From e22dafae03e12da1646c202bfead7639b473b957 Mon Sep 17 00:00:00 2001 From: Alex Harrison Date: Tue, 3 Feb 2026 10:55:47 -0700 Subject: [PATCH 1/2] Update README.md and add GOVERNANCE.md (#187) * Add Alex and Andrew as contributors Signed-off-by: Alex Harrison * Create GOVERNANCE.md Signed-off-by: Alex Harrison * Section addressing PQ in OQS-SSH vs OpenSSH Signed-off-by: Alex Harrison * Remove @baentsch from Committers Signed-off-by: Alex Harrison * Removing @baentsch as Release Manager Signed-off-by: Alex Harrison * Specify mainline OpenSSH in PQ description Co-authored-by: Douglas Stebila Signed-off-by: Alex Harrison --------- Signed-off-by: Alex Harrison Co-authored-by: Douglas Stebila Signed-off-by: Alexander Harrison --- GOVERNANCE.md | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 8 ++++ 2 files changed, 138 insertions(+) create mode 100644 GOVERNANCE.md diff --git a/GOVERNANCE.md b/GOVERNANCE.md new file mode 100644 index 000000000000..4a212570cfac --- /dev/null +++ b/GOVERNANCE.md @@ -0,0 +1,130 @@ +# Governance + +## Basic principles + +This project aims to operate by the following principles: + +- **Openness**: The project will be open in its operation, open to contributions, and produce open source software. +- **Respect**: The project will foster respectful interactions with all participants. +- **Scientific integrity**: The project will follow advancements in cryptographic research and will be guided by standards and best practices. + +Decision making in the project will follow the principles above, and be governed first and foremost by reason and mutually respectful interaction between all participants. +The project will aim to build consensus for decisions, and will where possible operate by the approach of [lazy consensus](https://community.apache.org/committers/decisionMaking.html). +If decisions cannot be reached using lazy consensus, voting will be used to come to a resolution. + +## Community and Roles + +The OQS community is open to all who would like to participate in the project following its principles, including academic, industry, public sector, and individual contributors. + +The following roles exist in the project: + +### Users + +A **User** is a person or organization using software produced by the project. + +Responsibilities: + +- Abide by the [license][LICENSE.txt] +- Consider participating in the project! + +### Community Members + +A **Community Member** is a User who interacts with the project, for example by participating in discussions on Github or mailing lists, or in project meetings. + +Responsibilities: + +- Follow the [code of conduct](CODE_OF_CONDUCT.md) + +### Contributors + +A **Contributor** is a Community Member who contributes directly to the project by submitting code or documentation, or actively participating in issues or pull requests on Github. + +### Committers + +A **Committer** is a Contributor with increased experience in the project who helps review pull requests and actively participates in discussions about the project. Committers will be members of the open-quantum-safe GitHub organization and will have "write" permissions in GitHub. + +Responsibilities: + +- Further the goals of the project. +- Monitor and respond to GitHub issues. +- Review and merge pull requests. +- Assist with security releases when required. +- Participate in discussions and project meetings. + +### Release managers + +A release manager is a Contributor versed in creating releases of the project. + +Responsibilities: + +- Manage the release cycle, incl. creation of suitable user documentation. +- Execution of downstream tests ascertaining quality of releases. + +### Maintainers + +A **Maintainer** is a Committer who makes significant and sustained contributions to the project, and is committed to guiding the direction of the project. Maintainers will have "administrative" permissions in GitHub and thus are also able to act as Release managers. + +Responsibilities: + +- Oversee the overall project health and growth. +- Lead communication for the project. +- Define general and technical guidelines for the project. +- Identify priorities. + +### Change of role + +Any Community Member may become a Contributor by creating a pull request (PR) and getting it successfully reviewed and merged by Committers. + +Any Contributor can become a Committer by contributing sufficient code and displaying deep subject matter knowledge in discussions such that a majority of Committers vote for this change of role. A Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of Committers. + +As such a voting decision may be considered subjective, Contributors striving to become Committers are encouraged to ask for advice from Committers/Maintainers as to what they can do to obtain this role. Baseline requirements for contributions are documented in [CONTRIBUTING.md](CONTRIBUTING.md). Any Contributor can create a discussion item to request a vote to become Committer. + +Any Committer can become a Maintainer by majority vote of voting Committers. A current Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of all Committers. + +A Maintainer is not permitted to remove another Maintainer's GitHub privileges. + +A Committer may be automatically moved to Contributor status if not actively contributing by discussion or PR review during the last 90 days or by voluntarily suspending this status (e.g., by taking a ["Leave of absence"](#leave-of-absence)). If a Maintainer loses or relinquishes the Committer status and, hence, the Maintainer status, the Committers have to determine whether a new Maintainer needs to be elected. + +Any person violating the [code of conduct](CODE_OF_CONDUCT.md), consistently not fulfilling the role responsibilities, or for other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetos that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree. + +Depending on the reason for removal, a Maintainer may be converted to Emeritus status. Emeritus Maintainers may still be consulted on some project matters, and can be returned to Maintainer status if their availability changes and a simple majority of Committers agrees. + +### Leave of absence + +Any Committer may voluntarily step down from the role for a documented period of time, losing voting rights for that time period. The period is documented in this file next to the person's name below. At the end of this time period, the Committer automatically regains their voting rights. + +A leave of absence may not be longer than a year. If the Committer needs to be away for longer than that, they must step down from that role unconditionally, and regaining that role becomes subject of normal procedures to become Committer, as described in ["Change of role"](#change-of-role) above. + +## Voting + +Change of role or changes to this document is subject to voting. + +Votes are to be executed by way of open GitHub discussions. No quorum is needed for votes open for 4 weeks. Urgent matters may be decided by majority vote among Maintainers or 2/3 majority by all Committers within an arbitrary voting period. + +## Current Maintainers and Committers + +### Maintainers + +@dstebila + +### Committers + +@geedo0 +@xuganyu96 +@andrewyounkers +@alharrison + +### Release managers + +@geedo0 +@xuganyu96 +@andrewyounkers +@alharrison + +### Emeritus Committers + + + +## Afterword + +*This governance document was based in part of the [Falco Project governance document](https://github.com/falcosecurity/evolution/blob/main/GOVERNANCE.md). \ No newline at end of file diff --git a/README.md b/README.md index 95451e6d87b6..d7cdd28d561e 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,12 @@ While at the time of this writing there are no vulnerabilities known in any of t We realize some parties may want to deploy quantum-safe cryptography prior to the conclusion of the standardization project. We strongly recommend such attempts make use of so-called **hybrid cryptography**, in which quantum-safe public-key algorithms are combined with traditional public key algorithms (like RSA or elliptic curves) such that the solution is at least no less secure than existing traditional cryptography. This fork provides the ability to use hybrid cryptography. +### PQ Offered in OpenSSH + +While current versions of (mainline) OpenSSH provide two PQ KEMs, sntrup761x25519-sha512 and mlkem768x25519-sha256, this may not be sufficient for an individual or an organization's use-case. Currently, OpenSSH does not offer a PQ digital signature algorithm or any pure PQ KEM algorithms. These may be needed for compliance efforts or other use-cases. + +In such cases, this fork provides a valuable reference and an implementation for interoperability testing. This allows implementors to have a common third-party to test against to help ensure that different implementors will be able to interoperate as the PQ landscape matures in SSH communication. + ### Supported Algorithms If an algorithm is provided by liboqs but is not listed below, it can still be used in the fork through [either one of two ways](https://github.com/open-quantum-safe/openssh-portable/wiki/Using-liboqs-supported-algorithms-in-the-fork). @@ -222,6 +228,8 @@ Contributors to this fork of OpenSSH include: - Goutam Tamvada (University of Waterloo) - Michael Baentsch - Gerardo Ravago (Amazon Web Services) +- Alex Harrison (Cisco Systems) +- Andrew Younkers (Cisco Systems) Contributors to an earlier OQS fork of OpenSSH included: From 2d940d6dacb2021a4c50c25cdb6cdbafd3f83c87 Mon Sep 17 00:00:00 2001 From: Alexander Harrison Date: Wed, 25 Feb 2026 16:46:22 -0500 Subject: [PATCH 2/2] Updating Sphincs to SLH-DSA Signed-off-by: Alexander Harrison --- README.md | 2 +- oqs-template/generate.yml | 48 ++++++------ oqs-test/try_connection.py | 10 +-- oqs-utils.c | 6 +- oqs-utils.h | 10 +-- pathnames.h | 20 ++--- readconf.c | 10 +-- regress/Makefile | 2 +- regress/keygen-comment.sh | 4 +- servconf.c | 10 +-- sk-api.h | 10 +-- ssh-add.c | 10 +-- ssh-keygen.c | 52 ++++++------- ssh-keyscan.c | 60 +++++++-------- ssh-keysign.c | 10 +-- ssh-oqs.c | 146 ++++++++++++++++++------------------- ssh-rsa.c | 2 +- ssh.c | 10 +-- sshkey.c | 20 ++--- sshkey.h | 10 +-- 20 files changed, 226 insertions(+), 226 deletions(-) diff --git a/README.md b/README.md index d7cdd28d561e..4497f980479e 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,7 @@ The following digital signature algorithms from liboqs are supported (assuming t - **Falcon**: `falcon512`\*, `falcon1024`\*, `falconpadded512`, `falconpadded1024` - **MAYO**: `mayo1`, `mayo2`\*, `mayo3`\*, `mayo5`\* - **ML-DSA**: `mldsa44`\*, `mldsa65`\*, `mldsa87`\* -- **SPHINCS**: `sphincssha2128fsimple`\*, `sphincssha2128ssimple`, `sphincsshake128fsimple`, `sphincsshake128ssimple`, `sphincssha2192fsimple`, `sphincssha2192ssimple`, `sphincsshake192fsimple`, `sphincsshake192ssimple`, `sphincssha2256fsimple`\*, `sphincssha2256ssimple`, `sphincsshake256fsimple`, `sphincsshake256ssimple` +- **SLH-DSA**: `slhdsapuresha2128f`\*, `slhdsasha2128ssimple`, `slhdsashake128fsimple`, `slhdsashake128ssimple`, `slhdsasha2192fsimple`, `slhdsasha2192ssimple`, `slhdsashake192fsimple`, `slhdsashake192ssimple`, `slhdsapuresha2256f`\*, `slhdsasha2256ssimple`, `slhdsashake256fsimple`, `slhdsashake256ssimple` diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 7fa17562499f..992e67750cc1 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -425,8 +425,8 @@ sigs: name: 'ecdsa_nistp521' openssl_nid: 'NID_secp521r1' - - family: 'SPHINCS' - name: 'sphincs_sha2_128f_simple' + family: 'SLH-DSA' + name: 'slh_dsa_pure_sha2_128f' enable: true level: 1 mix_with: @@ -437,8 +437,8 @@ sigs: name: 'ecdsa_nistp256' openssl_nid: 'NID_X9_62_prime256v1' - - family: 'SPHINCS' - name: 'sphincs_sha2_128s_simple' + family: 'SLH-DSA' + name: 'slh_dsa_sha2_128s_simple' level: 1 mix_with: - @@ -448,8 +448,8 @@ sigs: name: 'ecdsa_nistp256' openssl_nid: 'NID_X9_62_prime256v1' - - family: 'SPHINCS' - name: 'sphincs_shake_128f_simple' + family: 'SLH-DSA' + name: 'slh_dsa_shake_128f_simple' level: 1 mix_with: - @@ -459,8 +459,8 @@ sigs: name: 'ecdsa_nistp256' openssl_nid: 'NID_X9_62_prime256v1' - - family: 'SPHINCS' - name: 'sphincs_shake_128s_simple' + family: 'SLH-DSA' + name: 'slh_dsa_shake_128s_simple' level: 1 mix_with: - @@ -470,40 +470,40 @@ sigs: name: 'ecdsa_nistp256' openssl_nid: 'NID_X9_62_prime256v1' - - family: 'SPHINCS' - name: 'sphincs_sha2_192f_simple' + family: 'SLH-DSA' + name: 'slh_dsa_sha2_192f_simple' level: 3 mix_with: - name: 'ecdsa_nistp384' openssl_nid: 'NID_secp384r1' - - family: 'SPHINCS' - name: 'sphincs_sha2_192s_simple' + family: 'SLH-DSA' + name: 'slh_dsa_sha2_192s_simple' level: 3 mix_with: - name: 'ecdsa_nistp384' openssl_nid: 'NID_secp384r1' - - family: 'SPHINCS' - name: 'sphincs_shake_192f_simple' + family: 'SLH-DSA' + name: 'slh_dsa_shake_192f_simple' level: 3 mix_with: - name: 'ecdsa_nistp384' openssl_nid: 'NID_secp384r1' - - family: 'SPHINCS' - name: 'sphincs_shake_192s_simple' + family: 'SLH-DSA' + name: 'slh_dsa_shake_192s_simple' level: 3 mix_with: - name: 'ecdsa_nistp384' openssl_nid: 'NID_secp384r1' - - family: 'SPHINCS' - name: 'sphincs_sha2_256f_simple' + family: 'SLH-DSA' + name: 'slh_dsa_pure_sha2_256f' enable: true level: 5 mix_with: @@ -511,24 +511,24 @@ sigs: name: 'ecdsa_nistp521' openssl_nid: 'NID_secp521r1' - - family: 'SPHINCS' - name: 'sphincs_sha2_256s_simple' + family: 'SLH-DSA' + name: 'slh_dsa_sha2_256s_simple' level: 5 mix_with: - name: 'ecdsa_nistp521' openssl_nid: 'NID_secp521r1' - - family: 'SPHINCS' - name: 'sphincs_shake_256f_simple' + family: 'SLH-DSA' + name: 'slh_dsa_shake_256f_simple' level: 5 mix_with: - name: 'ecdsa_nistp521' openssl_nid: 'NID_secp521r1' - - family: 'SPHINCS' - name: 'sphincs_shake_256s_simple' + family: 'SLH-DSA' + name: 'slh_dsa_shake_256s_simple' level: 5 mix_with: - diff --git a/oqs-test/try_connection.py b/oqs-test/try_connection.py index bcffc44e8b34..d139932f5612 100644 --- a/oqs-test/try_connection.py +++ b/oqs-test/try_connection.py @@ -83,11 +83,11 @@ "ssh-ecdsa-nistp256-falcon512", "ssh-falcon1024", "ssh-ecdsa-nistp521-falcon1024", - "ssh-sphincssha2128fsimple", - "ssh-rsa3072-sphincssha2128fsimple", - "ssh-ecdsa-nistp256-sphincssha2128fsimple", - "ssh-sphincssha2256fsimple", - "ssh-ecdsa-nistp521-sphincssha2256fsimple", + "ssh-slhdsapuresha2128f", + "ssh-rsa3072-slhdsapuresha2128f", + "ssh-ecdsa-nistp256-slhdsapuresha2128f", + "ssh-slhdsapuresha2256f", + "ssh-ecdsa-nistp521-slhdsapuresha2256f", "ssh-mldsa-44", "ssh-rsa3072-mldsa-44", "ssh-ecdsa-nistp256-mldsa-44", diff --git a/oqs-utils.c b/oqs-utils.c index 2ca75ab7c513..e423cde00db5 100644 --- a/oqs-utils.c +++ b/oqs-utils.c @@ -5,7 +5,7 @@ int oqs_utils_is_rsa_hybrid(int keytype) { ///// OQS_TEMPLATE_FRAGMENT_LIST_RSA_HYBRIDS_START case KEY_RSA3072_FALCON_512: return 1; - case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: + case KEY_RSA3072_SLH_DSA_PURE_SHA2_128F: return 1; case KEY_RSA3072_ML_DSA_44: return 1; @@ -23,9 +23,9 @@ int oqs_utils_is_ecdsa_hybrid(int