From b6c3639bd1a417392821bc1e2f70f8d062da76ff Mon Sep 17 00:00:00 2001 From: Christian Paquin Date: Wed, 15 Jul 2020 18:54:32 -0400 Subject: [PATCH] Added picnic-full params, replaced picnic2 with picnic3; unpined circleci from v0.3.0 (#62) Fixes #60 --- .circleci/config.yml | 2 +- README.md | 2 +- configure.ac | 2 +- oqs-template/generate.yml | 32 ++++++++++---- oqs-test/test_openssh.py | 4 +- oqs-utils.h | 21 ++++++--- pathnames.h | 18 +++++--- readconf.c | 9 ++-- servconf.c | 12 +++-- ssh-add.c | 9 ++-- ssh-keygen.c | 20 ++++++--- ssh-keyscan.c | 93 +++++++++++++++++++++++---------------- ssh-keysign.c | 11 +++-- ssh-oqs.c | 12 +++-- ssh.c | 65 ++++++++++++++------------- sshconnect.c | 9 ++-- sshkey.c | 9 ++-- sshkey.h | 9 ++-- 18 files changed, 211 insertions(+), 128 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4c4e5ae6b671..edc0b4333b82 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,7 +13,7 @@ version: 2 useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd - run: name: Clone liboqs - command: .circleci/git_no_checkin_in_last_day.sh || (env LIBOQS_BRANCH=0.3.0 ./oqs-scripts/clone_liboqs.sh) + command: .circleci/git_no_checkin_in_last_day.sh || (./oqs-scripts/clone_liboqs.sh) - run: name: Build liboqs command: .circleci/git_no_checkin_in_last_day.sh || (./oqs-scripts/build_liboqs.sh) diff --git a/README.md b/README.md index 9bd24414f04e..cfb4402817ff 100644 --- a/README.md +++ b/README.md @@ -123,7 +123,7 @@ On **macOS**, you need to install the following packages using brew (or a packag The following instructions install liboqs into a subdirectory inside the OpenSSH source. If `` is the root of the OpenSSH source: ``` -git clone --branch 0.3.0 --single-branch --depth 1 https://github.com/open-quantum-safe/liboqs.git +git clone --branch master --single-branch --depth 1 https://github.com/open-quantum-safe/liboqs.git cd liboqs mkdir build && cd build cmake .. -GNinja -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=/oqs diff --git a/configure.ac b/configure.ac index d0f46011d7ce..31c9d463674e 100644 --- a/configure.ac +++ b/configure.ac @@ -3760,7 +3760,7 @@ if test "x$with_liboqs" = "xyes" ; then AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ - #if defined(OQS_ENABLE_SIG_PICNIC) || (defined(OQS_ENABLE_SIG_picnic_L1_UR)) + #if defined(OQS_ENABLE_SIG_PICNIC) || (defined(OQS_ENABLE_SIG_picnic_L1_FS) && defined(OQS_ENABLE_SIG_picnic3_L1)) #else #error "PICNIC is not supported" #endif diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 0ca0eba228be..709d268a5dd0 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -62,17 +62,23 @@ sigs: family: "PICNIC" variants: - - enable: false + enable: true name: "PICNIC_L1FS" oqs_meth: "OQS_SIG_alg_picnic_L1_FS" mix_with: [{'name':'rsa3072'}, {'name': 'p256', 'curve':'NID_X9_62_prime256v1'}] - - enable: true + enable: false name: "PICNIC_L1UR" oqs_meth: "OQS_SIG_alg_picnic_L1_UR" mix_with: [{'name':'rsa3072'}, {'name': 'p256', 'curve':'NID_X9_62_prime256v1'}] + - + enable: false + name: "PICNIC_L1FULL" + oqs_meth: "OQS_SIG_alg_picnic_L1_full" + mix_with: [{'name':'rsa3072'}, + {'name': 'p256', 'curve':'NID_X9_62_prime256v1'}] - enable: false name: "PICNIC_L3FS" @@ -83,6 +89,11 @@ sigs: name: "PICNIC_L3UR" oqs_meth: "OQS_SIG_alg_picnic_L3_UR" mix_with: [{'name': 'p384', 'curve':'NID_secp384r1'}] + - + enable: false + name: "PICNIC_L3FULL" + oqs_meth: "OQS_SIG_alg_picnic_L3_full" + mix_with: [{'name': 'p384', 'curve':'NID_secp384r1'}] - enable: false name: "PICNIC_L5FS" @@ -95,19 +106,24 @@ sigs: mix_with: [{'name': 'p521', 'curve':'NID_secp521r1'}] - enable: false - name: "PICNIC2_L1FS" - oqs_meth: "OQS_SIG_alg_picnic2_L1_FS" + name: "PICNIC_L5FULL" + oqs_meth: "OQS_SIG_alg_picnic_L5_full" + mix_with: [{'name': 'p521', 'curve':'NID_secp521r1'}] + - + enable: true + name: "PICNIC3_L1" + oqs_meth: "OQS_SIG_alg_picnic3_L1" mix_with: [{'name':'rsa3072'}, {'name': 'p256', 'curve':'NID_X9_62_prime256v1'}] - enable: false - name: "PICNIC2_L3FS" - oqs_meth: "OQS_SIG_alg_picnic2_L3_FS" + name: "PICNIC3_L3" + oqs_meth: "OQS_SIG_alg_picnic3_L3" mix_with: [{'name': 'p384', 'curve':'NID_secp384r1'}] - enable: false - name: "PICNIC2_L5FS" - oqs_meth: "OQS_SIG_alg_picnic2_L5_FS" + name: "PICNIC3_L5" + oqs_meth: "OQS_SIG_alg_picnic3_L5" mix_with: [{'name': 'p521', 'curve':'NID_secp521r1'}] - family: "QTESLA" diff --git a/oqs-test/test_openssh.py b/oqs-test/test_openssh.py index bf24a69bc9d5..440260a8fffe 100644 --- a/oqs-test/test_openssh.py +++ b/oqs-test/test_openssh.py @@ -9,9 +9,9 @@ sig_algs += [ ##### OQS_TEMPLATE_FRAGMENT_LIST_SIGS_START # post-quantum only sigs - 'ssh-oqsdefault','ssh-dilithium2','ssh-falcon512','ssh-mqdss3148','ssh-picnicl1ur','ssh-qteslapi','ssh-rainbowiaclassic','ssh-rainbowiiicclassic','ssh-rainbowvcclassic','ssh-sphincsharaka128frobust','ssh-sphincssha256128frobust','ssh-sphincsshake256128frobust', + 'ssh-oqsdefault','ssh-dilithium2','ssh-falcon512','ssh-mqdss3148','ssh-picnicl1fs','ssh-picnic3l1','ssh-qteslapi','ssh-rainbowiaclassic','ssh-rainbowiiicclassic','ssh-rainbowvcclassic','ssh-sphincsharaka128frobust','ssh-sphincssha256128frobust','ssh-sphincsshake256128frobust', # hybrid sigs - 'ssh-rsa3072-oqsdefault','ssh-p256-oqsdefault','ssh-rsa3072-dilithium2','ssh-p256-dilithium2','ssh-rsa3072-falcon512','ssh-p256-falcon512','ssh-rsa3072-mqdss3148','ssh-p256-mqdss3148','ssh-rsa3072-picnicl1ur','ssh-p256-picnicl1ur','ssh-rsa3072-qteslapi','ssh-p256-qteslapi','ssh-rsa3072-rainbowiaclassic','ssh-p256-rainbowiaclassic','ssh-p384-rainbowiiicclassic','ssh-p521-rainbowvcclassic','ssh-rsa3072-sphincsharaka128frobust','ssh-p256-sphincsharaka128frobust','ssh-rsa3072-sphincssha256128frobust','ssh-p256-sphincssha256128frobust','ssh-rsa3072-sphincsshake256128frobust','ssh-p256-sphincsshake256128frobust', + 'ssh-rsa3072-oqsdefault','ssh-p256-oqsdefault','ssh-rsa3072-dilithium2','ssh-p256-dilithium2','ssh-rsa3072-falcon512','ssh-p256-falcon512','ssh-rsa3072-mqdss3148','ssh-p256-mqdss3148','ssh-rsa3072-picnicl1fs','ssh-p256-picnicl1fs','ssh-rsa3072-picnic3l1','ssh-p256-picnic3l1','ssh-rsa3072-qteslapi','ssh-p256-qteslapi','ssh-rsa3072-rainbowiaclassic','ssh-p256-rainbowiaclassic','ssh-p384-rainbowiiicclassic','ssh-p521-rainbowvcclassic','ssh-rsa3072-sphincsharaka128frobust','ssh-p256-sphincsharaka128frobust','ssh-rsa3072-sphincssha256128frobust','ssh-p256-sphincssha256128frobust','ssh-rsa3072-sphincsshake256128frobust','ssh-p256-sphincsshake256128frobust', ##### OQS_TEMPLATE_FRAGMENT_LIST_SIGS_END ] diff --git a/oqs-utils.h b/oqs-utils.h index e6fd9b830ae7..82567008994c 100644 --- a/oqs-utils.h +++ b/oqs-utils.h @@ -7,7 +7,8 @@ strcmp(alg, "ssh-rsa3072-dilithium2") == 0 || \ strcmp(alg, "ssh-rsa3072-falcon512") == 0 || \ strcmp(alg, "ssh-rsa3072-mqdss3148") == 0 || \ - strcmp(alg, "ssh-rsa3072-picnicl1ur") == 0 || \ + strcmp(alg, "ssh-rsa3072-picnicl1fs") == 0 || \ + strcmp(alg, "ssh-rsa3072-picnic3l1") == 0 || \ strcmp(alg, "ssh-rsa3072-qteslapi") == 0 || \ strcmp(alg, "ssh-rsa3072-rainbowiaclassic") == 0 || \ strcmp(alg, "ssh-rsa3072-sphincsharaka128frobust") == 0 || \ @@ -19,7 +20,8 @@ alg == KEY_RSA3072_DILITHIUM_2 || \ alg == KEY_RSA3072_FALCON_512 || \ alg == KEY_RSA3072_MQDSS_31_48 || \ - alg == KEY_RSA3072_PICNIC_L1UR || \ + alg == KEY_RSA3072_PICNIC_L1FS || \ + alg == KEY_RSA3072_PICNIC3_L1 || \ alg == KEY_RSA3072_QTESLA_P_I || \ alg == KEY_RSA3072_RAINBOW_IA_CLASSIC || \ alg == KEY_RSA3072_SPHINCS_HARAKA_128F_ROBUST || \ @@ -31,7 +33,8 @@ alg == KEY_P256_DILITHIUM_2 || \ alg == KEY_P256_FALCON_512 || \ alg == KEY_P256_MQDSS_31_48 || \ - alg == KEY_P256_PICNIC_L1UR || \ + alg == KEY_P256_PICNIC_L1FS || \ + alg == KEY_P256_PICNIC3_L1 || \ alg == KEY_P256_QTESLA_P_I || \ alg == KEY_P256_RAINBOW_IA_CLASSIC || \ alg == KEY_P256_SPHINCS_HARAKA_128F_ROBUST || \ @@ -49,7 +52,8 @@ (type) == KEY_DILITHIUM_2 || \ (type) == KEY_FALCON_512 || \ (type) == KEY_MQDSS_31_48 || \ - (type) == KEY_PICNIC_L1UR || \ + (type) == KEY_PICNIC_L1FS || \ + (type) == KEY_PICNIC3_L1 || \ (type) == KEY_QTESLA_P_I || \ (type) == KEY_RAINBOW_IA_CLASSIC || \ (type) == KEY_RAINBOW_IIIC_CLASSIC || \ @@ -66,7 +70,8 @@ case KEY_DILITHIUM_2: \ case KEY_FALCON_512: \ case KEY_MQDSS_31_48: \ - case KEY_PICNIC_L1UR: \ + case KEY_PICNIC_L1FS: \ + case KEY_PICNIC3_L1: \ case KEY_QTESLA_P_I: \ case KEY_RAINBOW_IA_CLASSIC: \ case KEY_RAINBOW_IIIC_CLASSIC: \ @@ -82,7 +87,8 @@ case KEY_RSA3072_DILITHIUM_2: \ case KEY_RSA3072_FALCON_512: \ case KEY_RSA3072_MQDSS_31_48: \ - case KEY_RSA3072_PICNIC_L1UR: \ + case KEY_RSA3072_PICNIC_L1FS: \ + case KEY_RSA3072_PICNIC3_L1: \ case KEY_RSA3072_QTESLA_P_I: \ case KEY_RSA3072_RAINBOW_IA_CLASSIC: \ case KEY_RSA3072_SPHINCS_HARAKA_128F_ROBUST: \ @@ -94,7 +100,8 @@ case KEY_P256_DILITHIUM_2: \ case KEY_P256_FALCON_512: \ case KEY_P256_MQDSS_31_48: \ - case KEY_P256_PICNIC_L1UR: \ + case KEY_P256_PICNIC_L1FS: \ + case KEY_P256_PICNIC3_L1: \ case KEY_P256_QTESLA_P_I: \ case KEY_P256_RAINBOW_IA_CLASSIC: \ case KEY_P256_SPHINCS_HARAKA_128F_ROBUST: \ diff --git a/pathnames.h b/pathnames.h index 