From 300bafcc989979e00d180e21b4fe9fc64e07e3f9 Mon Sep 17 00:00:00 2001 From: Michael <57787676+baentsch@users.noreply.github.com> Date: Fri, 19 Nov 2021 17:10:09 +0100 Subject: [PATCH] adding NTRU hrss1373 and hps40961229 --- README.md | 2 +- kex.c | 8 +++- kex.h | 48 ++++++++++++++----- kexgen.c | 64 ++++++++++++++++++++----- kexoqs.c | 94 ++++++++++++++++++++++++++++++++++--- kexoqsecdh.c | 96 +++++++++++++++++++++++++++++++++++--- monitor.c | 8 +++- myproposal.h | 8 +++- oqs-template/generate.yml | 18 ++++++- oqs-test/try_connection.py | 8 +++- ssh-keyscan.c | 8 +++- ssh_api.c | 16 +++++-- sshconnect2.c | 8 +++- sshd.c | 8 +++- 14 files changed, 336 insertions(+), 58 deletions(-) diff --git a/README.md b/README.md index da3e4a369187..e3a0746c1eac 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ The following quantum-safe algorithms from liboqs are supported (assuming they h - **FrodoKEM**: `frodokem-640-aes-sha256`, `frodokem-976-aes-sha384`, `frodokem-1344-aes-sha512`, `frodokem-640-shake-sha256`, `frodokem-976-shake-sha384`, `frodokem-1344-shake-sha512` - **HQC**: `hqc-128-sha256`, `hqc-192-sha384`, `hqc-256-sha512`† - **Kyber**: `kyber-512-sha256`, `kyber-768-sha384`, `kyber-1024-sha512`, `kyber-512-90s-sha256`, `kyber-768-90s-sha384`, `kyber-1024-90s-sha512` -- **NTRU**: `ntru-hps2048509-sha512`, `ntru-hps2048677-sha512`, `ntru-hrss701-sha512`, `ntru-hps4096821-sha512` +- **NTRU**: `ntru-hps2048509-sha512`, `ntru-hps2048677-sha512`, `ntru-hps4096821-sha512`, `ntru-hps40961229-sha512`, `ntru-hrss701-sha512`, `ntru-hrss1373-sha512` - **NTRU-PRIME**: `ntruprime-ntrulpr653-sha256`, `ntruprime-sntrup653-sha256`, `ntruprime-ntrulpr761-sha384`, `ntruprime-sntrup761-sha384`, `ntruprime-ntrulpr857-sha384`, `ntruprime-sntrup857-sha384`, `ntruprime-ntrulpr1277-sha512`, `ntruprime-sntrup1277-sha512` - **SIDH**: `sidh-p434-sha256`, `sidh-p434-compressed-sha256`, `sidh-p610-sha256`, `sidh-p610-compressed-sha256`, `sidh-p751-sha256`, `sidh-p751-compressed-sha256` - **SIKE**: `sike-p434-sha256`, `sike-p434-compressed-sha256`, `sike-p610-sha256`, `sike-p610-compressed-sha256`, `sike-p751-sha256`, `sike-p751-compressed-sha256` diff --git a/kex.c b/kex.c index d383fa99a89c..df6c3b00aeb5 100644 --- a/kex.c +++ b/kex.c @@ -149,8 +149,10 @@ static const struct kexalg kexalgs[] = { { KEX_BIKE_L3_SHA512, KEX_KEM_BIKE_L3_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_NTRU_HPS2048509_SHA512, KEX_KEM_NTRU_HPS2048509_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_NTRU_HPS2048677_SHA512, KEX_KEM_NTRU_HPS2048677_SHA512, 0, SSH_DIGEST_SHA512 }, - { KEX_NTRU_HRSS701_SHA512, KEX_KEM_NTRU_HRSS701_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_NTRU_HPS4096821_SHA512, KEX_KEM_NTRU_HPS4096821_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_NTRU_HPS40961229_SHA512, KEX_KEM_NTRU_HPS40961229_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_NTRU_HRSS701_SHA512, KEX_KEM_NTRU_HRSS701_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_NTRU_HRSS1373_SHA512, KEX_KEM_NTRU_HRSS1373_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_CLASSIC_MCELIECE_348864_SHA256, KEX_KEM_CLASSIC_MCELIECE_348864_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_CLASSIC_MCELIECE_348864F_SHA256, KEX_KEM_CLASSIC_MCELIECE_348864F_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_CLASSIC_MCELIECE_460896_SHA512, KEX_KEM_CLASSIC_MCELIECE_460896_SHA512, 0, SSH_DIGEST_SHA512 }, @@ -204,8 +206,10 @@ static const struct kexalg kexalgs[] = { { KEX_BIKE_L3_ECDH_NISTP384_SHA512, KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, { KEX_NTRU_HPS2048509_ECDH_NISTP256_SHA512, KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512, NID_X9_62_prime256v1, SSH_DIGEST_SHA512 }, { KEX_NTRU_HPS2048677_ECDH_NISTP384_SHA512, KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, - { KEX_NTRU_HRSS701_ECDH_NISTP384_SHA512, KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, { KEX_NTRU_HPS4096821_ECDH_NISTP521_SHA512, KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, + { KEX_NTRU_HPS40961229_ECDH_NISTP521_SHA512, KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, + { KEX_NTRU_HRSS701_ECDH_NISTP384_SHA512, KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, + { KEX_NTRU_HRSS1373_ECDH_NISTP521_SHA512, KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, { KEX_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256, KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, { KEX_CLASSIC_MCELIECE_348864F_ECDH_NISTP256_SHA256, KEX_KEM_CLASSIC_MCELIECE_348864F_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, { KEX_CLASSIC_MCELIECE_460896_ECDH_NISTP384_SHA512, KEX_KEM_CLASSIC_MCELIECE_460896_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, diff --git a/kex.h b/kex.h index b17df8f0dd32..cc54cdb3f87b 100644 --- a/kex.h +++ b/kex.h @@ -95,8 +95,10 @@ #define KEX_BIKE_L3_SHA512 "bike-l3-sha512" #define KEX_NTRU_HPS2048509_SHA512 "ntru-hps2048509-sha512" #define KEX_NTRU_HPS2048677_SHA512 "ntru-hps2048677-sha512" -#define KEX_NTRU_HRSS701_SHA512 "ntru-hrss701-sha512" #define KEX_NTRU_HPS4096821_SHA512 "ntru-hps4096821-sha512" +#define KEX_NTRU_HPS40961229_SHA512 "ntru-hps40961229-sha512" +#define KEX_NTRU_HRSS701_SHA512 "ntru-hrss701-sha512" +#define KEX_NTRU_HRSS1373_SHA512 "ntru-hrss1373-sha512" #define KEX_CLASSIC_MCELIECE_348864_SHA256 "classic-mceliece-348864-sha256" #define KEX_CLASSIC_MCELIECE_348864F_SHA256 "classic-mceliece-348864f-sha256" #define KEX_CLASSIC_MCELIECE_460896_SHA512 "classic-mceliece-460896-sha512" @@ -151,8 +153,10 @@ #define KEX_BIKE_L3_ECDH_NISTP384_SHA512 "ecdh-nistp384-bike-l3-sha512" #define KEX_NTRU_HPS2048509_ECDH_NISTP256_SHA512 "ecdh-nistp256-ntru-hps2048509-sha512" #define KEX_NTRU_HPS2048677_ECDH_NISTP384_SHA512 "ecdh-nistp384-ntru-hps2048677-sha512" -#define KEX_NTRU_HRSS701_ECDH_NISTP384_SHA512 "ecdh-nistp384-ntru-hrss701-sha512" #define KEX_NTRU_HPS4096821_ECDH_NISTP521_SHA512 "ecdh-nistp521-ntru-hps4096821-sha512" +#define KEX_NTRU_HPS40961229_ECDH_NISTP521_SHA512 "ecdh-nistp521-ntru-hps40961229-sha512" +#define KEX_NTRU_HRSS701_ECDH_NISTP384_SHA512 "ecdh-nistp384-ntru-hrss701-sha512" +#define KEX_NTRU_HRSS1373_ECDH_NISTP521_SHA512 "ecdh-nistp521-ntru-hrss1373-sha512" #define KEX_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256 "ecdh-nistp256-classic-mceliece-348864-sha256" #define KEX_CLASSIC_MCELIECE_348864F_ECDH_NISTP256_SHA256 "ecdh-nistp256-classic-mceliece-348864f-sha256" #define KEX_CLASSIC_MCELIECE_460896_ECDH_NISTP384_SHA512 "ecdh-nistp384-classic-mceliece-460896-sha512" @@ -249,8 +253,10 @@ enum kex_exchange { KEX_KEM_BIKE_L3_SHA512, KEX_KEM_NTRU_HPS2048509_SHA512, KEX_KEM_NTRU_HPS2048677_SHA512, - KEX_KEM_NTRU_HRSS701_SHA512, KEX_KEM_NTRU_HPS4096821_SHA512, + KEX_KEM_NTRU_HPS40961229_SHA512, + KEX_KEM_NTRU_HRSS701_SHA512, + KEX_KEM_NTRU_HRSS1373_SHA512, KEX_KEM_CLASSIC_MCELIECE_348864_SHA256, KEX_KEM_CLASSIC_MCELIECE_348864F_SHA256, KEX_KEM_CLASSIC_MCELIECE_460896_SHA512, @@ -305,8 +311,10 @@ enum kex_exchange { KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512, KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512, KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512, - KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512, KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512, + KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512, + KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512, + KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512, KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256, KEX_KEM_CLASSIC_MCELIECE_348864F_ECDH_NISTP256_SHA256, KEX_KEM_CLASSIC_MCELIECE_460896_ECDH_NISTP384_SHA512, @@ -580,14 +588,22 @@ int kex_kem_ntru_hps2048509_dec(struct kex *, const struct sshbuf *, struct ssh int kex_kem_ntru_hps2048677_keypair(struct kex *); int kex_kem_ntru_hps2048677_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); int kex_kem_ntru_hps2048677_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* ntru_hrss701 prototypes */ -int kex_kem_ntru_hrss701_keypair(struct kex *); -int kex_kem_ntru_hrss701_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_ntru_hrss701_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* ntru_hps4096821 prototypes */ int kex_kem_ntru_hps4096821_keypair(struct kex *); int kex_kem_ntru_hps4096821_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); int kex_kem_ntru_hps4096821_dec(struct kex *, const struct sshbuf *, struct sshbuf **); +/* ntru_hps40961229 prototypes */ +int kex_kem_ntru_hps40961229_keypair(struct kex *); +int kex_kem_ntru_hps40961229_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); +int kex_kem_ntru_hps40961229_dec(struct kex *, const struct sshbuf *, struct sshbuf **); +/* ntru_hrss701 prototypes */ +int kex_kem_ntru_hrss701_keypair(struct kex *); +int kex_kem_ntru_hrss701_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); +int kex_kem_ntru_hrss701_dec(struct kex *, const struct sshbuf *, struct sshbuf **); +/* ntru_hrss1373 prototypes */ +int kex_kem_ntru_hrss1373_keypair(struct kex *); +int kex_kem_ntru_hrss1373_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); +int kex_kem_ntru_hrss1373_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* classic_mceliece_348864 prototypes */ int kex_kem_classic_mceliece_348864_keypair(struct kex *); int kex_kem_classic_mceliece_348864_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); @@ -798,14 +814,22 @@ int kex_kem_ntru_hps2048509_ecdh_nistp256_dec(struct kex *, const struct sshbuf int kex_kem_ntru_hps2048677_ecdh_nistp384_keypair(struct kex *); int kex_kem_ntru_hps2048677_ecdh_nistp384_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); int kex_kem_ntru_hps2048677_ecdh_nistp384_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* ntru_hrss701_nistp384 prototypes */ -int kex_kem_ntru_hrss701_ecdh_nistp384_keypair(struct kex *); -int kex_kem_ntru_hrss701_ecdh_nistp384_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_ntru_hrss701_ecdh_nistp384_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* ntru_hps4096821_nistp521 prototypes */ int kex_kem_ntru_hps4096821_ecdh_nistp521_keypair(struct kex *); int kex_kem_ntru_hps4096821_ecdh_nistp521_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); int kex_kem_ntru_hps4096821_ecdh_nistp521_dec(struct kex *, const struct sshbuf *, struct sshbuf **); +/* ntru_hps40961229_nistp521 prototypes */ +int kex_kem_ntru_hps40961229_ecdh_nistp521_keypair(struct kex *); +int kex_kem_ntru_hps40961229_ecdh_nistp521_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); +int kex_kem_ntru_hps40961229_ecdh_nistp521_dec(struct kex *, const struct sshbuf *, struct sshbuf **); +/* ntru_hrss701_nistp384 prototypes */ +int kex_kem_ntru_hrss701_ecdh_nistp384_keypair(struct kex *); +int kex_kem_ntru_hrss701_ecdh_nistp384_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); +int kex_kem_ntru_hrss701_ecdh_nistp384_dec(struct kex *, const struct sshbuf *, struct sshbuf **); +/* ntru_hrss1373_nistp521 prototypes */ +int kex_kem_ntru_hrss1373_ecdh_nistp521_keypair(struct kex *); +int kex_kem_ntru_hrss1373_ecdh_nistp521_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); +int