From b9aadc6f43a31b2044531f7112c998d81e5de591 Mon Sep 17 00:00:00 2001 From: Michael Baentsch Date: Sat, 3 Jul 2021 07:34:46 +0200 Subject: [PATCH] remove BIKE R2 and OQS default algs (#109) --- README.md | 4 +- kex.c | 14 +- kex.h | 84 +++------- kexgen.c | 108 +++---------- kexoqs.c | 148 ++--------------- kexoqsecdh.c | 151 ++---------------- monitor.c | 14 +- myproposal.h | 14 +- oqs-template/generate.yml | 38 +---- .../kexoqs.c/define_kex_methods.fragment | 12 -- .../define_kex_with_ec_methods.fragment | 12 -- .../ssh-oqs.c/define_sig_functions.fragment | 8 - oqs-template/sshkey.c/return_pk_len.fragment | 9 -- oqs-template/sshkey.c/return_sk_len.fragment | 9 -- .../sshkey_generate_switch_keytype.fragment | 27 ---- oqs-test/try_connection.py | 17 +- oqs-utils.c | 4 - oqs-utils.h | 3 - pathnames.h | 6 - readconf.c | 3 - regress/keygen-comment.sh | 1 - servconf.c | 6 - sk-api.h | 47 +++--- ssh-add.c | 3 - ssh-keygen.c | 24 --- ssh-keyscan.c | 84 ++++------ ssh-keysign.c | 5 +- ssh-oqs.c | 34 ---- ssh-rsa.c | 1 - ssh.c | 49 +++--- ssh_api.c | 28 +--- sshconnect2.c | 14 +- sshd.c | 14 +- sshkey.c | 87 ++-------- sshkey.h | 5 - 35 files changed, 193 insertions(+), 894 deletions(-) diff --git a/README.md b/README.md index d7f7ea179806..10ac590fdbff 100644 --- a/README.md +++ b/README.md @@ -58,9 +58,8 @@ If an algorithm is provided by liboqs but is not listed below, it can still be u The following quantum-safe algorithms from liboqs are supported (assuming they have been enabled in liboqs): -- `oqs-default-sha256` (see [here](https://github.com/open-quantum-safe/openssh-portable/wiki/Using-liboqs-supported-algorithms-in-the-fork) for what this denotes) -- **BIKE**: `bike1-l1-cpa-sha512`, `bike1-l1-fo-sha512`, `bike1-l3-cpa-sha512`, `bike1-l3-fo-sha512` +- **BIKE**: `bike-l1-sha512`, `bike-l3-sha512` - **ClassicMcEliece**: `classic-mceliece-348864-sha256`, `classic-mceliece-348864f-sha256`, `classic-mceliece-460896-sha512`, `classic-mceliece-460896f-sha512`, `classic-mceliece-6688128-sha512`, `classic-mceliece-6688128f-sha512`, `classic-mceliece-6960119-sha512`, `classic-mceliece-6960119f-sha512`, `classic-mceliece-8192128-sha512`, `classic-mceliece-8192128f-sha512` - **FrodoKEM**: `frodokem-640-aes-sha256`, `frodokem-976-aes-sha384`, `frodokem-1344-aes-sha512`, `frodokem-640-shake-sha256`, `frodokem-976-shake-sha384`, `frodokem-1344-shake-sha512` - **HQC**: `hqc-128-sha256`, `hqc-192-sha384`, `hqc-256-sha512`† @@ -84,7 +83,6 @@ Note that algorithms marked with a dagger (†) have large stack usage and may c The following digital signature algorithms from liboqs are supported (assuming they have been enabled in liboqs). Note that only select L3 signature variants are enabled by default. In general, algorithms that are enabled by default are marked with an asterisk, and should you wish to enable additional variants, consult [the "Code Generation" section of the documentation in the wiki](https://github.com/open-quantum-safe/openssh/wiki/Using-liboqs-supported-algorithms-in-the-fork#code-generation). Note that enabling Rainbow will introduce a substantial execution delay to all operations. If doing it inadvertently, tests will fail and all kind of headaches occur. You have been warned. -- `oqsdefault` (see [here](https://github.com/open-quantum-safe/openssh-portable/wiki/Using-liboqs-supported-algorithms-in-the-fork) for what this denotes) - **Dilithium**: `dilithium2`, `dilithium3`\*, `dilithium5`, `dilithium2aes`\*, `dilithium3aes`, `dilithium5aes`\* - **Falcon**: `falcon512`\*, `falcon1024`\* diff --git a/kex.c b/kex.c index e1fc98f52f50..d61d518fe305 100644 --- a/kex.c +++ b/kex.c @@ -118,7 +118,6 @@ static const struct kexalg kexalgs[] = { #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ ///// OQS_TEMPLATE_FRAGMENT_ADD_KEX_ALGS_START - { KEX_OQS_DEFAULT_SHA256, KEX_KEM_OQS_DEFAULT_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_FRODOKEM_640_AES_SHA256, KEX_KEM_FRODOKEM_640_AES_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_FRODOKEM_976_AES_SHA384, KEX_KEM_FRODOKEM_976_AES_SHA384, 0, SSH_DIGEST_SHA384 }, { KEX_FRODOKEM_1344_AES_SHA512, KEX_KEM_FRODOKEM_1344_AES_SHA512, 0, SSH_DIGEST_SHA512 }, @@ -146,10 +145,8 @@ static const struct kexalg kexalgs[] = { { KEX_KYBER_512_90S_SHA256, KEX_KEM_KYBER_512_90S_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_KYBER_768_90S_SHA384, KEX_KEM_KYBER_768_90S_SHA384, 0, SSH_DIGEST_SHA384 }, { KEX_KYBER_1024_90S_SHA512, KEX_KEM_KYBER_1024_90S_SHA512, 0, SSH_DIGEST_SHA512 }, - { KEX_BIKE1_L1_CPA_SHA512, KEX_KEM_BIKE1_L1_CPA_SHA512, 0, SSH_DIGEST_SHA512 }, - { KEX_BIKE1_L1_FO_SHA512, KEX_KEM_BIKE1_L1_FO_SHA512, 0, SSH_DIGEST_SHA512 }, - { KEX_BIKE1_L3_CPA_SHA512, KEX_KEM_BIKE1_L3_CPA_SHA512, 0, SSH_DIGEST_SHA512 }, - { KEX_BIKE1_L3_FO_SHA512, KEX_KEM_BIKE1_L3_FO_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_BIKE_L1_SHA512, KEX_KEM_BIKE_L1_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_BIKE_L3_SHA512, KEX_KEM_BIKE_L3_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_NTRU_HPS2048509_SHA512, KEX_KEM_NTRU_HPS2048509_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_NTRU_HPS2048677_SHA512, KEX_KEM_NTRU_HPS2048677_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_NTRU_HRSS701_SHA512, KEX_KEM_NTRU_HRSS701_SHA512, 0, SSH_DIGEST_SHA512 }, @@ -174,7 +171,6 @@ static const struct kexalg kexalgs[] = { { KEX_NTRUPRIME_NTRULPR857_SHA384, KEX_KEM_NTRUPRIME_NTRULPR857_SHA384, 0, SSH_DIGEST_SHA384 }, { KEX_NTRUPRIME_SNTRUP857_SHA384, KEX_KEM_NTRUPRIME_SNTRUP857_SHA384, 0, SSH_DIGEST_SHA384 }, #ifdef OPENSSL_HAS_ECC - { KEX_OQS_DEFAULT_ECDH_NISTP256_SHA256, KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, { KEX_FRODOKEM_640_AES_ECDH_NISTP256_SHA256, KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, { KEX_FRODOKEM_976_AES_ECDH_NISTP384_SHA384, KEX_KEM_FRODOKEM_976_AES_ECDH_NISTP384_SHA384, NID_secp384r1, SSH_DIGEST_SHA384 }, { KEX_FRODOKEM_1344_AES_ECDH_NISTP521_SHA512, KEX_KEM_FRODOKEM_1344_AES_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, @@ -202,10 +198,8 @@ static const struct kexalg kexalgs[] = { { KEX_KYBER_512_90S_ECDH_NISTP256_SHA256, KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, { KEX_KYBER_768_90S_ECDH_NISTP384_SHA384, KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384, NID_secp384r1, SSH_DIGEST_SHA384 }, { KEX_KYBER_1024_90S_ECDH_NISTP521_SHA512, KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, - { KEX_BIKE1_L1_CPA_ECDH_NISTP256_SHA512, KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512, NID_X9_62_prime256v1, SSH_DIGEST_SHA512 }, - { KEX_BIKE1_L1_FO_ECDH_NISTP256_SHA512, KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512, NID_X9_62_prime256v1, SSH_DIGEST_SHA512 }, - { KEX_BIKE1_L3_CPA_ECDH_NISTP384_SHA512, KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, - { KEX_BIKE1_L3_FO_ECDH_NISTP384_SHA512, KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, + { KEX_BIKE_L1_ECDH_NISTP256_SHA512, KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512, NID_X9_62_prime256v1, SSH_DIGEST_SHA512 }, + { KEX_BIKE_L3_ECDH_NISTP384_SHA512, KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, { KEX_NTRU_HPS2048509_ECDH_NISTP256_SHA512, KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512, NID_X9_62_prime256v1, SSH_DIGEST_SHA512 }, { KEX_NTRU_HPS2048677_ECDH_NISTP384_SHA512, KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, { KEX_NTRU_HRSS701_ECDH_NISTP384_SHA512, KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, diff --git a/kex.h b/kex.h index 6aa7091a6108..0d46083674a6 100644 --- a/kex.h +++ b/kex.h @@ -64,7 +64,6 @@ #define KEX_CURVE25519_SHA256 "curve25519-sha256" #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEX_PRETTY_NAMES_START -#define KEX_OQS_DEFAULT_SHA256 "oqs-default-sha256" #define KEX_FRODOKEM_640_AES_SHA256 "frodokem-640-aes-sha256" #define KEX_FRODOKEM_976_AES_SHA384 "frodokem-976-aes-sha384" #define KEX_FRODOKEM_1344_AES_SHA512 "frodokem-1344-aes-sha512" @@ -92,10 +91,8 @@ #define KEX_KYBER_512_90S_SHA256 "kyber-512-90s-sha256" #define KEX_KYBER_768_90S_SHA384 "kyber-768-90s-sha384" #define KEX_KYBER_1024_90S_SHA512 "kyber-1024-90s-sha512" -#define KEX_BIKE1_L1_CPA_SHA512 "bike1-l1-cpa-sha512" -#define KEX_BIKE1_L1_FO_SHA512 "bike1-l1-fo-sha512" -#define KEX_BIKE1_L3_CPA_SHA512 "bike1-l3-cpa-sha512" -#define KEX_BIKE1_L3_FO_SHA512 "bike1-l3-fo-sha512" +#define KEX_BIKE_L1_SHA512 "bike-l1-sha512" +#define KEX_BIKE_L3_SHA512 "bike-l3-sha512" #define KEX_NTRU_HPS2048509_SHA512 "ntru-hps2048509-sha512" #define KEX_NTRU_HPS2048677_SHA512 "ntru-hps2048677-sha512" #define KEX_NTRU_HRSS701_SHA512 "ntru-hrss701-sha512" @@ -121,7 +118,6 @@ #define KEX_NTRUPRIME_SNTRUP857_SHA384 "ntruprime-sntrup857-sha384" #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC -#define KEX_OQS_DEFAULT_ECDH_NISTP256_SHA256 "ecdh-nistp256-oqs-default-sha256" #define KEX_FRODOKEM_640_AES_ECDH_NISTP256_SHA256 "ecdh-nistp256-frodokem-640-aes-sha256" #define KEX_FRODOKEM_976_AES_ECDH_NISTP384_SHA384 "ecdh-nistp384-frodokem-976-aes-sha384" #define KEX_FRODOKEM_1344_AES_ECDH_NISTP521_SHA512 "ecdh-nistp521-frodokem-1344-aes-sha512" @@ -149,10 +145,8 @@ #define KEX_KYBER_512_90S_ECDH_NISTP256_SHA256 "ecdh-nistp256-kyber-512-90s-sha256" #define KEX_KYBER_768_90S_ECDH_NISTP384_SHA384 "ecdh-nistp384-kyber-768-90s-sha384" #define KEX_KYBER_1024_90S_ECDH_NISTP521_SHA512 "ecdh-nistp521-kyber-1024-90s-sha512" -#define KEX_BIKE1_L1_CPA_ECDH_NISTP256_SHA512 "ecdh-nistp256-bike1-l1-cpa-sha512" -#define KEX_BIKE1_L1_FO_ECDH_NISTP256_SHA512 "ecdh-nistp256-bike1-l1-fo-sha512" -#define KEX_BIKE1_L3_CPA_ECDH_NISTP384_SHA512 "ecdh-nistp384-bike1-l3-cpa-sha512" -#define KEX_BIKE1_L3_FO_ECDH_NISTP384_SHA512 "ecdh-nistp384-bike1-l3-fo-sha512" +#define KEX_BIKE_L1_ECDH_NISTP256_SHA512 "ecdh-nistp256-bike-l1-sha512" +#define KEX_BIKE_L3_ECDH_NISTP384_SHA512 "ecdh-nistp384-bike-l3-sha512" #define KEX_NTRU_HPS2048509_ECDH_NISTP256_SHA512 "ecdh-nistp256-ntru-hps2048509-sha512" #define KEX_NTRU_HPS2048677_ECDH_NISTP384_SHA512 "ecdh-nistp384-ntru-hps2048677-sha512" #define KEX_NTRU_HRSS701_ECDH_NISTP384_SHA512 "ecdh-nistp384-ntru-hrss701-sha512" @@ -220,7 +214,6 @@ enum kex_exchange { KEX_C25519_SHA256, KEX_KEM_SNTRUP761X25519_SHA512, ///// OQS_TEMPLATE_FRAGMENT_ADD_KEX_ENUMS_START - KEX_KEM_OQS_DEFAULT_SHA256, KEX_KEM_FRODOKEM_640_AES_SHA256, KEX_KEM_FRODOKEM_976_AES_SHA384, KEX_KEM_FRODOKEM_1344_AES_SHA512, @@ -248,10 +241,8 @@ enum kex_exchange { KEX_KEM_KYBER_512_90S_SHA256, KEX_KEM_KYBER_768_90S_SHA384, KEX_KEM_KYBER_1024_90S_SHA512, - KEX_KEM_BIKE1_L1_CPA_SHA512, - KEX_KEM_BIKE1_L1_FO_SHA512, - KEX_KEM_BIKE1_L3_CPA_SHA512, - KEX_KEM_BIKE1_L3_FO_SHA512, + KEX_KEM_BIKE_L1_SHA512, + KEX_KEM_BIKE_L3_SHA512, KEX_KEM_NTRU_HPS2048509_SHA512, KEX_KEM_NTRU_HPS2048677_SHA512, KEX_KEM_NTRU_HRSS701_SHA512, @@ -277,7 +268,6 @@ enum kex_exchange { KEX_KEM_NTRUPRIME_SNTRUP857_SHA384, #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC - KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256, KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256, KEX_KEM_FRODOKEM_976_AES_ECDH_NISTP384_SHA384, KEX_KEM_FRODOKEM_1344_AES_ECDH_NISTP521_SHA512, @@ -305,10 +295,8 @@ enum kex_exchange { KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256, KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384, KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512, - KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512, - KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512, - KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512, - KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512, + KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512, + KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512, KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512, KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512, KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512, @@ -460,10 +448,6 @@ int kex_kem_sntrup761x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **); ///// OQS_TEMPLATE_FRAGMENT_DECLARE_KEX_PROTOTYPES_START -/* oqs_default prototypes */ -int kex_kem_oqs_default_keypair(struct kex *); -int kex_kem_oqs_default_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_oqs_default_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* frodokem_640_aes prototypes */ int kex_kem_frodokem_640_aes_keypair(struct kex *); int kex_kem_frodokem_640_aes_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); @@ -572,22 +556,14 @@ int kex_kem_kyber_768_90s_dec(struct kex *, const struct sshbuf *, struct sshbu int kex_kem_kyber_1024_90s_keypair(struct kex *); int kex_kem_kyber_1024_90s_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); int kex_kem_kyber_1024_90s_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* bike1_l1_cpa prototypes */ -int kex_kem_bike1_l1_cpa_keypair(struct kex *); -int kex_kem_bike1_l1_cpa_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_bike1_l1_cpa_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* bike1_l1_fo prototypes */ -int kex_kem_bike1_l1_fo_keypair(struct kex *); -int kex_kem_bike1_l1_fo_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_bike1_l1_fo_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* bike1_l3_cpa prototypes */ -int kex_kem_bike1_l3_cpa_keypair(struct kex *); -int kex_kem_bike1_l3_cpa_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_bike1_l3_cpa_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* bike1_l3_fo prototypes */ -int kex_kem_bike1_l3_fo_keypair(struct kex *); -int kex_kem_bike1_l3_fo_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_bike1_l3_fo_dec(struct kex *, const struct sshbuf *, struct sshbuf **); +/* bike_l1 prototypes */ +int kex_kem_bike_l1_keypair(struct kex *); +int kex_kem_bike_l1_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); +int kex_kem_bike_l1_dec(struct kex *, const struct sshbuf *, struct sshbuf **); +/* bike_l3 prototypes */ +int kex_kem_bike_l3_keypair(struct kex *); +int kex_kem_bike_l3_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); +int kex_kem_bike_l3_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* ntru_hps2048509 prototypes */ int kex_kem_ntru_hps2048509_keypair(struct kex *); int kex_kem_ntru_hps2048509_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); @@ -682,10 +658,6 @@ int kex_kem_ntruprime_sntrup857_enc(struct kex *, const struct sshbuf *, struct int kex_kem_ntruprime_sntrup857_dec(struct kex *, const struct sshbuf *, struct sshbuf **); #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC -/* oqs_default_nistp256 prototypes */ -int kex_kem_oqs_default_ecdh_nistp256_keypair(struct kex *); -int kex_kem_oqs_default_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_oqs_default_ecdh_nistp256_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* frodokem_640_aes_nistp256 prototypes */ int kex_kem_frodokem_640_aes_ecdh_nistp256_keypair(struct kex *); int kex_kem_frodokem_640_aes_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); @@ -794,22 +766,14 @@ int kex_kem_kyber_768_90s_ecdh_nistp384_dec(struct kex *, const struct sshbuf * int kex_kem_kyber_1024_90s_ecdh_nistp521_keypair(struct kex *); int kex_kem_kyber_1024_90s_ecdh_nistp521_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); int kex_kem_kyber_1024_90s_ecdh_nistp521_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* bike1_l1_cpa_nistp256 prototypes */ -int kex_kem_bike1_l1_cpa_ecdh_nistp256_keypair(struct kex *); -int kex_kem_bike1_l1_cpa_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_bike1_l1_cpa_ecdh_nistp256_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* bike1_l1_fo_nistp256 prototypes */ -int kex_kem_bike1_l1_fo_ecdh_nistp256_keypair(struct kex *); -int kex_kem_bike1_l1_fo_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_bike1_l1_fo_ecdh_nistp256_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* bike1_l3_cpa_nistp384 prototypes */ -int kex_kem_bike1_l3_cpa_ecdh_nistp384_keypair(struct kex *); -int kex_kem_bike1_l3_cpa_ecdh_nistp384_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_bike1_l3_cpa_ecdh_nistp384_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* bike1_l3_fo_nistp384 prototypes */ -int kex_kem_bike1_l3_fo_ecdh_nistp384_keypair(struct kex *); -int kex_kem_bike1_l3_fo_ecdh_nistp384_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_bike1_l3_fo_ecdh_nistp384_dec(struct kex *, const struct sshbuf *, struct sshbuf **); +/* bike_l1_nistp256 prototypes */ +int kex_kem_bike_l1_ecdh_nistp256_keypair(struct kex *); +int kex_kem_bike_l1_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); +int kex_kem_bike_l1_ecdh_nistp256_dec(struct kex *, const struct sshbuf *, struct sshbuf **); +/* bike_l3_nistp384 prototypes */ +int kex_kem_bike_l3_ecdh_nistp384_keypair(struct kex *); +int kex_kem_bike_l3_ecdh_nistp384_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); +int kex_kem_bike_l3_ecdh_nistp384_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* ntru_hps2048509_nistp256 prototypes */ int kex_kem_ntru_hps2048509_ecdh_nistp256_keypair(struct kex *); int kex_kem_ntru_hps2048509_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); diff --git a/kexgen.c b/kexgen.c index e97b65fc66ba..bf5a25c6f3dc 100644 --- a/kexgen.c +++ b/kexgen.c @@ -122,9 +122,6 @@ kex_gen_client(struct ssh *ssh) r = kex_kem_sntrup761x25519_keypair(kex); break; ///// OQS_TEMPLATE_FRAGMENT_ADD_CLIENT_SWITCH_CASES_START - case KEX_KEM_OQS_DEFAULT_SHA256: - r = kex_kem_oqs_default_keypair(kex); - break; case KEX_KEM_FRODOKEM_640_AES_SHA256: r = kex_kem_frodokem_640_aes_keypair(kex); break; @@ -206,17 +203,11 @@ kex_gen_client(struct ssh *ssh) case KEX_KEM_KYBER_1024_90S_SHA512: r = kex_kem_kyber_1024_90s_keypair(kex); break; - case KEX_KEM_BIKE1_L1_CPA_SHA512: - r = kex_kem_bike1_l1_cpa_keypair(kex); - break; - case KEX_KEM_BIKE1_L1_FO_SHA512: - r = kex_kem_bike1_l1_fo_keypair(kex); - break; - case KEX_KEM_BIKE1_L3_CPA_SHA512: - r = kex_kem_bike1_l3_cpa_keypair(kex); + case KEX_KEM_BIKE_L1_SHA512: + r = kex_kem_bike_l1_keypair(kex); break; - case KEX_KEM_BIKE1_L3_FO_SHA512: - r = kex_kem_bike1_l3_fo_keypair(kex); + case KEX_KEM_BIKE_L3_SHA512: + r = kex_kem_bike_l3_keypair(kex); break; case KEX_KEM_NTRU_HPS2048509_SHA512: r = kex_kem_ntru_hps2048509_keypair(kex); @@ -289,9 +280,6 @@ kex_gen_client(struct ssh *ssh) break; #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC - case KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256: - r = kex_kem_oqs_default_ecdh_nistp256_keypair(kex); - break; case KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256: r = kex_kem_frodokem_640_aes_ecdh_nistp256_keypair(kex); break; @@ -373,17 +361,11 @@ kex_gen_client(struct ssh *ssh) case KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512: r = kex_kem_kyber_1024_90s_ecdh_nistp521_keypair(kex); break; - case KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512: - r = kex_kem_bike1_l1_cpa_ecdh_nistp256_keypair(kex); - break; - case KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512: - r = kex_kem_bike1_l1_fo_ecdh_nistp256_keypair(kex); - break; - case KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512: - r = kex_kem_bike1_l3_cpa_ecdh_nistp384_keypair(kex); + case KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512: + r = kex_kem_bike_l1_ecdh_nistp256_keypair(kex); break; - case KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512: - r = kex_kem_bike1_l3_fo_ecdh_nistp384_keypair(kex); + case KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512: + r = kex_kem_bike_l3_ecdh_nistp384_keypair(kex); break; case KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512: r = kex_kem_ntru_hps2048509_ecdh_nistp256_keypair(kex); @@ -530,9 +512,6 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) &shared_secret); break; ///// OQS_TEMPLATE_FRAGMENT_ADD_REPLY_SWITCH_CASES_START - case KEX_KEM_OQS_DEFAULT_SHA256: - r = kex_kem_oqs_default_dec(kex, server_blob, &shared_secret); - break; case KEX_KEM_FRODOKEM_640_AES_SHA256: r = kex_kem_frodokem_640_aes_dec(kex, server_blob, &shared_secret); break; @@ -614,17 +593,11 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_KEM_KYBER_1024_90S_SHA512: r = kex_kem_kyber_1024_90s_dec(kex, server_blob, &shared_secret); break; - case KEX_KEM_BIKE1_L1_CPA_SHA512: - r = kex_kem_bike1_l1_cpa_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_BIKE1_L1_FO_SHA512: - r = kex_kem_bike1_l1_fo_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_BIKE1_L3_CPA_SHA512: - r = kex_kem_bike1_l3_cpa_dec(kex, server_blob, &shared_secret); + case KEX_KEM_BIKE_L1_SHA512: + r = kex_kem_bike_l1_dec(kex, server_blob, &shared_secret); break; - case KEX_KEM_BIKE1_L3_FO_SHA512: - r = kex_kem_bike1_l3_fo_dec(kex, server_blob, &shared_secret); + case KEX_KEM_BIKE_L3_SHA512: + r = kex_kem_bike_l3_dec(kex, server_blob, &shared_secret); break; case KEX_KEM_NTRU_HPS2048509_SHA512: r = kex_kem_ntru_hps2048509_dec(kex, server_blob, &shared_secret); @@ -697,9 +670,6 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) break; #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC - case KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256: - r = kex_kem_oqs_default_ecdh_nistp256_dec(kex, server_blob, &shared_secret); - break; case KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256: r = kex_kem_frodokem_640_aes_ecdh_nistp256_dec(kex, server_blob, &shared_secret); break; @@ -781,17 +751,11 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512: r = kex_kem_kyber_1024_90s_ecdh_nistp521_dec(kex, server_blob, &shared_secret); break; - case KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512: - r = kex_kem_bike1_l1_cpa_ecdh_nistp256_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512: - r = kex_kem_bike1_l1_fo_ecdh_nistp256_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512: - r = kex_kem_bike1_l3_cpa_ecdh_nistp384_dec(kex, server_blob, &shared_secret); + case KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512: + r = kex_kem_bike_l1_ecdh_nistp256_dec(kex, server_blob, &shared_secret); break; - case KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512: - r = kex_kem_bike1_l3_fo_ecdh_nistp384_dec(kex, server_blob, &shared_secret); + case KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512: + r = kex_kem_bike_l3_ecdh_nistp384_dec(kex, server_blob, &shared_secret); break; case KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512: r = kex_kem_ntru_hps2048509_ecdh_nistp256_dec(kex, server_blob, &shared_secret); @@ -971,10 +935,6 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) &server_pubkey, &shared_secret); break; ///// OQS_TEMPLATE_FRAGMENT_ADD_INIT_SWITCH_CASES_START - case KEX_KEM_OQS_DEFAULT_SHA256: - r = kex_kem_oqs_default_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; case KEX_KEM_FRODOKEM_640_AES_SHA256: r = kex_kem_frodokem_640_aes_enc(kex, client_pubkey, &server_pubkey, &shared_secret); @@ -1083,20 +1043,12 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_kem_kyber_1024_90s_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; - case KEX_KEM_BIKE1_L1_CPA_SHA512: - r = kex_kem_bike1_l1_cpa_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_BIKE1_L1_FO_SHA512: - r = kex_kem_bike1_l1_fo_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_BIKE1_L3_CPA_SHA512: - r = kex_kem_bike1_l3_cpa_enc(kex, client_pubkey, + case KEX_KEM_BIKE_L1_SHA512: + r = kex_kem_bike_l1_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; - case KEX_KEM_BIKE1_L3_FO_SHA512: - r = kex_kem_bike1_l3_fo_enc(kex, client_pubkey, + case KEX_KEM_BIKE_L3_SHA512: + r = kex_kem_bike_l3_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; case KEX_KEM_NTRU_HPS2048509_SHA512: @@ -1193,10 +1145,6 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) break; #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC - case KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256: - r = kex_kem_oqs_default_ecdh_nistp256_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; case KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256: r = kex_kem_frodokem_640_aes_ecdh_nistp256_enc(kex, client_pubkey, &server_pubkey, &shared_secret); @@ -1305,20 +1253,12 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_kem_kyber_1024_90s_ecdh_nistp521_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; - case KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512: - r = kex_kem_bike1_l1_cpa_ecdh_nistp256_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512: - r = kex_kem_bike1_l1_fo_ecdh_nistp256_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512: - r = kex_kem_bike1_l3_cpa_ecdh_nistp384_enc(kex, client_pubkey, + case KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512: + r = kex_kem_bike_l1_ecdh_nistp256_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; - case KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512: - r = kex_kem_bike1_l3_fo_ecdh_nistp384_enc(kex, client_pubkey, + case KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512: + r = kex_kem_bike_l3_ecdh_nistp384_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; case KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512: diff --git a/kexoqs.c b/kexoqs.c index 9e25c1813af6..8262d6a60ed4 100644 --- a/kexoqs.c +++ b/kexoqs.c @@ -140,46 +140,6 @@ static int kex_kem_generic_dec(OQS_KEM *kem, } ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEX_METHODS_START -/*--------------------------------------------------- - * OQS_DEFAULT METHODS - *--------------------------------------------------- - */ -int kex_kem_oqs_default_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} -int kex_kem_oqs_default_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_oqs_default_dec(struct kex *kex, - const struct sshbuf *server_blob, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); - OQS_KEM_free(kem); - return r; -} /*--------------------------------------------------- * FRODOKEM_640_AES METHODS *--------------------------------------------------- @@ -1261,92 +1221,12 @@ int kex_kem_kyber_1024_90s_dec(struct kex *kex, return r; } /*--------------------------------------------------- - * BIKE1_L1_CPA METHODS - *--------------------------------------------------- - */ -int kex_kem_bike1_l1_cpa_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_cpa); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} -int kex_kem_bike1_l1_cpa_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_cpa); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_bike1_l1_cpa_dec(struct kex *kex, - const struct sshbuf *server_blob, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_cpa); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------- - * BIKE1_L1_FO METHODS - *--------------------------------------------------- - */ -int kex_kem_bike1_l1_fo_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_fo); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} -int kex_kem_bike1_l1_fo_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_fo); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_bike1_l1_fo_dec(struct kex *kex, - const struct sshbuf *server_blob, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_fo); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------- - * BIKE1_L3_CPA METHODS + * BIKE_L1 METHODS *--------------------------------------------------- */ -int kex_kem_bike1_l3_cpa_keypair(struct kex *kex) +int kex_kem_bike_l1_keypair(struct kex *kex) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_cpa); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l1); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1354,12 +1234,12 @@ int kex_kem_bike1_l3_cpa_keypair(struct kex *kex) OQS_KEM_free(kem); return r; } -int kex_kem_bike1_l3_cpa_enc(struct kex *kex, +int kex_kem_bike_l1_enc(struct kex *kex, const struct sshbuf *client_blob, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_cpa); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l1); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1368,11 +1248,11 @@ int kex_kem_bike1_l3_cpa_enc(struct kex *kex, return r; } -int kex_kem_bike1_l3_cpa_dec(struct kex *kex, +int kex_kem_bike_l1_dec(struct kex *kex, const struct sshbuf *server_blob, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_cpa); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l1); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1381,12 +1261,12 @@ int kex_kem_bike1_l3_cpa_dec(struct kex *kex, return r; } /*--------------------------------------------------- - * BIKE1_L3_FO METHODS + * BIKE_L3 METHODS *--------------------------------------------------- */ -int kex_kem_bike1_l3_fo_keypair(struct kex *kex) +int kex_kem_bike_l3_keypair(struct kex *kex) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_fo); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l3); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1394,12 +1274,12 @@ int kex_kem_bike1_l3_fo_keypair(struct kex *kex) OQS_KEM_free(kem); return r; } -int kex_kem_bike1_l3_fo_enc(struct kex *kex, +int kex_kem_bike_l3_enc(struct kex *kex, const struct sshbuf *client_blob, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_fo); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l3); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1408,11 +1288,11 @@ int kex_kem_bike1_l3_fo_enc(struct kex *kex, return r; } -int kex_kem_bike1_l3_fo_dec(struct kex *kex, +int kex_kem_bike_l3_dec(struct kex *kex, const struct sshbuf *server_blob, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_fo); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l3); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } diff --git a/kexoqsecdh.c b/kexoqsecdh.c index 25845e4de011..495ed767dc51 100644 --- a/kexoqsecdh.c +++ b/kexoqsecdh.c @@ -353,47 +353,6 @@ static int kex_kem_generic_with_ec_dec(OQS_KEM *kem, } ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEX_WITH_EC_METHODS_START -/*--------------------------------------------------------------- - * OQS_DEFAULT_ECDH_NISTP256 METHODS - *--------------------------------------------------------------- - */ -int kex_kem_oqs_default_ecdh_nistp256_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_oqs_default_ecdh_nistp256_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_oqs_default_ecdh_nistp256_dec(struct kex *kex, - const struct sshbuf *server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} /*--------------------------------------------------------------- * FRODOKEM_640_AES_ECDH_NISTP256 METHODS *--------------------------------------------------------------- @@ -1502,94 +1461,12 @@ int kex_kem_kyber_1024_90s_ecdh_nistp521_dec(struct kex *kex, return r; } /*--------------------------------------------------------------- - * BIKE1_L1_CPA_ECDH_NISTP256 METHODS - *--------------------------------------------------------------- - */ -int kex_kem_bike1_l1_cpa_ecdh_nistp256_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_cpa); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_bike1_l1_cpa_ecdh_nistp256_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_cpa); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_bike1_l1_cpa_ecdh_nistp256_dec(struct kex *kex, - const struct sshbuf *server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_cpa); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------------------- - * BIKE1_L1_FO_ECDH_NISTP256 METHODS - *--------------------------------------------------------------- - */ -int kex_kem_bike1_l1_fo_ecdh_nistp256_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_fo); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_bike1_l1_fo_ecdh_nistp256_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_fo); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_bike1_l1_fo_ecdh_nistp256_dec(struct kex *kex, - const struct sshbuf *server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l1_fo); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------------------- - * BIKE1_L3_CPA_ECDH_NISTP384 METHODS + * BIKE_L1_ECDH_NISTP256 METHODS *--------------------------------------------------------------- */ -int kex_kem_bike1_l3_cpa_ecdh_nistp384_keypair(struct kex *kex) +int kex_kem_bike_l1_ecdh_nistp256_keypair(struct kex *kex) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_cpa); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l1); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1598,12 +1475,12 @@ int kex_kem_bike1_l3_cpa_ecdh_nistp384_keypair(struct kex *kex) return r; } -int kex_kem_bike1_l3_cpa_ecdh_nistp384_enc(struct kex *kex, +int kex_kem_bike_l1_ecdh_nistp256_enc(struct kex *kex, const struct sshbuf *client_blob, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_cpa); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l1); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1612,11 +1489,11 @@ int kex_kem_bike1_l3_cpa_ecdh_nistp384_enc(struct kex *kex, return r; } -int kex_kem_bike1_l3_cpa_ecdh_nistp384_dec(struct kex *kex, +int kex_kem_bike_l1_ecdh_nistp256_dec(struct kex *kex, const struct sshbuf *server_blobp, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_cpa); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l1); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1625,12 +1502,12 @@ int kex_kem_bike1_l3_cpa_ecdh_nistp384_dec(struct kex *kex, return r; } /*--------------------------------------------------------------- - * BIKE1_L3_FO_ECDH_NISTP384 METHODS + * BIKE_L3_ECDH_NISTP384 METHODS *--------------------------------------------------------------- */ -int kex_kem_bike1_l3_fo_ecdh_nistp384_keypair(struct kex *kex) +int kex_kem_bike_l3_ecdh_nistp384_keypair(struct kex *kex) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_fo); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l3); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1639,12 +1516,12 @@ int kex_kem_bike1_l3_fo_ecdh_nistp384_keypair(struct kex *kex) return r; } -int kex_kem_bike1_l3_fo_ecdh_nistp384_enc(struct kex *kex, +int kex_kem_bike_l3_ecdh_nistp384_enc(struct kex *kex, const struct sshbuf *client_blob, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_fo); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l3); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -1653,11 +1530,11 @@ int kex_kem_bike1_l3_fo_ecdh_nistp384_enc(struct kex *kex, return r; } -int kex_kem_bike1_l3_fo_ecdh_nistp384_dec(struct kex *kex, +int kex_kem_bike_l3_ecdh_nistp384_dec(struct kex *kex, const struct sshbuf *server_blobp, struct sshbuf **shared_secretp) { - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike1_l3_fo); + OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_bike_l3); if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } diff --git a/monitor.c b/monitor.c index 6f388673cd28..7823c4502c07 100644 --- a/monitor.c +++ b/monitor.c @@ -1739,7 +1739,6 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_C25519_SHA256] = kex_gen_server; kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; ///// OQS_TEMPLATE_FRAGMENT_APPLY_KEYSTATE_START - kex->kex[KEX_KEM_OQS_DEFAULT_SHA256] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_640_AES_SHA256] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_976_AES_SHA384] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_1344_AES_SHA512] = kex_gen_server; @@ -1767,10 +1766,8 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_server; kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_server; kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L1_CPA_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L1_FO_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L3_CPA_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L3_FO_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_server; @@ -1796,7 +1793,6 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_KEM_NTRUPRIME_SNTRUP857_SHA384] = kex_gen_server; #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC - kex->kex[KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_976_AES_ECDH_NISTP384_SHA384] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_1344_AES_ECDH_NISTP521_SHA512] = kex_gen_server; @@ -1824,10 +1820,8 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_server; kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_server; diff --git a/myproposal.h b/myproposal.h index 9f7cbfebd32a..0e9e3cefe454 100644 --- a/myproposal.h +++ b/myproposal.h @@ -38,8 +38,6 @@ "diffie-hellman-group18-sha512," \ "diffie-hellman-group14-sha256," \ /*/// OQS_TEMPLATE_FRAGMENT_ADD_SERVER_KEXS_START */ \ - "oqs-default-sha256," \ - "ecdh-nistp256-oqs-default-sha256," \ "frodokem-640-aes-sha256," \ "ecdh-nistp256-frodokem-640-aes-sha256," \ "frodokem-976-aes-sha384," \ @@ -94,14 +92,10 @@ "ecdh-nistp384-kyber-768-90s-sha384," \ "kyber-1024-90s-sha512," \ "ecdh-nistp521-kyber-1024-90s-sha512," \ - "bike1-l1-cpa-sha512," \ - "ecdh-nistp256-bike1-l1-cpa-sha512," \ - "bike1-l1-fo-sha512," \ - "ecdh-nistp256-bike1-l1-fo-sha512," \ - "bike1-l3-cpa-sha512," \ - "ecdh-nistp384-bike1-l3-cpa-sha512," \ - "bike1-l3-fo-sha512," \ - "ecdh-nistp384-bike1-l3-fo-sha512," \ + "bike-l1-sha512," \ + "ecdh-nistp256-bike-l1-sha512," \ + "bike-l3-sha512," \ + "ecdh-nistp384-bike-l3-sha512," \ "ntru-hps2048509-sha512," \ "ecdh-nistp256-ntru-hps2048509-sha512," \ "ntru-hps2048677-sha512," \ diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index 29040e63ad3c..17a35ba2a555 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -1,12 +1,5 @@ # kexs cannot be empty due to myproposal.h kexs: - - - name: 'oqs_default' - hash: 'sha256' - mix_with: - - - name: 'nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - family: 'FrodoKEM' name: 'frodokem_640_aes' @@ -225,7 +218,7 @@ kexs: openssl_nid: 'NID_secp521r1' - family: 'BIKE' - name: 'bike1_l1_cpa' + name: 'bike_l1' hash: 'sha512' mix_with: - @@ -233,23 +226,7 @@ kexs: openssl_nid: 'NID_X9_62_prime256v1' - family: 'BIKE' - name: 'bike1_l1_fo' - hash: 'sha512' - mix_with: - - - name: 'nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - - - family: 'BIKE' - name: 'bike1_l3_cpa' - hash: 'sha512' - mix_with: - - - name: 'nistp384' - openssl_nid: 'NID_secp384r1' - - - family: 'BIKE' - name: 'bike1_l3_fo' + name: 'bike_l3' hash: 'sha512' mix_with: - @@ -441,17 +418,6 @@ kexs: openssl_nid: 'NID_secp384r1' sigs: - - - name: 'oqs_default' - enable: true - level: 1 - mix_with: - - - name: 'rsa3072' - rsa: true - - - name: 'ecdsa_nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - family: 'Falcon' name: 'falcon_512' diff --git a/oqs-template/kexoqs.c/define_kex_methods.fragment b/oqs-template/kexoqs.c/define_kex_methods.fragment index 7a0af820f4b7..0273b565d2a2 100644 --- a/oqs-template/kexoqs.c/define_kex_methods.fragment +++ b/oqs-template/kexoqs.c/define_kex_methods.fragment @@ -5,11 +5,7 @@ */ int kex_kem_{{ kex['name'] }}_keypair(struct kex *kex) { - {% if kex['name'] == 'oqs_default' -%} - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - {%- else -%} OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_{{ kex['name'] }}); - {%- endif %} if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -22,11 +18,7 @@ int kex_kem_{{ kex['name'] }}_enc(struct kex *kex, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { - {% if kex['name'] == 'oqs_default' -%} - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - {%- else -%} OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_{{ kex['name'] }}); - {%- endif %} if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -39,11 +31,7 @@ int kex_kem_{{ kex['name'] }}_dec(struct kex *kex, const struct sshbuf *server_blob, struct sshbuf **shared_secretp) { - {% if kex['name'] == 'oqs_default' -%} - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - {%- else -%} OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_{{ kex['name'] }}); - {%- endif %} if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } diff --git a/oqs-template/kexoqsecdh.c/define_kex_with_ec_methods.fragment b/oqs-template/kexoqsecdh.c/define_kex_with_ec_methods.fragment index ec37a1dde14e..cb3e83fd3b82 100644 --- a/oqs-template/kexoqsecdh.c/define_kex_with_ec_methods.fragment +++ b/oqs-template/kexoqsecdh.c/define_kex_with_ec_methods.fragment @@ -6,11 +6,7 @@ */ int kex_kem_{{ kex['name'] }}_ecdh_{{ curve['name'] }}_keypair(struct kex *kex) { - {% if kex['name'] == 'oqs_default' -%} - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - {%- else -%} OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_{{ kex['name'] }}); - {%- endif %} if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -24,11 +20,7 @@ int kex_kem_{{ kex['name'] }}_ecdh_{{ curve['name'] }}_enc(struct kex *kex, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) { - {% if kex['name'] == 'oqs_default' -%} - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - {%- else -%} OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_{{ kex['name'] }}); - {%- endif %} if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -41,11 +33,7 @@ int kex_kem_{{ kex['name'] }}_ecdh_{{ curve['name'] }}_dec(struct kex *kex, const struct sshbuf *server_blobp, struct sshbuf **shared_secretp) { - {% if kex['name'] == 'oqs_default' -%} - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_default); - {%- else -%} OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_{{ kex['name'] }}); - {%- endif %} if (kem == NULL) { return SSH_ERR_ALLOC_FAIL; } diff --git a/oqs-template/ssh-oqs.c/define_sig_functions.fragment b/oqs-template/ssh-oqs.c/define_sig_functions.fragment index 8a4868a8928b..58fd0939c320 100644 --- a/oqs-template/ssh-oqs.c/define_sig_functions.fragment +++ b/oqs-template/ssh-oqs.c/define_sig_functions.fragment @@ -10,11 +10,7 @@ int ssh_{{ sig['name']|replace('_','') }}_sign(const struct sshkey *key, size_t datalen, u_int compat) { - {% if sig['name'] == 'oqs_default' -%} - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - {%- else -%} OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_{{ sig['name'] }}); - {%- endif %} if (sig == NULL) { return SSH_ERR_ALLOC_FAIL; } @@ -29,11 +25,7 @@ int ssh_{{ sig['name']|replace('_','') }}_verify(const struct sshkey *key, size_t datalen, u_int compat) { - {% if sig['name'] == 'oqs_default' -%} - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - {%- else -%} OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_{{ sig['name'] }}); - {%- endif %} if (sig == NULL) { return SSH_ERR_ALLOC_FAIL; } diff --git a/oqs-template/sshkey.c/return_pk_len.fragment b/oqs-template/sshkey.c/return_pk_len.fragment index 0230102f0a6a..4407e64b020d 100644 --- a/oqs-template/sshkey.c/return_pk_len.fragment +++ b/oqs-template/sshkey.c/return_pk_len.fragment @@ -3,15 +3,6 @@ {%- for alg in sig['mix_with'] %} case KEY_{{ alg['name']|upper }}_{{ sig['name']|upper }}: {%- endfor -%} - {%- if sig['name'] == 'oqs_default' %} - { // OQS-TODO: Find a cleaner way - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - size_t pk_len = sig->length_public_key; - OQS_SIG_free(sig); - return pk_len; - } - {%- else %} return OQS_SIG_{{ sig['name'] }}_length_public_key; - {%- endif -%} {%- endfor %} diff --git a/oqs-template/sshkey.c/return_sk_len.fragment b/oqs-template/sshkey.c/return_sk_len.fragment index 86cce13876ba..4061a04021b4 100644 --- a/oqs-template/sshkey.c/return_sk_len.fragment +++ b/oqs-template/sshkey.c/return_sk_len.fragment @@ -3,15 +3,6 @@ {%- for alg in sig['mix_with'] %} case KEY_{{ alg['name']|upper }}_{{ sig['name']|upper }}: {%- endfor %} - {%- if sig['name'] == 'oqs_default' %} - { // OQS-TODO: Find a cleaner way - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - size_t sk_len = sig->length_secret_key; - OQS_SIG_free(sig); - return sk_len; - } - {%- else %} return OQS_SIG_{{ sig['name'] }}_length_secret_key; - {%- endif -%} {%- endfor %} diff --git a/oqs-template/sshkey.c/sshkey_generate_switch_keytype.fragment b/oqs-template/sshkey.c/sshkey_generate_switch_keytype.fragment index 8cfdc773af8c..9b168117b674 100644 --- a/oqs-template/sshkey.c/sshkey_generate_switch_keytype.fragment +++ b/oqs-template/sshkey.c/sshkey_generate_switch_keytype.fragment @@ -1,49 +1,22 @@ {%- for sig in config['sigs'] %} case KEY_{{ sig['name']|upper }}: - {%- if sig['name'] == 'oqs_default' %} - { // OQS-TODO: Clean this up - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - ret = sig->keypair(k->oqs_pk, k->oqs_sk); - OQS_SIG_free(sig); - break; - } - {%- else %} ret = OQS_SIG_{{ sig['name'] }}_keypair(k->oqs_pk, k->oqs_sk); break; - {%- endif %} {%- endfor %} #ifdef WITH_OPENSSL {%- for sig in config['sigs'] %} {%- for alg in sig['mix_with'] if alg['rsa'] %} case KEY_{{ alg['name']|upper }}_{{ sig['name']|upper }}: - {%- if sig['name'] == 'oqs_default' %} - { // OQS-TODO: Clean this up - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - ret = sig->keypair(k->oqs_pk, k->oqs_sk); - OQS_SIG_free(sig); - break; - } - {%- else %} ret = OQS_SIG_{{ sig['name'] }}_keypair(k->oqs_pk, k->oqs_sk); break; - {%- endif %} {%- endfor %} {%- endfor %} #ifdef OPENSSL_HAS_ECC {%- for sig in config['sigs'] %} {%- for alg in sig['mix_with'] if not alg['rsa'] %} case KEY_{{ alg['name']|upper }}_{{ sig['name']|upper }}: - {%- if sig['name'] == 'oqs_default' %} - { // OQS-TODO: Clean this up - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - ret = sig->keypair(k->oqs_pk, k->oqs_sk); - OQS_SIG_free(sig); - break; - } - {%- else %} ret = OQS_SIG_{{ sig['name'] }}_keypair(k->oqs_pk, k->oqs_sk); break; - {%- endif %} {%- endfor %} {%- endfor %} #endif /* OPENSSL_HAS_ECC */ diff --git a/oqs-test/try_connection.py b/oqs-test/try_connection.py index 4aad03a8df0f..6250e8786216 100644 --- a/oqs-test/try_connection.py +++ b/oqs-test/try_connection.py @@ -12,8 +12,6 @@ kexs = [ ##### OQS_TEMPLATE_FRAGMENT_LIST_ALL_KEXS_START - "oqs-default-sha256", - "ecdh-nistp256-oqs-default-sha256", "frodokem-640-aes-sha256", "ecdh-nistp256-frodokem-640-aes-sha256", "frodokem-976-aes-sha384", @@ -68,14 +66,10 @@ "ecdh-nistp384-kyber-768-90s-sha384", "kyber-1024-90s-sha512", "ecdh-nistp521-kyber-1024-90s-sha512", - "bike1-l1-cpa-sha512", - "ecdh-nistp256-bike1-l1-cpa-sha512", - "bike1-l1-fo-sha512", - "ecdh-nistp256-bike1-l1-fo-sha512", - "bike1-l3-cpa-sha512", - "ecdh-nistp384-bike1-l3-cpa-sha512", - "bike1-l3-fo-sha512", - "ecdh-nistp384-bike1-l3-fo-sha512", + "bike-l1-sha512", + "ecdh-nistp256-bike-l1-sha512", + "bike-l3-sha512", + "ecdh-nistp384-bike-l3-sha512", "ntru-hps2048509-sha512", "ecdh-nistp256-ntru-hps2048509-sha512", "ntru-hps2048677-sha512", @@ -127,9 +121,6 @@ sigs = [ ##### OQS_TEMPLATE_FRAGMENT_LIST_ALL_SIGS_START - "ssh-oqsdefault", - "ssh-rsa3072-oqsdefault", - "ssh-ecdsa-nistp256-oqsdefault", "ssh-falcon512", "ssh-rsa3072-falcon512", "ssh-ecdsa-nistp256-falcon512", diff --git a/oqs-utils.c b/oqs-utils.c index 6c371f22ceca..a0a6c60af630 100644 --- a/oqs-utils.c +++ b/oqs-utils.c @@ -3,8 +3,6 @@ int oqs_utils_is_rsa_hybrid(int keytype) { switch(keytype) { ///// OQS_TEMPLATE_FRAGMENT_LIST_RSA_HYBRIDS_START - case KEY_RSA3072_OQS_DEFAULT: - return 1; case KEY_RSA3072_FALCON_512: return 1; case KEY_RSA3072_DILITHIUM_2_AES: @@ -21,8 +19,6 @@ int oqs_utils_is_rsa_hybrid(int keytype) { int oqs_utils_is_ecdsa_hybrid(int keytype) { switch(keytype) { ///// OQS_TEMPLATE_FRAGMENT_LIST_ECDSA_HYBRIDS_START - case KEY_ECDSA_NISTP256_OQS_DEFAULT: - return 1; case KEY_ECDSA_NISTP256_FALCON_512: return 1; case KEY_ECDSA_NISTP521_FALCON_1024: diff --git a/oqs-utils.h b/oqs-utils.h index 5a8ff773c499..a3e744444b20 100644 --- a/oqs-utils.h +++ b/oqs-utils.h @@ -7,7 +7,6 @@ // OQS-TODO: Replace these macros with the functions below ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEY_CASE_MACROS_START #define CASE_KEY_OQS \ - case KEY_OQS_DEFAULT: \ case KEY_FALCON_512: \ case KEY_FALCON_1024: \ case KEY_DILITHIUM_3: \ @@ -19,14 +18,12 @@ case KEY_SPHINCS_HARAKA_192F_ROBUST #define CASE_KEY_RSA_HYBRID \ - case KEY_RSA3072_OQS_DEFAULT: \ case KEY_RSA3072_FALCON_512: \ case KEY_RSA3072_DILITHIUM_2_AES: \ case KEY_RSA3072_PICNIC_L1_FULL: \ case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE #define CASE_KEY_ECDSA_HYBRID \ - case KEY_ECDSA_NISTP256_OQS_DEFAULT: \ case KEY_ECDSA_NISTP256_FALCON_512: \ case KEY_ECDSA_NISTP521_FALCON_1024: \ case KEY_ECDSA_NISTP384_DILITHIUM_3: \ diff --git a/pathnames.h b/pathnames.h index 1d0a74b3b0f2..7046c18b794f 100644 --- a/pathnames.h +++ b/pathnames.h @@ -42,9 +42,6 @@ #define _PATH_HOST_XMSS_KEY_FILE SSHDIR "/ssh_host_xmss_key" #define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" ///// OQS_TEMPLATE_FRAGMENT_ADD_KEY_FILE_PATHS_START -#define _PATH_HOST_OQS_DEFAULT_KEY_FILE SSHDIR "/ssh_host_oqsdefault_key" -#define _PATH_HOST_RSA3072_OQS_DEFAULT_KEY_FILE SSHDIR "/ssh_host_rsa3072_oqsdefault_key" -#define _PATH_HOST_ECDSA_NISTP256_OQS_DEFAULT_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp256_oqsdefault_key" #define _PATH_HOST_FALCON_512_KEY_FILE SSHDIR "/ssh_host_falcon512_key" #define _PATH_HOST_RSA3072_FALCON_512_KEY_FILE SSHDIR "/ssh_host_rsa3072_falcon512_key" #define _PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp256_falcon512_key" @@ -107,9 +104,6 @@ #define _PATH_SSH_CLIENT_ID_ECDSA_SK _PATH_SSH_USER_DIR "/id_ecdsa_sk" #define _PATH_SSH_CLIENT_ID_ED25519_SK _PATH_SSH_USER_DIR "/id_ed25519_sk" ///// OQS_TEMPLATE_FRAGMENT_ADD_ID_FILE_PATHS_START -#define _PATH_SSH_CLIENT_ID_OQS_DEFAULT _PATH_SSH_USER_DIR "/id_oqsdefault" -#define _PATH_SSH_CLIENT_ID_RSA3072_OQS_DEFAULT _PATH_SSH_USER_DIR "/id_rsa3072_oqsdefault" -#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_OQS_DEFAULT _PATH_SSH_USER_DIR "/id_ecdsa_nistp256_oqsdefault" #define _PATH_SSH_CLIENT_ID_FALCON_512 _PATH_SSH_USER_DIR "/id_falcon512" #define _PATH_SSH_CLIENT_ID_RSA3072_FALCON_512 _PATH_SSH_USER_DIR "/id_rsa3072_falcon512" #define _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_FALCON_512 _PATH_SSH_USER_DIR "/id_ecdsa_nistp256_falcon512" diff --git a/readconf.c b/readconf.c index 68f0f14ba689..2fc3b4dc495f 100644 --- a/readconf.c +++ b/readconf.c @@ -2383,7 +2383,6 @@ fill_default_options(Options * options) _PATH_SSH_CLIENT_ID_ED25519_SK, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0); ///// OQS_TEMPLATE_FRAGMENT_ADD_ID_FILES_START - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_OQS_DEFAULT, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_FALCON_512, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_FALCON_1024, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DILITHIUM_3, 0); @@ -2394,13 +2393,11 @@ fill_default_options(Options * options) add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SPHINCS_HARAKA_128F_SIMPLE, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SPHINCS_HARAKA_192F_ROBUST, 0); #ifdef WITH_OPENSSL - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_OQS_DEFAULT, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_FALCON_512, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_DILITHIUM_2_AES, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_PICNIC_L1_FULL, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_HARAKA_128F_SIMPLE, 0); #ifdef OPENSSL_HAS_ECC - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_OQS_DEFAULT, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_FALCON_512, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_FALCON_1024, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_DILITHIUM_3, 0); diff --git a/regress/keygen-comment.sh b/regress/keygen-comment.sh index 7db874789d56..f54fab800fb8 100644 --- a/regress/keygen-comment.sh +++ b/regress/keygen-comment.sh @@ -31,7 +31,6 @@ for fmt in '' RFC4716 PKCS8 PEM; do case "$t" in ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;; ##### OQS_TEMPLATE_FRAGMENT_EXCLUDE_OQS_ALGS_START - *oqsdefault*) test -z "$oldfmt" || continue ;; *falcon512*) test -z "$oldfmt" || continue ;; *falcon1024*) test -z "$oldfmt" || continue ;; *dilithium3*) test -z "$oldfmt" || continue ;; diff --git a/servconf.c b/servconf.c index 3c63e7955a06..bebee92e830b 100644 --- a/servconf.c +++ b/servconf.c @@ -296,8 +296,6 @@ fill_default_server_options(ServerOptions *options) _PATH_HOST_XMSS_KEY_FILE, 0); #endif /* WITH_XMSS */ ///// OQS_TEMPLATE_FRAGMENT_SERVER_ADD_HOSTKEYS_START - servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_OQS_DEFAULT_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, _PATH_HOST_FALCON_512_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, @@ -317,8 +315,6 @@ fill_default_server_options(ServerOptions *options) servconf_add_hostkey("[default]", 0, options, _PATH_HOST_SPHINCS_HARAKA_192F_ROBUST_KEY_FILE, 0); #ifdef WITH_OPENSSL - servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_RSA3072_OQS_DEFAULT_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, _PATH_HOST_RSA3072_FALCON_512_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, @@ -328,8 +324,6 @@ fill_default_server_options(ServerOptions *options) servconf_add_hostkey("[default]", 0, options, _PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 0); #ifdef OPENSSL_HAS_ECC - servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_ECDSA_NISTP256_OQS_DEFAULT_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, _PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, diff --git a/sk-api.h b/sk-api.h index 20202a266657..309fe2a394f0 100644 --- a/sk-api.h +++ b/sk-api.h @@ -32,31 +32,28 @@ #define SSH_SK_ECDSA 0x00 #define SSH_SK_ED25519 0x01 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_SSH_SKS_START -#define SSH_SK_OQS_DEFAULT 0x02 -#define SSH_SK_RSA3072_OQS_DEFAULT 0x03 -#define SSH_SK_ECDSA_NISTP256_OQS_DEFAULT 0x04 -#define SSH_SK_FALCON_512 0x05 -#define SSH_SK_RSA3072_FALCON_512 0x06 -#define SSH_SK_ECDSA_NISTP256_FALCON_512 0x07 -#define SSH_SK_FALCON_1024 0x08 -#define SSH_SK_ECDSA_NISTP521_FALCON_1024 0x09 -#define SSH_SK_DILITHIUM_3 0x0A -#define SSH_SK_ECDSA_NISTP384_DILITHIUM_3 0x0B -#define SSH_SK_DILITHIUM_2_AES 0x0C -#define SSH_SK_RSA3072_DILITHIUM_2_AES 0x0D -#define SSH_SK_ECDSA_NISTP256_DILITHIUM_2_AES 0x0E -#define SSH_SK_DILITHIUM_5_AES 0x0F -#define SSH_SK_ECDSA_NISTP521_DILITHIUM_5_AES 0x10 -#define SSH_SK_PICNIC_L1_FULL 0x11 -#define SSH_SK_RSA3072_PICNIC_L1_FULL 0x12 -#define SSH_SK_ECDSA_NISTP256_PICNIC_L1_FULL 0x13 -#define SSH_SK_PICNIC_L3_FS 0x14 -#define SSH_SK_ECDSA_NISTP384_PICNIC_L3_FS 0x15 -#define SSH_SK_SPHINCS_HARAKA_128F_SIMPLE 0x16 -#define SSH_SK_RSA3072_SPHINCS_HARAKA_128F_SIMPLE 0x17 -#define SSH_SK_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE 0x18 -#define SSH_SK_SPHINCS_HARAKA_192F_ROBUST 0x19 -#define SSH_SK_ECDSA_NISTP384_SPHINCS_HARAKA_192F_ROBUST 0x1A +#define SSH_SK_FALCON_512 0x02 +#define SSH_SK_RSA3072_FALCON_512 0x03 +#define SSH_SK_ECDSA_NISTP256_FALCON_512 0x04 +#define SSH_SK_FALCON_1024 0x05 +#define SSH_SK_ECDSA_NISTP521_FALCON_1024 0x06 +#define SSH_SK_DILITHIUM_3 0x07 +#define SSH_SK_ECDSA_NISTP384_DILITHIUM_3 0x08 +#define SSH_SK_DILITHIUM_2_AES 0x09 +#define SSH_SK_RSA3072_DILITHIUM_2_AES 0x0A +#define SSH_SK_ECDSA_NISTP256_DILITHIUM_2_AES 0x0B +#define