYxcbJ/Bk9dHe3ztTcjJW3
wcTYCjtRVF6Rzufp8wsVQ0VWaH6UxtRkdZuwvMvf4QALFywxNTZ1f/L8/QgVHSMt
Nz9L
-----END CERTIFICATE-----

9
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/comp_client.bat Normal file
View File

@ -0,0 +1,9 @@
:: Name: Martin Janitor
:: Subject: DP1
:: Description: compilation for client.c file
:: Date: 2023-07-05
rem prikazy na prelozenie a linkovanie EXE programov s vyuzitim OpenSSL kniznice nainstalovanej v obraze BPS_PS
:: MJ Pridanie makra AUTHENTICATION pre autentizaciu klienta, ak nie je nutne autentizovat klienta staci zmazat -DAUTHENTICATION z procesu kompilacie
gcc -Wall -Wextra -o client_run ./CLIENT/client.c -lcrypto -lssl -I C:\OPENSSL\include -L C:\OPENSSL\lib -lws2_32 -DAUTHENTICATION

9
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/comp_server.bat Normal file
View File

@ -0,0 +1,9 @@
:: Name: Martin Janitor
:: Subject: DP1
:: Description: compilation for server.c file
:: Date: 2023-07-05
rem prikazy na prelozenie a linkovanie EXE programov s vyuzitim OpenSSL kniznice nainstalovanej v obraze BPS_PS
:: MJ Pridanie makra AUTHENTICATION pre autentizaciu klienta, ak nie je nutne autentizovat klienta staci zmazat -DAUTHENTICATION z procesu kompilacie
gcc -Wall -Wextra -o server_run ./SERVER/server.c -lcrypto -lssl -I C:\OPENSSL\include -L C:\OPENSSL\lib -lws2_32 -DAUTHENTICATION

30
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/makefile Normal file
View File

@ -0,0 +1,30 @@
# Makefile created by Martin Janitor
# DP1
# 9.5.2023
CC=gcc
CFLAGS=-Wall -Wextra
LIBS= -lcrypto -lssl
SRC_CLIENT= ./CLIENT/
SRC_SERVER= ./SERVER/
OPTIONAL= -DAUTHENTICATION
ifeq ($(OS),Windows_NT)
# Windows-specific options
LIBS += -I C:\OPENSSL\include -L C:\OPENSSL\lib -lws2_32
endif
#I C:\BATCHES\include
#L C:\BATCHES\lib
all: server_run client_run
server_run: $(SRC_SERVER)server.c
$(CC) $(CFLAGS) -o server_run $(SRC_SERVER)server.c $(LIBS) $(OPTIONAL)
client_run: $(SRC_CLIENT)client.c
$(CC) $(CFLAGS) -o client_run $(SRC_CLIENT)client.c $(LIBS) $(OPTIONAL)
clean:
rm -f server client
del server.exe client.exe

160
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/myCA.pem Normal file
View File

