Add non-namespaced alias sntrup761x25519-sha512 that is being standardized

The specification is now in the last call, data point is allocated so there is
no need to stick to the namespaces alias anymore

https://datatracker.ietf.org/doc/draft-ietf-sshm-ntruprime-ssh/

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>

tests/CMakeLists.txt

@@ -157,7 +157,7 @@ if (SSH_EXECUTABLE)
         diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group14-sha256
         diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1
         diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521
-        sntrup761x25519-sha512@openssh.com
+        sntrup761x25519-sha512@openssh.com sntrup761x25519-sha512
         curve25519-sha256 curve25519-sha256@libssh.org
         ssh-ed25519 ssh-ed25519-cert-v01@openssh.com ssh-rsa
         ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521

tests/client/torture_algorithms.c

@@ -735,6 +735,23 @@ torture_algorithms_ecdh_sntrup761x25519_sha512_openssh_com(void **state)
 }
 #endif /* OPENSSH_SNTRUP761X25519_SHA512_OPENSSH_COM */
 
+#ifdef OPENSSH_SNTRUP761X25519_SHA512
+static void
+torture_algorithms_ecdh_sntrup761x25519_sha512(void **state)
+{
+    struct torture_state *s = *state;
+
+    if (ssh_fips_mode()) {
+        skip();
+    }
+
+    test_algorithm(s->ssh.session,
+                   "sntrup761x25519-sha512",
+                   NULL /*cipher*/,
+                   NULL /*hmac*/);
+}
+#endif /* OPENSSH_SNTRUP761X25519_SHA512 */
+
 static void torture_algorithms_dh_group1(void **state) {
     struct torture_state *s = *state;
 
@@ -1007,6 +1024,11 @@ int torture_run_tests(void) {
                                         session_setup,
                                         session_teardown),
 #endif /* OPENSSH_SNTRUP761X25519_SHA512_OPENSSH_COM */
+#ifdef OPENSSH_SNTRUP761X25519_SHA512
+        cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sntrup761x25519_sha512,
+                                        session_setup,
+                                        session_teardown),
+#endif /* OPENSSH_SNTRUP761X25519_SHA512 */
 #if defined(HAVE_ECC)
         cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp256,
                                         session_setup,

tests/external_override/torture_override.c

@@ -290,6 +290,40 @@ torture_override_ecdh_sntrup761x25519_sha512_openssh_com(void **state)
 }
 #endif /* OPENSSH_SNTRUP761X25519_SHA512_OPENSSH_COM */
 
+#ifdef OPENSSH_SNTRUP761X25519_SHA512
+static void
+torture_override_ecdh_sntrup761x25519_sha512(void **state)
+{
+    struct torture_state *s = *state;
+    bool internal_curve25519_called;
+    bool internal_sntrup761_called;
+
+    if (ssh_fips_mode()) {
+        skip();
+    }
+
+    test_algorithm(s->ssh.session,
+                   "sntrup761x25519-sha512",
+                   NULL, /* cipher */
+                   NULL  /* hostkey */);
+
+    internal_curve25519_called = internal_curve25519_function_called();
+    internal_sntrup761_called = internal_sntrup761_function_called();
+
+#if SHOULD_CALL_INTERNAL_SNTRUP761
+    assert_true(internal_sntrup761_called);
+#else
+    assert_false(internal_sntrup761_called);
+#endif
+
+#if SHOULD_CALL_INTERNAL_CURVE25519
+    assert_true(internal_curve25519_called);
+#else
+    assert_false(internal_curve25519_called);
+#endif
+}
+#endif /* OPENSSH_SNTRUP761X25519_SHA512 */
+
 #ifdef OPENSSH_SSH_ED25519
 static void torture_override_ed25519(void **state)
 {
@@ -339,6 +373,11 @@ int torture_run_tests(void)
                                         session_setup,
                                         session_teardown),
 #endif /* OPENSSH_SNTRUP761X25519_SHA512_OPENSSH_COM */
+#ifdef OPENSSH_SNTRUP761X25519_SHA512
+        cmocka_unit_test_setup_teardown(torture_override_ecdh_sntrup761x25519_sha512,
+                                        session_setup,
+                                        session_teardown),
+#endif /* OPENSSH_SNTRUP761X25519_SHA512 */
 #ifdef OPENSSH_SSH_ED25519
         cmocka_unit_test_setup_teardown(torture_override_ed25519,
                                         session_setup,

