diff --git a/README.md b/README.md index 4e65b693b238..297016ec5861 100644 --- a/README.md +++ b/README.md @@ -58,19 +58,19 @@ If an algorithm is provided by liboqs but is not listed below, it can still be u #### Key Exchange -The following quantum-safe algorithms from liboqs are supported (assuming they have been enabled in liboqs): +The following quantum-safe algorithms from liboqs are supported (assuming they have been enabled in liboqs). In general, algorithms that are enabled by default are marked with an asterisk, and should you wish to enable additional variants, consult [the "Code Generation" section of the documentation in the wiki](https://github.com/open-quantum-safe/openssh/wiki/Using-liboqs-supported-algorithms-in-the-fork#code-generation). -- **BIKE**: `bike-l1-sha512`, `bike-l3-sha512`, `bike-l5-sha512` -- **ClassicMcEliece**: `classic-mceliece-348864-sha256`, `classic-mceliece-348864f-sha256`, `classic-mceliece-460896-sha512`, `classic-mceliece-460896f-sha512`, `classic-mceliece-6688128-sha512`, `classic-mceliece-6688128f-sha512`, `classic-mceliece-6960119-sha512`, `classic-mceliece-6960119f-sha512`, `classic-mceliece-8192128-sha512`, `classic-mceliece-8192128f-sha512` -- **FrodoKEM**: `frodokem-640-aes-sha256`, `frodokem-976-aes-sha384`, `frodokem-1344-aes-sha512`, `frodokem-640-shake-sha256`, `frodokem-976-shake-sha384`, `frodokem-1344-shake-sha512` +- **BIKE**: `bike-l1-sha512`\*, `bike-l3-sha512`\*, `bike-l5-sha512`\* +- **ClassicMcEliece**: `classic-mceliece-348864-sha256`\*, `classic-mceliece-348864f-sha256`\*, `classic-mceliece-460896-sha512`\*, `classic-mceliece-460896f-sha512`\*, `classic-mceliece-6688128-sha512`\*, `classic-mceliece-6688128f-sha512`\*, `classic-mceliece-6960119-sha512`\*, `classic-mceliece-6960119f-sha512`\*, `classic-mceliece-8192128-sha512`\*, `classic-mceliece-8192128f-sha512`\* +- **FrodoKEM**: `frodokem-640-aes-sha256`\*, `frodokem-976-aes-sha384`\*, `frodokem-1344-aes-sha512`\*, `frodokem-640-shake-sha256`\*, `frodokem-976-shake-sha384`\*, `frodokem-1344-shake-sha512`\* - **HQC**: `hqc-128-sha256`, `hqc-192-sha384`, `hqc-256-sha512`† -- **Kyber**: `kyber-512-sha256`, `kyber-768-sha384`, `kyber-1024-sha512` -- **ML-KEM**: `ml-kem-512-sha256`, `ml-kem-768-sha256`, `ml-kem-1024-sha384` -- **NTRU-Prime**: `ntruprime-sntrup761-sha512` +- **Kyber**: `kyber-512-sha256`\*, `kyber-768-sha384`\*, `kyber-1024-sha512`\* +- **ML-KEM**: `mlkem512-sha256`\*, `mlkem768-sha256`\*, `mlkem1024-sha384`\* +- **NTRU-Prime**: `ntruprime-sntrup761-sha512`\* -The following hybrid algorithms are made available: +The following hybrid algorithms are made available (dependent on the associated quantum-safe algorithm being enabled): - **BIKE**: `ecdh-nistp256-bike-l1r4-sha512@openquantumsafe.org` `x25519-bike-l1r4-sha512@openquantumsafe.org` `ecdh-nistp384-bike-l3r4-sha512@openquantumsafe.org` `ecdh-nistp521-bike-l5r4-sha512@openquantumsafe.org` diff --git a/kex.c b/kex.c index 1915fc43135a..a16a11e68997 100644 --- a/kex.c +++ b/kex.c @@ -144,10 +144,6 @@ static const struct kexalg kexalgs[] = { { KEX_CLASSIC_MCELIECE_6960119F_SHA512, KEX_KEM_CLASSIC_MCELIECE_6960119F_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_CLASSIC_MCELIECE_8192128_SHA512, KEX_KEM_CLASSIC_MCELIECE_8192128_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_CLASSIC_MCELIECE_8192128F_SHA512, KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512, 0, SSH_DIGEST_SHA512 }, - { KEX_HQC_128_SHA256, KEX_KEM_HQC_128_SHA256, 0, SSH_DIGEST_SHA256 }, - { KEX_HQC_128_X25519_SHA256, KEX_KEM_HQC_128_X25519_SHA256, 0, SSH_DIGEST_SHA256 }, - { KEX_HQC_192_SHA384, KEX_KEM_HQC_192_SHA384, 0, SSH_DIGEST_SHA384 }, - { KEX_HQC_256_SHA512, KEX_KEM_HQC_256_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_ML_KEM_512_SHA256, KEX_KEM_ML_KEM_512_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_ML_KEM_512_X25519_SHA256, KEX_KEM_ML_KEM_512_X25519_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_ML_KEM_768_SHA256, KEX_KEM_ML_KEM_768_SHA256, 0, SSH_DIGEST_SHA256 }, @@ -178,9 +174,6 @@ static const struct kexalg