keytype) { return 1; case KEY_ECDSA_NISTP521_FALCON_1024: return 1; - case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: + case KEY_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F: return 1; - case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: + case KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F: return 1; case KEY_ECDSA_NISTP256_ML_DSA_44: return 1; diff --git a/oqs-utils.h b/oqs-utils.h index 5225a7d85927..e57bf252de36 100644 --- a/oqs-utils.h +++ b/oqs-utils.h @@ -9,8 +9,8 @@ #define CASE_KEY_OQS \ case KEY_FALCON_512: \ case KEY_FALCON_1024: \ - case KEY_SPHINCS_SHA2_128F_SIMPLE: \ - case KEY_SPHINCS_SHA2_256F_SIMPLE: \ + case KEY_SLH_DSA_PURE_SHA2_128F: \ + case KEY_SLH_DSA_PURE_SHA2_256F: \ case KEY_ML_DSA_44: \ case KEY_ML_DSA_65: \ case KEY_ML_DSA_87: \ @@ -20,15 +20,15 @@ #define CASE_KEY_RSA_HYBRID \ case KEY_RSA3072_FALCON_512: \ - case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: \ + case KEY_RSA3072_SLH_DSA_PURE_SHA2_128F: \ case KEY_RSA3072_ML_DSA_44: \ case KEY_RSA3072_MAYO_2 #define CASE_KEY_ECDSA_HYBRID \ case KEY_ECDSA_NISTP256_FALCON_512: \ case KEY_ECDSA_NISTP521_FALCON_1024: \ - case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: \ - case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: \ + case KEY_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F: \ + case KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F: \ case KEY_ECDSA_NISTP256_ML_DSA_44: \ case KEY_ECDSA_NISTP384_ML_DSA_65: \ case KEY_ECDSA_NISTP521_ML_DSA_87: \ diff --git a/pathnames.h b/pathnames.h index 6dfa4a4d9343..dae53d176ddd 100644 --- a/pathnames.h +++ b/pathnames.h @@ -45,11 +45,11 @@ #define _PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp256_falcon512_key" #define _PATH_HOST_FALCON_1024_KEY_FILE SSHDIR "/ssh_host_falcon1024_key" #define _PATH_HOST_ECDSA_NISTP521_FALCON_1024_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp521_falcon1024_key" -#define _PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_sphincssha2128fsimple_key" -#define _PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_rsa3072_sphincssha2128fsimple_key" -#define _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp256_sphincssha2128fsimple_key" -#define _PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_sphincssha2256fsimple_key" -#define _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp521_sphincssha2256fsimple_key" +#define _PATH_HOST_SLH_DSA_PURE_SHA2_128F_KEY_FILE SSHDIR "/ssh_host_slhdsapuresha2128f_key" +#define _PATH_HOST_RSA3072_SLH_DSA_PURE_SHA2_128F_KEY_FILE SSHDIR "/ssh_host_rsa3072_slhdsapuresha2128f_key" +#define _PATH_HOST_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp256_slhdsapuresha2128f_key" +#define _PATH_HOST_SLH_DSA_PURE_SHA2_256F_KEY_FILE SSHDIR "/ssh_host_slhdsapuresha2256f_key" +#define _PATH_HOST_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp521_slhdsapuresha2256f_key" #define _PATH_HOST_ML_DSA_44_KEY_FILE SSHDIR "/ssh_host_mldsa44_key" #define _PATH_HOST_RSA3072_ML_DSA_44_KEY_FILE SSHDIR "/ssh_host_rsa3072_mldsa44_key" #define _PATH_HOST_ECDSA_NISTP256_ML_DSA_44_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp256_mldsa44_key" @@ -122,11 +122,11 @@ #define _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_FALCON_512 _PATH_SSH_USER_DIR "/id_ecdsa_nistp256_falcon512" #define _PATH_SSH_CLIENT_ID_FALCON_1024 _PATH_SSH_USER_DIR "/id_falcon1024" #define _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_FALCON_1024 _PATH_SSH_USER_DIR "/id_ecdsa_nistp521_falcon1024" -#define _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_128F_SIMPLE _PATH_SSH_USER_DIR "/id_sphincssha2128fsimple" -#define _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA2_128F_SIMPLE _PATH_SSH_USER_DIR "/id_rsa3072_sphincssha2128fsimple" -#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE _PATH_SSH_USER_DIR "/id_ecdsa_nistp256_sphincssha2128fsimple" -#define _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_256F_SIMPLE _PATH_SSH_USER_DIR "/id_sphincssha2256fsimple" -#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE _PATH_SSH_USER_DIR "/id_ecdsa_nistp521_sphincssha2256fsimple" +#define _PATH_SSH_CLIENT_ID_SLH_DSA_PURE_SHA2_128F _PATH_SSH_USER_DIR "/id_slhdsapuresha2128f" +#define _PATH_SSH_CLIENT_ID_RSA3072_SLH_DSA_PURE_SHA2_128F _PATH_SSH_USER_DIR "/id_rsa3072_slhdsapuresha2128f" +#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F _PATH_SSH_USER_DIR "/id_ecdsa_nistp256_slhdsapuresha2128f" +#define _PATH_SSH_CLIENT_ID_SLH_DSA_PURE_SHA2_256F _PATH_SSH_USER_DIR "/id_slhdsapuresha2256f" +#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F _PATH_SSH_USER_DIR "/id_ecdsa_nistp521_slhdsapuresha2256f" #define _PATH_SSH_CLIENT_ID_ML_DSA_44 _PATH_SSH_USER_DIR "/id_mldsa44" #define _PATH_SSH_CLIENT_ID_RSA3072_ML_DSA_44 _PATH_SSH_USER_DIR "/id_rsa3072_mldsa44" #define _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_ML_DSA_44 _PATH_SSH_USER_DIR "/id_ecdsa_nistp256_mldsa44" diff --git a/readconf.c b/readconf.c index 52eacb8353c2..5721efb3666b 100644 --- a/readconf.c +++ b/readconf.c @@ -2908,8 +2908,8 @@ fill_default_options(Options * options) ///// OQS_TEMPLATE_FRAGMENT_ADD_ID_FILES_START add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_FALCON_512, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_FALCON_1024, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_128F_SIMPLE, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_256F_SIMPLE, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SLH_DSA_PURE_SHA2_128F, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SLH_DSA_PURE_SHA2_256F, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ML_DSA_44, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ML_DSA_65, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ML_DSA_87, 0); @@ -2918,14 +2918,14 @@ fill_default_options(Options * options) add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_MAYO_5, 0); #ifdef WITH_OPENSSL add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_FALCON_512, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA2_128F_SIMPLE, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_SLH_DSA_PURE_SHA2_128F, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_ML_DSA_44, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_MAYO_2, 0); #ifdef OPENSSL_HAS_ECC add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_FALCON_512, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_FALCON_1024, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_ML_DSA_44, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_ML_DSA_65, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_ML_DSA_87, 0); diff --git a/regress/Makefile b/regress/Makefile index b32d4bd82ef1..2a0d3d3be567 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -152,7 +152,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \ t8.out t8.out.pub t9.out t9.out.pub \ timestamp testdata user_*key* user_ca* user_key* \ - *dilith* *falco* *picni* *sphincs* \ + *dilith* *falco* *picni* *sphincs* *slh-dsa* *slhdsa* \ ecdsa-sha2-nistp* sk-* ssh-dss* ssh-rsa* ssh-ed25519* \ host.sk-* copy authkeys_orig sshd_config_minimal check-perm mkdtemp diff --git a/regress/keygen-comment.sh b/regress/keygen-comment.sh index 4ed0ba6d4ac4..9a0bbace8dd3 100644 --- a/regress/keygen-comment.sh +++ b/regress/keygen-comment.sh @@ -34,8 +34,8 @@ for fmt in '' RFC4716 PKCS8 PEM; do ##### OQS_TEMPLATE_FRAGMENT_EXCLUDE_OQS_ALGS_START *falcon512*) test -z "$oldfmt" || continue ;; *falcon1024*) test -z "$oldfmt" || continue ;; - *sphincssha2128fsimple*) test -z "$oldfmt" || continue ;; - *sphincssha2256fsimple*) test -z "$oldfmt" || continue ;; + *slhdsapuresha2128f*) test -z "$oldfmt" || continue ;; + *slhdsapuresha2256f*) test -z "$oldfmt" || continue ;; *mldsa-44*) test -z "$oldfmt" || continue ;; *mldsa-65*) test -z "$oldfmt" || continue ;; *mldsa-87*) test -z "$oldfmt" || continue ;; diff --git a/servconf.c b/servconf.c index db2973261964..27a917911aad 100644 --- a/servconf.c +++ b/servconf.c @@ -318,9 +318,9 @@ fill_default_server_options(ServerOptions *options) servconf_add_hostkey("[default]", 0, options, _PATH_HOST_FALCON_1024_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 0); + _PATH_HOST_SLH_DSA_PURE_SHA2_128F_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, 0); + _PATH_HOST_SLH_DSA_PURE_SHA2_256F_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, _PATH_HOST_ML_DSA_44_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, @@ -337,7 +337,7 @@ fill_default_server_options(ServerOptions *options) servconf_add_hostkey("[default]", 0, options, _PATH_HOST_RSA3072_FALCON_512_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 0); + _PATH_HOST_RSA3072_SLH_DSA_PURE_SHA2_128F_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, _PATH_HOST_RSA3072_ML_DSA_44_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, @@ -348,9 +348,9 @@ fill_default_server_options(ServerOptions *options) servconf_add_hostkey("[default]", 0, options, _PATH_HOST_ECDSA_NISTP521_FALCON_1024_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 0); + _PATH_HOST_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, 0); + _PATH_HOST_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, _PATH_HOST_ECDSA_NISTP256_ML_DSA_44_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, diff --git a/sk-api.h b/sk-api.h index 7f9feb4902c3..a075b854ab72 100644 --- a/sk-api.h +++ b/sk-api.h @@ -36,11 +36,11 @@ #define SSH_SK_ECDSA_NISTP256_FALCON_512 0x04 #define SSH_SK_FALCON_1024 0x05 #define SSH_SK_ECDSA_NISTP521_FALCON_1024 0x06 -#define SSH_SK_SPHINCS_SHA2_128F_SIMPLE 0x07 -#define SSH_SK_RSA3072_SPHINCS_SHA2_128F_SIMPLE 0x08 -#define SSH_SK_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE 0x09 -#define SSH_SK_SPHINCS_SHA2_256F_SIMPLE 0x0A -#define SSH_SK_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE 0x0B +#define SSH_SK_SLH_DSA_PURE_SHA2_128F 0x07 +#define SSH_SK_RSA3072_SLH_DSA_PURE_SHA2_128F 0x08 +#define SSH_SK_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F 0x09 +#define SSH_SK_SLH_DSA_PURE_SHA2_256F 0x0A +#define SSH_SK_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F 0x0B #define SSH_SK_ML_DSA_44 0x0C #define SSH_SK_RSA3072_ML_DSA_44 0x0D #define SSH_SK_ECDSA_NISTP256_ML_DSA_44 0x0E diff --git a/ssh-add.c b/ssh-add.c index 8a49d491c8f3..16f6b613e7e7 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -90,8 +90,8 @@ static char *default_files[] = { ///// OQS_TEMPLATE_FRAGMENT_ADD_DEFAULT_ID_FILES_START _PATH_SSH_CLIENT_ID_FALCON_512, _PATH_SSH_CLIENT_ID_FALCON_1024, - _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_128F_SIMPLE, - _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_256F_SIMPLE, + _PATH_SSH_CLIENT_ID_SLH_DSA_PURE_SHA2_128F, + _PATH_SSH_CLIENT_ID_SLH_DSA_PURE_SHA2_256F, _PATH_SSH_CLIENT_ID_ML_DSA_44, _PATH_SSH_CLIENT_ID_ML_DSA_65, _PATH_SSH_CLIENT_ID_ML_DSA_87, @@ -100,14 +100,14 @@ static char *default_files[] = { _PATH_SSH_CLIENT_ID_MAYO_5, #ifdef WITH_OPENSSL _PATH_SSH_CLIENT_ID_RSA3072_FALCON_512, - _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA2_128F_SIMPLE, + _PATH_SSH_CLIENT_ID_RSA3072_SLH_DSA_PURE_SHA2_128F, _PATH_SSH_CLIENT_ID_RSA3072_ML_DSA_44, _PATH_SSH_CLIENT_ID_RSA3072_MAYO_2, #ifdef OPENSSL_HAS_ECC _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_FALCON_512, _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_FALCON_1024, - _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE, - _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE, + _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F, + _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F, _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_ML_DSA_44, _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_ML_DSA_65, _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_ML_DSA_87, diff --git a/ssh-keygen.c b/ssh-keygen.c index 9bf70a4f0dd3..2ab802e80726 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -212,7 +212,7 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) case KEY_ECDSA_NISTP521_FALCON_1024: *bitsp = 521; break; - case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: + case KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F: *bitsp = 521; break; case KEY_ECDSA_NISTP384_ML_DSA_65: @@ -318,11 +318,11 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_FALCON_1024: name = _PATH_SSH_CLIENT_ID_FALCON_1024; break; - case KEY_SPHINCS_SHA2_128F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_128F_SIMPLE; + case KEY_SLH_DSA_PURE_SHA2_128F: + name = _PATH_SSH_CLIENT_ID_SLH_DSA_PURE_SHA2_128F; break; - case KEY_SPHINCS_SHA2_256F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_256F_SIMPLE; + case KEY_SLH_DSA_PURE_SHA2_256F: + name = _PATH_SSH_CLIENT_ID_SLH_DSA_PURE_SHA2_256F; break; case KEY_ML_DSA_44: name = _PATH_SSH_CLIENT_ID_ML_DSA_44; @@ -346,8 +346,8 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_RSA3072_FALCON_512: name = _PATH_SSH_CLIENT_ID_RSA3072_FALCON_512; break; - case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA2_128F_SIMPLE; + case KEY_RSA3072_SLH_DSA_PURE_SHA2_128F: + name = _PATH_SSH_CLIENT_ID_RSA3072_SLH_DSA_PURE_SHA2_128F; break; case KEY_RSA3072_ML_DSA_44: name = _PATH_SSH_CLIENT_ID_RSA3072_ML_DSA_44; @@ -362,11 +362,11 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_ECDSA_NISTP521_FALCON_1024: name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_FALCON_1024; break; - case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE; + case KEY_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F: + name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F; break; - case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE; + case KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F: + name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F; break; case KEY_ECDSA_NISTP256_ML_DSA_44: name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_ML_DSA_44; @@ -1134,8 +1134,8 @@ do_gen_all_hostkeys(struct passwd *pw) ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEY_TYPES_START { "falcon512", "FALCON_512", _PATH_HOST_FALCON_512_KEY_FILE }, { "falcon1024", "FALCON_1024", _PATH_HOST_FALCON_1024_KEY_FILE }, - { "sphincssha2128fsimple", "SPHINCS_SHA2_128F_SIMPLE", _PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE }, - { "sphincssha2256fsimple", "SPHINCS_SHA2_256F_SIMPLE", _PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE }, + { "slhdsapuresha2128f", "SLH_DSA_PURE_SHA2_128F", _PATH_HOST_SLH_DSA_PURE_SHA2_128F_KEY_FILE }, + { "slhdsapuresha2256f", "SLH_DSA_PURE_SHA2_256F", _PATH_HOST_SLH_DSA_PURE_SHA2_256F_KEY_FILE }, { "mldsa-44", "ML_DSA_44", _PATH_HOST_ML_DSA_44_KEY_FILE }, { "mldsa-65", "ML_DSA_65", _PATH_HOST_ML_DSA_65_KEY_FILE }, { "mldsa-87", "ML_DSA_87", _PATH_HOST_ML_DSA_87_KEY_FILE }, @@ -1144,14 +1144,14 @@ do_gen_all_hostkeys(struct passwd *pw) { "mayo5", "MAYO_5", _PATH_HOST_MAYO_5_KEY_FILE }, #ifdef WITH_OPENSSL { "rsa3072_falcon512", "RSA3072_FALCON_512", _PATH_HOST_RSA3072_FALCON_512_KEY_FILE }, - { "rsa3072_sphincssha2128fsimple", "RSA3072_SPHINCS_SHA2_128F_SIMPLE", _PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE }, + { "rsa3072_slhdsapuresha2128f", "RSA3072_SLH_DSA_PURE_SHA2_128F", _PATH_HOST_RSA3072_SLH_DSA_PURE_SHA2_128F_KEY_FILE }, { "rsa3072_mldsa-44", "RSA3072_ML_DSA_44", _PATH_HOST_RSA3072_ML_DSA_44_KEY_FILE }, { "rsa3072_mayo2", "RSA3072_MAYO_2", _PATH_HOST_RSA3072_MAYO_2_KEY_FILE }, #ifdef OPENSSL_HAS_ECC { "ecdsa_nistp256_falcon512", "ECDSA_NISTP256_FALCON_512", _PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE }, { "ecdsa_nistp521_falcon1024", "ECDSA_NISTP521_FALCON_1024", _PATH_HOST_ECDSA_NISTP521_FALCON_1024_KEY_FILE }, - { "ecdsa_nistp256_sphincssha2128fsimple", "ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE", _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE }, - { "ecdsa_nistp521_sphincssha2256fsimple", "ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE", _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE }, + { "ecdsa_nistp256_slhdsapuresha2128f", "ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F", _PATH_HOST_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F_KEY_FILE }, + { "ecdsa_nistp521_slhdsapuresha2256f", "ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F", _PATH_HOST_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F_KEY_FILE }, { "ecdsa_nistp256_mldsa-44", "ECDSA_NISTP256_ML_DSA_44", _PATH_HOST_ECDSA_NISTP256_ML_DSA_44_KEY_FILE }, { "ecdsa_nistp384_mldsa-65", "ECDSA_NISTP384_ML_DSA_65", _PATH_HOST_ECDSA_NISTP384_ML_DSA_65_KEY_FILE }, { "ecdsa_nistp521_mldsa-87", "ECDSA_NISTP521_ML_DSA_87", _PATH_HOST_ECDSA_NISTP521_ML_DSA_87_KEY_FILE }, @@ -1659,8 +1659,8 @@ do_change_comment(struct passwd *pw, const char *identity_comment) ///// OQS_TEMPLATE_FRAGMENT_CHECK_PRIVATE_KEY_TYPE_START private->type != KEY_FALCON_512 && private->type != KEY_FALCON_1024 && - private->type != KEY_SPHINCS_SHA2_128F_SIMPLE && - private->type != KEY_SPHINCS_SHA2_256F_SIMPLE && + private->type != KEY_SLH_DSA_PURE_SHA2_128F && + private->type != KEY_SLH_DSA_PURE_SHA2_256F && private->type != KEY_ML_DSA_44 && private->type != KEY_ML_DSA_65 && private->type != KEY_ML_DSA_87 && @@ -1669,14 +1669,14 @@ do_change_comment(struct passwd *pw, const char *identity_comment) private->type != KEY_MAYO_5 && #ifdef WITH_OPENSSL private->type != KEY_RSA3072_FALCON_512 && - private->type != KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE && + private->type != KEY_RSA3072_SLH_DSA_PURE_SHA2_128F && private->type != KEY_RSA3072_ML_DSA_44 && private->type != KEY_RSA3072_MAYO_2 && #ifdef OPENSSL_HAS_ECC private->type != KEY_ECDSA_NISTP256_FALCON_512 && private->type != KEY_ECDSA_NISTP521_FALCON_1024 && - private->type != KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE && - private->type != KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE && + private->type != KEY_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F && + private->type != KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F && private->type != KEY_ECDSA_NISTP256_ML_DSA_44 && private->type != KEY_ECDSA_NISTP384_ML_DSA_65 && private->type != KEY_ECDSA_NISTP521_ML_DSA_87 && @@ -3926,19 +3926,19 @@ main(int argc, char **argv) _PATH_HOST_ECDSA_NISTP521_FALCON_1024_KEY_FILE, rr_hostname, print_generic, opts, nopts); n += do_print_resource_record(pw, - _PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, rr_hostname, + _PATH_HOST_SLH_DSA_PURE_SHA2_128F_KEY_FILE, rr_hostname, print_generic, opts, nopts); n += do_print_resource_record(pw, - _PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, rr_hostname, + _PATH_HOST_RSA3072_SLH_DSA_PURE_SHA2_128F_KEY_FILE, rr_hostname, print_generic, opts, nopts); n += do_print_resource_record(pw, - _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, rr_hostname, + _PATH_HOST_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F_KEY_FILE, rr_hostname, print_generic, opts, nopts); n += do_print_resource_record(pw, - _PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, rr_hostname, + _PATH_HOST_SLH_DSA_PURE_SHA2_256F_KEY_FILE, rr_hostname, print_generic, opts, nopts); n += do_print_resource_record(pw, - _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, rr_hostname, + _PATH_HOST_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F_KEY_FILE, rr_hostname, print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_ML_DSA_44_KEY_FILE, rr_hostname, diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 0ba5693489d6..24329e518283 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -70,11 +70,11 @@ int ssh_port = SSH_DEFAULT_PORT; #define KT_ECDSA_NISTP256_FALCON_512 ((uint64_t)1<<9) #define KT_FALCON_1024 ((uint64_t)1<<10) #define KT_ECDSA_NISTP521_FALCON_1024 ((uint64_t)1<<11) -#define KT_SPHINCS_SHA2_128F_SIMPLE ((uint64_t)1<<12) -#define KT_RSA3072_SPHINCS_SHA2_128F_SIMPLE ((uint64_t)1<<13) -#define KT_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE ((uint64_t)1<<14) -#define KT_SPHINCS_SHA2_256F_SIMPLE ((uint64_t)1<<15) -#define KT_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE ((uint64_t)1<<16) +#define KT_SLH_DSA_PURE_SHA2_128F ((uint64_t)1<<12) +#define KT_RSA3072_SLH_DSA_PURE_SHA2_128F ((uint64_t)1<<13) +#define KT_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F ((uint64_t)1<<14) +#define KT_SLH_DSA_PURE_SHA2_256F ((uint64_t)1<<15) +#define KT_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F ((uint64_t)1<<16) #define KT_ML_DSA_44 ((uint64_t)1<<17) #define KT_RSA3072_ML_DSA_44 ((uint64_t)1<<18) #define KT_ECDSA_NISTP256_ML_DSA_44 ((uint64_t)1<<19) @@ -101,11 +101,11 @@ uint64_t get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519|KT_ECDSA_SK|KT_ED25519_SK|\ KT_ECDSA_NISTP256_FALCON_512 | \ KT_FALCON_1024 | \ KT_ECDSA_NISTP521_FALCON_1024 | \ - KT_SPHINCS_SHA2_128F_SIMPLE | \ - KT_RSA3072_SPHINCS_SHA2_128F_SIMPLE | \ - KT_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE | \ - KT_SPHINCS_SHA2_256F_SIMPLE | \ - KT_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE | \ + KT_SLH_DSA_PURE_SHA2_128F | \ + KT_RSA3072_SLH_DSA_PURE_SHA2_128F | \ + KT_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F | \ + KT_SLH_DSA_PURE_SHA2_256F | \ + KT_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F | \ KT_ML_DSA_44 | \ KT_RSA3072_ML_DSA_44 | \ KT_ECDSA_NISTP256_ML_DSA_44 | \ @@ -325,11 +325,11 @@ keygrab_ssh2(con *c) case KT_FALCON_1024: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-falcon1024"; break; - case KT_SPHINCS_SHA2_128F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-sphincssha2128fsimple"; + case KT_SLH_DSA_PURE_SHA2_128F: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-slhdsapuresha2128f"; break; - case KT_SPHINCS_SHA2_256F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-sphincssha2256fsimple"; + case KT_SLH_DSA_PURE_SHA2_256F: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-slhdsapuresha2256f"; break; case KT_ML_DSA_44: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-mldsa-44"; @@ -353,8 +353,8 @@ keygrab_ssh2(con *c) case KT_RSA3072_FALCON_512: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-falcon512"; break; - case KT_RSA3072_SPHINCS_SHA2_128F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-sphincssha2128fsimple"; + case KT_RSA3072_SLH_DSA_PURE_SHA2_128F: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-slhdsapuresha2128f"; break; case KT_RSA3072_ML_DSA_44: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-mldsa-44"; @@ -369,11 +369,11 @@ keygrab_ssh2(con *c) case KT_ECDSA_NISTP521_FALCON_1024: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp521-falcon1024"; break; - case