From f68312eb593943127b39ba79a4d7fa438c34c153 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 2 Sep 2024 12:13:56 +0000 Subject: upstream: Add experimental support for hybrid post-quantum key exchange ML-KEM768 with ECDH/X25519 from the Internet-draft: https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This is based on previous patches from markus@ but adapted to use the final FIPS203 standard ML-KEM using a formally-verified implementation from libcrux. Note this key exchange method is still a draft and thus subject to change. It is therefore disabled by default; set MLKEM=yes to build it. We're making it available now to make it easy for other SSH implementations to test against it. ok markus@ deraadt@ OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c --- sshconnect2.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'sshconnect2.c') diff --git a/sshconnect2.c b/sshconnect2.c index e63bb5ec6..dcdfa7d50 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.373 2024/05/17 06:38:00 jsg Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.374 2024/09/02 12:13:56 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -274,6 +274,9 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, #endif ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client; +#ifdef WITH_MLKEM + ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_client; +#endif ssh->kex->verify_host_key=&verify_host_key_callback; ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); -- cgit v1.2.3