shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 18:04:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

kex: Place PQC KEX methods first

Browse Source 
The ML-KEMx25519 is now preferred algorithm in OpenSSH so follow the suit

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2025-11-05 15:21:49 +01:00
parent 3444f4c449
commit 491cd81a32
3 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/kex.c
View File

@@ -174,9 +174,9 @@
#define CHACHA20 "chacha20-poly1305@openssh.com," #define CHACHA20 "chacha20-poly1305@openssh.com,"
#define DEFAULT_KEY_EXCHANGE \ #define DEFAULT_KEY_EXCHANGE \
CURVE25519 \
SNTRUP761X25519 \
MLKEM768X25519 \ MLKEM768X25519 \
SNTRUP761X25519 \
CURVE25519 \
ECDH \ ECDH \
"diffie-hellman-group18-sha512,diffie-hellman-group16-sha512," \ "diffie-hellman-group18-sha512,diffie-hellman-group16-sha512," \
GEX_SHA256 \ GEX_SHA256 \

6
tests/client/torture_get_kex_algo.c
View File

@@ -11,6 +11,9 @@
#define DIFFIE_HELLMAN_GROUP_14_SHA_1 "diffie-hellman-group14-sha1" #define DIFFIE_HELLMAN_GROUP_14_SHA_1 "diffie-hellman-group14-sha1"
#define KEX_DH_GEX_SHA1 "diffie-hellman-group-exchange-sha1" #define KEX_DH_GEX_SHA1 "diffie-hellman-group-exchange-sha1"
#define KEX_DH_GEX_SHA256 "diffie-hellman-group-exchange-sha256" #define KEX_DH_GEX_SHA256 "diffie-hellman-group-exchange-sha256"
#define SNTRUP761X25519 "sntrup761x25519-sha512"
#define SNTRUP761X25519_OPENSSH "sntrup761x25519-sha512@openssh.com"
#define MLKEM768X25519 "mlkem768x25519-sha256"
static int sshd_setup(void **state) static int sshd_setup(void **state)
{ {
@@ -71,6 +74,9 @@ static void torture_kex_basic_functionality(void **state)
ssh_session session = NULL; ssh_session session = NULL;
const char *kex_algo = NULL; const char *kex_algo = NULL;
const char *valid_algorithms[] = { const char *valid_algorithms[] = {
SNTRUP761X25519,
SNTRUP761X25519_OPENSSH,
MLKEM768X25519,
CURVE25519_SHA256, CURVE25519_SHA256,
ECDH_SHA2_NISTP256, ECDH_SHA2_NISTP256,
DIFFIE_HELLMAN_GROUP_14_SHA_1, DIFFIE_HELLMAN_GROUP_14_SHA_1,

6
tests/unittests/torture_options.c
View File

@@ -283,9 +283,9 @@ static void torture_options_get_key_exchange(void **state)
} else { } else {
#ifdef HAVE_MLKEM #ifdef HAVE_MLKEM
assert_string_equal(value, assert_string_equal(value,
"curve25519-sha256,curve25519-sha256@libssh.org,"
"sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,"
"mlkem768x25519-sha256," "mlkem768x25519-sha256,"
"sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,"
"curve25519-sha256,curve25519-sha256@libssh.org,"
"ecdh-sha2-nistp256,ecdh-sha2-nistp384," "ecdh-sha2-nistp256,ecdh-sha2-nistp384,"
"ecdh-sha2-nistp521,diffie-hellman-group18-sha512," "ecdh-sha2-nistp521,diffie-hellman-group18-sha512,"
"diffie-hellman-group16-sha512," "diffie-hellman-group16-sha512,"
@@ -293,9 +293,9 @@ static void torture_options_get_key_exchange(void **state)
"diffie-hellman-group14-sha256"); "diffie-hellman-group14-sha256");
#else #else
assert_string_equal(value, assert_string_equal(value,
"curve25519-sha256,curve25519-sha256@libssh.org,"
"sntrup761x25519-sha512," "sntrup761x25519-sha512,"
"sntrup761x25519-sha512@openssh.com," "sntrup761x25519-sha512@openssh.com,"
"curve25519-sha256,curve25519-sha256@libssh.org,"
"ecdh-sha2-nistp256,ecdh-sha2-nistp384," "ecdh-sha2-nistp256,ecdh-sha2-nistp384,"
"ecdh-sha2-nistp521,diffie-hellman-group18-sha512," "ecdh-sha2-nistp521,diffie-hellman-group18-sha512,"
"diffie-hellman-group16-sha512," "diffie-hellman-group16-sha512,"