Commit Graph

11 Commits

Author SHA1 Message Date
djm@openbsd.org
f68312eb59
upstream: Add experimental support for hybrid post-quantum key exchange
ML-KEM768 with ECDH/X25519 from the Internet-draft:
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03

This is based on previous patches from markus@ but adapted to use the
final FIPS203 standard ML-KEM using a formally-verified implementation
from libcrux.

Note this key exchange method is still a draft and thus subject to
change. It is therefore disabled by default; set MLKEM=yes to build it.
We're making it available now to make it easy for other SSH
implementations to test against it.

ok markus@ deraadt@

OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c
2024-09-02 22:32:44 +10:00
djm@openbsd.org
9fbbfeca1c
upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.

ok tb@ tobhe@

OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
2023-01-16 10:57:41 +11:00
dtucker@openbsd.org
599df78f30 upstream: Update the sntrup761 creation script and generated code:
- remove unneeded header files and typedefs and rely on crypto_api.h  - add
defines to map types used to the crypto_api ones instead of typedefs.  This
 prevents typedef name collisions in -portable.  - remove CRYPTO_NAMESPACE
entirely instead of making it a no-op  - delete unused functions and make the
remaining ones that aren't exported static.

ok djm@

OpenBSD-Commit-ID: 7b9d0cf3acd5a3c1091da8afe00c904d38cf5783
2021-01-08 13:49:49 +11:00
djm@openbsd.org
2c71cec020 upstream: Update/replace the experimental post-quantim hybrid key
exchange method based on Streamlined NTRU Prime (coupled with X25519).

The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.

The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).

Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself

(note this both the updated method and the one that it replaced are
disabled by default)

OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
2020-12-29 12:38:53 +11:00
djm@openbsd.org
dfd591618c upstream: Add support for a PQC KEX/KEM:
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.

introduce KEM API; a simplified framework for DH-ish KEX methods.

from markus@ feedback & ok djm@

OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
2019-01-21 22:07:02 +11:00
Damien Miller
89f09ee687 crypto_api.h needs includes.h 2018-01-24 12:20:44 +11:00
naddy@openbsd.org
4cdc5956f2 upstream commit
Replace ED25519's private SHA-512 implementation with a
call to the regular digest code.  This speeds up compilation considerably. ok
markus@

OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c
2017-12-19 15:20:43 +11:00
Darren Tucker
ac413b62ea - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. 2014-01-17 12:31:33 +11:00
Damien Miller
6674eb9683 - markus@cvs.openbsd.org 2013/12/17 10:36:38
[crypto_api.h]
     I've assempled the header file by cut&pasting from generated headers
     and the source files.
2013-12-18 17:50:39 +11:00
Damien Miller
155b5a5bf1 - markus@cvs.openbsd.org 2013/12/09 11:08:17
[crypto_api.h]
     remove unused defines
2013-12-18 17:48:32 +11:00
Damien Miller
5be9d9e3cb - markus@cvs.openbsd.org 2013/12/06 13:39:49
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
     [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
     [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
     [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
     [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
     support ed25519 keys (hostkeys and user identities) using the public
     domain ed25519 reference code from SUPERCOP, see
     http://ed25519.cr.yp.to/software.html
     feedback, help & ok djm@
2013-12-07 11:24:01 +11:00