kex_kem_ntru_hrss1373_ecdh_nistp521_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* classic_mceliece_348864_nistp256 prototypes */ int kex_kem_classic_mceliece_348864_ecdh_nistp256_keypair(struct kex *); int kex_kem_classic_mceliece_348864_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); diff --git a/kexgen.c b/kexgen.c index 8ca55e1106bc..aa385e813a6f 100644 --- a/kexgen.c +++ b/kexgen.c @@ -215,11 +215,17 @@ kex_gen_client(struct ssh *ssh) case KEX_KEM_NTRU_HPS2048677_SHA512: r = kex_kem_ntru_hps2048677_keypair(kex); break; + case KEX_KEM_NTRU_HPS4096821_SHA512: + r = kex_kem_ntru_hps4096821_keypair(kex); + break; + case KEX_KEM_NTRU_HPS40961229_SHA512: + r = kex_kem_ntru_hps40961229_keypair(kex); + break; case KEX_KEM_NTRU_HRSS701_SHA512: r = kex_kem_ntru_hrss701_keypair(kex); break; - case KEX_KEM_NTRU_HPS4096821_SHA512: - r = kex_kem_ntru_hps4096821_keypair(kex); + case KEX_KEM_NTRU_HRSS1373_SHA512: + r = kex_kem_ntru_hrss1373_keypair(kex); break; case KEX_KEM_CLASSIC_MCELIECE_348864_SHA256: r = kex_kem_classic_mceliece_348864_keypair(kex); @@ -379,11 +385,17 @@ kex_gen_client(struct ssh *ssh) case KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512: r = kex_kem_ntru_hps2048677_ecdh_nistp384_keypair(kex); break; + case KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512: + r = kex_kem_ntru_hps4096821_ecdh_nistp521_keypair(kex); + break; + case KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512: + r = kex_kem_ntru_hps40961229_ecdh_nistp521_keypair(kex); + break; case KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512: r = kex_kem_ntru_hrss701_ecdh_nistp384_keypair(kex); break; - case KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512: - r = kex_kem_ntru_hps4096821_ecdh_nistp521_keypair(kex); + case KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512: + r = kex_kem_ntru_hrss1373_ecdh_nistp521_keypair(kex); break; case KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256: r = kex_kem_classic_mceliece_348864_ecdh_nistp256_keypair(kex); @@ -617,11 +629,17 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_KEM_NTRU_HPS2048677_SHA512: r = kex_kem_ntru_hps2048677_dec(kex, server_blob, &shared_secret); break; + case KEX_KEM_NTRU_HPS4096821_SHA512: + r = kex_kem_ntru_hps4096821_dec(kex, server_blob, &shared_secret); + break; + case KEX_KEM_NTRU_HPS40961229_SHA512: + r = kex_kem_ntru_hps40961229_dec(kex, server_blob, &shared_secret); + break; case KEX_KEM_NTRU_HRSS701_SHA512: r = kex_kem_ntru_hrss701_dec(kex, server_blob, &shared_secret); break; - case KEX_KEM_NTRU_HPS4096821_SHA512: - r = kex_kem_ntru_hps4096821_dec(kex, server_blob, &shared_secret); + case KEX_KEM_NTRU_HRSS1373_SHA512: + r = kex_kem_ntru_hrss1373_dec(kex, server_blob, &shared_secret); break; case KEX_KEM_CLASSIC_MCELIECE_348864_SHA256: r = kex_kem_classic_mceliece_348864_dec(kex, server_blob, &shared_secret); @@ -781,11 +799,17 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512: r = kex_kem_ntru_hps2048677_ecdh_nistp384_dec(kex, server_blob, &shared_secret); break; + case KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512: + r = kex_kem_ntru_hps4096821_ecdh_nistp521_dec(kex, server_blob, &shared_secret); + break; + case KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512: + r = kex_kem_ntru_hps40961229_ecdh_nistp521_dec(kex, server_blob, &shared_secret); + break; case KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512: r = kex_kem_ntru_hrss701_ecdh_nistp384_dec(kex, server_blob, &shared_secret); break; - case KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512: - r = kex_kem_ntru_hps4096821_ecdh_nistp521_dec(kex, server_blob, &shared_secret); + case KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512: + r = kex_kem_ntru_hrss1373_ecdh_nistp521_dec(kex, server_blob, &shared_secret); break; case KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256: r = kex_kem_classic_mceliece_348864_ecdh_nistp256_dec(kex, server_blob, &shared_secret); @@ -1083,12 +1107,20 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_kem_ntru_hps2048677_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; + case KEX_KEM_NTRU_HPS4096821_SHA512: + r = kex_kem_ntru_hps4096821_enc(kex, client_pubkey, + &server_pubkey, &shared_secret); + break; + case KEX_KEM_NTRU_HPS40961229_SHA512: + r = kex_kem_ntru_hps40961229_enc(kex, client_pubkey, + &server_pubkey, &shared_secret); + break; case KEX_KEM_NTRU_HRSS701_SHA512: r = kex_kem_ntru_hrss701_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; - case KEX_KEM_NTRU_HPS4096821_SHA512: - r = kex_kem_ntru_hps4096821_enc(kex, client_pubkey, + case KEX_KEM_NTRU_HRSS1373_SHA512: + r = kex_kem_ntru_hrss1373_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; case KEX_KEM_CLASSIC_MCELIECE_348864_SHA256: @@ -1301,12 +1333,20 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_kem_ntru_hps2048677_ecdh_nistp384_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; + case KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512: + r = kex_kem_ntru_hps4096821_ecdh_nistp521_enc(kex, client_pubkey, + &server_pubkey, &shared_secret); + break; + case KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512: + r = kex_kem_ntru_hps40961229_ecdh_nistp521_enc(kex, client_pubkey, + &server_pubkey, &shared_secret); + break; case KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512: r = kex_kem_ntru_hrss701_ecdh_nistp384_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; - case KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512: - r = kex_kem_ntru_hps4096821_ecdh_nistp521_enc(kex, client_pubkey, + case KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512: + r = kex_kem_ntru_hrss1373_ecdh_nistp521_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; case KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256: diff --git a/kexoqs.c b/kexoqs.c index c34fdb38a7d2..648cf1bea6ee 100644 --- a/kexoqs.c +++ b/kexoqs.c @@ -1380,6 +1380,86 @@ int kex_kem_ntru_hps2048677_dec(struct kex *kex, OQS_KEM_free(kem); return r; } +/*--------------------------------------------------- + * NTRU_HPS4096821 METHODS + *--------------------------------------------------- + */ +int kex_kem_ntru_hps4096821_keypair(struct kex *kex) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_keypair(kem, kex); + OQS_KEM_free(kem); + return r; +} +int kex_kem_ntru_hps4096821_enc(struct kex *kex, + const struct sshbuf *client_blob, + struct sshbuf **server_blobp, + struct sshbuf **shared_secretp) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); + OQS_KEM_free(kem); + return r; +} + +int kex_kem_ntru_hps4096821_dec(struct kex *kex, + const struct sshbuf *server_blob, + struct sshbuf **shared_secretp) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); + OQS_KEM_free(kem); + return r; +} +/*--------------------------------------------------- + * NTRU_HPS40961229 METHODS + *--------------------------------------------------- + */ +int kex_kem_ntru_hps40961229_keypair(struct kex *kex) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps40961229); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_keypair(kem, kex); + OQS_KEM_free(kem); + return r; +} +int kex_kem_ntru_hps40961229_enc(struct kex *kex, + const struct sshbuf *client_blob, + struct sshbuf **server_blobp, + struct sshbuf **shared_secretp) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps40961229); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); + OQS_KEM_free(kem); + return r; +} + +int kex_kem_ntru_hps40961229_dec(struct kex *kex, + const struct sshbuf *server_blob, + struct sshbuf **shared_secretp) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps40961229); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); + OQS_KEM_free(kem); + return r; +} /*--------------------------------------------------- * NTRU_HRSS701 METHODS *--------------------------------------------------- @@ -1421,12 +1501,12 @@ int kex_kem_ntru_hrss701_dec(struct kex *kex, return r; } /*--------------------------------------------------- - * NTRU_HPS4096821 METHODS + * NTRU_HRSS1373 METHODS *--------------------------------------------------- */ -int kex_kem_ntru_hps4096821_keypair(struct kex *kex) +int kex_kem_ntru_hrss1373_keypair(struct kex *kex) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hrss1373); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1434,12 +1514,12 @@ int kex_kem_ntru_hps4096821_keypair(struct kex *kex) OQS_KEM_free(kem); return r; } -int kex_kem_ntru_hps4096821_enc(struct kex *kex, +int kex_kem_ntru_hrss1373_enc(struct kex *kex, const struct sshbuf *client_blob, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hrss1373); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1448,11 +1528,11 @@ int kex_kem_ntru_hps4096821_enc(struct kex *kex, return r; } -int kex_kem_ntru_hps4096821_dec(struct kex *kex, +int kex_kem_ntru_hrss1373_dec(struct kex *kex, const struct sshbuf *server_blob, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hrss1373); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } diff --git a/kexoqsecdh.c b/kexoqsecdh.c index 685e6e256ebc..554488a4c855 100644 --- a/kexoqsecdh.c +++ b/kexoqsecdh.c @@ -1624,6 +1624,88 @@ int kex_kem_ntru_hps2048677_ecdh_nistp384_dec(struct kex *kex, OQS_KEM_free(kem); return r; } +/*--------------------------------------------------------------- + * NTRU_HPS4096821_ECDH_NISTP521 METHODS + *--------------------------------------------------------------- + */ +int kex_kem_ntru_hps4096821_ecdh_nistp521_keypair(struct kex *kex) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_with_ec_keypair(kem, kex); + OQS_KEM_free(kem); + return r; +} + +int kex_kem_ntru_hps4096821_ecdh_nistp521_enc(struct kex *kex, + const struct sshbuf *client_blob, + struct sshbuf **server_blobp, + struct sshbuf **shared_secretp) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); + OQS_KEM_free(kem); + return r; +} + +int kex_kem_ntru_hps4096821_ecdh_nistp521_dec(struct kex *kex, + const struct sshbuf *server_blobp, + struct sshbuf **shared_secretp) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); + OQS_KEM_free(kem); + return r; +} +/*--------------------------------------------------------------- + * NTRU_HPS40961229_ECDH_NISTP521 METHODS + *--------------------------------------------------------------- + */ +int kex_kem_ntru_hps40961229_ecdh_nistp521_keypair(struct kex *kex) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps40961229); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_with_ec_keypair(kem, kex); + OQS_KEM_free(kem); + return r; +} + +int kex_kem_ntru_hps40961229_ecdh_nistp521_enc(struct kex *kex, + const struct sshbuf *client_blob, + struct sshbuf **server_blobp, + struct sshbuf **shared_secretp) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps40961229); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); + OQS_KEM_free(kem); + return r; +} + +int kex_kem_ntru_hps40961229_ecdh_nistp521_dec(struct kex *kex, + const struct sshbuf *server_blobp, + struct sshbuf **shared_secretp) +{ + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps40961229); + if (kem == NULL) { + return SSH_ERR_ALLOC_FAIL; + } + int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); + OQS_KEM_free(kem); + return r; +} /*--------------------------------------------------------------- * NTRU_HRSS701_ECDH_NISTP384 METHODS *--------------------------------------------------------------- @@ -1666,12 +1748,12 @@ int kex_kem_ntru_hrss701_ecdh_nistp384_dec(struct kex *kex, return r; } /*--------------------------------------------------------------- - * NTRU_HPS4096821_ECDH_NISTP521 METHODS + * NTRU_HRSS1373_ECDH_NISTP521 METHODS *--------------------------------------------------------------- */ -int kex_kem_ntru_hps4096821_ecdh_nistp521_keypair(struct kex *kex) +int kex_kem_ntru_hrss1373_ecdh_nistp521_keypair(struct kex *kex) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hrss1373); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1680,12 +1762,12 @@ int kex_kem_ntru_hps4096821_ecdh_nistp521_keypair(struct kex *kex) return r; } -int kex_kem_ntru_hps4096821_ecdh_nistp521_enc(struct kex *kex, +int kex_kem_ntru_hrss1373_ecdh_nistp521_enc(struct kex *kex, const struct sshbuf *client_blob, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hrss1373); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1694,11 +1776,11 @@ int kex_kem_ntru_hps4096821_ecdh_nistp521_enc(struct kex *kex, return r; } -int kex_kem_ntru_hps4096821_ecdh_nistp521_dec(struct kex *kex, +int kex_kem_ntru_hrss1373_ecdh_nistp521_dec(struct kex *kex, const struct sshbuf *server_blobp, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hps4096821); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntru_hrss1373); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } diff --git a/monitor.c b/monitor.c index de4fc739b78c..8b08b68acd81 100644 --- a/monitor.c +++ b/monitor.c @@ -1770,8 +1770,10 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS4096821_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HPS40961229_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HRSS1373_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_SHA256] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_SHA512] = kex_gen_server; @@ -1826,8 +1828,10 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_ECDH_NISTP384_SHA512] = kex_gen_server; diff --git a/myproposal.h b/myproposal.h index 58169cca4486..2c8da5c8823b 100644 --- a/myproposal.h +++ b/myproposal.h @@ -100,10 +100,14 @@ "ecdh-nistp256-ntru-hps2048509-sha512," \ "ntru-hps2048677-sha512," \ "ecdh-nistp384-ntru-hps2048677-sha512," \ - "ntru-hrss701-sha512," \ - "ecdh-nistp384-ntru-hrss701-sha512," \ "ntru-hps4096821-sha512," \ "ecdh-nistp521-ntru-hps4096821-sha512," \ + "ntru-hps40961229-sha512," \ + "ecdh-nistp521-ntru-hps40961229-sha512," \ + "ntru-hrss701-sha512," \ + "ecdh-nistp384-ntru-hrss701-sha512," \ + "ntru-hrss1373-sha512," \ + "ecdh-nistp521-ntru-hrss1373-sha512," \ "classic-mceliece-348864-sha256," \ "ecdh-nistp256-classic-mceliece-348864-sha256," \ "classic-mceliece-348864f-sha256," \ diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index b4aba0b6c7ee..f03946f534fa 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -248,6 +248,22 @@ kexs: - name: 'nistp384' openssl_nid: 'NID_secp384r1' + - + family: 'NTRU' + name: 'ntru_hps4096821' + hash: 'sha512' + mix_with: + - + name: 'nistp521' + openssl_nid: 'NID_secp521r1' + - + family: 'NTRU' + name: 'ntru_hps40961229' + hash: 'sha512' + mix_with: + - + name: 'nistp521' + openssl_nid: 'NID_secp521r1' - family: 'NTRU' name: 'ntru_hrss701' @@ -258,7 +274,7 @@ kexs: openssl_nid: 'NID_secp384r1' - family: 'NTRU' - name: 'ntru_hps4096821' + name: 'ntru_hrss1373' hash: 'sha512' mix_with: - diff --git a/oqs-test/try_connection.py