KT_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp256-sphincssha2128fsimple"; + case KT_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp256-slhdsapuresha2128f"; break; - case KT_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp521-sphincssha2256fsimple"; + case KT_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp521-slhdsapuresha2256f"; break; case KT_ECDSA_NISTP256_ML_DSA_44: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp256-mldsa-44"; @@ -954,20 +954,20 @@ main(int argc, char **argv) case KEY_ECDSA_NISTP521_FALCON_1024: get_keytypes |= KT_ECDSA_NISTP521_FALCON_1024; break; - case KEY_SPHINCS_SHA2_128F_SIMPLE: - get_keytypes |= KT_SPHINCS_SHA2_128F_SIMPLE; + case KEY_SLH_DSA_PURE_SHA2_128F: + get_keytypes |= KT_SLH_DSA_PURE_SHA2_128F; break; - case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: - get_keytypes |= KT_RSA3072_SPHINCS_SHA2_128F_SIMPLE; + case KEY_RSA3072_SLH_DSA_PURE_SHA2_128F: + get_keytypes |= KT_RSA3072_SLH_DSA_PURE_SHA2_128F; break; - case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: - get_keytypes |= KT_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE; + case KEY_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F: + get_keytypes |= KT_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F; break; - case KEY_SPHINCS_SHA2_256F_SIMPLE: - get_keytypes |= KT_SPHINCS_SHA2_256F_SIMPLE; + case KEY_SLH_DSA_PURE_SHA2_256F: + get_keytypes |= KT_SLH_DSA_PURE_SHA2_256F; break; - case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: - get_keytypes |= KT_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE; + case KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F: + get_keytypes |= KT_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F; break; case KEY_ML_DSA_44: get_keytypes |= KT_ML_DSA_44; diff --git a/ssh-keysign.c b/ssh-keysign.c index 94f97c6c1bad..8cb6c134ab64 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -211,11 +211,11 @@ main(int argc, char **argv) key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_FALCON_1024_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP521_FALCON_1024_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_SLH_DSA_PURE_SHA2_128F_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_RSA3072_SLH_DSA_PURE_SHA2_128F_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_SLH_DSA_PURE_SHA2_256F_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_ML_DSA_44_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA3072_ML_DSA_44_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP256_ML_DSA_44_KEY_FILE, O_RDONLY); diff --git a/ssh-oqs.c b/ssh-oqs.c index 726f6fdcd426..602bcb65a71c 100644 --- a/ssh-oqs.c +++ b/ssh-oqs.c @@ -54,11 +54,11 @@ static size_t oqs_sig_pk_len(int type) case KEY_ECDSA_NISTP256_FALCON_512:return OQS_SIG_falcon_512_length_public_key; case KEY_FALCON_1024: case KEY_ECDSA_NISTP521_FALCON_1024:return OQS_SIG_falcon_1024_length_public_key; - case KEY_SPHINCS_SHA2_128F_SIMPLE: - case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: - case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE:return OQS_SIG_sphincs_sha2_128f_simple_length_public_key; - case KEY_SPHINCS_SHA2_256F_SIMPLE: - case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE:return OQS_SIG_sphincs_sha2_256f_simple_length_public_key; + case KEY_SLH_DSA_PURE_SHA2_128F: + case KEY_RSA3072_SLH_DSA_PURE_SHA2_128F: + case KEY_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F:return OQS_SIG_slh_dsa_pure_sha2_128f_length_public_key; + case KEY_SLH_DSA_PURE_SHA2_256F: + case KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F:return OQS_SIG_slh_dsa_pure_sha2_256f_length_public_key; case KEY_ML_DSA_44: case KEY_RSA3072_ML_DSA_44: case KEY_ECDSA_NISTP256_ML_DSA_44:return OQS_SIG_ml_dsa_44_length_public_key; @@ -90,13 +90,13 @@ static size_t oqs_sig_sk_len(int type) case KEY_FALCON_1024: case KEY_ECDSA_NISTP521_FALCON_1024: return OQS_SIG_falcon_1024_length_secret_key; - case KEY_SPHINCS_SHA2_128F_SIMPLE: - case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: - case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: - return OQS_SIG_sphincs_sha2_128f_simple_length_secret_key; - case KEY_SPHINCS_SHA2_256F_SIMPLE: - case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: - return OQS_SIG_sphincs_sha2_256f_simple_length_secret_key; + case KEY_SLH_DSA_PURE_SHA2_128F: + case KEY_RSA3072_SLH_DSA_PURE_SHA2_128F: + case KEY_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F: + return OQS_SIG_slh_dsa_pure_sha2_128f_length_secret_key; + case KEY_SLH_DSA_PURE_SHA2_256F: + case KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F: + return OQS_SIG_slh_dsa_pure_sha2_256f_length_secret_key; case KEY_ML_DSA_44: case KEY_RSA3072_ML_DSA_44: case KEY_ECDSA_NISTP256_ML_DSA_44: @@ -720,10 +720,10 @@ const struct sshkey_impl sshkey_falcon1024_impl = { /* .funcs = */ &sshkey_falcon1024_funcs, }; /*--------------------------------------------------- - * SPHINCS_SHA2_128F_SIMPLE METHODS + * SLH_DSA_PURE_SHA2_128F METHODS *--------------------------------------------------- */ -static int ssh_sphincssha2128fsimple_generate(struct sshkey *k, int bits) +static int ssh_slhdsapuresha2128f_generate(struct sshkey *k, int bits) { k->oqs_pk_len = oqs_sig_pk_len(k->type); k->oqs_sk_len = oqs_sig_sk_len(k->type); @@ -731,10 +731,10 @@ static int ssh_sphincssha2128fsimple_generate(struct sshkey *k, int bits) (k->oqs_sk = malloc(k->oqs_sk_len)) == NULL) { return SSH_ERR_ALLOC_FAIL; } - return OQS_SIG_sphincs_sha2_128f_simple_keypair(k->oqs_pk, k->oqs_sk); + return OQS_SIG_slh_dsa_pure_sha2_128f_keypair(k->oqs_pk, k->oqs_sk); } -int ssh_sphincssha2128fsimple_sign(struct sshkey *key, +int ssh_slhdsapuresha2128f_sign(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, @@ -744,16 +744,16 @@ int ssh_sphincssha2128fsimple_sign(struct sshkey *key, const char *sk_pin, u_int compat) { - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha2_128f_simple); + OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_slh_dsa_pure_sha2_128f); if (sig == NULL) { return SSH_ERR_ALLOC_FAIL; } - int r = oqs_sign(sig, "sphincssha2128fsimple", key, sigp, lenp, data, datalen, compat); + int r = oqs_sign(sig, "slhdsapuresha2128f", key, sigp, lenp, data, datalen, compat); OQS_SIG_free(sig); return r; } -int ssh_sphincssha2128fsimple_verify(const struct sshkey *key, +int ssh_slhdsapuresha2128f_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, @@ -762,16 +762,16 @@ int ssh_sphincssha2128fsimple_verify(const struct sshkey *key, u_int compat, struct sshkey_sig_details **detailsp) { - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha2_128f_simple); + OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_slh_dsa_pure_sha2_128f); if (sig == NULL) { return SSH_ERR_ALLOC_FAIL; } - int r = oqs_verify(sig, "sphincssha2128fsimple", key, signature, signaturelen, data, datalen, compat); + int r = oqs_verify(sig, "slhdsapuresha2128f", key, signature, signaturelen, data, datalen, compat); OQS_SIG_free(sig); return r; } -static const struct sshkey_impl_funcs sshkey_sphincssha2128fsimple_funcs = { +static const struct sshkey_impl_funcs sshkey_slhdsapuresha2128f_funcs = { /* .size = */ ssh_generic_size, /* .alloc = */ ssh_generic_alloc, /* .cleanup = */ ssh_generic_cleanup, @@ -780,28 +780,28 @@ static const struct sshkey_impl_funcs sshkey_sphincssha2128fsimple_funcs = { /* .ssh_deserialize_public = */ ssh_generic_deserialize_public, /* .ssh_serialize_private = */ ssh_generic_serialize_private, /* .ssh_deserialize_private = */ ssh_generic_deserialize_private, - /* .generate = */ ssh_sphincssha2128fsimple_generate, + /* .generate = */ ssh_slhdsapuresha2128f_generate, /* .copy_public = */ ssh_generic_copy_public, - /* .sign = */ ssh_sphincssha2128fsimple_sign, - /* .verify = */ ssh_sphincssha2128fsimple_verify, + /* .sign = */ ssh_slhdsapuresha2128f_sign, + /* .verify = */ ssh_slhdsapuresha2128f_verify, }; -const struct sshkey_impl sshkey_sphincssha2128fsimple_impl = { - /* .name = */ "ssh-sphincssha2128fsimple", - /* .shortname = */ "SPHINCSSHA2128FSIMPLE", +const struct sshkey_impl sshkey_slhdsapuresha2128f_impl = { + /* .name = */ "ssh-slhdsapuresha2128f", + /* .shortname = */ "SLHDSAPURESHA2128F", /* .sigalg = */ NULL, - /* .type = */ KEY_SPHINCS_SHA2_128F_SIMPLE, + /* .type = */ KEY_SLH_DSA_PURE_SHA2_128F, /* .nid = */ 0, /* .cert = */ 0, /* .sigonly = */ 0, /* .keybits = */ 0, - /* .funcs = */ &sshkey_sphincssha2128fsimple_funcs, + /* .funcs = */ &sshkey_slhdsapuresha2128f_funcs, }; /*--------------------------------------------------- - * SPHINCS_SHA2_256F_SIMPLE METHODS + * SLH_DSA_PURE_SHA2_256F METHODS *--------------------------------------------------- */ -static int ssh_sphincssha2256fsimple_generate(struct sshkey *k, int bits) +static int ssh_slhdsapuresha2256f_generate(struct sshkey *k, int bits) { k->oqs_pk_len = oqs_sig_pk_len(k->type); k->oqs_sk_len = oqs_sig_sk_len(k->type); @@ -809,10 +809,10 @@ static int ssh_sphincssha2256fsimple_generate(struct sshkey *k, int bits) (k->oqs_sk = malloc(k->oqs_sk_len)) == NULL) { return SSH_ERR_ALLOC_FAIL; } - return OQS_SIG_sphincs_sha2_256f_simple_keypair(k->oqs_pk, k->oqs_sk); + return OQS_SIG_slh_dsa_pure_sha2_256f_keypair(k->oqs_pk, k->oqs_sk); } -int ssh_sphincssha2256fsimple_sign(struct sshkey *key, +int ssh_slhdsapuresha2256f_sign(struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, @@ -822,16 +822,16 @@ int ssh_sphincssha2256fsimple_sign(struct sshkey *key, const char *sk_pin, u_int compat) { - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha2_256f_simple); + OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_slh_dsa_pure_sha2_256f); if (sig == NULL) { return SSH_ERR_ALLOC_FAIL; } - int r = oqs_sign(sig, "sphincssha2256fsimple", key, sigp, lenp, data, datalen, compat); + int r = oqs_sign(sig, "slhdsapuresha2256f", key, sigp, lenp, data, datalen, compat); OQS_SIG_free(sig); return r; } -int ssh_sphincssha2256fsimple_verify(const struct sshkey *key, +int ssh_slhdsapuresha2256f_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, @@ -840,16 +840,16 @@ int ssh_sphincssha2256fsimple_verify(const struct sshkey *key, u_int compat, struct sshkey_sig_details **detailsp) { - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha2_256f_simple); + OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_slh_dsa_pure_sha2_256f); if (sig == NULL) { return SSH_ERR_ALLOC_FAIL; } - int r = oqs_verify(sig, "sphincssha2256fsimple", key, signature, signaturelen, data, datalen, compat); + int r = oqs_verify(sig, "slhdsapuresha2256f", key, signature, signaturelen, data, datalen, compat); OQS_SIG_free(sig); return r; } -static const struct sshkey_impl_funcs sshkey_sphincssha2256fsimple_funcs = { +static const struct sshkey_impl_funcs sshkey_slhdsapuresha2256f_funcs = { /* .size = */ ssh_generic_size, /* .alloc = */ ssh_generic_alloc, /* .cleanup = */ ssh_generic_cleanup, @@ -858,22 +858,22 @@ static const struct sshkey_impl_funcs sshkey_sphincssha2256fsimple_funcs = { /* .ssh_deserialize_public = */ ssh_generic_deserialize_public, /* .ssh_serialize_private = */ ssh_generic_serialize_private, /* .ssh_deserialize_private = */ ssh_generic_deserialize_private, - /* .generate = */ ssh_sphincssha2256fsimple_generate, + /* .generate = */ ssh_slhdsapuresha2256f_generate, /* .copy_public = */ ssh_generic_copy_public, - /* .sign = */ ssh_sphincssha2256fsimple_sign, - /* .verify = */ ssh_sphincssha2256fsimple_verify, + /* .sign = */ ssh_slhdsapuresha2256f_sign, + /* .verify = */ ssh_slhdsapuresha2256f_verify, }; -const struct sshkey_impl sshkey_sphincssha2256fsimple_impl = { - /* .name = */ "ssh-sphincssha2256fsimple", - /* .shortname = */ "SPHINCSSHA2256FSIMPLE", +const struct sshkey_impl sshkey_slhdsapuresha2256f_impl = { + /* .name = */ "ssh-slhdsapuresha2256f", + /* .shortname = */ "SLHDSAPURESHA2256F", /* .sigalg = */ NULL, - /* .type = */ KEY_SPHINCS_SHA2_256F_SIMPLE, + /* .type = */ KEY_SLH_DSA_PURE_SHA2_256F, /* .nid = */ 0, /* .cert = */ 0, /* .sigonly = */ 0, /* .keybits = */ 0, - /* .funcs = */ &sshkey_sphincssha2256fsimple_funcs, + /* .funcs = */ &sshkey_slhdsapuresha2256f_funcs, }; /*--------------------------------------------------- * ML_DSA_44 METHODS @@ -1371,7 +1371,7 @@ const struct sshkey_impl sshkey_rsa3072_falcon512_impl = { /* .keybits = */ 0, /* .funcs = */ &sshkey_rsa3072_falcon512_funcs, }; -static const struct sshkey_impl_funcs sshkey_rsa3072_sphincssha2128fsimple_funcs = { +static const struct sshkey_impl_funcs sshkey_rsa3072_slhdsapuresha2128f_funcs = { /* .size = */ ssh_generic_size, /* .alloc = */ ssh_generic_alloc, /* .cleanup = */ ssh_generic_cleanup, @@ -1386,16 +1386,16 @@ static const struct sshkey_impl_funcs sshkey_rsa3072_sphincssha2128fsimple_funcs /* .verify = */ ssh_generic_verify, }; -const struct sshkey_impl sshkey_rsa3072_sphincssha2128fsimple_impl = { - /* .name = */ "ssh-rsa3072-sphincssha2128fsimple", - /* .shortname = */ "RSA3072_SPHINCSSHA2128FSIMPLE", +const struct sshkey_impl sshkey_rsa3072_slhdsapuresha2128f_impl = { + /* .name = */ "ssh-rsa3072-slhdsapuresha2128f", + /* .shortname = */ "RSA3072_SLHDSAPURESHA2128F", /* .sigalg = */ NULL, - /* .type = */ KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE, + /* .type = */ KEY_RSA3072_SLH_DSA_PURE_SHA2_128F, /* .nid = */ 0, /* .cert = */ 0, /* .sigonly = */ 0, /* .keybits = */ 0, - /* .funcs = */ &sshkey_rsa3072_sphincssha2128fsimple_funcs, + /* .funcs = */ &sshkey_rsa3072_slhdsapuresha2128f_funcs, }; static const struct sshkey_impl_funcs sshkey_rsa3072_mldsa44_funcs = { /* .size = */ ssh_generic_size, @@ -1502,7 +1502,7 @@ const struct sshkey_impl sshkey_ecdsanistp521_falcon1024_impl = { /* .keybits = */ 0, /* .funcs = */ &sshkey_ecdsanistp521_falcon1024_funcs, }; -static const struct sshkey_impl_funcs sshkey_ecdsanistp256_sphincssha2128fsimple_funcs = { +static const struct sshkey_impl_funcs sshkey_ecdsanistp256_slhdsapuresha2128f_funcs = { /* .size = */ ssh_generic_size, /* .alloc = */ ssh_generic_alloc, /* .cleanup = */ ssh_generic_cleanup, @@ -1517,18 +1517,18 @@ static const struct sshkey_impl_funcs sshkey_ecdsanistp256_sphincssha2128fsimple /* .verify = */ ssh_generic_verify, }; -const struct sshkey_impl sshkey_ecdsanistp256_sphincssha2128fsimple_impl = { - /* .name = */ "ssh-ecdsa-nistp256-sphincssha2128fsimple", - /* .shortname = */ "ECDSA_NISTP256_SPHINCSSHA2128FSIMPLE", +const struct sshkey_impl sshkey_ecdsanistp256_slhdsapuresha2128f_impl = { + /* .name = */ "ssh-ecdsa-nistp256-slhdsapuresha2128f", + /* .shortname = */ "ECDSA_NISTP256_SLHDSAPURESHA2128F", /* .sigalg = */ NULL, - /* .type = */ KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE, + /* .type = */ KEY_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F, /* .nid = */ NID_X9_62_prime256v1, /* .cert = */ 0, /* .sigonly = */ 0, /* .keybits = */ 0, - /* .funcs = */ &sshkey_ecdsanistp256_sphincssha2128fsimple_funcs, + /* .funcs = */ &sshkey_ecdsanistp256_slhdsapuresha2128f_funcs, }; -static const struct sshkey_impl_funcs sshkey_ecdsanistp521_sphincssha2256fsimple_funcs = { +static const struct sshkey_impl_funcs