@ -0,0 +1,160 @@
-----BEGIN CERTIFICATE-----
MIIdjzCCC4SgAwIBAgIUN0p76iVLFlnmnk5I2lxh/FY89lUwDQYLKwYBBAECggsH
CAcwZTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcM
DUZha2UgTG9jYWxpdHkxFTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJ
bG9jYWwuZGV2MB4XDTI0MDIyMzEyMTMxNVoXDTI5MDIyMTEyMTMxNVowZTELMAkG
A1UEBhMCVVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcMDUZha2UgTG9j
YWxpdHkxFTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJbG9jYWwuZGV2
MIIKNDANBgsrBgEEAQKCCwcIBwOCCiEA4mTQbxXW7KvE84Go8ktmQrst7JxioPjI
M+h6sZqAgLbMuZuG2znL7I/Ubku7jDDeSbtizuuKg096ZPcZyShabn8tD6FktVNj
cwjl4g8OuK8IrpsZPZ7b1f5VpXmQleGdWjqJAmtuOzkXtkYyVsI5p9vOCuOlnFFC
GFnwRI1r9JaAh//rNSaHrEVg2pXuY0pwsvantf+Mua1pBMZ8hBNKoxEkfzSUiAyg
xG5fCCkRlviY4WZAJiQ+3ci8EMO71zlI5E6ZdTo3O+0GZIv9/GKQB2PFv0E0WdSe
UcKHO4KyELrQtOF57G4Y/ypN6/Ixe8Ej33KtBOjlBs3ri6bZxrCjy2uLNSUYt8aC
aMBhdOXg1esJAZhaefUUdJd+5cpxmwx8G6emmyHDueEUoH0ntj7FBSG1YAGAsgvp
rlUzNmtc04747L2tkkJG/3z/vnpWOnuq46A643/X7tpT1o2rCzBPnuouxMW6TvbA
UmqGZ/dxyJ9fT1hq+19Exm1/02wP4zDQ2Im+aaOHie+OFZx0hIJucRb8T20NnQAo
4vQJiIwcxKFqpkOzWh5wrkP59AeymPMnuvctEMbaeC4fv09XBkM4xWo710o7HPjm
qFMkYh0MaraDK1Z4c8F+9Q0JPO/3fl2/YsfnmYWo3U1Act+kGJ9Z9wCIwYpDIjq9
L7zAMaQlhBp6U6qWafb3Uo0I6iXdH1fKJ1frEsK+OuTZXwsps/eFBEFduf5DdncW
zunhJakRCIJA68Cgt/LThXZzHJ1LaN9vVUNr6US1ZlIiFnNTtr3KEVggddkVCQu2
V4tX6358LB0hG6rh/8W/nBer6Uh8DDh9RlklOijXfiaNcDlYBqEMviDmGOYhwksX
5vVCd5zUH0GLXmsoP7K3Ch/VIB7gI5qa8TUSmgs9ULsEYOGYEUamYN1nGpJU6W9y
uBwDDCCq3K++YUP/4cM15slCd1p/oM25z1P7bTUGLl1X1aKqJLE4eH84I67psGw0
31Vu41U6tLIoeZKi2UusO9kBCoH1XOMDt/MdJLWnZg47N8o9wkZuGQvCJhReakhq
hOJpSe5RfuajoIwfy7au3QwgXg02uOJ8rCJvXNmPydTmer1BSCOR9dYjnlNDlJcw
XvlazspKU+ylrmeH9xUT0O41PVBdYhKXg0V0RrCbgUQH1qLn06wOXzaITjlzCESn
I+Xz1RIYGI3j4IMUOgz+Q9CmBhAJ1/G+To0xC9QwCG0M/UYsDkdvABCjOHxEHd2N
NdxDBjTvWNyYEZJQA4T3vye2FrrJs7UocMqphTZgh1M0CHUP1lQE8ldHNbc9HdYf
JHlMMK2H/DF1B+u0+YPuZciVzpsDQHeVQo988vMExmzcZVoxhYr60QZ8Cljys73D
ns0Tl79uYxpX6k0OSbIvI5k8tE8PesVivl7t5SzXXrHEozs1GAESgyJt6dPpwDyr
zByzD2Q/esg6DJKuwrKFFLO2Ed9HLxVfVeYQrmvj2vbTczd1rio1TtOPtHlhe+5y
qjh/FkVJSdb1vqib3KHxumgPPPrv28KajOXcONhjWteQ9PvS/L7UVxovGTOkSfsC
oDL/5LEbrkqjkIp1vhpXa9wRFGDeQG8i7GSP1DSgvO+bkUAbe2efKMbhVAscOFbb
CIabeKvGhTsPsJEF/eYz5vYzcaSKC37Ra5fQ7sgBwdEZO5KW1DojUKHvTX6Uuilr
Alt+stgr37Seg2km1xHxJ2M5MK7xIFSv7crO1uu0GO8Dt+857/0sqWUNCvWjSL6s
4oazZ4JWonjmRlHegaMny04wx2ZaJTGe5gSupHCur1DmJ8m5QfXbXr/8SKF9ICRb
du32OYKZB8w2XmEf/LtKgSo8ksQl0ttFA6b4S9423KsfGrlgpnFiPLHRaJoPiV/k
DPXOFpu4HAPoMVmYpJAny4rE89oTRXSEN+livYjtZsBFVtkM/a85zhgiZLstpeJK
38NBukXEXgvHEch8kC52Ng4JUEmy8iiKDId7Ij/IXySkwo9kfm913yRGxpOStL9u
WWeCPruWySkc0ncjP1Bi6GXD214oftGh16tdM6bXssFMUmjxfq+77pgRqtbKxjaU
rFzKp3r/hteoSMpnq2pn+IV+Eu30RXKACgY7MFRlfxxr4i//AA5bhfdjOmjIYKDA
bgrsyByeC0wX/GeMcosHYkhffiBWydE2Y4cvBmCxTELw25kikmXvVfEFCOvUk7Ov
LCbA66CRGnvOOEce9syc7e7Dd3sleUaLoE2JfgqztYt25mUJHK+DZbsTqyIYCVRC
HALsJImlLt60b7bASITD8FCA1OablNb3uLciT504XiXenNsnWgEbphSf69+3Cy9D
C5j8dt4k9VYQt2SQz1jP23KCEuZqIzy7OKfx2Qzg7eYZ6OR17otNgbU1hA9ABBn7
ouBLN7JnPyKObXP+fN1QkiIRVeW4qCSSanxYVImlS8yrzM8uukHyP5xQtqp5L0Y4
cnK5JiJ+NvXO/foW3pVgbJPx0g3MKUdlvqd8gXgCelxE16rBoLvb8LwyXTWgsROn
eQgSlwRVzCTK9oVfinLG45vrufIn1iXJxsDfaj6msuqcC8RSKy0/aKcXxSgl+0nD
A3i+m5ktCgrPJJ9M51io2ecvDBy+251JPJnpqWHxsXMs0vhPszzK42tiC5pQPMkf
ulS04ic8vuWkDfei0+IunxyJ8L6EKhNJFEnnU5z9k0KLi9jYmATD5Kakxb4fTrjd
vl5WLXUAcru/w93BU+LsvHLy4KZMcr+k6+BwABonwyhC7KUjrTTa0e3WNdjpU14B
Lw0oscGtzMWVl5KwfYIKoU5HF9WgawczBPanPye7yt6Vvb36FnRO0mTPAQy0t7Wn
Eg7HarcA5DMYxV4hkB7kSlIGSekQ0GRABK4YdaNPEGAYxuvlBLP68vhEujARFAXZ
pRrK+ysrzX//WJY3Y3vmk3NACV/RDqfokwySYNLC3+ToOak0JYnmQd8EZEqhoL31
WjHcG78JaSKw5cg4aHeV+W7ZYpruS/c28kpI4ox47SMrumrrL8fP0+3FAg29d2Mm
xM4tr1vnElQh457fJ2w8dWum4M7AJhyUQyDwcV9TnqbFYKCRVxmA5/OUVLCVlaN8
9N5yaKHG0uWhyHMEC8y0OJs1dw8DWYmEserjXtAGg16CCEUztQV8HdIBd1EekQho
oxlTp9oV/Hvul7gfp7aEtvWXhPUHSGHeFNCU776Ac0SfCV/xc1naWfot52/Pd4G0
g58AS5F8l+PnjM2T2bwlroYdeoBWRhLu3YCMmgWzFfLLb96mQEZJlz0Q5JMlTsgq
2zWfhBhWW3EVGUzQ+QSvIV1vVY3jHXseAwRKb699I6LkUhxZiBaebhRX4E+mUY06
F4LHVqEi+ia/FsiLGWhbm/R6ntkKZA9Gu3Gu8NrC6bLNGB5IXJGo4jyhueh71Lag
Wd6GJYBcyQhUflYJpvDF52uAFCtX2VV8ozIwMDAPBgNVHRMBAf8EBTADAQH/MB0G
A1UdDgQWBBSFhs9EMAvIjUAsagJVoCPgTyjxZzANBgsrBgEEAQKCCwcIBwOCEfQA
QVt6346wBPySLh2vjzeBIMH0S9voQKpbK8a9tWEylCAwhoAtSSdvuHqmauCRj5/q
fSsroRMGf34Zi+k3i9gf9AvyL51iM9TPucYElCKidPBlY6OArByUhXxvad/VM+da
Ji5ZEEvL2WPU0/pGqaELXsnb1gKtZuBVB936BPsvZ/HpEYe8PhxwOEe7aWqCOYuV
yoL18t+kQ91+aOjezZqLW5fjJEKRRAvbt0EOFXxUUFRu3j9qy0ie0p+Y1xvGfmR/
EuCyY6jJ2cGROg2vI4ezojrbaci4aQ9no/G3jFQnjo6Qpepyf7aMbgBB3UIaxHK9
6CMzSYseql1VFlZ69M2MC/PTZGHqBMlptvU7LiFUgCzaFy4931OTH6d1EgpXLDAj
At9JLJYA33FY/vhCBwH/ePJyqasUQu4n+MVA56na8dvJTTPy/Tv7msfSBN4KvuZP
V+327KGBYjN2M6tOIIzYhf7nEQzsjKmDcLXp+7axTCUF6yal+YSBvQRTlyrAQ3nd
nh4TpP8WPahFL2X+l/KaU0FTEjh3bSQNLsjWKlO/IOmKuv1MPLzi23KwbHACcZWC
9d64tbW5ErGkunHb72E1IJeXeFNK8lYO4OceMjZgGBa7RdiqVVz0uh6vbz7R/LTo
t+WNK85Q/i7Ha4ibbSs/t6av8nfPZFIoSTq0VPtXo851B+1qlbhyrQKAEAE40sk2
ehwSibk7o2tj+9yQbCBhVyGUhIbgMn/skD8FbxE+i036nt9a2A72cPZPUYOaqvHo
hqzSxRtUyH9LQbgZr9tm+SFx1xImYSiRKBmhdLqDL0jPGKnOFiMfwRVNMg+w+ak5
tazM0fpjK3KUS0GQ2BrC03pd2rbVxD57awUqYiLKA3O/3LLFfnfGFtDTkZ6gyYZF
hXZM1MUyEgH75qIceBTJPh6mVSlEhIwHwwQKXXVCpa2itaJH+OYBKKbQlYaG7RPh
HHK6HLo8SYJtQLkQ6ZBsYAjWBcGSTWsNCDwg3lSTEUdinH7x8imFsAbwGm9Wf5Qm
RsoQyuF11MqDdKGDpdHOwfqaHINsYM18JIfqqZkqiOhz5JJauP/sv6i8QBUX6I1x
gUJNEMI8Pe8j+tx1HeUpiLPgeT0M0pLW/Ot1AfiiXdToTJvXQfsl+U3NgXhvTEiK
e0qz51VgzW2uVsVxKlIBjBOuax0akxfi09w/EBmACC95y+DnfuHP9/ASIZ1pP8iv
DbpWO3CB9z+9kzebEo156LteZLvkwGccI62dO9qJSNKQ8ucqgOnQmhtlxy/lqx5S
wPWVZncvDGesnhxYUgqQ7Xo7uFpmicDoyAaeWnxYhoM5JjpOTWX8oph9UF1Q1NO6
JQkOq0jjRxVshXc4BE1lKvbjLKhidhU1SozQTIGj/Z1LiIzbhW3nFdKlL7Gswqet
yzhsTP4l0l4ATQBdFcY2NONsjsP2H41Obr8Jai5/AbGRP9mVER5NJLcyKw5NDZ2v
z28A0FJFr2U/16wBM2Ki/x5Aqh7+G8bjT6XSuYVtrJCtonOB3h14KGSHXcZzz+YE
H0clExRibfMO7BMPRU3envWMTi/MMC9bXwt5iJuy4phaWuMUcexVunoA2QhDAQt9
7fSLsXLaD9UIL9k8PnKY4Vx1GD/I01QWGz9NPzPIYyfwE2qbC1LlbSNjOp5G/uWI
SXurH39QZ9EwEraLQoBJpdjghE3mDMgHaZ5mn3gVoyqAh91Bw++ilSFhhejNB4/B
TSI8+kuvQpyizmQAin8OqvnPrh7WiEVKqx2dS2Lmb9PkpVHHlhSo2tcBlt/a6g4Y
5z/sQhoyoLvfWfkiQ14gkYzKa0zEYuGnsph6FWQDYyV+d/bnn1hrWxviNONjCdcZ
0XFeCyfywS0dJSn4ZLuPD5EUoJvtXDElezII6T0NraCDDfSPkN3eL78oWp6pb3D8
puTFBMpHNk7+I1HbM0nknxm5f3xTJZVsfciIDVloS0aKGtOTLUII7v5GqZMu08VT
jo1K5RK287MikmpKMz4ZyejHm4snOuDwad1TzcfshZmHnv4J/+zHWs3w6QjvLdy0
3tQ1D0Tu/U1nt4C5Tx1AJOQjAswTVdxKVEfezFOZqhM173XshNnY7dQrG1RCE0cQ
5zpRe5ZrOjd+ZpuQR0V2GFnnOBXlb9NomIS0uURc1+KbaK1bSnsUTmZNe9By3f8S
3u8ZUoj54mlSQqlz+3lxNNovukqPl6HeAa1Ze0etrqdsegkSFgKTSmZD6RT6pOeI
8OcjIirpv7vQteAMG37URKUjS+T1DWe1JIDJ80dXXj5Lhrau3wgADDZzTf4r9nPM
4Yyw2mkwvAFksSJdthmy5sA8LGTH40DOgJVmRVZTvxd3L/BYjCkCv00qEmgEj5r4
5mdDO1+A00/p2EZso3VoX9ek+oITiGqxXyHYl0FnTf3+NmqZPh32GnBpEpwwPZvd
WIyCAkazRvf40EZdJuYU8L5z2x/ICDxxeDg4MAS2TRg7pY6IwiozWODVMiqdTI7D
mR8WBFqq4f3NK+sOKvHbYyOrMNmkfjR87ApVOBgdu6w02y5NrSyYVlAD4lEB9zuZ
p/hhi7Zr1gW+P/0ThpoYKxA/kx2/yNZOwC18Q7O7Mh6+dVS1qPEIajpOOu4/6SmG
pEGZqI028BnJQkB/CvyrP3X5ejz11RdZPi6VC6PpzrBS7hg/C82+Wg6pzWOTigb1
h9BZrFXleOiFAWgaE+hUujmaqAn6t2XTn5b3Lbps2YY5wk2hsT4M//PDvh6Zv+Gb
fMLbDUSlQDqc/nonFQqt4pR4YIkbmNXemvpqXoIZQtQaGoJ+Gf7nRdG6T5AISEMa
PZFl/LV8b6hdOCZ+p+yjByliS3nWd25FjsXdtotOOPNeht2BhDIj/6W3AAHUKFk5
eB0M60e4GsV2sJb6ZZiIZDM/CCb1Q1xiLmci4BKaWO5xTN/fMYgiw/uUgWfeSn0X
IijVc+hZFnq/csUF5ZYz+pT9kAgceWZGNBQfPp4s/1lBH1drg9H2SN7wj7nJrOef
4Z+hAfnVVOSqUUJXfOMporximqSxbW9hdUnkzsW6NZbUN67jBDhatvuNRDUZ/d6L
AzEFFzSBtSNHHozkm5UmV3AZdrlpJMErYQA070BaMnd34s39x7Kq37tKXfPugSTz
Z6DQuh4dNHlPFAsw6Ich0iYYCXIiNeACfn/URRmrQ3sjiWIHHb+t364Ce3iiaAW+
jgd2YE52nRgR/CW8NGlwnhvOgJAH+hjmiRYovufnUxW8QdQ9rZViVwHsgJE+ku7I
IFTBsLUaKWX8uEk4jw8jlWFqUYrNu0sWBO2t/LIvYPKNU9ZZs+4kf41gjAJYSEz2
ThmU8g6wBv4cTV8EhwjBEGmRYGNLeNTyHWG7W2qYjeKIpfGxOlWFZSQ0iDV4SZqo
pMzINn1yTCpp2ubyEmwXnpy+R2iCm9O8du94ZR3ffeGAQGVKMXXsUjCWeLaScZsp
xRQKD4hEg93nT9SoTBdx3M+rSRfzbtxxcBGmJElrrgj2I0EUunDtEOFwTNLHSwwy
yD84L79lMRig4jYfZI4zPIaPONHjLy3Tmeg7VpdktVs4qDVIaPz1V1PemwADYxfD
WV3c0STo3QvkKmq7WlD2Q/oKsjszPZkVqo977ClBiAaTj+upxDi5Yy+Zec3bWbyg
TrXfksaG05mhuzcBs7/u/DoYiPfAGo+IbObY0ofoL0+/STbl2p0wFfGRGhZ4N0o/
S5NOVbJL7khhLvf8VRX8jeQXh/DpBKAvl4sZw3ViL23KkN6XsecxZPR2Y79Q/X3m
cyGrH4S2c+uxHUPjzTyS+cZavHBXIKPRjzvhdHw6smmUIckaY/n3JL5JyWyjjUS/
6iugMcybQFOhg3mmbxr10jN00gy6DbV7SmDDvAxtpG4PVnfvPJU0ylVzITIBl0MN
IoIQFGlXlWoH6VKfwdQ5qNz7wYuVovN5rDejOBi8h+WvUo+wyCw0TKWq9NIPb/7/
U7jkwJ2Xu7YyiaWYMjMUADBCdon/ygidfjZotZN8WpKcZmKenlkKX4de9R768dwn
nSjPgUdvcnC7zO4dq6sp0URps9iBlG+jogK8UfWxDdWt1y60pMZ8JZUzBERfh/3q
TAPeGFDt5gUBysWhXZJXR5PF6FFCZLrrSpXRtd0JP3HpVuEmkS+VurfZPJhmHLGh
KejNJxOzSBl8E2ycxkiV8RGQZ0nL3hNDcvv6lcSwj1F1eoDElORF9bgxmODz24bQ
IwdHBNhUpWVLLMi2PB9En/KuOT2oXAUVjL0WuOzzO7yYkla8IIFmpCb4Skp812/b
3kdeP7sdRRav3XlgQx6gJJG2IvozHtdSIW6iamMpPCVnErV7nbydhywerjeNsO9e
nhoPgjt1xklbVWcZWTO5cXf2ahVRUUMnagrLOabjERGGmwgsFELqji2XiUPnEBBX
PPTVK990XH7C7bDDS5BZbm9xXb9T03N7GU3HFqJPMpzIHD8oxIqZ0H8Ds/E+BccV
BoZJUGYPayR/NE4szCSPTc1CAsbTFaahlMtsNxP18Hc4Bzy4uQcO4iLf7dGnEVvY
yAeZGioi86Zk77dkbIPcONDk+tuV5QkJIVzJPKSKskWijucG7yqh8Aha6RnFwfWP
aSeJSuZfzAZhqzQ+o1S4/Bg2wCJLp3O4a1MLVexwZBiRBUL5g4uYxA9vI0RVv5tM
vFVKKB54w+OK9SU/P3oKd+euYcawVi6d+iKBJwgUwRJDeHDhQ81m09L+JY0Oa4Hs
1BUfruXOxkbt9UAfqmE/icpsj1Qf0SI7MUnIamUtsm7g68yIOCCwdTVt2JnjvtcM
E8QUXKGs3Bfqq0DT6I85Ri7gFnvqBK240QQP6UbsQ+Y/+1TSFK0tXUEhhsaXN1Ye
OD+QgsMQimNKwNZHUKhotYPkS3z+CaO97t+mimgIlCqY/3iZn/fvut/0mVyguhts
LYEQvoTVHRx0tFyZv4Ua2VNom5zJkTaZdVpAVtOICijsqr91IkXLH/Emb+XQ3Lcy
TbJBBKinsJtmf6C9m8miNpt5Yg1EG2qBbaurlszfyU1pEc1r1L2ffGXjjPr9T8Uw
hmdTinmjH/6huoEBAoNKZAskaBSTX/zC+BwVI7zWp0vh7dUJEJ75fe344pa4epQ8
HR2+UkMeX9cLLmSZi4gdg7m2/lZhEdT18HZgmspUZoM1pKvZSmGhUYS/8tVg8hC8
NEfOrwJpLz1AISDZMtP5S0Jr3jSU9nKO5ZFdYmpZohroEYARI3GKs1/aTYt0swy2
Nd9sf3DOJKMe1I1HJLnC0LB3l9SR65Fl68gbnljCPES6Vbb4UMQeJL3nk82Y52VW
L6S7ZddPfGRWMNKeWnCu347u+/QR/YD+7cpZeKetoi+Mxdd2quRiHphFFf5PMmSz
HnRdnSO430329Zg90yiX+wBy92AQd0cG706DB1E2s84WX1xHGcC7o5oc0pnH7cv8
hE0Y5qoQBD+LpDbAPbpr13ByJnulGTXhrWz/Z1hEovkMOpV4Do4MrAoyy/c25jSi
bKwPaoHP5Fl7I+9TiWNWvRMV1N4dhLYo8Cau2Dv0XsOv6gKXOf24uapflq1pn6tH
jjjChNRcqVodrDEf2+L7Vwgtxdzgw6thG8y9UnJydwMftqI/xfGUxmVaK+e0PUaJ
kiMXpWJcwiL6BhJ2ngVOmmnNOXSBFsO583w6YNxYAhaTnQs7kHrod6fmJeApTHp8
3hwj5sdYPUmbn/rkThIUJDeSoWHkIBm6s7emxXn+GoJOdzun8oqcYkptriVNg0V/
S8LoGEzgY/smw7cAp05skH8psBJclO45JfImbrwkZFMPyeQLH3XK69wigjT22DYp
o6LRvtzoWUQziRj7JKOMHbOfKXn56cPGTEezF2LNxNXdDP8b72MelSCVMVA9wVOE
aYcA7TuyUBWLU1y/QnFSdtq/48jTcGGVGEO5l07POlxh0NRPjPuqjjGPR5LZYWi9
MF121z5OJ/gvHLSnPT6hbu5QP94cKpRWdAK+bu5VrBlMnC0uUZJwy9c+ms9Sk0wS
BAdRlM71FilYrbO31homWXKBqbPx8j1IXHTCyvT2DTp/5vIpMklPY2iC6SxDZoqL
7ERMXWuSmLvRAAAAAAAAAAAAAAAAAAAAAAAABg0WHiMrMTk=
-----END CERTIFICATE-----

