forked from openssh/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for hybrid-PQ key exchange with x25519
This adds support for hybrid-PQ key exchanges with x25519. This allows for the implementation of `mlkem768x25519-sha256` as defined by [draft-kampanakis-curdle-ssh-pq-ke-02](https://datatracker.ietf.org/doc/draft-kampanakis-curdle-ssh-pq-ke/) and `[email protected]` as defined by upstream OpenSSH. We also take the opportunity to add hybrid implementations for all existing PQ key exchanges which supported NIST P-256. Due to the conflicting implementation for `[email protected]` we omit an OQS exclusive version for now and will plan for it in a future PR. Unlike in `oqs-provider`, we cannot provide support for x448 hybrid algorithms since the x448 algorithm is not available within OpenSSH. The way this all works is by introducing a new source file `kexoqsx25519.c` which is a synthesis of `kexoqsecdh.c` and `kexsntrup761x25519.c`. These files provide example implementations of hybrid-PQ for OQS-backed algorithms and x25519 usage. In that source file, we define functions to implement OpenSSH's KEX interface for each hybrid algorithm using an `oqs-template` file. Within the `generate.yml`, we add a new boolean key to flag `x25519` hybrids similar to how the `rsa` key works for hybrid signatures. Related to issue #163. Signed-off-by: Gerardo Ravago <[email protected]>
- Loading branch information
Showing
30 changed files
with
961 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -76,12 +76,12 @@ The following quantum-safe algorithms from liboqs are supported (assuming they h | |
| The following hybrid algorithms are made available: | ||
|
|
||
| <!--- OQS_TEMPLATE_FRAGMENT_LIST_ALL_HYBRID_KEXS_START --> | ||
| - **BIKE**: `[email protected]` `[email protected]` `[email protected]` | ||
| - **ClassicMcEliece**: `ecdh-nistp256-classic-mceliece-348864r4-sha256@openquantumsafe.org` `ecdh-nistp256-classic-mceliece-348864fr4-sha256@openquantumsafe.org` `ecdh-nistp384-classic-mceliece-460896r4-sha512@openquantumsafe.org` `ecdh-nistp384-classic-mceliece-460896fr4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6688128r4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6688128fr4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6960119r4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6960119fr4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-8192128r4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-8192128fr4-sha512@openquantumsafe.org` | ||
| - **FrodoKEM**: `[email protected]` `[email protected]` `[email protected]` `[email protected]` `[email protected]` `[email protected]` | ||
| - **HQC**: `[email protected]` `[email protected]` `[email protected]` | ||
| - **Kyber**: `[email protected]` `[email protected]` `[email protected]` | ||
| - **ML-KEM**: `[email protected]` `mlkem768nistp256-sha256` `mlkem1024nistp384-sha384` | ||
| - **BIKE**: `[email protected]` `[email protected]` `[email protected]` `[email protected]` | ||
| - **ClassicMcEliece**: `ecdh-nistp256-classic-mceliece-348864r4-sha256@openquantumsafe.org` `[email protected]` `ecdh-nistp256[email protected]` `x25519[email protected]` `ecdh-nistp384-classic-mceliece-460896r4-sha512@openquantumsafe.org` `ecdh-nistp384-classic-mceliece-460896fr4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6688128r4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6688128fr4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6960119r4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6960119fr4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-8192128r4-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-8192128fr4-sha512@openquantumsafe.org` | ||