b/oqs-test/try_connection.py index 051b7e5d40d6..08de8c4c0be0 100644 --- a/oqs-test/try_connection.py +++ b/oqs-test/try_connection.py @@ -74,10 +74,14 @@ "ecdh-nistp256-ntru-hps2048509-sha512", "ntru-hps2048677-sha512", "ecdh-nistp384-ntru-hps2048677-sha512", - "ntru-hrss701-sha512", - "ecdh-nistp384-ntru-hrss701-sha512", "ntru-hps4096821-sha512", "ecdh-nistp521-ntru-hps4096821-sha512", + "ntru-hps40961229-sha512", + "ecdh-nistp521-ntru-hps40961229-sha512", + "ntru-hrss701-sha512", + "ecdh-nistp384-ntru-hrss701-sha512", + "ntru-hrss1373-sha512", + "ecdh-nistp521-ntru-hrss1373-sha512", "classic-mceliece-348864-sha256", "ecdh-nistp256-classic-mceliece-348864-sha256", "classic-mceliece-348864f-sha256", diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 2e10110d69f6..fceb24f11b05 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -445,8 +445,10 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS4096821_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS40961229_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_NTRU_HRSS1373_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_SHA512] = kex_gen_client; @@ -501,8 +503,10 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_ECDH_NISTP256_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_ECDH_NISTP384_SHA512] = kex_gen_client; diff --git a/ssh_api.c b/ssh_api.c index 8df91b51d339..5bd8f9e29aaf 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -151,8 +151,10 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HPS4096821_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_NTRU_HPS40961229_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_NTRU_HRSS1373_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_SHA512] = kex_gen_server; @@ -207,8 +209,10 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_ECDH_NISTP256_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_ECDH_NISTP384_SHA512] = kex_gen_server; @@ -283,8 +287,10 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS4096821_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HPS40961229_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HRSS1373_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_SHA512] = kex_gen_client; @@ -339,8 +345,10 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_ECDH_NISTP384_SHA512] = kex_gen_client; diff --git a/sshconnect2.c b/sshconnect2.c index dd15aa80b2a8..a9ba511ea885 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -318,8 +318,10 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS4096821_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HPS40961229_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HRSS1373_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_SHA512] = kex_gen_client; @@ -374,8 +376,10 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_ECDH_NISTP384_SHA512] = kex_gen_client; diff --git a/sshd.c b/sshd.c index 97a5ce706959..beba8ceb64ec 100644 --- a/sshd.c +++ b/sshd.c @@ -2428,8 +2428,10 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS4096821_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HPS40961229_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HRSS1373_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_SHA256] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_SHA512] = kex_gen_server; @@ -2484,8 +2486,10 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS4096821_ECDH_NISTP521_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HPS40961229_ECDH_NISTP521_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_NTRU_HRSS1373_ECDH_NISTP521_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864F_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_460896_ECDH_NISTP384_SHA512] = kex_gen_server;