4
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/schematic.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 104 KiB

7
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/start_client.bat Normal file
View File

@ -0,0 +1,7 @@
:: Name: Martin Janitor
:: Subject: DP1
:: Description: run client .bat file
:: Date: 2023-07-05
rem testovanie spojenia klient server na lokalhost adrese s vyuzitim portu 5000
client_run 127.0.0.1 5000 ./CLIENT/client.key ./CLIENT/client.pem

7
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE/start_server.bat Normal file
View File

@ -0,0 +1,7 @@
:: Name: Martin Janitor
:: Subject: DP1
:: Description: run server .bat file
:: Date: 2023-07-05
rem Spustenie servra, ktory "pocuva" na porte 5000
server_run 5000 ./SERVER/server.pem ./SERVER/server.key

324
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/CLIENT/client.c Normal file
View File

@ -0,0 +1,324 @@
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0
*/
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.5.3
*/
/*
JS 2024-03-04 - doplnenie funkcii pre uvolnenie nacitanych providerov
*/
/*
JS 2024-02-24 - funkcia initSSLContext() rozsirena o nacitanie OQS-providera
pre plne funkcne PQ algoritmy na kazdej platforme
- doplnene priklady nastavenia premennej DEFAULT_GROUPS
- testovane s oqsprovider 0.5.3
*/
/*
JS 2024-02-17 - testovanie PQ algoritmov s pouzitim oqs-providera
- pridane vypisy s informaciami o pouzivanych algoritmoch
pre KEX a certifikaty
*/
/*
JS 2024-02-08 testovane s aktualnou najnovsou verziou OpenSSL 3.2.1
*/
/*
Name: Martin Janitor
Subject: DP1
Description: Implemenation SSL/TLS [CLIENT] connection with usage of BIO structure
Date: 2023-07-12
*/
#include <stdio.h>
#include <errno.h>
#include <malloc.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/provider.h>
/*
Premenna na definovanie "exchange groups", algoritmov na vymenu klucov
Server moze podporovat viacero KEX/KEM algoritmov, v premennej musi byt kazdy
algoritmus oddeleny dvojbodkou, napr. "kyber512:bikel1"
Podporovane algoritmy je mozne ziskat prikazom "openssl list -kem-algorithms"
Prazdna premenna alebo naplnena neplatnymi protokolmi sposobi prerusenie aplikacie
Ak server a klient nenajdu spolocny KEX/KEM protokol, tak
SSL vyhodi chybu SSL routines:final_key_share:no suitable key share
Priklad pouzitia:
- klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072"
- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768"
Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md
POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0)
*/
#define DEFAULT_GROUPS "X25519:kyber512:kyber768"
/**
* printUsage function who describe the utilisation of this script.
* @param char* bin : the name of the current binary.
*/
void printHeader(char *bin)
{
/* JS update */
printf("[?] Usage : %s <hostname> <port> <client_private_key> <client_public_key>\n", bin);
return;
}
/**
* makeClientSocket function who create a traditionnal client socket to the hostname throught the port.
* @param char* hostname : the target to connect to
* @param int port : the port to connect throught
* @return BIO context structure
*/
BIO* makeClientSocket(const char *hostname, int port)
{
char buffer[25];
memset(buffer,'\0',25);
sprintf(buffer, "%s:%d",hostname,port);
BIO *bio = BIO_new_connect(buffer);
if (bio == NULL){
fprintf(stderr, "Error creating connection BIO\n");
return NULL;
}
return bio;
}
/** JS update
* initSSLContext function who initialize the SSL/TLS engine with right method/protocol
* SSL/TLS engine provided by PQ algorithms functions of OQS provider
* @param client_key name of file where is stored private key of client
* @param client_pem name of file where is stored public key of client
* @return SSL_CTX *ctx ; a pointer to the SSL context created
*/
SSL_CTX *initSSLContext(char *client_key, char *client_pem)
{
const SSL_METHOD *method;
SSL_CTX *ctx;
// initialize the SSL library
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
// MJ only TLS connection
method = TLS_client_method();
// create new context from selected method
ctx = SSL_CTX_new(method);
if (ctx == NULL){
ERR_print_errors_fp(stderr);
abort();
}
// MD zabezpecenie overenia certifikatu servera pomocou CA
if (SSL_CTX_load_verify_locations(ctx, "myCA.pem", 0)){
printf("CA certificate loaded\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
}
else{
printf("\nCA certificate not loaded! Abort ...\n");
abort();
}
// MD nacitanie dat pre autentizaciu klineta
// MJ Update [Define Macro]
#ifdef AUTHENTICATION
int res = 0;
res = SSL_CTX_use_certificate_file(ctx, client_pem, SSL_FILETYPE_PEM);
if (res <= 0){
// handle error
ERR_print_errors_fp(stderr);
printf("\nCLIENT certificate not loaded! Abort ...\n");
abort();
}
res = SSL_CTX_use_PrivateKey_file(ctx, client_key, SSL_FILETYPE_PEM);
if (res <= 0){
// handle error
printf("\nCLIENT key not loaded! Abort ...\n");
abort();
}
/* verify private key */
if (!SSL_CTX_check_private_key(ctx)){
fprintf(stderr, "Private key does not match the public certificate\n");
abort();
}
printf("Certificate attached\n");
printf("\n");
#endif
return ctx;
}
/**
* showCerts function who catch and print out certificat's data from the server
* @param SSL* ssl : the SSL/TLS connection
*/
void showCerts(SSL *ssl)
{
X509 *cert;
char *subject, *issuer;
// get the server's certificate
cert = SSL_get_peer_certificate(ssl);
if (cert != NULL){
// JS get server's certificate algorithm name
int nid;
SSL_get_peer_signature_type_nid(ssl, &nid);
printf("Server signature algorithm: %s\n", OBJ_nid2sn(nid));
// get certificat's subject
subject = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
// get certificat's issuer
issuer = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
printf("[+] Server certificates :\n");
printf("\tSubject: %s\n", subject);
printf("\tIssuer: %s\n", issuer);
// Free memory
free(subject);
free(issuer);
X509_free(cert);
// check certificat's trust
if (SSL_get_verify_result(ssl) == X509_V_OK)
printf("[+] Server certificates X509 is trust!\n");
else
printf("[-] Server certificates X509 is not trust...\n");
}
else
printf("[-] No server's certificates\n");
return;
}
/**
* main function who coordinate the socket and SSL connection creation, then receive and
emit data to and from the server.
*/
int main(int argc, char **argv)
{
BIO* sock = NULL;
int bytes, port;
SSL_CTX *ctx;
SSL *ssl;
char buf[1024];
char *hostname;
if (argc != 5){
printHeader(argv[0]);
exit(0);
}
// MJ Add keys for communication
char *client_key = argv[3];
char *client_pem = argv[4];
hostname = argv[1];
// Assign correct port number
port = (atoi(argv[2]) > 0 && atoi(argv[2]) < 65535) ? atoi(argv[2]) : 433;
// Load default and OQS providers
// Default provider must be loaded before OQS provider
OSSL_PROVIDER* provider;
provider = OSSL_PROVIDER_load(NULL, "default");
if (provider == NULL) {
printf("Failed to load Default provider\n");
exit(0);
}
OSSL_PROVIDER* custom_provider = OSSL_PROVIDER_load(NULL, "oqsprovider");
if (custom_provider == NULL){
printf("Failed to load OQS-provider\n");
OSSL_PROVIDER_unload(provider);
exit(0);
}
// load SSL library and dependances
ctx = initSSLContext(client_key, client_pem);
// make a classic socket to the hostname throught the port
sock = makeClientSocket(hostname, port);
// create new SSL connection state
ssl = SSL_new(ctx);
// JS set default groups for key exchange/encapsulation
// Without this function, server will use default X25519 protocol
// First protocol supported by both server and client will be used for KEX/KEM
// Empty DEFAULT_GROUPS or list of unsupported protocol by client will fail communication
if (SSL_set1_groups_list(ssl, DEFAULT_GROUPS) != 1){
printf("KEX/KEM algorithms undefined unknown - check DEFAULT_GROUPS variable\n");
ERR_print_errors_fp(stderr);
SSL_free(ssl);
SSL_CTX_free(ctx);
OSSL_PROVIDER_unload(provider);
OSSL_PROVIDER_unload(custom_provider);
exit(0);
}
// attach the socket descriptor
SSL_set_bio(ssl, sock, sock);
if (SSL_connect(ssl) == -1) // make the SSL connection
ERR_print_errors_fp(stderr);
else
{
// JS get chosen (negotiated) key exchange/encapsulation algorithm name
printf("Used group (KEM): %s\n", SSL_group_to_name(ssl, SSL_get_negotiated_group(ssl)));
/*
if the server suddenly wants a new handshake,
OpenSSL handles it in the background. Without this
option, any read or write operation will return an
error if the server wants a new handshake.
*/
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
char msg[] = "ClientName";
printf("[+] Cipher used : %s\n", SSL_get_cipher(ssl));
// show certificats data
showCerts(ssl);
// encrypt and send message
SSL_write(ssl, msg, strlen(msg));
// get response and decrypt content
bytes = SSL_read(ssl, buf, sizeof(buf));
buf[bytes] = 0;
printf("[+] Server data received : %s\n", buf);
SSL_shutdown(ssl);
}
// release SSL connection state
SSL_free(ssl);
// release SSL's context
SSL_CTX_free(ctx);
// JS Unload both providers
OSSL_PROVIDER_unload(provider);
OSSL_PROVIDER_unload(custom_provider);
return 0;
}