| - **FrodoKEM**: `[email protected]` `[email protected]` `[email protected]` `[email protected]` `ecdh-nistp256[email protected]` `x25519[email protected]` `[email protected]` `[email protected]` | ||
| - **HQC**: `[email protected]` `[email protected]` `[email protected]` `[email protected]` | ||
| - **Kyber**: `[email protected]` `[email protected]` `[email protected]` `[email protected]` | ||
| - **ML-KEM**: `[email protected]` `[email protected]` `mlkem768nistp256-sha256` `mlkem768x25519-sha256` `mlkem1024nistp384-sha384` | ||
| <!--- OQS_TEMPLATE_FRAGMENT_LIST_ALL_HYBRID_KEXS_END --> | ||
|
|
||
| Note that algorithms marked with a dagger (†) have large stack usage and may cause failures when run on threads or in constrained environments. For example, McEliece require building `oqs-openssh` with a large(r) stack provision than is default: Adding `LDFLAGS="-Wl,--stack,20000000"` to [the `./configure` command below](#step-2-build-the-fork) is required to allow cygwin-based testing to pass. | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -66,19 +66,25 @@ | |
| #define KEX_SNTRUP761X25519_SHA512 "[email protected]" | ||
| ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEX_PRETTY_NAMES_START | ||
| #define KEX_FRODOKEM_640_AES_SHA256 "frodokem-640-aes-sha256" | ||
| #define KEX_FRODOKEM_640_AES_X25519_SHA256 "[email protected]" | ||
| #define KEX_FRODOKEM_976_AES_SHA384 "frodokem-976-aes-sha384" | ||
| #define KEX_FRODOKEM_1344_AES_SHA512 "frodokem-1344-aes-sha512" | ||
| #define KEX_FRODOKEM_640_SHAKE_SHA256 "frodokem-640-shake-sha256" | ||
| #define KEX_FRODOKEM_640_SHAKE_X25519_SHA256 "[email protected]" | ||
| #define KEX_FRODOKEM_976_SHAKE_SHA384 "frodokem-976-shake-sha384" | ||
| #define KEX_FRODOKEM_1344_SHAKE_SHA512 "frodokem-1344-shake-sha512" | ||
| #define KEX_KYBER_512_SHA256 "kyber-512-sha256" | ||
| #define KEX_KYBER_512_X25519_SHA256 "[email protected]" | ||
| #define KEX_KYBER_768_SHA384 "kyber-768-sha384" | ||
| #define KEX_KYBER_1024_SHA512 "kyber-1024-sha512" | ||
| #define KEX_BIKE_L1_SHA512 "bike-l1-sha512" | ||
| #define KEX_BIKE_L1_X25519_SHA512 "[email protected]" | ||
| #define KEX_BIKE_L3_SHA512 "bike-l3-sha512" | ||
| #define KEX_BIKE_L5_SHA512 "bike-l5-sha512" | ||
| #define KEX_CLASSIC_MCELIECE_348864_SHA256 "classic-mceliece-348864-sha256" | ||
| #define KEX_CLASSIC_MCELIECE_348864_X25519_SHA256 "[email protected]" | ||
| #define KEX_CLASSIC_MCELIECE_348864F_SHA256 "classic-mceliece-348864f-sha256" | ||
| #define KEX_CLASSIC_MCELIECE_348864F_X25519_SHA256 "[email protected]" | ||
| #define KEX_CLASSIC_MCELIECE_460896_SHA512 "classic-mceliece-460896-sha512" | ||
| #define KEX_CLASSIC_MCELIECE_460896F_SHA512 "classic-mceliece-460896f-sha512" | ||
| #define KEX_CLASSIC_MCELIECE_6688128_SHA512 "classic-mceliece-6688128-sha512" | ||
|
|
@@ -88,10 +94,13 @@ | |
| #define KEX_CLASSIC_MCELIECE_8192128_SHA512 "classic-mceliece-8192128-sha512" | ||
| #define KEX_CLASSIC_MCELIECE_8192128F_SHA512 "classic-mceliece-8192128f-sha512" | ||
| #define KEX_HQC_128_SHA256 "hqc-128-sha256" | ||
| #define KEX_HQC_128_X25519_SHA256 "[email protected]" | ||
| #define KEX_HQC_192_SHA384 "hqc-192-sha384" | ||
| #define KEX_HQC_256_SHA512 "hqc-256-sha512" | ||
| #define KEX_ML_KEM_512_SHA256 "ml-kem-512-sha256" | ||
| #define KEX_ML_KEM_512_X25519_SHA256 "[email protected]" | ||
| #define KEX_ML_KEM_768_SHA256 "ml-kem-768-sha256" | ||
| #define KEX_ML_KEM_768_X25519_SHA256 "mlkem768x25519-sha256" | ||
| #define KEX_ML_KEM_1024_SHA384 "ml-kem-1024-sha384" | ||
| #ifdef WITH_OPENSSL | ||
| #ifdef OPENSSL_HAS_ECC | ||
|
|
@@ -167,19 +176,25 @@ enum kex_exchange { | |
| KEX_KEM_SNTRUP761X25519_SHA512, | ||
| ///// OQS_TEMPLATE_FRAGMENT_ADD_KEX_ENUMS_START | ||
| KEX_KEM_FRODOKEM_640_AES_SHA256, | ||
| KEX_KEM_FRODOKEM_640_AES_X25519_SHA256, | ||
| KEX_KEM_FRODOKEM_976_AES_SHA384, | ||
| KEX_KEM_FRODOKEM_1344_AES_SHA512, | ||
