From: djm Date: Mon, 9 Sep 2024 02:39:57 +0000 (+0000) Subject: pull post-quantum ML-KEM/x25519 key exchange out from compile-time X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=4e5f03cb47c24aef03761f29b01d695b98a8148e;p=openbsd pull post-quantum ML-KEM/x25519 key exchange out from compile-time flag now than an IANA codepoint has been assigned for the algorithm. Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot. ok markus@ --- diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc index 4b7b302afcb..772d7451ce6 100644 --- a/usr.bin/ssh/Makefile.inc +++ b/usr.bin/ssh/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.95 2024/09/02 12:13:56 djm Exp $ +# $OpenBSD: Makefile.inc,v 1.96 2024/09/09 02:39:57 djm Exp $ .include @@ -38,8 +38,6 @@ WARNINGS=yes OPENSSL?= yes ZLIB?= yes DSAKEY?= no -# NB. experimental; Internet-draft subject to change. -MLKEM?= no .if (${OPENSSL:L} == "yes") CFLAGS+= -DWITH_OPENSSL @@ -53,10 +51,6 @@ CFLAGS+= -DWITH_ZLIB CFLAGS+= -DWITH_DSA .endif -.if (${MLKEM:L} == "yes") -CFLAGS+= -DWITH_MLKEM -.endif - CFLAGS+= -DENABLE_PKCS11 .ifndef NOPIC CFLAGS+= -DHAVE_DLOPEN @@ -86,9 +80,7 @@ SRCS_KEX+= smult_curve25519_ref.c SRCS_KEX+= kexgen.c SRCS_KEX+= kexsntrup761x25519.c SRCS_KEX+= sntrup761.c -.if (${MLKEM:L} == "yes") SRCS_KEX+= kexmlkem768x25519.c -.endif SRCS_KEY+= sshkey.c SRCS_KEY+= cipher.c diff --git a/usr.bin/ssh/kex-names.c b/usr.bin/ssh/kex-names.c index cb2181952f7..ffaad7fc13e 100644 --- a/usr.bin/ssh/kex-names.c +++ b/usr.bin/ssh/kex-names.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex-names.c,v 1.3 2024/09/02 12:13:56 djm Exp $ */ +/* $OpenBSD: kex-names.c,v 1.4 2024/09/09 02:39:57 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -72,10 +72,8 @@ static const struct kexalg kexalgs[] = { SSH_DIGEST_SHA512 }, { KEX_SNTRUP761X25519_SHA512_OLD, KEX_KEM_SNTRUP761X25519_SHA512, 0, SSH_DIGEST_SHA512 }, -#ifdef WITH_MLKEM { KEX_MLKEM768X25519_SHA256, KEX_KEM_MLKEM768X25519_SHA256, 0, SSH_DIGEST_SHA256 }, -#endif { NULL, 0, -1, -1}, }; diff --git a/usr.bin/ssh/kexgen.c b/usr.bin/ssh/kexgen.c index 7968897a874..7a5a98edc12 100644 --- a/usr.bin/ssh/kexgen.c +++ b/usr.bin/ssh/kexgen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgen.c,v 1.9 2024/09/02 12:13:56 djm Exp $ */ +/* $OpenBSD: kexgen.c,v 1.10 2024/09/09 02:39:57 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -117,11 +117,9 @@ kex_gen_client(struct ssh *ssh) case KEX_KEM_SNTRUP761X25519_SHA512: r = kex_kem_sntrup761x25519_keypair(kex); break; -#ifdef WITH_MLKEM case KEX_KEM_MLKEM768X25519_SHA256: r = kex_kem_mlkem768x25519_keypair(kex); break; -#endif default: r = SSH_ERR_INVALID_ARGUMENT; break; @@ -194,12 +192,10 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) r = kex_kem_sntrup761x25519_dec(kex, server_blob, &shared_secret); break; -#ifdef WITH_MLKEM case KEX_KEM_MLKEM768X25519_SHA256: r = kex_kem_mlkem768x25519_dec(kex, server_blob, &shared_secret); break; -#endif default: r = SSH_ERR_INVALID_ARGUMENT; break; @@ -320,12 +316,10 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_kem_sntrup761x25519_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; -#ifdef WITH_MLKEM case KEX_KEM_MLKEM768X25519_SHA256: r = kex_kem_mlkem768x25519_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; -#endif default: r = SSH_ERR_INVALID_ARGUMENT; break; diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 255e37ee36a..eea5600230a 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.241 2024/09/02 12:13:56 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.242 2024/09/09 02:39:57 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1456,9 +1456,7 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) #endif kex->kex[KEX_C25519_SHA256] = kex_gen_server; kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; -#ifdef WITH_MLKEM kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server; -#endif kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h index bef6569085b..3bdc2e95553 100644 --- a/usr.bin/ssh/myproposal.h +++ b/usr.bin/ssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.72 2024/08/22 23:11:30 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.73 2024/09/09 02:39:57 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -27,6 +27,7 @@ #define KEX_SERVER_KEX \ "sntrup761x25519-sha512," \ "sntrup761x25519-sha512@openssh.com," \ + "mlkem768x25519-sha256," \ "curve25519-sha256," \ "curve25519-sha256@libssh.org," \ "ecdh-sha2-nistp256," \ diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index a2043912634..df8abc2e62e 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.160 2024/09/04 05:33:34 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.161 2024/09/09 02:39:57 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -277,9 +277,7 @@ keygrab_ssh2(con *c) #endif c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client; -#ifdef WITH_MLKEM c->c_ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_client; -#endif ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper); /* * do the key-exchange until an error occurs or until diff --git a/usr.bin/ssh/ssh_api.c b/usr.bin/ssh/ssh_api.c index 9897bb8d045..1a83880def3 100644 --- a/usr.bin/ssh/ssh_api.c +++ b/usr.bin/ssh/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.30 2024/09/02 12:13:56 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.31 2024/09/09 02:39:57 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -130,9 +130,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; -#ifdef WITH_MLKEM ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server; -#endif ssh->kex->load_host_public_key=&_ssh_host_public_key; ssh->kex->load_host_private_key=&_ssh_host_private_key; ssh->kex->sign=&_ssh_host_key_sign; @@ -149,9 +147,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client; -#ifdef WITH_MLKEM ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_client; -#endif ssh->kex->verify_host_key =&_ssh_verify_host_key; } *sshp = ssh; diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 0228cbc5026..5ad2ac4a7ef 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.374 2024/09/02 12:13:56 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.375 2024/09/09 02:39:57 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -267,9 +267,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, #endif ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client; -#ifdef WITH_MLKEM ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_client; -#endif ssh->kex->verify_host_key=&verify_host_key_callback; ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); diff --git a/usr.bin/ssh/sshd-session.c b/usr.bin/ssh/sshd-session.c index 64502af3549..e4b698db539 100644 --- a/usr.bin/ssh/sshd-session.c +++ b/usr.bin/ssh/sshd-session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd-session.c,v 1.8 2024/09/02 12:18:35 djm Exp $ */ +/* $OpenBSD: sshd-session.c,v 1.9 2024/09/09 02:39:57 djm Exp $ */ /* * SSH2 implementation: * Privilege Separation: @@ -1334,9 +1334,7 @@ do_ssh2_kex(struct ssh *ssh) #endif kex->kex[KEX_C25519_SHA256] = kex_gen_server; kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; -#ifdef WITH_MLKEM kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server; -#endif kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index;