48
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/CLIENT/client.key Normal file
View File

@ -0,0 +1,48 @@
-----BEGIN PRIVATE KEY-----
MIIIlgIBADAHBgUrzg8DBgSCCIYEggiCWQAuggQPvwR+gw/ROxCfAA+QvPgBxPvh
hPvhfhe/vRexAvwPvPifCvfAgQPAuBgAgwPOwggwBP++O/g+/hQfv+//O/vP/xBh
vwBhigv/P/efAwQeQRQgBPxAQQP/wRfAgQPQuxAvSBQvxuwfPfuAAAwvgfhPRAvf
AeggAev/AAfAvhfRvxg+wgAvxvuegf/fvgBPgQwg/fQQwAOQPPgvvQvhQhQfgARO
PPhPP/hus+yAewRRvwvgAfh+gdgfeQfQQwPgewAfPfhPAwfewRgAvwwgAQuuPwvw
ROwwAPyAAPPAugAgAQC/AQewwAAxOvuvuwBxBPwP+g9uwPStgfwPuQQBPPuwAvBy
BQf9fhdPAfwPAv/wgwvPxf+vNt/BOARO/AAwvvvvff/QwghO/AgPAQvww/wfAQvu
wxSgP/QvgBP/wgQgDQvPQ/Afffv/fxgBvxOuvwevfwf/wwQ/gPQRPfPBhfgfAeww
AB/Px/+vRP/APu+wguQgBRQgRwft/uw/gBfxP+fhuQOwPfvQQAe+uAhgQgwAQPfg
BvQAeiPCA/PvAPyAxRCOvPAfQgfwPtuh+wQABeQufgwgwQxAAgQQRuQhOBAAwAQ/
PhPQvwfPv/vfvuxAxQBvwhBAAAPxPQPQgQAvhPwOQgQPvQfQgtwASQ/gOhgNQfgu
wBwgPwwxPgQggvQ+OQQv/P+uvviPxPQBviBxwO/wfhQgxvBAAxhBf/PhA/wfgPA+
/gfgNvufQePQhOAOwQwPxPvhPROegvwfAdweAAQOxABP/B/PgPP/vwwQ/BvQAfA/
gwxfgwwfAwQQBfRPgh+wRAf/u//gvdwhvvPfwAggvRfigf/wQPwOgARAASO/xAgg
fvd/wxffvQORPO/gQtNgRgvPOQfPfSwwfhRNvQOhNAefQPvPvRxyxxf/PeAOggSf
fP+PBROQgwwPQhPwQv/PwfhQARDPv/fgPQQQQQAwftiQ/R+BfQPgvhvwRABhAxv/
QPgiPAQfOvu//wBRvQv/gQwvvRfwAxBg+c0E5PIb9u/jACHQ+SoE+BAH9P4f+/3Y
DEkI1tYWCOLVFwkCAgIWHhAj9+PmIfnu4d4D5v41D/3o5PflAu8U8fMP7AHhBd4K
HDAJ8f3vDgLwJvwVEQ8GsOMDBe3VFv/r7wsbMSoMKPP86xkCFBAjJgIJ/w37BAkS
H/a5BAUYGeMXPiXUAe4E5czz+PHpC/7wJSM2G+gb4fH7v8rN9x/PBwvJChPuBRcH
7BrpCRL14d78It4F6+MdJRca5xMRFvDuH+gF/PMC5uDY/R0bCyAFJO3t4OX89AXw
+e0MD/Pm+zMM7NIM5QfMJScc7ukc+BHgB9HRAAUKEUAfFyBIJAf/6Nin/BTlGgEE
7C0AEhwMNvz7Cs3y8QngIgwXHwjx7wMF9QYC+tIL0OrkAu0YJBYA6CjMENr35QsN
4h0NAukOBUDwBALsEPjuCBL79BP9A90RG97qCt//7P4ICTHwART82N8rFeb5EvMG
/+zd/Rr4EgcSMv4o6efrBzML/QH4zw7g4/Xe2hMPFCT3B/8V2vQIG/DpBygR5RHv
E+wP/dQRDQgXOe3aJe4jLgwR9gPxzwsJKQbxFhMmK+cJ/g/11gnt5N0q8B8fFRH8
B+35++Pf4jDQ6c/s8fHY2fL48QE2IPj1DPT3PvLEE/4L7OfbHhHy/UgJTvAK8scU
EcHSAxnp8BwUCVZJpvTSzbO/eq72xQ9lsjB3BD0oN30S8wAjSg0K6PV3HMaQSFzZ
NnvFaLeRJMX7ogyu8WUbBZ3WktLOZ6+KAmxWwpU4wAWVxXPoZ8PVoZRSAH4gwRlN
fxdylXtKZS/acWdjUg44Qjmo6Bp5K4AtHxtbEJansNxcKCq+cpmjwrxgQOleqA5H
SPSh4MV8ZThRsOka0j6+huWrAPpQihFynxa9GckCZQQBsbGUzlLISQ42emhlmZrf
S756UhCPTAaMCCqGpABFGokWLFE4by7qmkBTSTLmDzSUzBxstA0IxGWvBmrs0XUk
cgpidXeG6/NxobaDUskCJ2GbNEok/wp498E3X4CvsBdmNmbKS51KujlB50Yt4de3
Ebt5nGVIf9TBUDUFOqblA7mOi8eJn7KtommG3aeafN5e4c8JALXaCZKyFdULKnRY
49yPLWqbVD8kxHo47NAR7YwhecaWmdfnIfTuN5PWdmrSrbT/09AIZazKcILpI9bC
Y0BNtz9GqktLF2Zv+LLQFu6BsFrMW+yrareoJsafp+85KnhD5oOrKEiE1VGPCiSI
O0gh3RoJyXVWFIz9WqpoJLFeOjeROQOIk0aC5s4EUQOPSFqsxy6temkkD4e2CMuP
Eus6EAynUyFweQUQMnw6LVE40Pg3YuLj9B35qfBBeFNjdWrMqNJajJQxPI90POTn
UCyB1fXlmx9K0gqpHxwszDJXeMtXXwRTyborwa2Wd0ubFF4tSHojlo9NlWaO9nep
FC/5xiZrUO1o/Vl1OkTyt8xLKTUtEXWcBFsyoaNEXel2zU8nNmSTikWhxz9opeDN
3Ot6KnxrPdPaUx0fpByVaFRMC0bW4J5TlteWP93GGBoBc2LUOYk8JmMNHJk5hWRY
U+PLRySSixTKLik+GuLoyhe5tnCHs2+KOIiV99pqt6WosyHBz/Y+pelUl9KBNt2r
kZPEk5UMegB2iW0vzsiWSa9INhx7RFHoLE1M+bugh3GwKC7UdpSGeRjbBJ8iLw3E
f0o+yxu83dmF+1t3Ou6sYMuV4rc5ZEvSYOMb1eOBnq/EAQLyGrUAoFCq8eSZyv4x
baDh+N1Js4mjB+bGVClWNFMCHn6oTYZXSK17E1xmtU3Pd75FsysU29YD6k0VgeJV
C7HCcz6YzxxUeRIGJi2xcQVwMGKMfQhYoaqOxA4AK+ZV5CqfXbKivaQi
-----END PRIVATE KEY-----

43
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/CLIENT/client.pem Normal file
View File

@ -0,0 +1,43 @@
-----BEGIN CERTIFICATE-----
MIIHjDCCBOmgAwIBAgIUSaqkQplPGf1X7L8bQu6ywQZ2gGwwBwYFK84PAwYwZTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcMDUZha2Ug
TG9jYWxpdHkxFTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJbG9jYWwu
ZGV2MB4XDTI0MDIyMzA5NDAxMFoXDTI5MDIyMTA5NDAxMFowZTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcMDUZha2UgTG9jYWxpdHkx
FTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJbG9jYWwuZGV2MIIDjzAH
BgUrzg8DBgOCA4IACVZJpvTSzbO/eq72xQ9lsjB3BD0oN30S8wAjSg0K6PV3HMaQ
SFzZNnvFaLeRJMX7ogyu8WUbBZ3WktLOZ6+KAmxWwpU4wAWVxXPoZ8PVoZRSAH4g
wRlNfxdylXtKZS/acWdjUg44Qjmo6Bp5K4AtHxtbEJansNxcKCq+cpmjwrxgQOle
qA5HSPSh4MV8ZThRsOka0j6+huWrAPpQihFynxa9GckCZQQBsbGUzlLISQ42emhl
mZrfS756UhCPTAaMCCqGpABFGokWLFE4by7qmkBTSTLmDzSUzBxstA0IxGWvBmrs
0XUkcgpidXeG6/NxobaDUskCJ2GbNEok/wp498E3X4CvsBdmNmbKS51KujlB50Yt
4de3Ebt5nGVIf9TBUDUFOqblA7mOi8eJn7KtommG3aeafN5e4c8JALXaCZKyFdUL
KnRY49yPLWqbVD8kxHo47NAR7YwhecaWmdfnIfTuN5PWdmrSrbT/09AIZazKcILp
I9bCY0BNtz9GqktLF2Zv+LLQFu6BsFrMW+yrareoJsafp+85KnhD5oOrKEiE1VGP
CiSIO0gh3RoJyXVWFIz9WqpoJLFeOjeROQOIk0aC5s4EUQOPSFqsxy6temkkD4e2
CMuPEus6EAynUyFweQUQMnw6LVE40Pg3YuLj9B35qfBBeFNjdWrMqNJajJQxPI90
POTnUCyB1fXlmx9K0gqpHxwszDJXeMtXXwRTyborwa2Wd0ubFF4tSHojlo9NlWaO
9nepFC/5xiZrUO1o/Vl1OkTyt8xLKTUtEXWcBFsyoaNEXel2zU8nNmSTikWhxz9o
peDN3Ot6KnxrPdPaUx0fpByVaFRMC0bW4J5TlteWP93GGBoBc2LUOYk8JmMNHJk5
hWRYU+PLRySSixTKLik+GuLoyhe5tnCHs2+KOIiV99pqt6WosyHBz/Y+pelUl9KB
Nt2rkZPEk5UMegB2iW0vzsiWSa9INhx7RFHoLE1M+bugh3GwKC7UdpSGeRjbBJ8i
Lw3Ef0o+yxu83dmF+1t3Ou6sYMuV4rc5ZEvSYOMb1eOBnq/EAQLyGrUAoFCq8eSZ
yv4xbaDh+N1Js4mjB+bGVClWNFMCHn6oTYZXSK17E1xmtU3Pd75FsysU29YD6k0V
geJVC7HCcz6YzxxUeRIGJi2xcQVwMGKMfQhYoaqOxA4AK+ZV5CqfXbKivaQio0Iw
QDAdBgNVHQ4EFgQUkIx6Kwmb9VSJWIleLegR00WtJbMwHwYDVR0jBBgwFoAUdaN0
NvC+/DBZDZ36A1j7i9XJGHkwBwYFK84PAwYDggKSADknGgtkjppPScid9fCaVwaa
2sSJ8fXsRzmZag/gHpVdsEWwzzPASpMygUSennMXNOqs08uOin+z30K5ePf9M86k
aue+gs8kioOygByYGa/z3zmSfxxJQ+k+eFXOuYnJDPMkn+ugbMx9X7rH1gTEkptH
HWKpKp2sf+eF3c+NrC5NiWK8uBPbl0JIY2zgWyEbqBe0ySCNo0M37kp0jfySo+rU
ODiKrIOD9iO5Lcc7i+rBVhLW/gTz+aaoJrf3kxI7AwkNIflFvhtkgRGLFKMfJDYK
+aQOjPvtjikpRhbA0BNBxQyB2Dji9KblK02eEJ3HmZIxBqPTFJWdAr/t1hw9KztK
fr65JeNRDpUiGVKhs4XizQ8Ei6ktFkm3UhAjOtIlzbUlIGFWKcdvyVs2aWWJATM3
v5/iNIVvDZ6xHlyU7dnVVLeIf8H6c5/4Qe2aznDb8yUuZBM+Ss2UiKUepsVwNuEh
+zOKfIGacGk0FfJkyPDteAYjjI8SDwZtj+N/sV5hrByYKyfDQNo/LzMe2MbxbU4b
DjCYb4vfGMwRNRqpAoBjXAJ3zCKYxLULxyAs9Fs6UA4GiTGyYhibWcztqZrszEKO
Sjl7bhaZhrPMUNOPVmQVJCsp6mVOQvmtJS5UWji0ak2KI/iq9j5ZGoOmfCUq7ubl
qJvGOzx9iSredyYEgsuYRptEBpJ8OPO7xgta1RvZO2sq1TgkNSpRGisSt+s7EaeK
R5FaPdUt7P0bQCabIoOKoZyHe197lmXfOf1qame9ojjCOFz3Ql6OkMKAmzV4HpX/
46ddWw95vYit+eTfPcBdMKqVP1nhazokNv0ShzAFOQQm/LMladyWBFrTAcqaC3pp
hJ9sj/bdLB+bhZ+thhmznQ==
-----END CERTIFICATE-----