| KEX_KEM_FRODOKEM_640_SHAKE_SHA256, | ||
| KEX_KEM_FRODOKEM_640_SHAKE_X25519_SHA256, | ||
| KEX_KEM_FRODOKEM_976_SHAKE_SHA384, | ||
| KEX_KEM_FRODOKEM_1344_SHAKE_SHA512, | ||
| KEX_KEM_KYBER_512_SHA256, | ||
| KEX_KEM_KYBER_512_X25519_SHA256, | ||
| KEX_KEM_KYBER_768_SHA384, | ||
| KEX_KEM_KYBER_1024_SHA512, | ||
| KEX_KEM_BIKE_L1_SHA512, | ||
| KEX_KEM_BIKE_L1_X25519_SHA512, | ||
| KEX_KEM_BIKE_L3_SHA512, | ||
| KEX_KEM_BIKE_L5_SHA512, | ||
| KEX_KEM_CLASSIC_MCELIECE_348864_SHA256, | ||
| KEX_KEM_CLASSIC_MCELIECE_348864_X25519_SHA256, | ||
| KEX_KEM_CLASSIC_MCELIECE_348864F_SHA256, | ||
| KEX_KEM_CLASSIC_MCELIECE_348864F_X25519_SHA256, | ||
| KEX_KEM_CLASSIC_MCELIECE_460896_SHA512, | ||
| KEX_KEM_CLASSIC_MCELIECE_460896F_SHA512, | ||
| KEX_KEM_CLASSIC_MCELIECE_6688128_SHA512, | ||
|
|
@@ -189,10 +204,13 @@ enum kex_exchange { | |
| KEX_KEM_CLASSIC_MCELIECE_8192128_SHA512, | ||
| KEX_KEM_CLASSIC_MCELIECE_8192128F_SHA512, | ||
| KEX_KEM_HQC_128_SHA256, | ||
| KEX_KEM_HQC_128_X25519_SHA256, | ||
| KEX_KEM_HQC_192_SHA384, | ||
| KEX_KEM_HQC_256_SHA512, | ||
| KEX_KEM_ML_KEM_512_SHA256, | ||
| KEX_KEM_ML_KEM_512_X25519_SHA256, | ||
| KEX_KEM_ML_KEM_768_SHA256, | ||
| KEX_KEM_ML_KEM_768_X25519_SHA256, | ||
| KEX_KEM_ML_KEM_1024_SHA384, | ||
| #ifdef WITH_OPENSSL | ||
| #ifdef OPENSSL_HAS_ECC | ||
|
|
@@ -373,6 +391,10 @@ int kex_kem_sntrup761x25519_dec(struct kex *, const struct sshbuf *, | |
| int kex_kem_frodokem_640_aes_keypair(struct kex *); | ||
| int kex_kem_frodokem_640_aes_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_frodokem_640_aes_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* frodokem_640_aes_x25519 prototypes */ | ||
| int kex_kem_frodokem_640_aes_x25519_keypair(struct kex *); | ||
| int kex_kem_frodokem_640_aes_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_frodokem_640_aes_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* frodokem_976_aes prototypes */ | ||
| int kex_kem_frodokem_976_aes_keypair(struct kex *); | ||
| int kex_kem_frodokem_976_aes_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
|
|
@@ -385,6 +407,10 @@ int kex_kem_frodokem_1344_aes_dec(struct kex *, const struct sshbuf *, struct s | |
| int kex_kem_frodokem_640_shake_keypair(struct kex *); | ||
| int kex_kem_frodokem_640_shake_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_frodokem_640_shake_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* frodokem_640_shake_x25519 prototypes */ | ||
| int kex_kem_frodokem_640_shake_x25519_keypair(struct kex *); | ||
| int kex_kem_frodokem_640_shake_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_frodokem_640_shake_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* frodokem_976_shake prototypes */ | ||
| int kex_kem_frodokem_976_shake_keypair(struct kex *); | ||
| int kex_kem_frodokem_976_shake_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
|
|
@@ -397,6 +423,10 @@ int kex_kem_frodokem_1344_shake_dec(struct kex *, const struct sshbuf *, struct | |
| int kex_kem_kyber_512_keypair(struct kex *); | ||
| int kex_kem_kyber_512_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_kyber_512_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* kyber_512_x25519 prototypes */ | ||
| int kex_kem_kyber_512_x25519_keypair(struct kex *); | ||
| int kex_kem_kyber_512_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_kyber_512_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* kyber_768 prototypes */ | ||
| int kex_kem_kyber_768_keypair(struct kex *); | ||
| int kex_kem_kyber_768_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
|
|
@@ -409,6 +439,10 @@ int kex_kem_kyber_1024_dec(struct kex *, const struct sshbuf *, struct sshbuf * | |
| int kex_kem_bike_l1_keypair(struct kex *); | ||