7e2ba5078df5..9e80204bbfa6 100644 --- a/pathnames.h +++ b/pathnames.h @@ -46,7 +46,8 @@ #define _PATH_HOST_DILITHIUM_2_KEY_FILE SSHDIR "/ssh_host_dilithium2_key" #define _PATH_HOST_FALCON_512_KEY_FILE SSHDIR "/ssh_host_falcon512_key" #define _PATH_HOST_MQDSS_31_48_KEY_FILE SSHDIR "/ssh_host_mqdss3148_key" -#define _PATH_HOST_PICNIC_L1UR_KEY_FILE SSHDIR "/ssh_host_picnicl1ur_key" +#define _PATH_HOST_PICNIC_L1FS_KEY_FILE SSHDIR "/ssh_host_picnicl1fs_key" +#define _PATH_HOST_PICNIC3_L1_KEY_FILE SSHDIR "/ssh_host_picnic3l1_key" #define _PATH_HOST_QTESLA_P_I_KEY_FILE SSHDIR "/ssh_host_qteslapi_key" #define _PATH_HOST_RAINBOW_IA_CLASSIC_KEY_FILE SSHDIR "/ssh_host_rainbowiaclassic_key" #define _PATH_HOST_RAINBOW_IIIC_CLASSIC_KEY_FILE SSHDIR "/ssh_host_rainbowiiicclassic_key" @@ -62,8 +63,10 @@ #define _PATH_HOST_P256_FALCON_512_KEY_FILE SSHDIR "/ssh_host_p256_falcon512_key" #define _PATH_HOST_RSA3072_MQDSS_31_48_KEY_FILE SSHDIR "/ssh_host_rsa3072_mqdss3148_key" #define _PATH_HOST_P256_MQDSS_31_48_KEY_FILE SSHDIR "/ssh_host_p256_mqdss3148_key" -#define _PATH_HOST_RSA3072_PICNIC_L1UR_KEY_FILE SSHDIR "/ssh_host_rsa3072_picnicl1ur_key" -#define _PATH_HOST_P256_PICNIC_L1UR_KEY_FILE SSHDIR "/ssh_host_p256_picnicl1ur_key" +#define _PATH_HOST_RSA3072_PICNIC_L1FS_KEY_FILE SSHDIR "/ssh_host_rsa3072_picnicl1fs_key" +#define _PATH_HOST_P256_PICNIC_L1FS_KEY_FILE SSHDIR "/ssh_host_p256_picnicl1fs_key" +#define _PATH_HOST_RSA3072_PICNIC3_L1_KEY_FILE SSHDIR "/ssh_host_rsa3072_picnic3l1_key" +#define _PATH_HOST_P256_PICNIC3_L1_KEY_FILE SSHDIR "/ssh_host_p256_picnic3l1_key" #define _PATH_HOST_RSA3072_QTESLA_P_I_KEY_FILE SSHDIR "/ssh_host_rsa3072_qteslapi_key" #define _PATH_HOST_P256_QTESLA_P_I_KEY_FILE SSHDIR "/ssh_host_p256_qteslapi_key" #define _PATH_HOST_RSA3072_RAINBOW_IA_CLASSIC_KEY_FILE SSHDIR "/ssh_host_rsa3072_rainbowiaclassic_key" @@ -118,7 +121,8 @@ #define _PATH_SSH_CLIENT_ID_DILITHIUM_2 _PATH_SSH_USER_DIR "/id_dilithium2" #define _PATH_SSH_CLIENT_ID_FALCON_512 _PATH_SSH_USER_DIR "/id_falcon512" #define _PATH_SSH_CLIENT_ID_MQDSS_31_48 _PATH_SSH_USER_DIR "/id_mqdss3148" -#define _PATH_SSH_CLIENT_ID_PICNIC_L1UR _PATH_SSH_USER_DIR "/id_picnicl1ur" +#define _PATH_SSH_CLIENT_ID_PICNIC_L1FS _PATH_SSH_USER_DIR "/id_picnicl1fs" +#define _PATH_SSH_CLIENT_ID_PICNIC3_L1 _PATH_SSH_USER_DIR "/id_picnic3l1" #define _PATH_SSH_CLIENT_ID_QTESLA_P_I _PATH_SSH_USER_DIR "/id_qteslapi" #define _PATH_SSH_CLIENT_ID_RAINBOW_IA_CLASSIC _PATH_SSH_USER_DIR "/id_rainbowiaclassic" #define _PATH_SSH_CLIENT_ID_RAINBOW_IIIC_CLASSIC _PATH_SSH_USER_DIR "/id_rainbowiiicclassic" @@ -134,8 +138,10 @@ #define _PATH_SSH_CLIENT_ID_P256_FALCON_512 _PATH_SSH_USER_DIR "/id_p256_falcon512" #define _PATH_SSH_CLIENT_ID_RSA3072_MQDSS_31_48 _PATH_SSH_USER_DIR "/id_rsa3072_mqdss3148" #define _PATH_SSH_CLIENT_ID_P256_MQDSS_31_48 _PATH_SSH_USER_DIR "/id_p256_mqdss3148" -#define _PATH_SSH_CLIENT_ID_RSA3072_PICNIC_L1UR _PATH_SSH_USER_DIR "/id_rsa3072_picnicl1ur" -#define _PATH_SSH_CLIENT_ID_P256_PICNIC_L1UR _PATH_SSH_USER_DIR "/id_p256_picnicl1ur" +#define _PATH_SSH_CLIENT_ID_RSA3072_PICNIC_L1FS _PATH_SSH_USER_DIR "/id_rsa3072_picnicl1fs" +#define _PATH_SSH_CLIENT_ID_P256_PICNIC_L1FS _PATH_SSH_USER_DIR "/id_p256_picnicl1fs" +#define _PATH_SSH_CLIENT_ID_RSA3072_PICNIC3_L1 _PATH_SSH_USER_DIR "/id_rsa3072_picnic3l1" +#define _PATH_SSH_CLIENT_ID_P256_PICNIC3_L1 _PATH_SSH_USER_DIR "/id_p256_picnic3l1" #define _PATH_SSH_CLIENT_ID_RSA3072_QTESLA_P_I _PATH_SSH_USER_DIR "/id_rsa3072_qteslapi" #define _PATH_SSH_CLIENT_ID_P256_QTESLA_P_I _PATH_SSH_USER_DIR "/id_p256_qteslapi" #define _PATH_SSH_CLIENT_ID_RSA3072_RAINBOW_IA_CLASSIC _PATH_SSH_USER_DIR "/id_rsa3072_rainbowiaclassic" diff --git a/readconf.c b/readconf.c index 36e02c9f0392..d7a126917763 100644 --- a/readconf.c +++ b/readconf.c @@ -2032,7 +2032,8 @@ fill_default_options(Options * options) add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DILITHIUM_2, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_FALCON_512, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_MQDSS_31_48, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_PICNIC_L1UR, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_PICNIC_L1FS, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_PICNIC3_L1, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_QTESLA_P_I, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RAINBOW_IA_CLASSIC, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RAINBOW_IIIC_CLASSIC, 0); @@ -2052,8 +2053,10 @@ fill_default_options(Options * options) add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_P256_FALCON_512, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_MQDSS_31_48, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_P256_MQDSS_31_48, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_PICNIC_L1UR, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_P256_PICNIC_L1UR, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_PICNIC_L1FS, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_P256_PICNIC_L1FS, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_PICNIC3_L1, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_P256_PICNIC3_L1, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_QTESLA_P_I, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_P256_QTESLA_P_I, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_RAINBOW_IA_CLASSIC, 0); diff --git a/servconf.c b/servconf.c index b94512f038ee..97dc91739c67 100644 --- a/servconf.c +++ b/servconf.c @@ -290,7 +290,9 @@ fill_default_server_options(ServerOptions *options) servconf_add_hostkey("[default]", 0, options, _PATH_HOST_MQDSS_31_48_KEY_FILE); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_PICNIC_L1UR_KEY_FILE); + _PATH_HOST_PICNIC_L1FS_KEY_FILE); + servconf_add_hostkey("[default]", 0, options, + _PATH_HOST_PICNIC3_L1_KEY_FILE); servconf_add_hostkey("[default]", 0, options, _PATH_HOST_QTESLA_P_I_KEY_FILE); servconf_add_hostkey("[default]", 0, options, @@ -326,9 +328,13 @@ fill_default_server_options(ServerOptions *options) servconf_add_hostkey("[default]", 0, options, _PATH_HOST_P256_MQDSS_31_48_KEY_FILE); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_RSA3072_PICNIC_L1UR_KEY_FILE); + _PATH_HOST_RSA3072_PICNIC_L1FS_KEY_FILE); + servconf_add_hostkey("[default]", 0, options, + _PATH_HOST_P256_PICNIC_L1FS_KEY_FILE); + servconf_add_hostkey("[default]", 0, options, + _PATH_HOST_RSA3072_PICNIC3_L1_KEY_FILE); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_P256_PICNIC_L1UR_KEY_FILE); + _PATH_HOST_P256_PICNIC3_L1_KEY_FILE); servconf_add_hostkey("[default]", 0, options, _PATH_HOST_RSA3072_QTESLA_P_I_KEY_FILE); servconf_add_hostkey("[default]", 0, options, diff --git a/ssh-add.c b/ssh-add.c index 96b337c986a6..0b3cf45c2377 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -85,7 +85,8 @@ static char *default_files[] = { _PATH_SSH_CLIENT_ID_DILITHIUM_2, _PATH_SSH_CLIENT_ID_FALCON_512, _PATH_SSH_CLIENT_ID_MQDSS_31_48, - _PATH_SSH_CLIENT_ID_PICNIC_L1UR, + _PATH_SSH_CLIENT_ID_PICNIC_L1FS, + _PATH_SSH_CLIENT_ID_PICNIC3_L1, _PATH_SSH_CLIENT_ID_QTESLA_P_I, _PATH_SSH_CLIENT_ID_RAINBOW_IA_CLASSIC, _PATH_SSH_CLIENT_ID_RAINBOW_IIIC_CLASSIC, @@ -105,8 +106,10 @@ static char *default_files[] = { _PATH_SSH_CLIENT_ID_P256_FALCON_512, _PATH_SSH_CLIENT_ID_RSA3072_MQDSS_31_48, _PATH_SSH_CLIENT_ID_P256_MQDSS_31_48, - _PATH_SSH_CLIENT_ID_RSA3072_PICNIC_L1UR, - _PATH_SSH_CLIENT_ID_P256_PICNIC_L1UR, + _PATH_SSH_CLIENT_ID_RSA3072_PICNIC_L1FS, + _PATH_SSH_CLIENT_ID_P256_PICNIC_L1FS, + _PATH_SSH_CLIENT_ID_RSA3072_PICNIC3_L1, + _PATH_SSH_CLIENT_ID_P256_PICNIC3_L1, _PATH_SSH_CLIENT_ID_RSA3072_QTESLA_P_I, _PATH_SSH_CLIENT_ID_P256_QTESLA_P_I, _PATH_SSH_CLIENT_ID_RSA3072_RAINBOW_IA_CLASSIC, diff --git a/ssh-keygen.c b/ssh-keygen.c index aa4096b674b4..e7b752089a74 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -319,8 +319,11 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_MQDSS_31_48: name = _PATH_SSH_CLIENT_ID_MQDSS_31_48; break; - case KEY_PICNIC_L1UR: - name = _PATH_SSH_CLIENT_ID_PICNIC_L1UR; + case KEY_PICNIC_L1FS: + name = _PATH_SSH_CLIENT_ID_PICNIC_L1FS; + break; + case KEY_PICNIC3_L1: + name = _PATH_SSH_CLIENT_ID_PICNIC3_L1; break; case KEY_QTESLA_P_I: name = _PATH_SSH_CLIENT_ID_QTESLA_P_I; @@ -1082,7 +1085,8 @@ do_gen_all_hostkeys(struct passwd *pw) { "dilithium2", "DILITHIUM_2", _PATH_HOST_DILITHIUM_2_KEY_FILE }, { "falcon512", "FALCON_512", _PATH_HOST_FALCON_512_KEY_FILE }, { "mqdss3148", "MQDSS_31_48", _PATH_HOST_MQDSS_31_48_KEY_FILE }, - { "picnicl1ur", "PICNIC_L1UR", _PATH_HOST_PICNIC_L1UR_KEY_FILE }, + { "picnicl1fs", "PICNIC_L1FS", _PATH_HOST_PICNIC_L1FS_KEY_FILE }, + { "picnic3l1", "PICNIC3_L1", _PATH_HOST_PICNIC3_L1_KEY_FILE }, { "qteslapi", "QTESLA_P_I", _PATH_HOST_QTESLA_P_I_KEY_FILE }, { "rainbowiaclassic", "RAINBOW_IA_CLASSIC", _PATH_HOST_RAINBOW_IA_CLASSIC_KEY_FILE }, { "rainbowiiicclassic", "RAINBOW_IIIC_CLASSIC", _PATH_HOST_RAINBOW_IIIC_CLASSIC_KEY_FILE }, @@ -1099,7 +1103,8 @@ do_gen_all_hostkeys(struct passwd *pw) { "rsa3072_dilithium2", "RSA3072_DILITHIUM_2", _PATH_HOST_RSA3072_DILITHIUM_2_KEY_FILE }, { "rsa3072_falcon512", "RSA3072_FALCON_512", _PATH_HOST_RSA3072_FALCON_512_KEY_FILE }, { "rsa3072_mqdss3148", "RSA3072_MQDSS_31_48", _PATH_HOST_RSA3072_MQDSS_31_48_KEY_FILE }, - { "rsa3072_picnicl1ur", "RSA3072_PICNIC_L1UR", _PATH_HOST_RSA3072_PICNIC_L1UR_KEY_FILE }, + { "rsa3072_picnicl1fs", "RSA3072_PICNIC_L1FS", _PATH_HOST_RSA3072_PICNIC_L1FS_KEY_FILE }, + { "rsa3072_picnic3l1", "RSA3072_PICNIC3_L1", _PATH_HOST_RSA3072_PICNIC3_L1_KEY_FILE }, { "rsa3072_qteslapi", "RSA3072_QTESLA_P_I", _PATH_HOST_RSA3072_QTESLA_P_I_KEY_FILE }, { "rsa3072_rainbowiaclassic", "RSA3072_RAINBOW_IA_CLASSIC", _PATH_HOST_RSA3072_RAINBOW_IA_CLASSIC_KEY_FILE }, { "rsa3072_sphincsharaka128frobust", "RSA3072_SPHINCS_HARAKA_128F_ROBUST", _PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_ROBUST_KEY_FILE }, @@ -1110,7 +1115,8 @@ do_gen_all_hostkeys(struct passwd *pw) { "p256_dilithium2", "P256_DILITHIUM_2", _PATH_HOST_P256_DILITHIUM_2_KEY_FILE }, { "p256_falcon512", "P256_FALCON_512", _PATH_HOST_P256_FALCON_512_KEY_FILE }, { "p256_mqdss3148", "P256_MQDSS_31_48", _PATH_HOST_P256_MQDSS_31_48_KEY_FILE }, - { "p256_picnicl1ur", "P256_PICNIC_L1UR", _PATH_HOST_P256_PICNIC_L1UR_KEY_FILE }, + { "p256_picnicl1fs", "P256_PICNIC_L1FS", _PATH_HOST_P256_PICNIC_L1FS_KEY_FILE }, + { "p256_picnic3l1", "P256_PICNIC3_L1", _PATH_HOST_P256_PICNIC3_L1_KEY_FILE }, { "p256_qteslapi", "P256_QTESLA_P_I", _PATH_HOST_P256_QTESLA_P_I_KEY_FILE }, { "p256_rainbowiaclassic", "P256_RAINBOW_IA_CLASSIC", _PATH_HOST_P256_RAINBOW_IA_CLASSIC_KEY_FILE }, { "p384_rainbowiiicclassic", "P384_RAINBOW_IIIC_CLASSIC", _PATH_HOST_P384_RAINBOW_IIIC_CLASSIC_KEY_FILE }, @@ -2890,7 +2896,9 @@ main(int argc, char **argv) n += do_print_resource_record(pw, _PATH_HOST_MQDSS_31_48_KEY_FILE, rr_hostname); n += do_print_resource_record(pw, - _PATH_HOST_PICNIC_L1UR_KEY_FILE, rr_hostname); + _PATH_HOST_PICNIC_L1FS_KEY_FILE, rr_hostname); + n += do_print_resource_record(pw, + _PATH_HOST_PICNIC3_L1_KEY_FILE, rr_hostname); n += do_print_resource_record(pw, _PATH_HOST_QTESLA_P_I_KEY_FILE, rr_hostname); n += do_print_resource_record(pw, diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 3b83e40cdf84..1630d10b218d 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -64,36 +64,39 @@ int ssh_port = SSH_DEFAULT_PORT; #define KT_DILITHIUM_2 ((uint64_t)1<<6) #define KT_FALCON_512 ((uint64_t)1<<7) #define KT_MQDSS_31_48 ((uint64_t)1<<8) -#define KT_PICNIC_L1UR ((uint64_t)1<<9) -#define KT_QTESLA_P_I ((uint64_t)1<<10) -#define KT_RAINBOW_IA_CLASSIC ((uint64_t)1<<11) -#define KT_RAINBOW_IIIC_CLASSIC ((uint64_t)1<<12) -#define KT_RAINBOW_VC_CLASSIC ((uint64_t)1<<13) -#define KT_SPHINCS_HARAKA_128F_ROBUST ((uint64_t)1<<14) -#define KT_SPHINCS_SHA256_128F_ROBUST ((uint64_t)1<<15) -#define KT_SPHINCS_SHAKE256_128F_ROBUST ((uint64_t)1<<16) -#define KT_RSA3072_OQSDEFAULT ((uint64_t)1<<17) -#define KT_P256_OQSDEFAULT ((uint64_t)1<<18) -#define KT_RSA3072_DILITHIUM_2 ((uint64_t)1<<19) -#define KT_P256_DILITHIUM_2 ((uint64_t)1<<20) -#define KT_RSA3072_FALCON_512 ((uint64_t)1<<21) -#define KT_P256_FALCON_512 ((uint64_t)1<<22) -#define KT_RSA3072_MQDSS_31_48 ((uint64_t)1<<23) -#define KT_P256_MQDSS_31_48 ((uint64_t)1<<24) -#define KT_RSA3072_PICNIC_L1UR ((uint64_t)1<<25) -#define KT_P256_PICNIC_L1UR ((uint64_t)1<<26) -#define KT_RSA3072_QTESLA_P_I ((uint64_t)1<<27) -#define KT_P256_QTESLA_P_I ((uint64_t)1<<28) -#define KT_RSA3072_RAINBOW_IA_CLASSIC ((uint64_t)1<<29) -#define KT_P256_RAINBOW_IA_CLASSIC ((uint64_t)1<<30) -#define KT_P384_RAINBOW_IIIC_CLASSIC ((uint64_t)1<<31) -#define KT_P521_RAINBOW_VC_CLASSIC ((uint64_t)1<<32) -#define KT_RSA3072_SPHINCS_HARAKA_128F_ROBUST ((uint64_t)1<<33) -#define KT_P256_SPHINCS_HARAKA_128F_ROBUST ((uint64_t)1<<34) -#define KT_RSA3072_SPHINCS_SHA256_128F_ROBUST ((uint64_t)1<<35) -#define KT_P256_SPHINCS_SHA256_128F_ROBUST ((uint64_t)1<<36) -#define KT_RSA3072_SPHINCS_SHAKE256_128F_ROBUST ((uint64_t)1<<37) -#define KT_P256_SPHINCS_SHAKE256_128F_ROBUST ((uint64_t)1<<38) +#define KT_PICNIC_L1FS ((uint64_t)1<<9) +#define KT_PICNIC3_L1 ((uint64_t)1<<10) +#define KT_QTESLA_P_I ((uint64_t)1<<11) +#define KT_RAINBOW_IA_CLASSIC ((uint64_t)1<<12) +#define KT_RAINBOW_IIIC_CLASSIC ((uint64_t)1<<13) +#define KT_RAINBOW_VC_CLASSIC ((uint64_t)1<<14) +#define KT_SPHINCS_HARAKA_128F_ROBUST ((uint64_t)1<<15) +#define KT_SPHINCS_SHA256_128F_ROBUST ((uint64_t)1<<16) +#define KT_SPHINCS_SHAKE256_128F_ROBUST ((uint64_t)1<<17) +#define KT_RSA3072_OQSDEFAULT ((uint64_t)1<<18) +#define KT_P256_OQSDEFAULT ((uint64_t)1<<19) +#define KT_RSA3072_DILITHIUM_2 ((uint64_t)1<<20) +#define KT_P256_DILITHIUM_2 ((uint64_t)1<<21) +#define KT_RSA3072_FALCON_512 ((uint64_t)1<<22) +#define KT_P256_FALCON_512 ((uint64_t)1<<23) +#define KT_RSA3072_MQDSS_31_48 ((uint64_t)1<<24) +#define KT_P256_MQDSS_31_48 ((uint64_t)1<<25) +#define KT_RSA3072_PICNIC_L1FS ((uint64_t)1<<26) +#define KT_P256_PICNIC_L1FS ((uint64_t)1<<27) +#define KT_RSA3072_PICNIC3_L1 ((uint64_t)1<<28) +#define KT_P256_PICNIC3_L1 ((uint64_t)1<<29) +#define KT_RSA3072_QTESLA_P_I ((uint64_t)1<<30) +#define KT_P256_QTESLA_P_I ((uint64_t)1<<31) +#define KT_RSA3072_RAINBOW_IA_CLASSIC ((uint64_t)1<<32) +#define KT_P256_RAINBOW_IA_CLASSIC ((uint64_t)1<<33) +#define KT_P384_RAINBOW_IIIC_CLASSIC ((uint64_t)1<<34) +#define KT_P521_RAINBOW_VC_CLASSIC ((uint64_t)1<<35) +#define KT_RSA3072_SPHINCS_HARAKA_128F_ROBUST ((uint64_t)1<<36) +#define KT_P256_SPHINCS_HARAKA_128F_ROBUST ((uint64_t)1<<37) +#define KT_RSA3072_SPHINCS_SHA256_128F_ROBUST ((uint64_t)1<<38) +#define KT_P256_SPHINCS_SHA256_128F_ROBUST ((uint64_t)1<<39) +#define KT_RSA3072_SPHINCS_SHAKE256_128F_ROBUST ((uint64_t)1<<40) +#define KT_P256_SPHINCS_SHAKE256_128F_ROBUST ((uint64_t)1<<41) #define KT_MIN KT_DSA #define KT_MAX KT_P256_SPHINCS_SHAKE256_128F_ROBUST @@ -106,7 +109,8 @@ uint64_t get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519| \ KT_DILITHIUM_2| \ KT_FALCON_512| \ KT_MQDSS_31_48| \ - KT_PICNIC_L1UR| \ + KT_PICNIC_L1FS| \ + KT_PICNIC3_L1| \ KT_QTESLA_P_I| \ KT_RAINBOW_IA_CLASSIC| \ KT_RAINBOW_IIIC_CLASSIC| \ @@ -122,8 +126,10 @@ uint64_t get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519| \ KT_P256_FALCON_512| \ KT_RSA3072_MQDSS_31_48| \ KT_P256_MQDSS_31_48| \ - KT_RSA3072_PICNIC_L1UR| \ - KT_P256_PICNIC_L1UR| \ + KT_RSA3072_PICNIC_L1FS| \ + KT_P256_PICNIC_L1FS| \ + KT_RSA3072_PICNIC3_L1| \ + KT_P256_PICNIC3_L1| \ KT_RSA3072_QTESLA_P_I| \ KT_P256_QTESLA_P_I| \ KT_RSA3072_RAINBOW_IA_CLASSIC| \ @@ -813,8 +819,11 @@ main(int argc, char **argv) case KEY_MQDSS_31_48: get_keytypes |= KT_MQDSS_31_48; break; - case KEY_PICNIC_L1UR: - get_keytypes |= KT_PICNIC_L1UR; + case KEY_PICNIC_L1FS: + get_keytypes |= KT_PICNIC_L1FS; + break; + case KEY_PICNIC3_L1: + get_keytypes |= KT_PICNIC3_L1; break; case KEY_QTESLA_P_I: get_keytypes |= KT_QTESLA_P_I; @@ -861,11 +870,17 @@ main(int argc, char **argv) case KEY_P256_MQDSS_31_48: get_keytypes |= KT_P256_MQDSS_31_48; break; - case KEY_RSA3072_PICNIC_L1UR: - get_keytypes |= KT_RSA3072_PICNIC_L1UR; + case KEY_RSA3072_PICNIC_L1FS: + get_keytypes |= KT_RSA3072_PICNIC_L1FS; + break; + case KEY_P256_PICNIC_L1FS: + get_keytypes |= KT_P256_PICNIC_L1FS; + break; + case KEY_RSA3072_PICNIC3_L1: + get_keytypes |= KT_RSA3072_PICNIC3_L1; break; - case KEY_P256_PICNIC_L1UR: - get_keytypes |= KT_P256_PICNIC_L1UR; + case KEY_P256_PICNIC3_L1: + get_keytypes |= KT_P256_PICNIC3_L1; break; case KEY_RSA3072_QTESLA_P_I: get_keytypes |= KT_RSA3072_QTESLA_P_I; diff --git a/ssh-keysign.c b/ssh-keysign.c index a0b0114e490a..004d044dc449 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -167,7 +167,7 @@ main(int argc, char **argv) struct sshbuf *b; Options options; ///// OQS_TEMPLATE_FRAGMENT_COUNT_KT_START -#define NUM_KEYTYPES 39 +#define NUM_KEYTYPES 42 ///// OQS_TEMPLATE_FRAGMENT_COUNT_KT_END struct sshkey *keys[NUM_KEYTYPES], *key = NULL; struct passwd *pw; @@ -197,7 +197,8 @@ main(int argc, char **argv) key_fd[i++] = open(_PATH_HOST_DILITHIUM_2_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_FALCON_512_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_MQDSS_31_48_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_PICNIC_L1UR_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_PICNIC_L1FS_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_PICNIC3_L1_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_QTESLA_P_I_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RAINBOW_IA_CLASSIC_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RAINBOW_IIIC_CLASSIC_KEY_FILE, O_RDONLY); @@ -213,8 +214,10 @@ main(int argc, char **argv) key_fd[i++] = open(_PATH_HOST_P256_FALCON_512_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA3072_MQDSS_31_48_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_P256_MQDSS_31_48_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_RSA3072_PICNIC_L1UR_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_P256_PICNIC_L1UR_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_RSA3072_PICNIC_L1FS_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_P256_PICNIC_L1FS_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_RSA3072_PICNIC3_L1_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_P256_PICNIC3_L1_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA3072_QTESLA_P_I_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_P256_QTESLA_P_I_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA3072_RAINBOW_IA_CLASSIC_KEY_FILE, O_RDONLY); diff --git a/ssh-oqs.c b/ssh-oqs.c index b9f9fe0e7413..ff7e6dc2524a 100644 --- a/ssh-oqs.c +++ b/ssh-oqs.c @@ -35,10 +35,14 @@ const char* get_oqs_alg_name(int openssh_type) case KEY_RSA3072_MQDSS_31_48: case KEY_P256_MQDSS_31_48: return OQS_SIG_alg_mqdss_31_48; - case KEY_PICNIC_L1UR: - case KEY_RSA3072_PICNIC_L1UR: - case KEY_P256_PICNIC_L1UR: - return OQS_SIG_alg_picnic_L1_UR; + case KEY_PICNIC_L1FS: + case KEY_RSA3072_PICNIC_L1FS: + case KEY_P256_PICNIC_L1FS: + return OQS_SIG_alg_picnic_L1_FS; + case KEY_PICNIC3_L1: + case KEY_RSA3072_PICNIC3_L1: + case KEY_P256_PICNIC3_L1: + return OQS_SIG_alg_picnic3_L1; case KEY_QTESLA_P_I: case KEY_RSA3072_QTESLA_P_I: case KEY_P256_QTESLA_P_I: diff --git a/ssh.c b/ssh.c index d31ef28304b1..b4aba9af3890 100644 --- a/ssh.c +++ b/ssh.c @@ -1388,7 +1388,7 @@ main(int ac, char **av) sensitive_data.keys = NULL; if (options.hostbased_authentication) { ///// OQS_TEMPLATE_FRAGMENT_COUNT_KEYS_START - sensitive_data.nkeys = 44; + sensitive_data.nkeys = 47; ///// OQS_TEMPLATE_FRAGMENT_COUNT_KEYS_END sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(struct sshkey)); @@ -1422,36 +1422,39 @@ main(int ac, char **av) L_PUBKEY(_PATH_HOST_DILITHIUM_2_KEY_FILE, 11); L_PUBKEY(_PATH_HOST_FALCON_512_KEY_FILE, 12); L_PUBKEY(_PATH_HOST_MQDSS_31_48_KEY_FILE, 13); - L_PUBKEY(_PATH_HOST_PICNIC_L1UR_KEY_FILE, 14); - L_PUBKEY(_PATH_HOST_QTESLA_P_I_KEY_FILE, 15); - L_PUBKEY(_PATH_HOST_RAINBOW_IA_CLASSIC_KEY_FILE, 16); - L_PUBKEY(_PATH_HOST_RAINBOW_IIIC_CLASSIC_KEY_FILE, 17); - L_PUBKEY(_PATH_HOST_RAINBOW_VC_CLASSIC_KEY_FILE, 18); - L_PUBKEY(_PATH_HOST_SPHINCS_HARAKA_128F_ROBUST_KEY_FILE, 19); - L_PUBKEY(_PATH_HOST_SPHINCS_SHA256_128F_ROBUST_KEY_FILE, 20); - L_PUBKEY(_PATH_HOST_SPHINCS_SHAKE256_128F_ROBUST_KEY_FILE, 21); - L_PUBKEY(_PATH_HOST_RSA3072_OQSDEFAULT_KEY_FILE, 22); - L_PUBKEY(_PATH_HOST_P256_OQSDEFAULT_KEY_FILE, 23); - L_PUBKEY(_PATH_HOST_RSA3072_DILITHIUM_2_KEY_FILE, 24); - L_PUBKEY(_PATH_HOST_P256_DILITHIUM_2_KEY_FILE, 25); - L_PUBKEY(_PATH_HOST_RSA3072_FALCON_512_KEY_FILE, 26); - L_PUBKEY(_PATH_HOST_P256_FALCON_512_KEY_FILE, 27); - L_PUBKEY(_PATH_HOST_RSA3072_MQDSS_31_48_KEY_FILE, 28); - L_PUBKEY(_PATH_HOST_P256_MQDSS_31_48_KEY_FILE, 29); - L_PUBKEY(_PATH_HOST_RSA3072_PICNIC_L1UR_KEY_FILE, 30); - L_PUBKEY(_PATH_HOST_P256_PICNIC_L1UR_KEY_FILE, 31); - L_PUBKEY(_PATH_HOST_RSA3072_QTESLA_P_I_KEY_FILE, 32); - L_PUBKEY(_PATH_HOST_P256_QTESLA_P_I_KEY_FILE, 33); - L_PUBKEY(_PATH_HOST_RSA3072_RAINBOW_IA_CLASSIC_KEY_FILE, 34); - L_PUBKEY(_PATH_HOST_P256_RAINBOW_IA_CLASSIC_KEY_FILE, 35); - L_PUBKEY(_PATH_HOST_P384_RAINBOW_IIIC_CLASSIC_KEY_FILE, 36); - L_PUBKEY(_PATH_HOST_P521_RAINBOW_VC_CLASSIC_KEY_FILE, 37); - L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_ROBUST_KEY_FILE, 38); - L_PUBKEY(_PATH_HOST_P256_SPHINCS_HARAKA_128F_ROBUST_KEY_FILE, 39); - L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_SHA256_128F_ROBUST_KEY_FILE, 40); - L_PUBKEY(_PATH_HOST_P256_SPHINCS_SHA256_128F_ROBUST_KEY_FILE, 41); - L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_SHAKE256_128F_ROBUST_KEY_FILE, 42); - L_PUBKEY(_PATH_HOST_P256_SPHINCS_SHAKE256_128F_ROBUST_KEY_FILE, 43); + L_PUBKEY(_PATH_HOST_PICNIC_L1FS_KEY_FILE, 14); + L_PUBKEY(_PATH_HOST_PICNIC3_L1_KEY_FILE, 15); + L_PUBKEY(_PATH_HOST_QTESLA_P_I_KEY_FILE, 16); + L_PUBKEY(_PATH_HOST_RAINBOW_IA_CLASSIC_KEY_FILE, 17); + L_PUBKEY(_PATH_HOST_RAINBOW_IIIC_CLASSIC_KEY_FILE, 18); + L_PUBKEY(_PATH_HOST_RAINBOW_VC_CLASSIC_KEY_FILE, 19); + L_PUBKEY(_PATH_HOST_SPHINCS_HARAKA_128F_ROBUST_KEY_FILE, 20); + L_PUBKEY(_PATH_HOST_SPHINCS_SHA256_128F_ROBUST_KEY_FILE, 21); + L_PUBKEY(_PATH_HOST_SPHINCS_SHAKE256_128F_ROBUST_KEY_FILE, 22); + L_PUBKEY(_PATH_HOST_RSA3072_OQSDEFAULT_KEY_FILE, 23); + L_PUBKEY(_PATH_HOST_P256_OQSDEFAULT_KEY_FILE, 24); + L_PUBKEY(_PATH_HOST_RSA3072_DILITHIUM_2_KEY_FILE, 25); + L_PUBKEY(_PATH_HOST_P256_DILITHIUM_2_KEY_FILE, 26); + L_PUBKEY(_PATH_HOST_RSA3072_FALCON_512_KEY_FILE, 27); + L_PUBKEY(_PATH_HOST_P256_FALCON_512_KEY_FILE, 28); + L_PUBKEY(_PATH_HOST_RSA3072_MQDSS_31_48_KEY_FILE, 29); + L_PUBKEY(_PATH_HOST_P256_MQDSS_31_48_KEY_FILE, 30); + L_PUBKEY(_PATH_HOST_RSA3072_PICNIC_L1FS_KEY_FILE, 