kexalgs[] = { { KEX_CLASSIC_MCELIECE_6960119F_ECDH_NISTP521_SHA512, KEX_KEM_CLASSIC_MCELIECE_6960119F_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, { KEX_CLASSIC_MCELIECE_8192128_ECDH_NISTP521_SHA512, KEX_KEM_CLASSIC_MCELIECE_8192128_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, { KEX_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512, KEX_KEM_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, - { KEX_HQC_128_ECDH_NISTP256_SHA256, KEX_KEM_HQC_128_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, - { KEX_HQC_192_ECDH_NISTP384_SHA384, KEX_KEM_HQC_192_ECDH_NISTP384_SHA384, NID_secp384r1, SSH_DIGEST_SHA384 }, - { KEX_HQC_256_ECDH_NISTP521_SHA512, KEX_KEM_HQC_256_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, { KEX_ML_KEM_512_ECDH_NISTP256_SHA256, KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, { KEX_ML_KEM_768_ECDH_NISTP256_SHA256, KEX_KEM_ML_KEM_768_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, { KEX_ML_KEM_1024_ECDH_NISTP384_SHA384, KEX_KEM_ML_KEM_1024_ECDH_NISTP384_SHA384, NID_secp384r1, SSH_DIGEST_SHA384 }, diff --git a/kex.h b/kex.h index 148b76be5688..deab7c482eaf 100644 --- a/kex.h +++ b/kex.h @@ -96,11 +96,11 @@ #define KEX_HQC_128_X25519_SHA256 "x25519-hqc-128r3-sha256@openquantumsafe.org" #define KEX_HQC_192_SHA384 "hqc-192-sha384" #define KEX_HQC_256_SHA512 "hqc-256-sha512" -#define KEX_ML_KEM_512_SHA256 "ml-kem-512-sha256" +#define KEX_ML_KEM_512_SHA256 "mlkem512-sha256" #define KEX_ML_KEM_512_X25519_SHA256 "x25519-ml-kem-512-sha256@openquantumsafe.org" -#define KEX_ML_KEM_768_SHA256 "ml-kem-768-sha256" +#define KEX_ML_KEM_768_SHA256 "mlkem768-sha256" #define KEX_ML_KEM_768_X25519_SHA256 "mlkem768x25519-sha256" -#define KEX_ML_KEM_1024_SHA384 "ml-kem-1024-sha384" +#define KEX_ML_KEM_1024_SHA384 "mlkem1024-sha384" #define KEX_NTRUPRIME_SNTRUP761_SHA512 "sntrup761-sha512" #define KEX_NTRUPRIME_SNTRUP761_X25519_SHA512 "sntrup761x25519-sha512@openssh.com" #ifdef WITH_OPENSSL @@ -127,9 +127,6 @@ #define KEX_CLASSIC_MCELIECE_6960119F_ECDH_NISTP521_SHA512 "ecdh-nistp521-classic-mceliece-6960119fr4-sha512@openquantumsafe.org" #define KEX_CLASSIC_MCELIECE_8192128_ECDH_NISTP521_SHA512 "ecdh-nistp521-classic-mceliece-8192128r4-sha512@openquantumsafe.org" #define KEX_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512 "ecdh-nistp521-classic-mceliece-8192128fr4-sha512@openquantumsafe.org" -#define KEX_HQC_128_ECDH_NISTP256_SHA256 "ecdh-nistp256-hqc-128r3-sha256@openquantumsafe.org" -#define KEX_HQC_192_ECDH_NISTP384_SHA384 "ecdh-nistp384-hqc-192r3-sha384@openquantumsafe.org" -#define KEX_HQC_256_ECDH_NISTP521_SHA512 "ecdh-nistp521-hqc-256r3-sha512@openquantumsafe.org" #define KEX_ML_KEM_512_ECDH_NISTP256_SHA256 "ecdh-nistp256-ml-kem-512-sha256@openquantumsafe.org" #define KEX_ML_KEM_768_ECDH_NISTP256_SHA256 "mlkem768nistp256-sha256" #define KEX_ML_KEM_1024_ECDH_NISTP384_SHA384 "mlkem1024nistp384-sha384" @@ -203,10 +200,6 @@ enum kex_exchange { KEX_KEM_CLASSIC_MCELIECE_6960119F_SHA512, KEX_KEM_CLASSIC_MCELIECE_8192128_SHA512, KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512, - KEX_KEM_HQC_128_SHA256, - KEX_KEM_HQC_128_X25519_SHA256, - KEX_KEM_HQC_192_SHA384, - KEX_KEM_HQC_256_SHA512, KEX_KEM_ML_KEM_512_SHA256, KEX_KEM_ML_KEM_512_X25519_SHA256, KEX_KEM_ML_KEM_768_SHA256, @@ -238,9 +231,6 @@ enum kex_exchange { KEX_KEM_CLASSIC_MCELIECE_6960119F_ECDH_NISTP521_SHA512, KEX_KEM_CLASSIC_MCELIECE_8192128_ECDH_NISTP521_SHA512, KEX_KEM_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512, - KEX_KEM_HQC_128_ECDH_NISTP256_SHA256, - KEX_KEM_HQC_192_ECDH_NISTP384_SHA384, - KEX_KEM_HQC_256_ECDH_NISTP521_SHA512, KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256, KEX_KEM_ML_KEM_768_ECDH_NISTP256_SHA256, KEX_KEM_ML_KEM_1024_ECDH_NISTP384_SHA384, @@ -495,22 +485,6 @@ int kex_kem_classic_mceliece_8192128_dec(struct kex *, const struct sshbuf *, s int kex_kem_classic_mceliece_8192128f_keypair(struct kex *); int kex_kem_classic_mceliece_8192128f_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); int kex_kem_classic_mceliece_8192128f_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* hqc_128 prototypes */ -int kex_kem_hqc_128_keypair(struct kex *); -int kex_kem_hqc_128_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_hqc_128_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* hqc_128_x25519 prototypes */ -int kex_kem_hqc_128_x25519_keypair(struct kex *); -int kex_kem_hqc_128_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_hqc_128_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* hqc_192 