| int kex_kem_bike_l1_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_bike_l1_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* bike_l1_x25519 prototypes */ | ||
| int kex_kem_bike_l1_x25519_keypair(struct kex *); | ||
| int kex_kem_bike_l1_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_bike_l1_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* bike_l3 prototypes */ | ||
| int kex_kem_bike_l3_keypair(struct kex *); | ||
| int kex_kem_bike_l3_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
|
|
@@ -421,10 +455,18 @@ int kex_kem_bike_l5_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | |
| int kex_kem_classic_mceliece_348864_keypair(struct kex *); | ||
| int kex_kem_classic_mceliece_348864_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_classic_mceliece_348864_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* classic_mceliece_348864_x25519 prototypes */ | ||
| int kex_kem_classic_mceliece_348864_x25519_keypair(struct kex *); | ||
| int kex_kem_classic_mceliece_348864_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_classic_mceliece_348864_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* classic_mceliece_348864f prototypes */ | ||
| int kex_kem_classic_mceliece_348864f_keypair(struct kex *); | ||
| int kex_kem_classic_mceliece_348864f_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_classic_mceliece_348864f_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* classic_mceliece_348864f_x25519 prototypes */ | ||
| int kex_kem_classic_mceliece_348864f_x25519_keypair(struct kex *); | ||
| int kex_kem_classic_mceliece_348864f_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_classic_mceliece_348864f_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* classic_mceliece_460896 prototypes */ | ||
| int kex_kem_classic_mceliece_460896_keypair(struct kex *); | ||
| int kex_kem_classic_mceliece_460896_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
|
|
@@ -461,6 +503,10 @@ int kex_kem_classic_mceliece_8192128f_dec(struct kex *, const struct sshbuf *, | |
| int kex_kem_hqc_128_keypair(struct kex *); | ||
| int kex_kem_hqc_128_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_hqc_128_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* hqc_128_x25519 prototypes */ | ||
| int kex_kem_hqc_128_x25519_keypair(struct kex *); | ||
| int kex_kem_hqc_128_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_hqc_128_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* hqc_192 prototypes */ | ||
| int kex_kem_hqc_192_keypair(struct kex *); | ||
| int kex_kem_hqc_192_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
|
|
@@ -473,10 +519,18 @@ int kex_kem_hqc_256_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | |
| int kex_kem_ml_kem_512_keypair(struct kex *); | ||
| int kex_kem_ml_kem_512_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_ml_kem_512_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* ml_kem_512_x25519 prototypes */ | ||
| int kex_kem_ml_kem_512_x25519_keypair(struct kex *); | ||
| int kex_kem_ml_kem_512_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_ml_kem_512_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* ml_kem_768 prototypes */ | ||
| int kex_kem_ml_kem_768_keypair(struct kex *); | ||
| int kex_kem_ml_kem_768_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_ml_kem_768_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* ml_kem_768_x25519 prototypes */ | ||
| int kex_kem_ml_kem_768_x25519_keypair(struct kex *); | ||
| int kex_kem_ml_kem_768_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
| int kex_kem_ml_kem_768_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); | ||
| /* ml_kem_1024 prototypes */ | ||
| int kex_kem_ml_kem_1024_keypair(struct kex *); | ||
| int kex_kem_ml_kem_1024_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); | ||
|
|
||
Oops, something went wrong.