394
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/SERVER/server.c Normal file
View File

@ -0,0 +1,394 @@
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.6.0
*/
/*
JS 2024-04-11 testovane s OpenSSL 3.3.0, liboqs 0.10.0 a oqs-provider 0.5.3
*/
/*
JS 2024-03-04 - doplnenie funkcii pre uvolnenie nacitanych providerov
*/
/*
JS 2024-02-24 - funkcia initSSLContext() rozsirena o nacitanie OQS-providera
pre plne funkcne PQ algoritmy na kazdej platforme
- doplnene priklady nastavenia premennej DEFAULT_GROUPS
- testovane s oqsprovider 0.5.3
*/
/*
JS 2024-02-17 - testovanie PQ algoritmov s pouzitim oqs-providera
- uprava vypisu o pripojeni klienta
- pridane vypisy s informaciami o pouzivanych algoritmoch
pre KEX a certifikaty
- oprava kontroly navratovej hodnoty funkcii
SSL_CTX_use_certificate_file() a SSL_CTX_use_PrivateKey_file
*/
/*
JS 2024-02-08 testovane s aktualnou najnovsou verziou OpenSSL 3.2.1
*/
/*
Name: Martin Janitor
Subject: DP1
Description: Implemenation SSL/TLS [SERVER] connection with usage of BIO structure
Date: 2023-06-28
*/
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include <malloc.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/provider.h>
/*
Premenna na definovanie "exchange groups", algoritmov na vymenu klucov
Server moze podporovat viacero KEX/KEM algoritmov, v premennej musi byt kazdy
algoritmus oddeleny dvojbodkou, napr. "kyber512:bikel1"
Podporovane algoritmy je mozne ziskat prikazom "openssl list -kem-algorithms"
Prazdna premenna alebo naplnena neplatnymi protokolmi sposobi prerusenie aplikacie
Ak server a klient nenajdu spolocny KEX/KEM protokol, tak
SSL vyhodi chybu SSL routines:final_key_share:no suitable key share
Priklad pouzitia:
- klasicke algoritmy: "x25519:x448:prime256v1:secp521r1:secp384r1:ffdhe2048:ffdhe3072"
- PQ algoritmy: "kyber512:kyber768:kyber1024:bikel1:bikel3:bikel5:hqc128:hqc192:hqc256:frodo640aes:frodo640shake:frodo976aes:frodo976shake:frodo1344aes:frodo1344shake"
- hybrid algoritmy: "x25519_kyber768:x25519_frodo640aes:x25519_hqc128:x448_bikel3:x448_kyber768:p256_kyber768"
Podporovane algoritmy OQS-providerom: https://github.com/open-quantum-safe/oqs-provider/blob/0.6.0/ALGORITHMS.md
POZOR - BIKE protokol nefunguje na Windows platforme (liboqs 0.10.0, oqs-provider 0.6.0)
*/
#define DEFAULT_GROUPS "kyber768:frodo976aes:kyber1024"
#define DEFAULT_PORT 443
/**
* printUsage function who describe the utilisation of this script.
* @param char* bin: the name of the current binary.
*/
void printHeader(char* bin){
// JS update
printf("[?] Usage: %s <port> <server_public_key> <server_private_key>]\n", bin);
return;
}
/**
* makeServerSocket function who create a BIO structure for socket
* @param int port : the port to listen
* @return int socket : the socket number created
*/
BIO* makeServerSocket(int port){
char buffer[5];
memset(buffer,'\0',5);
sprintf(buffer,"%d",port);
BIO* accept_bio = BIO_new_accept(buffer);
if (accept_bio == NULL){
fprintf(stderr, "Error creating accept BIO\n");
return NULL;
}
printf("\n");
printf("[+] Server listening on the %d port...\n", port);
printf("[+] Waiting for connection\n");
return accept_bio;
}
/** JS update
* initSSLContext function who initialize the SSL/TLS engine with right method/protocol
* SSL/TLS engine provided by PQ algorithms functions of OQS provider
* @return SSL_CTX *ctx : a pointer to the SSL context created
*/
SSL_CTX* initSSLContext(){
const SSL_METHOD *method;
SSL_CTX *ctx;
// initialize the SSL library
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
// MJ only TLS connection
method = TLS_server_method();
// create new context from selected method
ctx = SSL_CTX_new(method);
if(ctx == NULL){
ERR_print_errors_fp(stderr);
abort();
}
return ctx;
}
/**
* loadCertificates function who load private key and certificat from files.
* 3 mecanisms available :
* - loading certificate and private key from file(s)
* - use embed hardcoded certificate and private key in the PEM format
* @param SSL_CTX* ctx : the SSL/TLS context
* @param char *server_pem : filename of the PEM certificat
* @param char *server_key : filename of the PEM private key
*/
void loadCertificates(SSL_CTX* ctx, const char* server_pem, const char* server_key){
if (SSL_CTX_use_certificate_file(ctx, server_pem, SSL_FILETYPE_PEM) != 1 ||
// namiesto MD SSL_CTX_use_RSAprivateKey_file
SSL_CTX_use_PrivateKey_file(ctx, server_key, SSL_FILETYPE_PEM) != 1)
{
ERR_print_errors_fp(stderr);
abort();
}
else
printf("[*] Server's certificat and private key loaded from file.\n");
// verify private key match the public key into the certificate
if(!SSL_CTX_check_private_key(ctx)){
fprintf(stderr, "[-] Private key does not match the public certificate...\n");
abort();
}
else{
printf("[+] Server's private key match public certificate\n");
}
// JS get server's signature algorithm name
X509 *cert = SSL_CTX_get0_certificate(ctx);
int pknid;
if (X509_get_signature_info(cert, NULL, &pknid, NULL, NULL) != 1){
printf("Certificate signature algorithm: Unknown algorithm");
}
else{
printf("Certificate signature algorithm: %s\n", OBJ_nid2sn(pknid));
}
// MD kod na autentizaciu klienta
#ifdef AUTHENTICATION
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
// load the trusted client CA certificate into context
if (SSL_CTX_load_verify_locations(ctx, "myCA.pem", NULL) != 1)
{
fprintf(stderr, "[-] CA certificate not loaded...\n");
abort();
}
#endif
return;
}
/**
* showCerts function who catch and print out certificate's data from the client.
* @param SSL* ssl : the SSL/TLS connection
*/
void showCerts(SSL *ssl)
{
X509 *cert;
char *subject, *issuer;
// get the client's certificate
cert = SSL_get_peer_certificate(ssl);
// get certificate info
if (cert != NULL){
// get certificate's subject
subject = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
// get certificate's issuer
issuer = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
printf("[+] Client certificates :\n");
printf("\tSubject: %s\n", subject);
printf("\tIssuer: %s\n", issuer);
printf("[+] Cipher used : %s\n", SSL_get_cipher(ssl));
// Free memory
free(subject);
free(issuer);
X509_free(cert);
}
else
printf("[-] No client's certificates\n");
return;
}
/**
* routine function who treat the content of data received and reply to the client.
* this function is threadable and his context sharedable.
* @param SSL* ssl : the SSL/TLS connection
*/
void routine(SSL* ssl)
{
char buf[1024 / 2], reply[1024];
int bytes;
const char *echo = "Enchante %s, je suis ServerName.\n";
// accept SSL/TLS connection
if (SSL_accept(ssl) == -1)
ERR_print_errors_fp(stderr);
else{
// JS get chosen (negotiated) key exchange/encapsulation algorithm name
printf("Used group (KEM): %s\n", SSL_group_to_name(ssl, SSL_get_negotiated_group(ssl)));
// JS get client's certificate algorithm name
int nid;
SSL_get_peer_signature_type_nid(ssl, &nid);
printf("Peer signature name: %s\n", OBJ_nid2sn(nid));
// show certificates data
showCerts(ssl);
// read data from client request
bytes = SSL_read(ssl, buf, sizeof(buf));
if (bytes > 0){
buf[bytes] = 0;
printf("[+] Client data received: %s\n", buf);
// construct response
sprintf(reply, echo, buf);
// send response
SSL_write(ssl, reply, strlen(reply));
}
else{
switch (SSL_get_error(ssl, bytes)){
case SSL_ERROR_ZERO_RETURN:
printf("SSL_ERROR_ZERO_RETURN : ");
break;
case SSL_ERROR_NONE:
printf("SSL_ERROR_NONE : ");
break;
case SSL_ERROR_SSL:
printf("SSL_ERROR_SSL : ");
break;
}
ERR_print_errors_fp(stderr);
}
}
SSL_shutdown(ssl);
SSL_free(ssl);
}
/**
* main function who coordinate the socket and SSL connection creation, then receive and
emit data to and from the client.
*/
int main(int argc, char **argv){
BIO* sock;
int port;
SSL_CTX *ctx;
const char *server_pem, *server_key;
if(argc != 4){
printHeader(argv[0]);
exit(0);
}
// Select PORT number
port = (atoi(argv[1]) > 0 && atoi(argv[1]) < 65535) ? atoi(argv[1]) : DEFAULT_PORT;
// Load default and OQS providers
// Default provider must be loaded before OQS provider
OSSL_PROVIDER* provider;
provider = OSSL_PROVIDER_load(NULL, "default");
if (provider == NULL) {
printf("Failed to load Default provider\n");
exit(0);
}
OSSL_PROVIDER* custom_provider = OSSL_PROVIDER_load(NULL, "oqsprovider");
if (custom_provider == NULL){
OSSL_PROVIDER_unload(provider);
printf("Failed to load OQS-provider\n");
exit(0);
}
// load SSL library and dependances
ctx = initSSLContext();
server_pem = argv[2];
server_key = argv[3];
// load certificats and keys
loadCertificates(ctx, server_pem, server_key);
// make a classic server socket
sock = makeServerSocket(port);
// Pridane na skusku od predosleho
BIO_set_bind_mode(sock, BIO_BIND_REUSEADDR);
if (BIO_do_accept(sock) <= 0)
ERR_print_errors_fp(stderr);
while (1)
{
// Accept incoming connection
if (BIO_do_accept(sock) <= 0)
{
ERR_print_errors_fp(stderr);
break;
}
printf("\n");
// Create a new BIO object
BIO *conn = BIO_pop(sock);
if (conn == NULL){
ERR_print_errors_fp(stderr);
break;
}
// JS added info about connected client (IP)
printf("Connection of client %s accepted\n", BIO_get_peer_name(sock));
// Create a new SSL object
SSL *ssl = SSL_new(ctx);
if (ssl == NULL){
ERR_print_errors_fp(stderr);
BIO_free(conn);
break;
}
// JS set key exchange/encapsulation protocols supported by server
// Without this function, client will use default X25519 protocol
// First protocol supported by both server and client will be used for KEX/KEM
// Empty DEFAULT_GROUPS or list of unsupported protocol by server will fail communication
if (SSL_set1_groups_list(ssl, DEFAULT_GROUPS) != 1){
printf("KEX/KEM algorithms undefined unknown - check DEFAULT_GROUPS variable\n");
ERR_print_errors_fp(stderr);
BIO_free(conn);
break;
}
// Assign the SSL object to the connection BIO
SSL_set_bio(ssl, conn, conn);
routine(ssl);
// JS remove break if you want server running in loop
break;
}
SSL_CTX_free(ctx);
// JS Unload both providers
OSSL_PROVIDER_unload(provider);
OSSL_PROVIDER_unload(custom_provider);
BIO_free_all(sock);
return 0;
}