tests/pkd/pkd_hello.c

@@ -286,11 +286,23 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
 #endif
 
 #ifdef OPENSSH_SNTRUP761X25519_SHA512_OPENSSH_COM
+#define SNTRUP_OPENSSH_NAME "sntrup761x25519-sha512@openssh.com"
+#define PKDTESTS_KEX_SNTRUP761_OPENSSH(f, client, kexcmd) \
+    f(client, rsa_sntrup761x25519_sha512_openssh_com,       kexcmd(SNTRUP_OPENSSH_NAME), setup_rsa,       teardown) \
+    f(client, ecdsa_256_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_256, teardown) \
+    f(client, ecdsa_384_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_384, teardown) \
+    f(client, ecdsa_521_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_521, teardown)
+#else
+#define PKDTESTS_KEX_SNTRUP761_OPENSSH(f, client, kexcmd)
+#endif
+
+#ifdef OPENSSH_SNTRUP761X25519_SHA512
+#define SNTRUP_NAME         "sntrup761x25519-sha512"
 #define PKDTESTS_KEX_SNTRUP761(f, client, kexcmd) \
-    f(client, rsa_sntrup761x25519_sha512_openssh_com, kexcmd("sntrup761x25519-sha512@openssh.com"), setup_rsa,   teardown) \
-    f(client, ecdsa_256_sntrup761x25519_sha512_openssh_com, kexcmd("sntrup761x25519-sha512@openssh.com"), setup_ecdsa_256, teardown) \
-    f(client, ecdsa_384_sntrup761x25519_sha512_openssh_com, kexcmd("sntrup761x25519-sha512@openssh.com"), setup_ecdsa_384, teardown) \
-    f(client, ecdsa_521_sntrup761x25519_sha512_openssh_com, kexcmd("sntrup761x25519-sha512@openssh.com"), setup_ecdsa_521, teardown)
+    f(client, rsa_sntrup761x25519_sha512,                   kexcmd(SNTRUP_NAME),         setup_rsa,       teardown) \
+    f(client, ecdsa_256_sntrup761x25519_sha512,             kexcmd(SNTRUP_NAME),         setup_ecdsa_256, teardown) \
+    f(client, ecdsa_384_sntrup761x25519_sha512,             kexcmd(SNTRUP_NAME),         setup_ecdsa_384, teardown) \
+    f(client, ecdsa_521_sntrup761x25519_sha512,             kexcmd(SNTRUP_NAME),         setup_ecdsa_521, teardown)
 #else
 #define PKDTESTS_KEX_SNTRUP761(f, client, kexcmd)
 #endif
@@ -298,6 +310,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
 #define PKDTESTS_KEX_COMMON(f, client, kexcmd) \
     PKDTESTS_KEX_FIPS(f, client, kexcmd) \
     PKDTESTS_KEX_SNTRUP761(f, client, kexcmd) \
+    PKDTESTS_KEX_SNTRUP761_OPENSSH(f, client, kexcmd) \
     f(client, rsa_curve25519_sha256,                  kexcmd("curve25519-sha256"),             setup_rsa,        teardown) \
     f(client, rsa_curve25519_sha256_libssh_org,       kexcmd("curve25519-sha256@libssh.org"),  setup_rsa,        teardown) \
     f(client, rsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_rsa,        teardown) \
@@ -331,8 +344,15 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
 #endif
 
 #ifdef OPENSSH_SNTRUP761X25519_SHA512_OPENSSH_COM
+#define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761_OPENSSH(f, client, kexcmd) \
+    f(client, ed25519_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ed25519, teardown)
+#else
+#define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761_OPENSSH(f, client, kexcmd)
+#endif
+
+#ifdef OPENSSH_SNTRUP761X25519_SHA512
 #define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761(f, client, kexcmd) \
-    f(client, ed25519_sntrup761x25519_sha512_openssh_com, kexcmd("sntrup761x25519-sha512@openssh.com"), setup_ed25519, teardown)
+    f(client, ed25519_sntrup761x25519_sha512,             kexcmd(SNTRUP_NAME),         setup_ed25519, teardown)
 #else
 #define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761(f, client, kexcmd)
 #endif
@@ -340,6 +360,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
 #define PKDTESTS_KEX_OPENSSHONLY(f, client, kexcmd) \
     /* Kex algorithms. */ \
     PKDTESTS_KEX_OPENSSHONLY_SNTRUP761(f, client, kexcmd) \
+    PKDTESTS_KEX_OPENSSHONLY_SNTRUP761_OPENSSH(f, client, kexcmd) \
     f(client, ed25519_curve25519_sha256,              kexcmd("curve25519-sha256"),             setup_ed25519,    teardown) \
     f(client, ed25519_curve25519_sha256_libssh_org,   kexcmd("curve25519-sha256@libssh.org"),  setup_ed25519,    teardown) \
     f(client, ed25519_ecdh_sha2_nistp256,             kexcmd("ecdh-sha2-nistp256"),            setup_ed25519,    teardown) \

tests/tests_config.h.cmake

@@ -50,6 +50,7 @@
 #cmakedefine OPENSSH_ECDH_SHA2_NISTP521 1
 #cmakedefine OPENSSH_CURVE25519_SHA256 1
 #cmakedefine OPENSSH_CURVE25519_SHA256_LIBSSH_ORG 1
+#cmakedefine OPENSSH_SNTRUP761X25519_SHA512 1
 #cmakedefine OPENSSH_SNTRUP761X25519_SHA512_OPENSSH_COM 1
 #cmakedefine OPENSSH_SSH_ED25519 1
 #cmakedefine OPENSSH_SSH_ED25519_CERT_V01_OPENSSH_COM 1

tests/unittests/torture_options.c

@@ -217,6 +217,7 @@ static void torture_options_set_key_exchange(void **state)
     /* Test known kexes */
     rc = ssh_options_set(session,
                          SSH_OPTIONS_KEY_EXCHANGE,
+                         "sntrup761x25519-sha512,"
                          "sntrup761x25519-sha512@openssh.com,"
                          "curve25519-sha256,curve25519-sha256@libssh.org,"
                          "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
@@ -232,6 +233,7 @@ static void torture_options_set_key_exchange(void **state)
                             "diffie-hellman-group14-sha256");
     } else {
         assert_string_equal(session->opts.wanted_methods[SSH_KEX],
+                            "sntrup761x25519-sha512,"
                             "sntrup761x25519-sha512@openssh.com,"
                             "curve25519-sha256,curve25519-sha256@libssh.org,"
                             "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
@@ -281,6 +283,7 @@ static void torture_options_get_key_exchange(void **state)
     } else {
         assert_string_equal(value,
                             "curve25519-sha256,curve25519-sha256@libssh.org,"
+                            "sntrup761x25519-sha512,"
                             "sntrup761x25519-sha512@openssh.com,"
                             "ecdh-sha2-nistp256,ecdh-sha2-nistp384,"
                             "ecdh-sha2-nistp521,diffie-hellman-group18-sha512,"