From 491cd81a32ccc9c99f6e8f2d8509417ecaf50641 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 5 Nov 2025 15:21:49 +0100
Subject: [PATCH] kex: Place PQC KEX methods first

The ML-KEMx25519 is now preferred algorithm in OpenSSH so follow the suit

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/kex.c                           | 4 ++--
 tests/client/torture_get_kex_algo.c | 6 ++++++
 tests/unittests/torture_options.c   | 6 +++---
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/kex.c b/src/kex.c
index 846ea932..8f392fd3 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -174,9 +174,9 @@
 #define CHACHA20 "chacha20-poly1305@openssh.com,"
 
 #define DEFAULT_KEY_EXCHANGE \
-    CURVE25519 \
-    SNTRUP761X25519 \
     MLKEM768X25519 \
+    SNTRUP761X25519 \
+    CURVE25519 \
     ECDH \
     "diffie-hellman-group18-sha512,diffie-hellman-group16-sha512," \
     GEX_SHA256 \
diff --git a/tests/client/torture_get_kex_algo.c b/tests/client/torture_get_kex_algo.c
index bf6d635a..0c44dfdb 100644
--- a/tests/client/torture_get_kex_algo.c
+++ b/tests/client/torture_get_kex_algo.c
@@ -11,6 +11,9 @@
 #define DIFFIE_HELLMAN_GROUP_14_SHA_1 "diffie-hellman-group14-sha1"
 #define KEX_DH_GEX_SHA1 "diffie-hellman-group-exchange-sha1"
 #define KEX_DH_GEX_SHA256 "diffie-hellman-group-exchange-sha256"
+#define SNTRUP761X25519 "sntrup761x25519-sha512"
+#define SNTRUP761X25519_OPENSSH "sntrup761x25519-sha512@openssh.com"
+#define MLKEM768X25519 "mlkem768x25519-sha256"
 
 static int sshd_setup(void **state)
 {
@@ -71,6 +74,9 @@ static void torture_kex_basic_functionality(void **state)
     ssh_session session = NULL;
     const char *kex_algo = NULL;
     const char *valid_algorithms[] = {
+        SNTRUP761X25519,
+        SNTRUP761X25519_OPENSSH,
+        MLKEM768X25519,
         CURVE25519_SHA256,
         ECDH_SHA2_NISTP256,
         DIFFIE_HELLMAN_GROUP_14_SHA_1,
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index ca450c4c..a346ae75 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -283,9 +283,9 @@ static void torture_options_get_key_exchange(void **state)
     } else {
 #ifdef HAVE_MLKEM
         assert_string_equal(value,
-                            "curve25519-sha256,curve25519-sha256@libssh.org,"
-                            "sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,"
                             "mlkem768x25519-sha256,"
+                            "sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,"
+                            "curve25519-sha256,curve25519-sha256@libssh.org,"
                             "ecdh-sha2-nistp256,ecdh-sha2-nistp384,"
                             "ecdh-sha2-nistp521,diffie-hellman-group18-sha512,"
                             "diffie-hellman-group16-sha512,"
@@ -293,9 +293,9 @@ static void torture_options_get_key_exchange(void **state)
                             "diffie-hellman-group14-sha256");
 #else
         assert_string_equal(value,
-                            "curve25519-sha256,curve25519-sha256@libssh.org,"
                             "sntrup761x25519-sha512,"
                             "sntrup761x25519-sha512@openssh.com,"
+                            "curve25519-sha256,curve25519-sha256@libssh.org,"
                             "ecdh-sha2-nistp256,ecdh-sha2-nistp384,"
                             "ecdh-sha2-nistp521,diffie-hellman-group18-sha512,"
                             "diffie-hellman-group16-sha512,"