48
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/SERVER/server.key Normal file
View File

@ -0,0 +1,48 @@
-----BEGIN PRIVATE KEY-----
MIIIlgIBADAHBgUrzg8DBgSCCIYEggiCWQAOQ+/BACAfAAfAwgvfgQQRivydw+wR
fAQgwgRwAvQi+ggA/vwAgvhfQiAxev/egfvBBeSgBugPfQefxvfufwfAAQAAhQeA
u//wQhCBOwfPfQAQhQAhBPf/vRBePhxPgxefN/AgQSSvfBfe/P+ufQheQwu/vgQ/
wvf/AQ/vfvQRifBPvfAAw/hBAwwwAxgfRfAv+uAgf/QfgAuRAOOPPQB/fR/whNwx
//APPSQw/vwAAff+uRBfuwgv/xAuAABOwwf//e/xCBfgPw///ftwRRAffQQQgPgv
PfQ/wfffwgPAfCRgQwPw/vgCQhgPPuyxAeAQf/PRQvwxtgAexBO/whAwQBABgQgR
QAs/9evAvfNACfwOgxBRACvRuRPNgOwPwgeduyAvAPAAQ/vguhxB//wORxQfPPv+
vgQRABxBPxwRxfvQBP/QwQ/+/PQRAQPvfSQfAge/QBA/OxOvgvgdQAhfAhg+wf+Q
BCvwP/wQggAQhfRRBBBwRQfegg/h/fvxQhBvuwewfQPv+uQBAggQQf+Agu/B8+gN
hPxPgBPBPugPPAwgP/uuQQgABghRwAxPwwiOAuvQOSAghBPgQPwNfwwg+gfv//vf
fgA+/f/uxOwQAP/BAhQvjPxf/uBQPgevdAgPgfBRgBAfQQQvvggBPwgudvxvhv/x
A/MgwQhgePgwQxfQA/gBPCe/wQvOQfAQhPAfdwRPvwQQf//vevwOAtwQg/PxCQAC
AwPv/PgvthQQwQgN+ehQAxgRePwQAe/ggABfRAfO/BOQwAe+vhfRPAxP/g/PQQwu
xRAfg/Qfw/xxgQ/QwPhggv/xvSfQQARQwhgf/xPvPghO+xf/RPQRBwASP/BAAQN/
fAff+egAPgvffQQxfQQvgA/wQ//vQ+/f/PAxO/hvAgvwwe/tw+uwQOQexQQxw/hB
gfQB/BCQgOw/vuyAPhAwwO8vhQg/wPv/f/Qd/PPPOgfQABPfvfhf/fQggwfAAvxe
/h//hQ/wQfgPfvwf/A/PvwBv//CAOeue/+kT8R372/MJJMjz7/AX+OAR9/QJ5uvI
AOTa+PHcRf9C2OcaCiUfGtn0DAQaGwlC/wH1HgbrFx3z2yDsBRn3/8jZLBzdFPfs
Dw4X4e67AwkgEfv17wr+2OAE1w4V4Qks8yL47CrxKhEn5+wSDgzV++Tm7O4f3Qk9
IR0G8/M1GxAF6vAlFAIMF+zs/gjM/+cYBfvkDtwjCiIPLx/kC+UADwD8Hb/86Bci
zukFLugYLwsAsOQU++7GAAoALfEOzPfzGNjnGMACHiX2BQUOEzTqCRDlE8sXOdXr
HALj8yQzGfsqBfLaEwzpGdUI7NgF8h4A9OH+5/72JjLb9RIL+ekP2fb9Avf+8zPv
2OsMBfz7EhkRCRcFAQcgHy3k1QbfJx+9+N80MCcQ3fbpMO/s6AUGxR8J7N0bBbb/
BvPn6SsKzvgUBvTa6eweGPwYBxTuHfUP6ccFBgj2X//dCBzSFRAZEPj3HdHL5Ov+
1QvpIw//Hf8G/tfT4xHmFA0lBivc/P7pKODk6Nb7F/4S4AP7DyQTx93X0Ar0JgLe
DQ8Q2R0ZFxH7xu78+w7XIvDhERMR/PEGA/QM4OMZ7wQWMQDv4jLnAvMC1xoL5Rbw
CSsWDQYr4gkK//0bCvcI4usU1gcc+Bf7wf0KBefv0eIk9BYm6f0ODQT4/fMYDugL
EwoFO9oL7AROCTGe2QB0pUqoEha1+VtNfJUHwiNB5ToyqfiHRJh/DSCidpe0u1VY
xFBlJqmNZht4WqIfeQOy4kbqKWEpReje1kqpTrfmHb2IVdDDA0cKb0kE+qAQszNh
E9Z9aoEsse81hBVWp1SwG4HbfF990nTUJ/YTAnVSSyRYLRGm6RMoqqL0ruaemf65
uaqJL8X1TRJwY17v8oF+ApQUCWkwHvpAq2BZWLHZs7eBxlEA2JdZXLS4wY/DOkbd
MGBW8jhDlF2wm6VUKCYLAdOyTdnVf0Z1QH2P5xNFompu6WNywGopCMvzYaZC8REJ
Ty5iTtqxicdoUb277goEuzYRh8ifeZl2vPOmgRC8bYowPixZkTjOddwCHmLGL2nu
CudW1dYGMcgvfejgGp6rhSJAiEMChdeEqq93F6mmorCOyvecebtGQ+uZRoK0lBSD
NYEkacKiiyLnPQgMbzlMgkOi5LjyPFLcBcyXgFKpnVT2KAhT7OQkurf3f4Lebu2D
OvItxhGam6k1GeOBMisgC9LfrbW15aCup78ibsSGjVUPxP2LFoTeO1n9pdEf2bAl
S3iXaoAsOMyXDYVItQIWB2eQSwQkJLZdQRA0Ir1k/YsLoKwSkf9ukV2WullDJM8J
KmCRrEVZOg5JCGxBJaBRX5SXT58yLEB7h505Huxk1iHUvJks20ef2Wa6BAqqnwkM
jPpkKkKignVZoNCQZURXyQYIi48RGqYPOygJZbeBRuEfYfV1XErhNxkjLbms6ljV
xofRSMdI6wOlFKya/JJKHej79UvduHmyGGsTjD5PnrYCHx5BP0aqcBfYzak6WkV+
b0YdnF81AOmSgWXVtaLOfCFM4brpo44XcY9iba1lWAWS5xlmJ6NpagkVxwACoGpZ
mOrENrkkBWVEpCHqsmPvhI4E/a1GJ6OYvNEKJSRDWW5ONITwh5gaCr3pgCVLRyA5
WzQP5LD9tjdITYd8MjfAMQ9JpkT/6+HhKnMcL8n17Mc1Ac7JaKlni66YURGFWGoq
AGNpwT9Neg7aBEj5BkTUGbPOamu4Rxps3C8lMmrR/6BjDeX+eVROYVFWAnE2AC1Z
nCl1LFREigyoRilcDV8M+IZ/o95qCu17r8hfJaKdANrNvVjyvCb+zCx3zsUbDBXI
Rl2j10ebgliRiQGSFWqlfu30Ty5kBL2xyF1NDYnMkbUWYd2SQXapOyOZ
-----END PRIVATE KEY-----

43
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/SERVER/server.pem Normal file
View File