prototypes */ -int kex_kem_hqc_192_keypair(struct kex *); -int kex_kem_hqc_192_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_hqc_192_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* hqc_256 prototypes */ -int kex_kem_hqc_256_keypair(struct kex *); -int kex_kem_hqc_256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_hqc_256_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* ml_kem_512 prototypes */ int kex_kem_ml_kem_512_keypair(struct kex *); int kex_kem_ml_kem_512_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); @@ -629,18 +603,6 @@ int kex_kem_classic_mceliece_8192128_ecdh_nistp521_dec(struct kex *, const stru int kex_kem_classic_mceliece_8192128f_ecdh_nistp521_keypair(struct kex *); int kex_kem_classic_mceliece_8192128f_ecdh_nistp521_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); int kex_kem_classic_mceliece_8192128f_ecdh_nistp521_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* hqc_128_nistp256 prototypes */ -int kex_kem_hqc_128_ecdh_nistp256_keypair(struct kex *); -int kex_kem_hqc_128_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_hqc_128_ecdh_nistp256_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* hqc_192_nistp384 prototypes */ -int kex_kem_hqc_192_ecdh_nistp384_keypair(struct kex *); -int kex_kem_hqc_192_ecdh_nistp384_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_hqc_192_ecdh_nistp384_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* hqc_256_nistp521 prototypes */ -int kex_kem_hqc_256_ecdh_nistp521_keypair(struct kex *); -int kex_kem_hqc_256_ecdh_nistp521_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_hqc_256_ecdh_nistp521_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* ml_kem_512_nistp256 prototypes */ int kex_kem_ml_kem_512_ecdh_nistp256_keypair(struct kex *); int kex_kem_ml_kem_512_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); diff --git a/kexgen.c b/kexgen.c index 47e6336b71f3..15cf1ba63b96 100644 --- a/kexgen.c +++ b/kexgen.c @@ -203,18 +203,6 @@ kex_gen_client(struct ssh *ssh) case KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512: r = kex_kem_classic_mceliece_8192128f_keypair(kex); break; - case KEX_KEM_HQC_128_SHA256: - r = kex_kem_hqc_128_keypair(kex); - break; - case KEX_KEM_HQC_128_X25519_SHA256: - r = kex_kem_hqc_128_x25519_keypair(kex); - break; - case KEX_KEM_HQC_192_SHA384: - r = kex_kem_hqc_192_keypair(kex); - break; - case KEX_KEM_HQC_256_SHA512: - r = kex_kem_hqc_256_keypair(kex); - break; case KEX_KEM_ML_KEM_512_SHA256: r = kex_kem_ml_kem_512_keypair(kex); break; @@ -304,15 +292,6 @@ kex_gen_client(struct ssh *ssh) case KEX_KEM_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512: r = kex_kem_classic_mceliece_8192128f_ecdh_nistp521_keypair(kex); break; - case KEX_KEM_HQC_128_ECDH_NISTP256_SHA256: - r = kex_kem_hqc_128_ecdh_nistp256_keypair(kex); - break; - case KEX_KEM_HQC_192_ECDH_NISTP384_SHA384: - r = kex_kem_hqc_192_ecdh_nistp384_keypair(kex); - break; - case KEX_KEM_HQC_256_ECDH_NISTP521_SHA512: - r = kex_kem_hqc_256_ecdh_nistp521_keypair(kex); - break; case KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256: r = kex_kem_ml_kem_512_ecdh_nistp256_keypair(kex); break; @@ -478,18 +457,6 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512: r = kex_kem_classic_mceliece_8192128f_dec(kex, server_blob, &shared_secret); break; - case KEX_KEM_HQC_128_SHA256: - r = kex_kem_hqc_128_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_HQC_128_X25519_SHA256: - r = kex_kem_hqc_128_x25519_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_HQC_192_SHA384: - r = kex_kem_hqc_192_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_HQC_256_SHA512: - r = kex_kem_hqc_256_dec(kex, server_blob, &shared_secret); - break; case KEX_KEM_ML_KEM_512_SHA256: r = kex_kem_ml_kem_512_dec(kex, server_blob, &shared_secret); break; @@ -579,15 +546,6 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_KEM_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512: r = kex_kem_classic_mceliece_8192128f_ecdh_nistp521_dec(kex, server_blob, &shared_secret); break; - case KEX_KEM_HQC_128_ECDH_NISTP256_SHA256: - r = kex_kem_hqc_128_ecdh_nistp256_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_HQC_192_ECDH_NISTP384_SHA384: - r = kex_kem_hqc_192_ecdh_nistp384_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_HQC_256_ECDH_NISTP521_SHA512: - r = kex_kem_hqc_256_ecdh_nistp521_dec(kex, server_blob, &shared_secret); - break; case KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256: r = kex_kem_ml_kem_512_ecdh_nistp256_dec(kex, server_blob, &shared_secret); break; @@ -832,22 +790,6 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_kem_classic_mceliece_8192128f_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; - case KEX_KEM_HQC_128_SHA256: - r = kex_kem_hqc_128_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_HQC_128_X25519_SHA256: - r = kex_kem_hqc_128_x25519_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_HQC_192_SHA384: - r = kex_kem_hqc_192_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_HQC_256_SHA512: - r = kex_kem_hqc_256_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; case KEX_KEM_ML_KEM_512_SHA256: r = kex_kem_ml_kem_512_enc(kex, client_pubkey, &server_pubkey, &shared_secret); @@ -966,18 +908,6 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_kem_classic_mceliece_8192128f_ecdh_nistp521_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; - case KEX_KEM_HQC_128_ECDH_NISTP256_SHA256: - r = kex_kem_hqc_128_ecdh_nistp256_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_HQC_192_ECDH_NISTP384_SHA384: - r = kex_kem_hqc_192_ecdh_nistp384_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_HQC_256_ECDH_NISTP521_SHA512: - r = kex_kem_hqc_256_ecdh_nistp521_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; case KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256: r = kex_kem_ml_kem_512_ecdh_nistp256_enc(kex, client_pubkey, &server_pubkey, &shared_secret); diff --git a/kexoqs.c b/kexoqs.c index 070086f3190c..74b7faa1dc37 100644 --- a/kexoqs.c +++ b/kexoqs.c @@ -1043,126 +1043,6 @@ int kex_kem_classic_mceliece_8192128f_dec(struct kex *kex, OQS_KEM_free(kem); return r; } -/*--------------------------------------------------- - * HQC_128 METHODS - *--------------------------------------------------- - */ -int kex_kem_hqc_128_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_128); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} -int kex_kem_hqc_128_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_128); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_128_dec(struct kex *kex, - const struct sshbuf *server_blob, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_128); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------- - * HQC_192 METHODS - *--------------------------------------------------- - */ -int kex_kem_hqc_192_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_192); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} -int kex_kem_hqc_192_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_192); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_192_dec(struct kex *kex, - const struct sshbuf *server_blob, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_192); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------- - * HQC_256 METHODS - *--------------------------------------------------- - */ -int kex_kem_hqc_256_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_256); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} -int kex_kem_hqc_256_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_256); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_256_dec(struct kex *kex, - const struct sshbuf *server_blob, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_256); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); - OQS_KEM_free(kem); - return r; -} /*--------------------------------------------------- * ML_KEM_512 METHODS *--------------------------------------------------- diff --git a/kexoqsecdh.c b/kexoqsecdh.c index 53a3cf7e8d40..6a2f847e7b67 100644 --- a/kexoqsecdh.c +++ b/kexoqsecdh.c @@ -1254,129 +1254,6 @@ int kex_kem_classic_mceliece_8192128f_ecdh_nistp521_dec(struct kex *kex, OQS_KEM_free(kem); return r; } -/*--------------------------------------------------------------- - * HQC_128_ECDH_NISTP256 METHODS - *--------------------------------------------------------------- - */ -int kex_kem_hqc_128_ecdh_nistp256_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_128); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_128_ecdh_nistp256_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_128); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_128_ecdh_nistp256_dec(struct