31); + L_PUBKEY(_PATH_HOST_P256_PICNIC_L1FS_KEY_FILE, 32); + L_PUBKEY(_PATH_HOST_RSA3072_PICNIC3_L1_KEY_FILE, 33); + L_PUBKEY(_PATH_HOST_P256_PICNIC3_L1_KEY_FILE, 34); + L_PUBKEY(_PATH_HOST_RSA3072_QTESLA_P_I_KEY_FILE, 35); + L_PUBKEY(_PATH_HOST_P256_QTESLA_P_I_KEY_FILE, 36); + L_PUBKEY(_PATH_HOST_RSA3072_RAINBOW_IA_CLASSIC_KEY_FILE, 37); + L_PUBKEY(_PATH_HOST_P256_RAINBOW_IA_CLASSIC_KEY_FILE, 38); + L_PUBKEY(_PATH_HOST_P384_RAINBOW_IIIC_CLASSIC_KEY_FILE, 39); + L_PUBKEY(_PATH_HOST_P521_RAINBOW_VC_CLASSIC_KEY_FILE, 40); + L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_ROBUST_KEY_FILE, 41); + L_PUBKEY(_PATH_HOST_P256_SPHINCS_HARAKA_128F_ROBUST_KEY_FILE, 42); + L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_SHA256_128F_ROBUST_KEY_FILE, 43); + L_PUBKEY(_PATH_HOST_P256_SPHINCS_SHA256_128F_ROBUST_KEY_FILE, 44); + L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_SHAKE256_128F_ROBUST_KEY_FILE, 45); + L_PUBKEY(_PATH_HOST_P256_SPHINCS_SHAKE256_128F_ROBUST_KEY_FILE, 46); ///// OQS_TEMPLATE_FRAGMENT_LOAD_PUBKEYS_END } } diff --git a/sshconnect.c b/sshconnect.c index 74f96095a872..b75e02a00dd5 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1461,7 +1461,8 @@ show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) KEY_DILITHIUM_2, KEY_FALCON_512, KEY_MQDSS_31_48, - KEY_PICNIC_L1UR, + KEY_PICNIC_L1FS, + KEY_PICNIC3_L1, KEY_QTESLA_P_I, KEY_RAINBOW_IA_CLASSIC, KEY_RAINBOW_IIIC_CLASSIC, @@ -1477,8 +1478,10 @@ show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) KEY_P256_FALCON_512, KEY_RSA3072_MQDSS_31_48, KEY_P256_MQDSS_31_48, - KEY_RSA3072_PICNIC_L1UR, - KEY_P256_PICNIC_L1UR, + KEY_RSA3072_PICNIC_L1FS, + KEY_P256_PICNIC_L1FS, + KEY_RSA3072_PICNIC3_L1, + KEY_P256_PICNIC3_L1, KEY_RSA3072_QTESLA_P_I, KEY_P256_QTESLA_P_I, KEY_RSA3072_RAINBOW_IA_CLASSIC, diff --git a/sshkey.c b/sshkey.c index 60811ad1c8a1..02ecac6e1914 100644 --- a/sshkey.c +++ b/sshkey.c @@ -131,7 +131,8 @@ static const struct keytype keytypes[] = { { "ssh-dilithium2", "DILITHIUM2", NULL, KEY_DILITHIUM_2, 0, 0, 0 }, { "ssh-falcon512", "FALCON512", NULL, KEY_FALCON_512, 0, 0, 0 }, { "ssh-mqdss3148", "MQDSS3148", NULL, KEY_MQDSS_31_48, 0, 0, 0 }, - { "ssh-picnicl1ur", "PICNICL1UR", NULL, KEY_PICNIC_L1UR, 0, 0, 0 }, + { "ssh-picnicl1fs", "PICNICL1FS", NULL, KEY_PICNIC_L1FS, 0, 0, 0 }, + { "ssh-picnic3l1", "PICNIC3L1", NULL, KEY_PICNIC3_L1, 0, 0, 0 }, { "ssh-qteslapi", "QTESLAPI", NULL, KEY_QTESLA_P_I, 0, 0, 0 }, { "ssh-rainbowiaclassic", "RAINBOWIACLASSIC", NULL, KEY_RAINBOW_IA_CLASSIC, 0, 0, 0 }, { "ssh-rainbowiiicclassic", "RAINBOWIIICCLASSIC", NULL, KEY_RAINBOW_IIIC_CLASSIC, 0, 0, 0 }, @@ -151,8 +152,10 @@ static const struct keytype keytypes[] = { { "ssh-p256-falcon512", "P256_FALCON512", NULL, KEY_P256_FALCON_512, NID_X9_62_prime256v1, 0, 0 }, { "ssh-rsa3072-mqdss3148", "RSA3072_MQDSS3148", NULL, KEY_RSA3072_MQDSS_31_48, 0, 0, 0 }, { "ssh-p256-mqdss3148", "P256_MQDSS3148", NULL, KEY_P256_MQDSS_31_48, NID_X9_62_prime256v1, 0, 0 }, - { "ssh-rsa3072-picnicl1ur", "RSA3072_PICNICL1UR", NULL, KEY_RSA3072_PICNIC_L1UR, 0, 0, 0 }, - { "ssh-p256-picnicl1ur", "P256_PICNICL1UR", NULL, KEY_P256_PICNIC_L1UR, NID_X9_62_prime256v1, 0, 0 }, + { "ssh-rsa3072-picnicl1fs", "RSA3072_PICNICL1FS", NULL, KEY_RSA3072_PICNIC_L1FS, 0, 0, 0 }, + { "ssh-p256-picnicl1fs", "P256_PICNICL1FS", NULL, KEY_P256_PICNIC_L1FS, NID_X9_62_prime256v1, 0, 0 }, + { "ssh-rsa3072-picnic3l1", "RSA3072_PICNIC3L1", NULL, KEY_RSA3072_PICNIC3_L1, 0, 0, 0 }, + { "ssh-p256-picnic3l1", "P256_PICNIC3L1", NULL, KEY_P256_PICNIC3_L1, NID_X9_62_prime256v1, 0, 0 }, { "ssh-rsa3072-qteslapi", "RSA3072_QTESLAPI", NULL, KEY_RSA3072_QTESLA_P_I, 0, 0, 0 }, { "ssh-p256-qteslapi", "P256_QTESLAPI", NULL, KEY_P256_QTESLA_P_I, NID_X9_62_prime256v1, 0, 0 }, { "ssh-rsa3072-rainbowiaclassic", "RSA3072_RAINBOWIACLASSIC", NULL, KEY_RSA3072_RAINBOW_IA_CLASSIC, 0, 0, 0 }, diff --git a/sshkey.h b/sshkey.h index da5f41994168..e6c97e69f9c6 100644 --- a/sshkey.h +++ b/sshkey.h @@ -75,7 +75,8 @@ enum sshkey_types { KEY_DILITHIUM_2, KEY_FALCON_512, KEY_MQDSS_31_48, - KEY_PICNIC_L1UR, + KEY_PICNIC_L1FS, + KEY_PICNIC3_L1, KEY_QTESLA_P_I, KEY_RAINBOW_IA_CLASSIC, KEY_RAINBOW_IIIC_CLASSIC, @@ -91,8 +92,10 @@ enum sshkey_types { KEY_P256_FALCON_512, KEY_RSA3072_MQDSS_31_48, KEY_P256_MQDSS_31_48, - KEY_RSA3072_PICNIC_L1UR, - KEY_P256_PICNIC_L1UR, + KEY_RSA3072_PICNIC_L1FS, + KEY_P256_PICNIC_L1FS, + KEY_RSA3072_PICNIC3_L1, + KEY_P256_PICNIC3_L1, KEY_RSA3072_QTESLA_P_I, KEY_P256_QTESLA_P_I, KEY_RSA3072_RAINBOW_IA_CLASSIC,