sshkey_ecdsanistp521_slhdsapuresha2256f_funcs = { /* .size = */ ssh_generic_size, /* .alloc = */ ssh_generic_alloc, /* .cleanup = */ ssh_generic_cleanup, @@ -1543,16 +1543,16 @@ static const struct sshkey_impl_funcs sshkey_ecdsanistp521_sphincssha2256fsimple /* .verify = */ ssh_generic_verify, }; -const struct sshkey_impl sshkey_ecdsanistp521_sphincssha2256fsimple_impl = { - /* .name = */ "ssh-ecdsa-nistp521-sphincssha2256fsimple", - /* .shortname = */ "ECDSA_NISTP521_SPHINCSSHA2256FSIMPLE", +const struct sshkey_impl sshkey_ecdsanistp521_slhdsapuresha2256f_impl = { + /* .name = */ "ssh-ecdsa-nistp521-slhdsapuresha2256f", + /* .shortname = */ "ECDSA_NISTP521_SLHDSAPURESHA2256F", /* .sigalg = */ NULL, - /* .type = */ KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE, + /* .type = */ KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F, /* .nid = */ NID_secp521r1, /* .cert = */ 0, /* .sigonly = */ 0, /* .keybits = */ 0, - /* .funcs = */ &sshkey_ecdsanistp521_sphincssha2256fsimple_funcs, + /* .funcs = */ &sshkey_ecdsanistp521_slhdsapuresha2256f_funcs, }; static const struct sshkey_impl_funcs sshkey_ecdsanistp256_mldsa44_funcs = { /* .size = */ ssh_generic_size, @@ -1749,14 +1749,14 @@ const struct sshkey_impl *oqs_pq_sshkey_impl(const struct sshkey *k) case KEY_ECDSA_NISTP521_FALCON_1024: impl = &sshkey_falcon1024_impl; break; - case KEY_SPHINCS_SHA2_128F_SIMPLE: - case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: - case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: - impl = &sshkey_sphincssha2128fsimple_impl; + case KEY_SLH_DSA_PURE_SHA2_128F: + case KEY_RSA3072_SLH_DSA_PURE_SHA2_128F: + case KEY_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F: + impl = &sshkey_slhdsapuresha2128f_impl; break; - case KEY_SPHINCS_SHA2_256F_SIMPLE: - case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: - impl = &sshkey_sphincssha2256fsimple_impl; + case KEY_SLH_DSA_PURE_SHA2_256F: + case KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F: + impl = &sshkey_slhdsapuresha2256f_impl; break; case KEY_ML_DSA_44: case KEY_RSA3072_ML_DSA_44: diff --git a/ssh-rsa.c b/ssh-rsa.c index 626cb1bb5c65..fae8a096bd4a 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -337,7 +337,7 @@ rsa_hash_id_from_ident(const char *ident) /* OQS-note: Currently, only L1 algorithms support RSA hybrids */ ///// OQS_TEMPLATE_FRAGMENT_LIST_L1_RSA_HYBRIDS_START strcmp(ident, "ssh-rsa3072-falcon512") == 0 || - strcmp(ident, "ssh-rsa3072-sphincssha2128fsimple") == 0 || + strcmp(ident, "ssh-rsa3072-slhdsapuresha2128f") == 0 || strcmp(ident, "ssh-rsa3072-mldsa-44") == 0 || strcmp(ident, "ssh-rsa3072-mayo2") == 0) ///// OQS_TEMPLATE_FRAGMENT_LIST_L1_RSA_HYBRIDS_END diff --git a/ssh.c b/ssh.c index be64a2d35944..c677476f1257 100644 --- a/ssh.c +++ b/ssh.c @@ -1782,11 +1782,11 @@ main(int ac, char **av) L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE, 12); L_PUBKEY(_PATH_HOST_FALCON_1024_KEY_FILE, 13); L_PUBKEY(_PATH_HOST_ECDSA_NISTP521_FALCON_1024_KEY_FILE, 14); - L_PUBKEY(_PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 15); - L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 16); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 17); - L_PUBKEY(_PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, 18); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, 19); + L_PUBKEY(_PATH_HOST_SLH_DSA_PURE_SHA2_128F_KEY_FILE, 15); + L_PUBKEY(_PATH_HOST_RSA3072_SLH_DSA_PURE_SHA2_128F_KEY_FILE, 16); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F_KEY_FILE, 17); + L_PUBKEY(_PATH_HOST_SLH_DSA_PURE_SHA2_256F_KEY_FILE, 18); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F_KEY_FILE, 19); L_PUBKEY(_PATH_HOST_ML_DSA_44_KEY_FILE, 20); L_PUBKEY(_PATH_HOST_RSA3072_ML_DSA_44_KEY_FILE, 21); L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_ML_DSA_44_KEY_FILE, 22); diff --git a/sshkey.c b/sshkey.c index 0f1dfc318795..cc6c2e68584d 100644 --- a/sshkey.c +++ b/sshkey.c @@ -119,8 +119,8 @@ extern const struct sshkey_impl sshkey_rsa_sha512_cert_impl; ///// OQS_TEMPLATE_FRAGMENT_EXTERN_KEY_IMPLS_START extern const struct sshkey_impl sshkey_falcon512_impl; extern const struct sshkey_impl sshkey_falcon1024_impl; -extern const struct sshkey_impl sshkey_sphincssha2128fsimple_impl; -extern const struct sshkey_impl sshkey_sphincssha2256fsimple_impl; +extern const struct sshkey_impl sshkey_slhdsapuresha2128f_impl; +extern const struct sshkey_impl sshkey_slhdsapuresha2256f_impl; extern const struct sshkey_impl sshkey_mldsa44_impl; extern const struct sshkey_impl sshkey_mldsa65_impl; extern const struct sshkey_impl sshkey_mldsa87_impl; @@ -130,14 +130,14 @@ extern const struct sshkey_impl sshkey_mayo5_impl; #ifdef WITH_OPENSSL extern const struct sshkey_impl sshkey_rsa3072_falcon512_impl; -extern const struct sshkey_impl sshkey_rsa3072_sphincssha2128fsimple_impl; +extern const struct sshkey_impl sshkey_rsa3072_slhdsapuresha2128f_impl; extern const struct sshkey_impl sshkey_rsa3072_mldsa44_impl; extern const struct sshkey_impl sshkey_rsa3072_mayo2_impl; #ifdef OPENSSL_HAS_ECC extern const struct sshkey_impl sshkey_ecdsanistp256_falcon512_impl; extern const struct sshkey_impl sshkey_ecdsanistp521_falcon1024_impl; -extern const struct sshkey_impl sshkey_ecdsanistp256_sphincssha2128fsimple_impl; -extern const struct sshkey_impl sshkey_ecdsanistp521_sphincssha2256fsimple_impl; +extern const struct sshkey_impl sshkey_ecdsanistp256_slhdsapuresha2128f_impl; +extern const struct sshkey_impl sshkey_ecdsanistp521_slhdsapuresha2256f_impl; extern const struct sshkey_impl sshkey_ecdsanistp256_mldsa44_impl; extern const struct sshkey_impl sshkey_ecdsanistp384_mldsa65_impl; extern const struct sshkey_impl sshkey_ecdsanistp521_mldsa87_impl; @@ -181,8 +181,8 @@ const struct sshkey_impl * const keyimpls[] = { ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEYTYPES_START &sshkey_falcon512_impl, &sshkey_falcon1024_impl, - &sshkey_sphincssha2128fsimple_impl, - &sshkey_sphincssha2256fsimple_impl, + &sshkey_slhdsapuresha2128f_impl, + &sshkey_slhdsapuresha2256f_impl, &sshkey_mldsa44_impl, &sshkey_mldsa65_impl, &sshkey_mldsa87_impl, @@ -191,14 +191,14 @@ const struct sshkey_impl * const keyimpls[] = { &sshkey_mayo5_impl, #ifdef WITH_OPENSSL &sshkey_rsa3072_falcon512_impl, - &sshkey_rsa3072_sphincssha2128fsimple_impl, + &sshkey_rsa3072_slhdsapuresha2128f_impl, &sshkey_rsa3072_mldsa44_impl, &sshkey_rsa3072_mayo2_impl, #ifdef OPENSSL_HAS_ECC &sshkey_ecdsanistp256_falcon512_impl, &sshkey_ecdsanistp521_falcon1024_impl, - &sshkey_ecdsanistp256_sphincssha2128fsimple_impl, - &sshkey_ecdsanistp521_sphincssha2256fsimple_impl, + &sshkey_ecdsanistp256_slhdsapuresha2128f_impl, + &sshkey_ecdsanistp521_slhdsapuresha2256f_impl, &sshkey_ecdsanistp256_mldsa44_impl, &sshkey_ecdsanistp384_mldsa65_impl, &sshkey_ecdsanistp521_mldsa87_impl, diff --git a/sshkey.h b/sshkey.h index 9dfdda0065a7..d55b2fe35107 100644 --- a/sshkey.h +++ b/sshkey.h @@ -77,11 +77,11 @@ enum sshkey_types { KEY_ECDSA_NISTP256_FALCON_512, KEY_FALCON_1024, KEY_ECDSA_NISTP521_FALCON_1024, - KEY_SPHINCS_SHA2_128F_SIMPLE, - KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE, - KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE, - KEY_SPHINCS_SHA2_256F_SIMPLE, - KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE, + KEY_SLH_DSA_PURE_SHA2_128F, + KEY_RSA3072_SLH_DSA_PURE_SHA2_128F, + KEY_ECDSA_NISTP256_SLH_DSA_PURE_SHA2_128F, + KEY_SLH_DSA_PURE_SHA2_256F, + KEY_ECDSA_NISTP521_SLH_DSA_PURE_SHA2_256F, KEY_ML_DSA_44, KEY_RSA3072_ML_DSA_44, KEY_ECDSA_NISTP256_ML_DSA_44,