kex *kex, - const struct sshbuf *server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_128); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------------------- - * HQC_192_ECDH_NISTP384 METHODS - *--------------------------------------------------------------- - */ -int kex_kem_hqc_192_ecdh_nistp384_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_192); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_192_ecdh_nistp384_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_192); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_192_ecdh_nistp384_dec(struct kex *kex, - const struct sshbuf *server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_192); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------------------- - * HQC_256_ECDH_NISTP521 METHODS - *--------------------------------------------------------------- - */ -int kex_kem_hqc_256_ecdh_nistp521_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_256); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_256_ecdh_nistp521_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_256); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_256_ecdh_nistp521_dec(struct kex *kex, - const struct sshbuf *server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_256); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} /*--------------------------------------------------------------- * ML_KEM_512_ECDH_NISTP256 METHODS *--------------------------------------------------------------- diff --git a/kexoqsx25519.c b/kexoqsx25519.c index 26c3482258e2..5fedd3a80e49 100644 --- a/kexoqsx25519.c +++ b/kexoqsx25519.c @@ -456,47 +456,6 @@ int kex_kem_classic_mceliece_348864f_x25519_dec(struct kex *kex, OQS_KEM_free(kem); return r; } -/*--------------------------------------------------------------- - * HQC_128_X25519 METHODS - *--------------------------------------------------------------- - */ -int kex_kem_hqc_128_x25519_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_128); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_x25519_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_128_x25519_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_128); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_x25519_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_hqc_128_x25519_dec(struct kex *kex, - const struct sshbuf *server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_hqc_128); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_x25519_dec(kem, kex, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} /*--------------------------------------------------------------- * ML_KEM_512_X25519 METHODS *--------------------------------------------------------------- diff --git a/monitor.c b/monitor.c index 600f0893bba3..cfe8685b9b89 100644 --- a/monitor.c +++ b/monitor.c @@ -1777,10 +1777,6 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_HQC_128_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_HQC_128_X25519_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_HQC_192_SHA384] = kex_gen_server; - kex->kex[KEX_KEM_HQC_256_SHA512] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_512_SHA256] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_512_X25519_SHA256] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_768_SHA256] = kex_gen_server; @@ -1812,9 +1808,6 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_ECDH_NISTP521_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_ECDH_NISTP521_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_HQC_128_ECDH_NISTP256_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_HQC_192_ECDH_NISTP384_SHA384] = kex_gen_server; - kex->kex[KEX_KEM_HQC_256_ECDH_NISTP521_SHA512] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_768_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_1024_ECDH_NISTP384_SHA384] = kex_gen_server; diff --git a/myproposal.h b/myproposal.h index 8e4c6f2b14f5..b9404a558c0d 100644 --- a/myproposal.h +++ b/myproposal.h @@ -95,13 +95,13 @@ "ecdh-nistp384-hqc-192r3-sha384@openquantumsafe.org," \ "hqc-256-sha512," \ "ecdh-nistp521-hqc-256r3-sha512@openquantumsafe.org," \ - "ml-kem-512-sha256," \ + "mlkem512-sha256," \ "ecdh-nistp256-ml-kem-512-sha256@openquantumsafe.org," \ "x25519-ml-kem-512-sha256@openquantumsafe.org," \ - "ml-kem-768-sha256," \ + "mlkem768-sha256," \ "mlkem768nistp256-sha256," \ "mlkem768x25519-sha256," \ - "ml-kem-1024-sha384," \ + "mlkem1024-sha384," \ "mlkem1024nistp384-sha384," \ "sntrup761-sha512," \ "sntrup761x25519-sha512@openssh.com" diff --git a/oqs-template/README.md/list_all_kexs.fragment b/oqs-template/README.md/list_all_kexs.fragment index d768010b6558..7e07b22159c4 100644 --- a/oqs-template/README.md/list_all_kexs.fragment +++ b/oqs-template/README.md/list_all_kexs.fragment @@ -1,4 +1,4 @@ {%- for family, kexs in (config['kexs'] | selectattr("family") | groupby('family')) %} -- **{{ family }}**: {% for kex in kexs -%} `{{ kex['name']|replace('_','-') }}-{{ kex['hash'] }}` {%- if kex['enable'] -%} * {%- endif -%} {%- if not loop.last %}, {% endif -%}{%- if loop.last and family == 'HQC' -%}†{%- endif -%}{%- endfor -%} +- **{{ family }}**: {% for kex in kexs -%} `{{ kex['name']|replace('_','-') }}-{{ kex['hash'] }}` {%- if kex['enable'] -%} \* {%- endif -%} {%- if not loop.last %}, {% endif -%}{%- if loop.last and family == 'HQC' -%}†{%- endif -%}{%- endfor -%} {%- endfor %} diff --git a/oqs-template/generate.py b/oqs-template/generate.py index 8172df0d522e..62af581b247d 100755 --- a/oqs-template/generate.py +++ b/oqs-template/generate.py @@ -53,7 +53,7 @@ def load_config(include_disabled_algs=False): config['sigs'] = [sig for sig in config['sigs'] if 'enable' in sig.keys() and sig['enable']] # enable if single KEXs are to be en/disabled: - #config['kexs'] = [kex for kex in config['kexs'] if 'enable' in kex.keys() and kex['enable']] + config['kexs'] = [kex for kex in config['kexs'] if 'enable' in kex.keys() and kex['enable']] return config diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 8e448dce84c3..83a8ab10149d 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -3,6 +3,7 @@ kexs: - family: 'FrodoKEM' name: 'frodokem_640_aes' + enable: true hash: 'sha256' pretty_name: 'frodokem-640-aes-sha256' mix_with: @@ -17,6 +18,7 @@ kexs: - family: 'FrodoKEM' name: 'frodokem_976_aes' + enable: true hash: 'sha384' pretty_name: 'frodokem-976-aes-sha384' mix_with: @@ -27,6 +29,7 @@ kexs: - family: 'FrodoKEM' name: 'frodokem_1344_aes' + enable: true hash: 'sha512' pretty_name: 'frodokem-1344-aes-sha512' mix_with: @@ -37,6 +40,7 @@ kexs: - family: 'FrodoKEM' name: 'frodokem_640_shake' + enable: true hash: 'sha256' pretty_name: 'frodokem-640-shake-sha256' mix_with: @@ -51,6 +55,7 @@ kexs: - family: 'FrodoKEM' name: 'frodokem_976_shake' + enable: true hash: 'sha384' pretty_name: 'frodokem-976-shake-sha384' mix_with: @@ -61,6 +66,7 @@ kexs: - family: 'FrodoKEM' name: 'frodokem_1344_shake' + enable: true hash: 'sha512' pretty_name: 'frodokem-1344-shake-sha512' mix_with: @@ -71,6 +77,7 @@ kexs: - family: 'Kyber' name: 'kyber_512' + enable: true hash: 'sha256' pretty_name: 'kyber-512-sha256' mix_with: @@ -85,6 +92,7 @@ kexs: - family: 'Kyber' name: 'kyber_768' + enable: true hash: 'sha384' pretty_name: 'kyber-768-sha384' mix_with: @@ -95,6 +103,7 @@ kexs: - family: 'Kyber' name: 'kyber_1024' + enable: true hash: 'sha512' pretty_name: 'kyber-1024-sha512' mix_with: @@ -105,6 +114,7 @@ kexs: - family: 'BIKE' name: 'bike_l1' + enable: true hash: 'sha512' pretty_name: 'bike-l1-sha512' mix_with: @@ -119,6 +129,7 @@ kexs: - family: 'BIKE' name: 'bike_l3' + enable: true hash: 'sha512' pretty_name: 'bike-l3-sha512' mix_with: @@ -129,6 +140,7 @@ kexs: - family: 'BIKE' name: 'bike_l5' + enable: true hash: 'sha512' pretty_name: 'bike-l5-sha512' mix_with: @@ -139,6 +151,7 @@ kexs: - family: 'ClassicMcEliece' name: 'classic_mceliece_348864' + enable: true hash: 'sha256' pretty_name: 'classic-mceliece-348864-sha256' mix_with: @@ -153,6 +166,7 @@ kexs: - family: 'ClassicMcEliece' name: 'classic_mceliece_348864f' + enable: true hash: 'sha256' pretty_name: 'classic-mceliece-348864f-sha256' mix_with: @@ -167,6 +181,7 @@ kexs: - family: 'ClassicMcEliece' name: 'classic_mceliece_460896' + enable: true hash: 'sha512' pretty_name: 'classic-mceliece-460896-sha512' mix_with: @@ -177,6 +192,7 @@ kexs: - family: 'ClassicMcEliece' name: 'classic_mceliece_460896f' + enable: true hash: 'sha512' pretty_name: 'classic-mceliece-460896f-sha512' mix_with: @@ -187,6 +203,7 @@ kexs: - family: 'ClassicMcEliece' name: 