@ -0,0 +1,43 @@
-----BEGIN CERTIFICATE-----
MIIHiTCCBOmgAwIBAgIUSaqkQplPGf1X7L8bQu6ywQZ2gG0wBwYFK84PAwYwZTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcMDUZha2Ug
TG9jYWxpdHkxFTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJbG9jYWwu
ZGV2MB4XDTI0MDIyMzA5NDAxMFoXDTI5MDIyMTA5NDAxMFowZTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcMDUZha2UgTG9jYWxpdHkx
FTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJbG9jYWwuZGV2MIIDjzAH
BgUrzg8DBgOCA4IACTGe2QB0pUqoEha1+VtNfJUHwiNB5ToyqfiHRJh/DSCidpe0
u1VYxFBlJqmNZht4WqIfeQOy4kbqKWEpReje1kqpTrfmHb2IVdDDA0cKb0kE+qAQ
szNhE9Z9aoEsse81hBVWp1SwG4HbfF990nTUJ/YTAnVSSyRYLRGm6RMoqqL0ruae
mf65uaqJL8X1TRJwY17v8oF+ApQUCWkwHvpAq2BZWLHZs7eBxlEA2JdZXLS4wY/D
OkbdMGBW8jhDlF2wm6VUKCYLAdOyTdnVf0Z1QH2P5xNFompu6WNywGopCMvzYaZC
8REJTy5iTtqxicdoUb277goEuzYRh8ifeZl2vPOmgRC8bYowPixZkTjOddwCHmLG
L2nuCudW1dYGMcgvfejgGp6rhSJAiEMChdeEqq93F6mmorCOyvecebtGQ+uZRoK0
lBSDNYEkacKiiyLnPQgMbzlMgkOi5LjyPFLcBcyXgFKpnVT2KAhT7OQkurf3f4Le
bu2DOvItxhGam6k1GeOBMisgC9LfrbW15aCup78ibsSGjVUPxP2LFoTeO1n9pdEf
2bAlS3iXaoAsOMyXDYVItQIWB2eQSwQkJLZdQRA0Ir1k/YsLoKwSkf9ukV2WullD
JM8JKmCRrEVZOg5JCGxBJaBRX5SXT58yLEB7h505Huxk1iHUvJks20ef2Wa6BAqq
nwkMjPpkKkKignVZoNCQZURXyQYIi48RGqYPOygJZbeBRuEfYfV1XErhNxkjLbms
6ljVxofRSMdI6wOlFKya/JJKHej79UvduHmyGGsTjD5PnrYCHx5BP0aqcBfYzak6
WkV+b0YdnF81AOmSgWXVtaLOfCFM4brpo44XcY9iba1lWAWS5xlmJ6NpagkVxwAC
oGpZmOrENrkkBWVEpCHqsmPvhI4E/a1GJ6OYvNEKJSRDWW5ONITwh5gaCr3pgCVL
RyA5WzQP5LD9tjdITYd8MjfAMQ9JpkT/6+HhKnMcL8n17Mc1Ac7JaKlni66YURGF
WGoqAGNpwT9Neg7aBEj5BkTUGbPOamu4Rxps3C8lMmrR/6BjDeX+eVROYVFWAnE2
AC1ZnCl1LFREigyoRilcDV8M+IZ/o95qCu17r8hfJaKdANrNvVjyvCb+zCx3zsUb
DBXIRl2j10ebgliRiQGSFWqlfu30Ty5kBL2xyF1NDYnMkbUWYd2SQXapOyOZo0Iw
QDAdBgNVHQ4EFgQUTILz4hu3s2RVCYK8RfrB6OFnaqcwHwYDVR0jBBgwFoAUdaN0
NvC+/DBZDZ36A1j7i9XJGHkwBwYFK84PAwYDggKPADnHeGlvw2iL/4DsrXZKHw6+
x9De5cOsjpkpCdG8DmVi+lb6/CPkZhjCPKxiXIeMYyvzNIzW8Wr8fuQ4yWMwaySD
rwBHlNRGREXYNr0mNxQtv3Y9WUmK6lCk5bLYS7Kxz0xmNvyJSZE5do0UhInrojmY
xh7ceLHNh1UmdPnOXTY7prbsHSl807b/pfKPUnOCZdryr/9S5nhXXL+QlCaabyCe
luU0Lf3J5mKMxZnaf+WPKArlrQBW4R0NG3y4VjVc2C5o4e2p1u+ZdqMnS2zu7EVi
2bajkdCcI+1fFvkFQ7U7hVe7HMw+jSOgpf1X3m6Mw9GaT7Hsh02mzo0psEWMAj6k
2niKxaGpP7ppvIpEyt5o8zkk3L+qvOjuJwj0XTZ2dvELMxAI9IOGtURaOaZHs4Kq
p9WuJyMcfhuOW07clXgRbfLnoJII9ATCa8isjFsamWJl0FSv9FJtZc1asYfhNsLn
vEdtet8RJDqnYcxPSiM5ty+whlNblvsz+GcOGZOx8P6mK5axqtXGQOn+dmrB6pi/
+hUaonGRRZxdoQ11A7tw1B0LJGJiiTxuxkz0OroF6UOE7esJQ0kB7CacHfXvYwgn
WTCYyGgYAOxaHodbep+0fdTwkpIYa0Co5BcKy+mrkykx0zMx1ru04fhr80fyM3iS
STFnsajH5LitpiuppxtYDDtW5ch5t5Y9H47pouSz7zl9Gahap89qyMFffNF+D5fb
iGHW+cwxGII6tOzjO+LXefVZTWTMLTbVJXSkYlMfNDk6o5y+aVHGru2dc0lVI4oU
4TkU2DYqNkhs0l7Lyz2ZpSuCkUOhshbEzT+cRT6SVkbQ/kiZBMonF0b+Tw41yr3V
i8Jgnmcsib8TOaRwYA==
-----END CERTIFICATE-----

9
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/comp_client.bat Normal file
View File

@ -0,0 +1,9 @@
:: Name: Martin Janitor
:: Subject: DP1
:: Description: compilation for client.c file
:: Date: 2023-07-05
rem prikazy na prelozenie a linkovanie EXE programov s vyuzitim OpenSSL kniznice nainstalovanej v obraze BPS_PS
:: MJ Pridanie makra AUTHENTICATION pre autentizaciu klienta, ak nie je nutne autentizovat klienta staci zmazat -DAUTHENTICATION z procesu kompilacie
gcc -Wall -Wextra -o client_run ./CLIENT/client.c -lcrypto -lssl -I C:\OPENSSL\include -L C:\OPENSSL\lib -lws2_32 -DAUTHENTICATION

9
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/comp_server.bat Normal file
View File

@ -0,0 +1,9 @@
:: Name: Martin Janitor
:: Subject: DP1
:: Description: compilation for server.c file
:: Date: 2023-07-05
rem prikazy na prelozenie a linkovanie EXE programov s vyuzitim OpenSSL kniznice nainstalovanej v obraze BPS_PS
:: MJ Pridanie makra AUTHENTICATION pre autentizaciu klienta, ak nie je nutne autentizovat klienta staci zmazat -DAUTHENTICATION z procesu kompilacie
gcc -Wall -Wextra -o server_run ./SERVER/server.c -lcrypto -lssl -I C:\OPENSSL\include -L C:\OPENSSL\lib -lws2_32 -DAUTHENTICATION

30
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/makefile Normal file
View File

@ -0,0 +1,30 @@
# Makefile created by Martin Janitor
# DP1
# 9.5.2023
CC=gcc
CFLAGS=-Wall -Wextra
LIBS= -lcrypto -lssl
SRC_CLIENT= ./CLIENT/
SRC_SERVER= ./SERVER/
OPTIONAL= -DAUTHENTICATION
ifeq ($(OS),Windows_NT)
# Windows-specific options
LIBS += -I C:\OPENSSL\include -L C:\OPENSSL\lib -lws2_32
endif
#I C:\BATCHES\include
#L C:\BATCHES\lib
all: server_run client_run
server_run: $(SRC_SERVER)server.c
$(CC) $(CFLAGS) -o server_run $(SRC_SERVER)server.c $(LIBS) $(OPTIONAL)
client_run: $(SRC_CLIENT)client.c
$(CC) $(CFLAGS) -o client_run $(SRC_CLIENT)client.c $(LIBS) $(OPTIONAL)
clean:
rm -f server client
del server.exe client.exe

42
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/myCA.pem Normal file
View File

@ -0,0 +1,42 @@
-----BEGIN CERTIFICATE-----
MIIHdzCCBNmgAwIBAgIUWXaR57uTKy4p1O4cX1NPjeafBsQwBwYFK84PAwYwZTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcMDUZha2Ug
TG9jYWxpdHkxFTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJbG9jYWwu
ZGV2MB4XDTI0MDIyMzA5NDAxMFoXDTI5MDIyMTA5NDAxMFowZTELMAkGA1UEBhMC
VVMxEzARBgNVBAgMCkZha2UgU3RhdGUxFjAUBgNVBAcMDUZha2UgTG9jYWxpdHkx
FTATBgNVBAoMDEZha2UgQ29tcGFueTESMBAGA1UEAwwJbG9jYWwuZGV2MIIDjzAH
BgUrzg8DBgOCA4IACRR9c0KbSpmMkJrouMVUQyK3CKyJwmJC0ej2F3AMMhSh/ObX
IoIgQ1Ja360wcSVrS/JCdf1TqFMasQiKAG7f66rkLOT3RSGIys3QR9VCRkJUes+q
KReiacL22d9mxdPaNB2ypbEvifZqwhK80SMTXi9MdUzQA+BMc/zcqMEPqx6ZVPVH
6SF4SO8oll7itNorWJNbwhfGLJpyL1idlCoJxs6VR+qEk5Km0rpc/zF8nbeIZvQW
E4aHuzAKKjXBw0CIfWpemBRa3JQD9alJlDqeh/Qapa+cuIoYEIZr3Ij7x0ZDkVnr
VO5MSSLxgMQTlYsVmDZAJA1IIwCMgo9ZcFRRl2X1aGY6eQzkwpz7Lmn0wL5fdizI
rYJ0wvGB2prLa+GCAgriQESCXB7sftUYUUQb8FVHRia/Tg5vaxmJuDaSXnpGpUEN
YLwr05cifABAMWrl2ABU1VOei0264GalhAYojR0h8VEInlPg+Wkn6Pk5krN0MUk+
te2yeAfS8hW6fWN57yOKOIW3DAuZDJAuWQFptFlobQvKIKcWGIk4mpKdPQgFxthv
cJqVMAhHHjUW3FalU0ZoSU0uF00Qup0d0lKMTlU5TqzqZKLvCioTptgmFmbmWctJ
42Ja+o7ShYgXjYZxCZmCrhwZVsFEKZOSJPt4G9D0svkT9LBW7FNybbLqZ0Yc2D4L
N1eVuQ6I+brjc0Eu6sNO3rZPpKa4vwZKWEL2Y3wf22DUPpDjmmosRFoIHUJUsh63
ILEFegLgOusgCjC3noTY6BDsudy7konozLE8F3JmwSojCKmA7Y5xgAiiwtkkjAae
dFHoxmMGdYXFqSfDGxq0IdnX+gReRcMzEvhZ/OfgzC/Rvko2qtBgmXLpRIct4kKL
RPw28kPYNozDhi0Igqaiqej96sJY4Ep3ehLhU7wuglNhfLk0BfZKjcoh5ERLGpHd
PWRNI/5hpl0azsIOwjgQ9U6TfwT2emAwWyUFiGR0MKAJYCtuQnJFBxzvJnBz6+nO
kwh+8AdnqsB6VqcJiu1eT7VWefDKeCkycQpyhSa/kLpwoeESGxT04x5CPiQuLMrT
ZyNqVQFaneoVIqqSlbIjfZ/RaPUH66GyFj4TjYyDjaaq0J3NcL9BR2Nxrn9rMNPL
m9R4iTo6tvMjvDyN0aRdkO0Q1iayUeOGtBHG+GQOpZpCtXbyDgNegbahFw+UozIw
MDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR1o3Q28L78MFkNnfoDWPuL1ckY
eTAHBgUrzg8DBgOCAo0AOQ5Kpd4LYnmsq14VPx6EM7fmwGAU+0sFLk6y1wwO7AIL
gkPnzf6vlVznae4pGgEL9LzGuVdnZaYw+HzqbRQ3Pb1cbLnlZjr37N1cwq6rc3uz
H34nY2r9uurr1vR5LNq/QryLv5k7RgZKJlKcJ5GsY2kvHsaZ3ONx2xTa4pqn6Bzj
Ocfc8C7Y2o6vPx9vHKovMKwgmXVRoLmLBUFq3zEQAsMFYuGF2z6z9dPGCzujRD4f
NjnIKTTbEhUx9ZfIt6ay710hytISalO0TZNrPN2+nEJNkPDlkOeWDPBnKkULfOov
vRj6kJayXj9nAWHjOvEWfIuMOzCMWyKSRjF9JpceNJORwUIl0J2pWUWQSlcWu58k
Mlvq4bfSXDNpWm5kgo2VuulTDWZSNeqoxyMoLXrGohZY1LfVE+4dV4HbM0d/v0Ex
xsevMCF4dJSkYJwFWbC3kRwaWxNSlR189Qx+oKyiSNLJe3eVk9nkYmlcC1L17spj
Hjhrf6OCQrLqY3qEttJlrMq9Mb5T4Jfmly7EdPNTyHlBa71/i4a9xGkPNjnGXebY
at5VT7GXXcWJVtFwqfjBNWNJH6TTDvOoTx9iNOo2m4g7lVCwdHDVHZC7sLQCYjLo
KjUNR7rsGZNJW+mRPp3i4Dit5Kndw1sXNmET+8L0lsmULKCuNyxPH7VI/WcoVP2k
vGvm+TW6utmwaZ0hr8FX3Mv0B3UHXbR6lIvs4sp/MJS3mZWS0eY1Wh3TwTTiyBOu
IsE4yND/v/u8caAlXw4bkbx5DwotdsdwMbgvlN7bpsvg/7sJKtjOXu2PDFSgezGZ
pGP7vHrzUEjc84X9freSJr08QLUd9ESpT2Ra+uMowbKECRyR0Np30ajBQA==
-----END CERTIFICATE-----

4
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/schematic.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 105 KiB

7
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/start_client.bat Normal file
View File

@ -0,0 +1,7 @@
:: Name: Martin Janitor
:: Subject: DP1
:: Description: run client .bat file
:: Date: 2023-07-05
rem testovanie spojenia klient server na lokalhost adrese s vyuzitim portu 5000
client_run 127.0.0.1 5000 ./CLIENT/client.key ./CLIENT/client.pem

7
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/CLIENT_SERVER_SECURE_BIO/start_server.bat Normal file
View File

@ -0,0 +1,7 @@
:: Name: Martin Janitor
:: Subject: DP1
:: Description: run server.bat file
:: Date: 2023-07-05
rem Spustenie servra, ktory "pocuva" na porte 5000
server_run 5000 ./SERVER/server.pem ./SERVER/server.key

BIN
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/dokumentacia.pdf Normal file
View File

Binary file not shown.

