Add experimental support for hybrid post-quantum key exchange
authordjm <djm@openbsd.org>
Mon, 2 Sep 2024 12:13:56 +0000 (12:13 +0000)
committerdjm <djm@openbsd.org>
Mon, 2 Sep 2024 12:13:56 +0000 (12:13 +0000)
commit9dc26a4e156f418b27590ceb0a20161d8f506073
tree0aeb08091c7dafc83b76045079f8de8165eb12cb
parent6dd0ae0386c558dadbc3427ee40c3b6c94a21985
Add experimental support for hybrid post-quantum key exchange
ML-KEM768 with ECDH/X25519 from the Internet-draft:
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03

This is based on previous patches from markus@ but adapted to use the
final FIPS203 standard ML-KEM using a formally-verified implementation
from libcrux.

Note this key exchange method is still a draft and thus subject to
change. It is therefore disabled by default; set MLKEM=yes to build it.
We're making it available now to make it easy for other SSH
implementations to test against it.

ok markus@ deraadt@
14 files changed:
usr.bin/ssh/Makefile.inc
usr.bin/ssh/crypto_api.h
usr.bin/ssh/kex-names.c
usr.bin/ssh/kex.h
usr.bin/ssh/kexc25519.c
usr.bin/ssh/kexgen.c
usr.bin/ssh/kexmlkem768x25519.c [new file with mode: 0644]
usr.bin/ssh/libcrux_mlkem768_sha3.h [new file with mode: 0644]
usr.bin/ssh/mlkem768.sh [new file with mode: 0755]
usr.bin/ssh/monitor.c
usr.bin/ssh/ssh-keyscan.c
usr.bin/ssh/ssh_api.c
usr.bin/ssh/sshconnect2.c
usr.bin/ssh/sshd-session.c