'classic_mceliece_6688128' + enable: true hash: 'sha512' pretty_name: 'classic-mceliece-6688128-sha512' mix_with: @@ -197,6 +214,7 @@ kexs: - family: 'ClassicMcEliece' name: 'classic_mceliece_6688128f' + enable: true hash: 'sha512' pretty_name: 'classic-mceliece-6688128f-sha512' mix_with: @@ -207,6 +225,7 @@ kexs: - family: 'ClassicMcEliece' name: 'classic_mceliece_6960119' + enable: true hash: 'sha512' pretty_name: 'classic-mceliece-6960119-sha512' mix_with: @@ -217,6 +236,7 @@ kexs: - family: 'ClassicMcEliece' name: 'classic_mceliece_6960119f' + enable: true hash: 'sha512' pretty_name: 'classic-mceliece-6960119f-sha512' mix_with: @@ -227,6 +247,7 @@ kexs: - family: 'ClassicMcEliece' name: 'classic_mceliece_8192128' + enable: true hash: 'sha512' pretty_name: 'classic-mceliece-8192128-sha512' mix_with: @@ -237,6 +258,7 @@ kexs: - family: 'ClassicMcEliece' name: 'classic_mceliece_8192128f' + enable: true hash: 'sha512' pretty_name: 'classic-mceliece-8192128f-sha512' mix_with: @@ -247,6 +269,7 @@ kexs: - family: 'HQC' name: 'hqc_128' + enable: false hash: 'sha256' pretty_name: 'hqc-128-sha256' mix_with: @@ -261,6 +284,7 @@ kexs: - family: 'HQC' name: 'hqc_192' + enable: false hash: 'sha384' pretty_name: 'hqc-192-sha384' mix_with: @@ -271,6 +295,7 @@ kexs: - family: 'HQC' name: 'hqc_256' + enable: false hash: 'sha512' pretty_name: 'hqc-256-sha512' mix_with: @@ -281,8 +306,9 @@ kexs: - family: 'ML-KEM' name: 'ml_kem_512' + enable: true hash: 'sha256' - pretty_name: 'ml-kem-512-sha256' + pretty_name: 'mlkem512-sha256' mix_with: - name: 'nistp256' @@ -295,8 +321,9 @@ kexs: - family: 'ML-KEM' name: 'ml_kem_768' + enable: true hash: 'sha256' - pretty_name: 'ml-kem-768-sha256' + pretty_name: 'mlkem768-sha256' mix_with: - name: 'nistp256' @@ -309,8 +336,9 @@ kexs: - family: 'ML-KEM' name: 'ml_kem_1024' + enable: true hash: 'sha384' - pretty_name: 'ml-kem-1024-sha384' + pretty_name: 'mlkem1024-sha384' mix_with: - name: 'nistp384' @@ -319,6 +347,7 @@ kexs: - family: 'NTRU-Prime' name: 'ntruprime_sntrup761' + enable: true hash: 'sha512' pretty_name: 'sntrup761-sha512' mix_with: diff --git a/oqs-test/try_connection.py b/oqs-test/try_connection.py index b092d99e744a..1321a1562e24 100644 --- a/oqs-test/try_connection.py +++ b/oqs-test/try_connection.py @@ -70,13 +70,13 @@ "ecdh-nistp384-hqc-192r3-sha384@openquantumsafe.org", "hqc-256-sha512", "ecdh-nistp521-hqc-256r3-sha512@openquantumsafe.org", - "ml-kem-512-sha256", + "mlkem512-sha256", "ecdh-nistp256-ml-kem-512-sha256@openquantumsafe.org", "x25519-ml-kem-512-sha256@openquantumsafe.org", - "ml-kem-768-sha256", + "mlkem768-sha256", "mlkem768nistp256-sha256", "mlkem768x25519-sha256", - "ml-kem-1024-sha384", + "mlkem1024-sha384", "mlkem1024nistp384-sha384", "sntrup761-sha512", "sntrup761x25519-sha512@openssh.com", diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 1a3281c4c9e3..9df60f5e8a4b 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -465,10 +465,6 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_HQC_128_SHA256] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_HQC_128_X25519_SHA256] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_HQC_192_SHA384] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_HQC_256_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_ML_KEM_512_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_ML_KEM_512_X25519_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_ML_KEM_768_SHA256] = kex_gen_client; @@ -500,9 +496,6 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_ECDH_NISTP521_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_ECDH_NISTP521_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_HQC_128_ECDH_NISTP256_SHA256] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_HQC_192_ECDH_NISTP384_SHA384] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_HQC_256_ECDH_NISTP521_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_ML_KEM_768_ECDH_NISTP256_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_ML_KEM_1024_ECDH_NISTP384_SHA384] = kex_gen_client; diff --git a/ssh_api.c b/ssh_api.c index b45d85b7da10..d4ede79ec17b 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -158,10 +158,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_HQC_128_SHA256] = kex_gen_server; - ssh->kex->kex[KEX_KEM_HQC_128_X25519_SHA256] = kex_gen_server; - ssh->kex->kex[KEX_KEM_HQC_192_SHA384] = kex_gen_server; - ssh->kex->kex[KEX_KEM_HQC_256_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_ML_KEM_512_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_ML_KEM_512_X25519_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_ML_KEM_768_SHA256] = kex_gen_server; @@ -193,9 +189,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_ECDH_NISTP521_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_ECDH_NISTP521_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_HQC_128_ECDH_NISTP256_SHA256] = kex_gen_server; - ssh->kex->kex[KEX_KEM_HQC_192_ECDH_NISTP384_SHA384] = kex_gen_server; - ssh->kex->kex[KEX_KEM_HQC_256_ECDH_NISTP521_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_ML_KEM_768_ECDH_NISTP256_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_ML_KEM_1024_ECDH_NISTP384_SHA384] = kex_gen_server; @@ -248,10 +241,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_128_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_128_X25519_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_192_SHA384] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_256_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_512_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_512_X25519_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_768_SHA256] = kex_gen_client; @@ -283,9 +272,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_ECDH_NISTP521_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_ECDH_NISTP521_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_128_ECDH_NISTP256_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_192_ECDH_NISTP384_SHA384] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_256_ECDH_NISTP521_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_768_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_1024_ECDH_NISTP384_SHA384] = kex_gen_client; diff --git a/sshconnect2.c b/sshconnect2.c index 55855fd010e2..c0e1b3f773ba 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -306,10 +306,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_128_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_128_X25519_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_192_SHA384] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_256_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_512_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_512_X25519_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_768_SHA256] = kex_gen_client; @@ -341,9 +337,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_ECDH_NISTP521_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_ECDH_NISTP521_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_128_ECDH_NISTP256_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_192_ECDH_NISTP384_SHA384] = kex_gen_client; - ssh->kex->kex[KEX_KEM_HQC_256_ECDH_NISTP521_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_768_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_ML_KEM_1024_ECDH_NISTP384_SHA384] = kex_gen_client; diff --git a/sshd.c b/sshd.c index aecee65106a6..5f7132b9b0b3 100644 --- a/sshd.c +++ b/sshd.c @@ -2459,10 +2459,6 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_HQC_128_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_HQC_128_X25519_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_HQC_192_SHA384] = kex_gen_server; - kex->kex[KEX_KEM_HQC_256_SHA512] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_512_SHA256] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_512_X25519_SHA256] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_768_SHA256] = kex_gen_server; @@ -2494,9 +2490,6 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_KEM_CLASSIC_MCELIECE_6960119F_ECDH_NISTP521_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128_ECDH_NISTP521_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_8192128F_ECDH_NISTP521_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_HQC_128_ECDH_NISTP256_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_HQC_192_ECDH_NISTP384_SHA384] = kex_gen_server; - kex->kex[KEX_KEM_HQC_256_ECDH_NISTP521_SHA512] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_512_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_768_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_ML_KEM_1024_ECDH_NISTP384_SHA384] = kex_gen_server;