54
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/oqsprovider/README.txt Normal file
View File

@ -0,0 +1,54 @@
Tento priecinok obsahuje subor oqsprovider.dll, ktory umoznuje vyuzivat PQ
algoritmy v TLS komunikacii. Tento .dll subor bol vytvoreny specialne
pre obraz Win 7 x86 za ucelom demonstracie post-kvantovych algoritmov
v ramci predmetu BPS a BIKS. V pripade pouzitia zdrojovych kodov
klient/server na inom zariadeni je nutne vytvorit novy .dll subor.
Vytvorene a testovane na:
OpenSSL 3.3.0, liboqs 0.10.0, oqs-provider 0.6.0
Cely postup je dostupny online:
https://git.kemt.fei.tuke.sk/js331zc/MastersThesis/src/branch/master/OpenSSL_liboqs_oqsprovider
NAVOD NA POUZITIE
- predpokladame ze system obsahuje kniznice libcrypto a libssl
- na generovanie PQ certifikatov je potrebne mat OpenSSL.exe
Subor oqsprovider.dll presunieme na nas virtualny pocitac na lubovolne miesto.
Napr. ho skopirujeme priamo na plochu, teda do C:\Users\Administrator\Desktop
Cestu k suboru potom definujeme ako systemovu premennu OPENSSL_MODULES.
Systemovu premennu mozeme definovat:
a) PowerShell prikaz
[Environment]::SetEnvironmentVariable("OPENSSL_MODULES", "C:\Users\Administrator\Desktop\", "Machine")
b) cmd prikaz
setx OPENSSL_MODULES "C:\Users\Administrator\Desktop\"
c) manualne cez nastavenia
Settings-System-Advanced system settings-Environment Variables-System variables-New
Name: OPENSSL_MODULES
Value: C:\Users\Administrator\Desktop\
Po nastaveni premennej restartujeme cmd/PowerShell.
GENEROVANIE PQ CERTIFIKATOV
Generovanie PQ certifikatov prostrednictvom OpenSSL je mozne po aktivacii
oqsprovidera priamo cez konfiguracny subor. V tomto subore je potrebne
aktivovat default providera a doplnit aktivaciu modulu oqsprovider.
[provider_sect]
default = default_sect
oqsprovider = oqsprovider_sect
[oqsprovider_sect]
activate = 1
Subor openssl.cnf v tomto priecinku je prikladom konfiguracneho suboru
s uz aktivovanym oqsproviderom.
Aby OpenSSL pouzivalo nas konfiguracny subor, je nutne nastavit systemovu
premennu OPENSSL_CONF na priecinok, kde sa tento subor nachadza. V BPS obraze
je tato premenna nastavena na C:\OPENSSL\BIN\
Systemovu premennu mozeme zmenit alebo skopirovat nas konfiguracny subor
na dane miesto.

394
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/oqsprovider/openssl.cnf Normal file
View File

@ -0,0 +1,394 @@
#
# OpenSSL example configuration file.
# See doc/man5/config.pod for more info.
#
# This is mostly being used for generation of certificate requests,
# but may be used for auto loading of providers
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
# Use this in order to automatically load providers.
openssl_conf = openssl_init
# Comment out the next line to ignore configuration errors
config_diagnostics = 1
# Extra OBJECT IDENTIFIER info:
# oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
# For FIPS
# Optionally include a file that is generated by the OpenSSL fipsinstall
# application. This file contains configuration data required by the OpenSSL
# fips provider. It contains a named section e.g. [fips_sect] which is
# referenced from the [provider_sect] below.
# Refer to the OpenSSL security policy for more information.
# .include fipsmodule.cnf
[openssl_init]
providers = provider_sect
# List of providers to load
[provider_sect]
default = default_sect
oqsprovider = oqsprovider_sect
# The fips section name should match the section name inside the
# included fipsmodule.cnf.
# fips = fips_sect
# If no providers are activated explicitly, the default one is activated implicitly.
# See man 7 OSSL_PROVIDER-default for more details.
#
# If you add a section explicitly activating any other provider(s), you most
# probably need to explicitly activate the default provider, otherwise it
# becomes unavailable in openssl. As a consequence applications depending on
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
activate = 1
[oqsprovider_sect]
activate = 1
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several certs with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)
[insta] # CMP using Insta Demo CA
# Message transfer
server = pki.certificate.fi:8700
# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080
# tls_use = 0
path = pkix/
# Server authentication
recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer
ignore_keyusage = 1 # potentially needed quirk
unprotected_errors = 1 # potentially needed quirk
extracertsout = insta.extracerts.pem
# Client authentication
ref = 3078 # user identification
secret = pass:insta # can be used for both client and server side
# Generic message options
cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
# Certificate enrollment
subject = "/CN=openssl-cmp-test"
newkey = insta.priv.pem
out_trusted = insta.ca.crt
certout = insta.cert.pem
[pbm] # Password-based protection for Insta CA
# Server and client authentication
ref = $insta::ref # 3078
secret = $insta::secret # pass:insta
[signature] # Signature-based protection for Insta CA
# Server authentication
trusted = insta.ca.crt # does not include keyUsage digitalSignature
# Client authentication
secret = # disable PBM
key = $insta::newkey # insta.priv.pem
cert = $insta::certout # insta.cert.pem
[ir]
cmd = ir
[cr]
cmd = cr
[kur]
# Certificate update
cmd = kur
oldcert = $insta::certout # insta.cert.pem
[rr]
# Certificate revocation
cmd = rr
oldcert = $insta::certout # insta.cert.pem

BIN
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/oqsprovider/oqsprovider.dll Normal file
View File

Binary file not shown.

4
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/program_structure.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 71 KiB

91
OpenSSL_liboqs_oqsprovider/PQ_PROJECT_SSL_TLS/readme Normal file
View File

@ -0,0 +1,91 @@
[14.04.2024]
CLIENT_SERVER_SECURE, CLIENT_SERVER_SECURE_BIO
- Testovane na verzii OpenSSL 3.3.0, liboqs 0.10.0, oqs-provider 0.6.0
[11.04.2024]
CLIENT_SERVER_SECURE, CLIENT_SERVER_SECURE_BIO
- Testovane na verzii OpenSSL 3.3.0
[24.2.2024]
CLIENT_SERVER_SECURE, CLIENT_SERVER_SECURE_BIO
- Rozsirenie funkcie initSSLContext(), aktivacia OQS-providera cez API
- Doplnene priklady nastavenia premennej DEFAULT_GROUPS
- Testovane s oqsprovider 0.5.3 zalozenom na liboqs 0.9.2
- Testovane na Win11 x64, Win10 x64, Ubuntu 22 a Win 7 x86
OQSPROVIDER
- Pridany priecinok so suborom oqsprovider.dll vytvoreny pre BPS obraz Win 7
- Vytvorene README s navodom na pouzitie prilozeneho oqsprovidera
[17.2.2024]
CLIENT_SERVER_SECURE, CLIENT_SERVER_SECURE_BIO
- testovanie oqs-providera, ktory umoznuje vyuzivat PQ algoritmy v TLS 1.3
- Upravene vypisy oboch aplikacii
- Doplnene vypisy o pouzitych key exchange/encapsulation a signature algoritmov
CERTIFICATEs
- Pridana zlozka pre generovanie PQ algoritmov
- Pridany subor gen_PQ_cert.bat na generovanie PQ algoritmov
- Vytvoreny README so zoznamom dostupnych PQ algoritmov
[8.2.2024]
CLIENT_SERVER_SECURE, CLIENT_SERVER_SECURE_BIO
- Testovane na verzii OpenSSL 3.2.1
CERTIFICATEs
- Upravene certificate-authority-options.conf pri generovani ECC a RSA
- Upraveny subor gen_cert_RSA.bat - zmenena velkost generovanych klucov
[12.9.2023]
- Konverzia obrazkov v dokumentacii na vektorove
[28.8.2023]
- Vektorove obrazky pridane do wordu
- Pridal som k otestovanym nastrojom aj 32-bitovou GCC 13.2 posix winlibs rel.1 a OpenSSL 3.1.2, ktore ste avizovali v readme
- Vygeneroval som vektorove obrazky do PDF formatu
- Pod niektorymi obrazkami som upravil lenegdy (opis obrazka)
- Formalna uprava textu
- Pridal som zdroj z ktoreho pochadza povodny projekt
- Vektorove PDF obrazky som umiestnil do .zip suboru Janitor_Martin_documents/Documents
[10.8.2023]
- Zmena v subore CLIENT_SERVER_SECURE_BIO/CLIENT/client.c
BIO_free_all(sock) -> SSL_free(ssl); kvoli spravnemu
uvolneniu pamate
- Uprava opisu serioveho cisla v dokumentacii + pridanie nazornej ukazky do prilohy
- Uprava prikazu pre zobrazenie certifikatu v dokumentacii
[12.7.2023]
-------------------------------------------------------------------------------------
CLIENT_SERVER_SECURE, CLIENT_SERVER_SECURE_BIO
- Zmazanie prebitocnych suborov
- Sparovanie pre BPS obraz
- Pridanie osobitnych kompilacnych suborov pre
client a server [comp_client.bat a comp_server.bat]
- Pridanie bat suborov pre spustenie klienta a servera
[start_server.bat a start_client.bat]
- Formalna uprava zdrojovych kodov client.c a server.c
- Nahradenie tabulatorov medzerami
CLIENT_SERVER_SECURE_BIO
- Oprava chyby ktora sposobovala zlihanie a nasledne
spadnutie servera [server.c -> Pridanie BIO_pop() funkcie]
DOKUMENTACIA
- Pridanie nazornych ukazok do priloh
- Opisanie extensions v prilohe
- Podrobnejsie opisanie serioveho cisla
- Formalna uprava textu
- Oprava opisu niektorych funkcii, prepinacov ...
- modifikacia suboru program_structure.svg
- vytvorenie 2 suborov schematic pre obidva projekty,
ktore zobrazuju schemu a opis vyuzitych funkcii v projekte
- Pridanie uzitocnych liniek
Nastroje
- Otestovane na najnovsej verzii OpenSSL 3.1.1 30 May 2023
- Otestovane na najnovsom Winlibs gcc prekladaci: gcc (MinGW-W64 x86_64-ucrt-posix-seh, built by Brecht Sanders) 13.1.0
- Otestovane s nastrojmi vyuzitymi v BPS obraze