SSH_SK_DILITHIUM_5_AES 0x0C +#define SSH_SK_ECDSA_NISTP521_DILITHIUM_5_AES 0x0D +#define SSH_SK_PICNIC_L1_FULL 0x0E +#define SSH_SK_RSA3072_PICNIC_L1_FULL 0x0F +#define SSH_SK_ECDSA_NISTP256_PICNIC_L1_FULL 0x10 +#define SSH_SK_PICNIC_L3_FS 0x11 +#define SSH_SK_ECDSA_NISTP384_PICNIC_L3_FS 0x12 +#define SSH_SK_SPHINCS_HARAKA_128F_SIMPLE 0x13 +#define SSH_SK_RSA3072_SPHINCS_HARAKA_128F_SIMPLE 0x14 +#define SSH_SK_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE 0x15 +#define SSH_SK_SPHINCS_HARAKA_192F_ROBUST 0x16 +#define SSH_SK_ECDSA_NISTP384_SPHINCS_HARAKA_192F_ROBUST 0x17 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_SSH_SKS_END /* Error codes */ diff --git a/ssh-add.c b/ssh-add.c index 310d19ac9131..913ed66c6f6e 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -86,7 +86,6 @@ static char *default_files[] = { _PATH_SSH_CLIENT_ID_ED25519_SK, _PATH_SSH_CLIENT_ID_XMSS, ///// OQS_TEMPLATE_FRAGMENT_ADD_DEFAULT_ID_FILES_START - _PATH_SSH_CLIENT_ID_OQS_DEFAULT, _PATH_SSH_CLIENT_ID_FALCON_512, _PATH_SSH_CLIENT_ID_FALCON_1024, _PATH_SSH_CLIENT_ID_DILITHIUM_3, @@ -97,13 +96,11 @@ static char *default_files[] = { _PATH_SSH_CLIENT_ID_SPHINCS_HARAKA_128F_SIMPLE, _PATH_SSH_CLIENT_ID_SPHINCS_HARAKA_192F_ROBUST, #ifdef WITH_OPENSSL - _PATH_SSH_CLIENT_ID_RSA3072_OQS_DEFAULT, _PATH_SSH_CLIENT_ID_RSA3072_FALCON_512, _PATH_SSH_CLIENT_ID_RSA3072_DILITHIUM_2_AES, _PATH_SSH_CLIENT_ID_RSA3072_PICNIC_L1_FULL, _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_HARAKA_128F_SIMPLE, #ifdef OPENSSL_HAS_ECC - _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_OQS_DEFAULT, _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_FALCON_512, _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_FALCON_1024, _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_DILITHIUM_3, diff --git a/ssh-keygen.c b/ssh-keygen.c index 88bf8fe01ff7..e3acd925d9a5 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -330,9 +330,6 @@ ask_filename(struct passwd *pw, const char *prompt) name = _PATH_SSH_CLIENT_ID_XMSS; break; ///// OQS_TEMPLATE_FRAGMENT_HANDLE_ID_FILES_START - case KEY_OQS_DEFAULT: - name = _PATH_SSH_CLIENT_ID_OQS_DEFAULT; - break; case KEY_FALCON_512: name = _PATH_SSH_CLIENT_ID_FALCON_512; break; @@ -361,9 +358,6 @@ ask_filename(struct passwd *pw, const char *prompt) name = _PATH_SSH_CLIENT_ID_SPHINCS_HARAKA_192F_ROBUST; break; #ifdef WITH_OPENSSL - case KEY_RSA3072_OQS_DEFAULT: - name = _PATH_SSH_CLIENT_ID_RSA3072_OQS_DEFAULT; - break; case KEY_RSA3072_FALCON_512: name = _PATH_SSH_CLIENT_ID_RSA3072_FALCON_512; break; @@ -377,9 +371,6 @@ ask_filename(struct passwd *pw, const char *prompt) name = _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_HARAKA_128F_SIMPLE; break; #ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_NISTP256_OQS_DEFAULT: - name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_OQS_DEFAULT; - break; case KEY_ECDSA_NISTP256_FALCON_512: name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_FALCON_512; break; @@ -1169,7 +1160,6 @@ do_gen_all_hostkeys(struct passwd *pw) { "xmss", "XMSS",_PATH_HOST_XMSS_KEY_FILE }, #endif /* WITH_XMSS */ ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEY_TYPES_START - { "oqsdefault", "OQS_DEFAULT", _PATH_HOST_OQS_DEFAULT_KEY_FILE }, { "falcon512", "FALCON_512", _PATH_HOST_FALCON_512_KEY_FILE }, { "falcon1024", "FALCON_1024", _PATH_HOST_FALCON_1024_KEY_FILE }, { "dilithium3", "DILITHIUM_3", _PATH_HOST_DILITHIUM_3_KEY_FILE }, @@ -1180,13 +1170,11 @@ do_gen_all_hostkeys(struct passwd *pw) { "sphincsharaka128fsimple", "SPHINCS_HARAKA_128F_SIMPLE", _PATH_HOST_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE }, { "sphincsharaka192frobust", "SPHINCS_HARAKA_192F_ROBUST", _PATH_HOST_SPHINCS_HARAKA_192F_ROBUST_KEY_FILE }, #ifdef WITH_OPENSSL - { "rsa3072_oqsdefault", "RSA3072_OQS_DEFAULT", _PATH_HOST_RSA3072_OQS_DEFAULT_KEY_FILE }, { "rsa3072_falcon512", "RSA3072_FALCON_512", _PATH_HOST_RSA3072_FALCON_512_KEY_FILE }, { "rsa3072_dilithium2aes", "RSA3072_DILITHIUM_2_AES", _PATH_HOST_RSA3072_DILITHIUM_2_AES_KEY_FILE }, { "rsa3072_picnicL1full", "RSA3072_PICNIC_L1_FULL", _PATH_HOST_RSA3072_PICNIC_L1_FULL_KEY_FILE }, { "rsa3072_sphincsharaka128fsimple", "RSA3072_SPHINCS_HARAKA_128F_SIMPLE", _PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE }, #ifdef OPENSSL_HAS_ECC - { "ecdsa_nistp256_oqsdefault", "ECDSA_NISTP256_OQS_DEFAULT", _PATH_HOST_ECDSA_NISTP256_OQS_DEFAULT_KEY_FILE }, { "ecdsa_nistp256_falcon512", "ECDSA_NISTP256_FALCON_512", _PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE }, { "ecdsa_nistp521_falcon1024", "ECDSA_NISTP521_FALCON_1024", _PATH_HOST_ECDSA_NISTP521_FALCON_1024_KEY_FILE }, { "ecdsa_nistp384_dilithium3", "ECDSA_NISTP384_DILITHIUM_3", _PATH_HOST_ECDSA_NISTP384_DILITHIUM_3_KEY_FILE }, @@ -1684,7 +1672,6 @@ do_change_comment(struct passwd *pw, const char *identity_comment) if (private->type != KEY_ED25519 && private->type != KEY_XMSS && ///// OQS_TEMPLATE_FRAGMENT_CHECK_PRIVATE_KEY_TYPE_START - private->type != KEY_OQS_DEFAULT && private->type != KEY_FALCON_512 && private->type != KEY_FALCON_1024 && private->type != KEY_DILITHIUM_3 && @@ -1695,13 +1682,11 @@ do_change_comment(struct passwd *pw, const char *identity_comment) private->type != KEY_SPHINCS_HARAKA_128F_SIMPLE && private->type != KEY_SPHINCS_HARAKA_192F_ROBUST && #ifdef WITH_OPENSSL - private->type != KEY_RSA3072_OQS_DEFAULT && private->type != KEY_RSA3072_FALCON_512 && private->type != KEY_RSA3072_DILITHIUM_2_AES && private->type != KEY_RSA3072_PICNIC_L1_FULL && private->type != KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE && #ifdef OPENSSL_HAS_ECC - private->type != KEY_ECDSA_NISTP256_OQS_DEFAULT && private->type != KEY_ECDSA_NISTP256_FALCON_512 && private->type != KEY_ECDSA_NISTP521_FALCON_1024 && private->type != KEY_ECDSA_NISTP384_DILITHIUM_3 && @@ -3711,15 +3696,6 @@ main(int argc, char **argv) _PATH_HOST_XMSS_KEY_FILE, rr_hostname, print_generic); ///// OQS_TEMPLATE_FRAGMENT_PRINT_RESOURCE_RECORDS_START - n += do_print_resource_record(pw, - _PATH_HOST_OQS_DEFAULT_KEY_FILE, rr_hostname, - print_generic); - n += do_print_resource_record(pw, - _PATH_HOST_RSA3072_OQS_DEFAULT_KEY_FILE, rr_hostname, - print_generic); - n += do_print_resource_record(pw, - _PATH_HOST_ECDSA_NISTP256_OQS_DEFAULT_KEY_FILE, rr_hostname, - print_generic); n += do_print_resource_record(pw, _PATH_HOST_FALCON_512_KEY_FILE, rr_hostname, print_generic); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c9f667ffb112..4ea9c528d001 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -65,41 +65,35 @@ int ssh_port = SSH_DEFAULT_PORT; #define KT_ECDSA_SK (1<<5) #define KT_ED25519_SK (1<<6) ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_KT_MASKS_START -#define KT_OQS_DEFAULT ((uint64_t)1<<7) -#define KT_RSA3072_OQS_DEFAULT ((uint64_t)1<<8) -#define KT_ECDSA_NISTP256_OQS_DEFAULT ((uint64_t)1<<9) -#define KT_FALCON_512 ((uint64_t)1<<10) -#define KT_RSA3072_FALCON_512 ((uint64_t)1<<11) -#define KT_ECDSA_NISTP256_FALCON_512 ((uint64_t)1<<12) -#define KT_FALCON_1024 ((uint64_t)1<<13) -#define KT_ECDSA_NISTP521_FALCON_1024 ((uint64_t)1<<14) -#define KT_DILITHIUM_3 ((uint64_t)1<<15) -#define KT_ECDSA_NISTP384_DILITHIUM_3 ((uint64_t)1<<16) -#define KT_DILITHIUM_2_AES ((uint64_t)1<<17) -#define KT_RSA3072_DILITHIUM_2_AES ((uint64_t)1<<18) -#define KT_ECDSA_NISTP256_DILITHIUM_2_AES ((uint64_t)1<<19) -#define KT_DILITHIUM_5_AES ((uint64_t)1<<20) -#define KT_ECDSA_NISTP521_DILITHIUM_5_AES ((uint64_t)1<<21) -#define KT_PICNIC_L1_FULL ((uint64_t)1<<22) -#define KT_RSA3072_PICNIC_L1_FULL ((uint64_t)1<<23) -#define KT_ECDSA_NISTP256_PICNIC_L1_FULL ((uint64_t)1<<24) -#define KT_PICNIC_L3_FS ((uint64_t)1<<25) -#define KT_ECDSA_NISTP384_PICNIC_L3_FS ((uint64_t)1<<26) -#define KT_SPHINCS_HARAKA_128F_SIMPLE ((uint64_t)1<<27) -#define KT_RSA3072_SPHINCS_HARAKA_128F_SIMPLE ((uint64_t)1<<28) -#define KT_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE ((uint64_t)1<<29) -#define KT_SPHINCS_HARAKA_192F_ROBUST ((uint64_t)1<<30) -#define KT_ECDSA_NISTP384_SPHINCS_HARAKA_192F_ROBUST ((uint64_t)1<<31) -#define KT_MAX ((uint64_t)1<<31) +#define KT_FALCON_512 ((uint64_t)1<<7) +#define KT_RSA3072_FALCON_512 ((uint64_t)1<<8) +#define KT_ECDSA_NISTP256_FALCON_512 ((uint64_t)1<<9) +#define KT_FALCON_1024 ((uint64_t)1<<10) +#define KT_ECDSA_NISTP521_FALCON_1024 ((uint64_t)1<<11) +#define KT_DILITHIUM_3 ((uint64_t)1<<12) +#define KT_ECDSA_NISTP384_DILITHIUM_3 ((uint64_t)1<<13) +#define KT_DILITHIUM_2_AES ((uint64_t)1<<14) +#define KT_RSA3072_DILITHIUM_2_AES ((uint64_t)1<<15) +#define KT_ECDSA_NISTP256_DILITHIUM_2_AES ((uint64_t)1<<16) +#define KT_DILITHIUM_5_AES ((uint64_t)1<<17) +#define KT_ECDSA_NISTP521_DILITHIUM_5_AES ((uint64_t)1<<18) +#define KT_PICNIC_L1_FULL ((uint64_t)1<<19) +#define KT_RSA3072_PICNIC_L1_FULL ((uint64_t)1<<20) +#define KT_ECDSA_NISTP256_PICNIC_L1_FULL ((uint64_t)1<<21) +#define KT_PICNIC_L3_FS ((uint64_t)1<<22) +#define KT_ECDSA_NISTP384_PICNIC_L3_FS ((uint64_t)1<<23) +#define KT_SPHINCS_HARAKA_128F_SIMPLE ((uint64_t)1<<24) +#define KT_RSA3072_SPHINCS_HARAKA_128F_SIMPLE ((uint64_t)1<<25) +#define KT_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE ((uint64_t)1<<26) +#define KT_SPHINCS_HARAKA_192F_ROBUST ((uint64_t)1<<27) +#define KT_ECDSA_NISTP384_SPHINCS_HARAKA_192F_ROBUST ((uint64_t)1<<28) +#define KT_MAX ((uint64_t)1<<28) ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_KT_MASKS_END #define KT_MIN KT_DSA int get_cert = 0; uint64_t get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519|KT_ECDSA_SK|KT_ED25519_SK|\ ///// OQS_TEMPLATE_FRAGMENT_ADD_KEYTYPES_START - KT_OQS_DEFAULT | \ - KT_RSA3072_OQS_DEFAULT | \ - KT_ECDSA_NISTP256_OQS_DEFAULT | \ KT_FALCON_512 | \ KT_RSA3072_FALCON_512 | \ KT_ECDSA_NISTP256_FALCON_512 | \ @@ -326,9 +320,6 @@ keygrab_ssh2(con *c) "sk-ssh-ed25519@openssh.com"; break; ///// OQS_TEMPLATE_FRAGMENT_ADD_PROPOSAL_SERVER_HOST_KEY_ALGS_START - case KT_OQS_DEFAULT: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-oqsdefault"; - break; case KT_FALCON_512: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-falcon512"; break; @@ -357,9 +348,6 @@ keygrab_ssh2(con *c) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-sphincsharaka192frobust"; break; #ifdef WITH_OPENSSL - case KT_RSA3072_OQS_DEFAULT: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-oqsdefault"; - break; case KT_RSA3072_FALCON_512: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-falcon512"; break; @@ -373,9 +361,6 @@ keygrab_ssh2(con *c) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-sphincsharaka128fsimple"; break; #ifdef OPENSSL_HAS_ECC - case KT_ECDSA_NISTP256_OQS_DEFAULT: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp256-oqsdefault"; - break; case KT_ECDSA_NISTP256_FALCON_512: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp256-falcon512"; break; @@ -429,7 +414,6 @@ keygrab_ssh2(con *c) #endif c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_KEX_GEN_CLIENT_START - c->c_ssh->kex->kex[KEX_KEM_OQS_DEFAULT_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_FRODOKEM_640_AES_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_FRODOKEM_976_AES_SHA384] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_FRODOKEM_1344_AES_SHA512] = kex_gen_client; @@ -457,10 +441,8 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_BIKE1_L1_CPA_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_BIKE1_L1_FO_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_BIKE1_L3_CPA_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_BIKE1_L3_FO_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_client; @@ -486,7 +468,6 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_KEM_NTRUPRIME_SNTRUP857_SHA384] = kex_gen_client; #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC - c->c_ssh->kex->kex[KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_FRODOKEM_976_AES_ECDH_NISTP384_SHA384] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_FRODOKEM_1344_AES_ECDH_NISTP521_SHA512] = kex_gen_client; @@ -514,10 +495,8 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_client; + c->c_ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_client; @@ -997,15 +976,6 @@ main(int argc, char **argv) get_keytypes |= KT_ECDSA_SK; break; ///// OQS_TEMPLATE_FRAGMENT_ADD_TO_GET_KEYTYPES_START - case KEY_OQS_DEFAULT: - get_keytypes |= KT_OQS_DEFAULT; - break; - case KEY_RSA3072_OQS_DEFAULT: - get_keytypes |= KT_RSA3072_OQS_DEFAULT; - break; - case KEY_ECDSA_NISTP256_OQS_DEFAULT: - get_keytypes |= KT_ECDSA_NISTP256_OQS_DEFAULT; - break; case KEY_FALCON_512: get_keytypes |= KT_FALCON_512; break; diff --git a/ssh-keysign.c b/ssh-keysign.c index 59fbafcd0ef2..f290f1ef6bf2 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -166,7 +166,7 @@ main(int argc, char **argv) struct sshbuf *b; Options options; ///// OQS_TEMPLATE_FRAGMENT_COUNT_KEYTYPES_START -#define NUM_KEYTYPES 5 + 25 +#define NUM_KEYTYPES 5 + 22 ///// OQS_TEMPLATE_FRAGMENT_COUNT_KEYTYPES_END struct sshkey *keys[NUM_KEYTYPES], *key = NULL; struct passwd *pw; @@ -193,9 +193,6 @@ main(int argc, char **argv) key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); ///// OQS_TEMPLATE_FRAGMENT_OPEN_KEY_FILES_START - key_fd[i++] = open(_PATH_HOST_OQS_DEFAULT_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_RSA3072_OQS_DEFAULT_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP256_OQS_DEFAULT_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_FALCON_512_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA3072_FALCON_512_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE, O_RDONLY); diff --git a/ssh-oqs.c b/ssh-oqs.c index d3a7886a827a..683d3c5a9d7a 100644 --- a/ssh-oqs.c +++ b/ssh-oqs.c @@ -178,40 +178,6 @@ static int ssh_generic_verify(OQS_SIG *oqs_sig, } ///// OQS_TEMPLATE_FRAGMENT_DEFINE_SIG_FUNCTIONS_START -/*--------------------------------------------------- - * OQS_DEFAULT METHODS - *--------------------------------------------------- - */ -int ssh_oqsdefault_sign(const struct sshkey *key, - u_char **sigp, - size_t *lenp, - const u_char *data, - size_t datalen, - u_int compat) -{ - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - if (sig == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = ssh_generic_sign(sig, "oqsdefault", key, sigp, lenp, data, datalen, compat); - OQS_SIG_free(sig); - return r; -} -int ssh_oqsdefault_verify(const struct sshkey *key, - const u_char *signature, - size_t signaturelen, - const u_char *data, - size_t datalen, - u_int compat) -{ - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - if (sig == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = ssh_generic_verify(sig, "oqsdefault", key, signature, signaturelen, data, datalen, compat); - OQS_SIG_free(sig); - return r; -} /*--------------------------------------------------- * FALCON_512 METHODS *--------------------------------------------------- diff --git a/ssh-rsa.c b/ssh-rsa.c index a251cfce7e7f..f2d462e115d2 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -66,7 +66,6 @@ rsa_hash_id_from_ident(const char *ident) if (strcmp(ident, "rsa-sha2-256") == 0 || /* OQS-note: Currently, only L1 algorithms support RSA hybrids */ ///// OQS_TEMPLATE_FRAGMENT_LIST_L1_RSA_HYBRIDS_START - strcmp(ident, "ssh-rsa3072-oqsdefault") == 0 || strcmp(ident, "ssh-rsa3072-falcon512") == 0 || strcmp(ident, "ssh-rsa3072-dilithium2aes") == 0 || strcmp(ident, "ssh-rsa3072-picnicL1full") == 0 || diff --git a/ssh.c b/ssh.c index 901cd3924d1d..849cf2ccd5e2 100644 --- a/ssh.c +++ b/ssh.c @@ -1573,7 +1573,7 @@ main(int ac, char **av) sensitive_data.keys = NULL; if (options.hostbased_authentication) { ///// OQS_TEMPLATE_FRAGMENT_COUNT_KEYTYPES_START - sensitive_data.nkeys = 10 + 25; + sensitive_data.nkeys = 10 + 22; ///// OQS_TEMPLATE_FRAGMENT_COUNT_KEYTYPES_END sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(struct sshkey)); @@ -1603,31 +1603,28 @@ main(int ac, char **av) L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8); L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); ///// OQS_TEMPLATE_FRAGMENT_LOAD_PUBKEYS_START - L_PUBKEY(_PATH_HOST_OQS_DEFAULT_KEY_FILE, 10); - L_PUBKEY(_PATH_HOST_RSA3072_OQS_DEFAULT_KEY_FILE, 11); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_OQS_DEFAULT_KEY_FILE, 12); - L_PUBKEY(_PATH_HOST_FALCON_512_KEY_FILE, 13); - L_PUBKEY(_PATH_HOST_RSA3072_FALCON_512_KEY_FILE, 14); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE, 15); - L_PUBKEY(_PATH_HOST_FALCON_1024_KEY_FILE, 16); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP521_FALCON_1024_KEY_FILE, 17); - L_PUBKEY(_PATH_HOST_DILITHIUM_3_KEY_FILE, 18); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP384_DILITHIUM_3_KEY_FILE, 19); - L_PUBKEY(_PATH_HOST_DILITHIUM_2_AES_KEY_FILE, 20); - L_PUBKEY(_PATH_HOST_RSA3072_DILITHIUM_2_AES_KEY_FILE, 21); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_DILITHIUM_2_AES_KEY_FILE, 22); - L_PUBKEY(_PATH_HOST_DILITHIUM_5_AES_KEY_FILE, 23); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP521_DILITHIUM_5_AES_KEY_FILE, 24); - L_PUBKEY(_PATH_HOST_PICNIC_L1_FULL_KEY_FILE, 25); - L_PUBKEY(_PATH_HOST_RSA3072_PICNIC_L1_FULL_KEY_FILE, 26); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_PICNIC_L1_FULL_KEY_FILE, 27); - L_PUBKEY(_PATH_HOST_PICNIC_L3_FS_KEY_FILE, 28); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP384_PICNIC_L3_FS_KEY_FILE, 29); - L_PUBKEY(_PATH_HOST_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 30); - L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 31); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 32); - L_PUBKEY(_PATH_HOST_SPHINCS_HARAKA_192F_ROBUST_KEY_FILE, 33); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP384_SPHINCS_HARAKA_192F_ROBUST_KEY_FILE, 34); + L_PUBKEY(_PATH_HOST_FALCON_512_KEY_FILE, 10); + L_PUBKEY(_PATH_HOST_RSA3072_FALCON_512_KEY_FILE, 11); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE, 12); + L_PUBKEY(_PATH_HOST_FALCON_1024_KEY_FILE, 13); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP521_FALCON_1024_KEY_FILE, 14); + L_PUBKEY(_PATH_HOST_DILITHIUM_3_KEY_FILE, 15); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP384_DILITHIUM_3_KEY_FILE, 16); + L_PUBKEY(_PATH_HOST_DILITHIUM_2_AES_KEY_FILE, 17); + L_PUBKEY(_PATH_HOST_RSA3072_DILITHIUM_2_AES_KEY_FILE, 18); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_DILITHIUM_2_AES_KEY_FILE, 19); + L_PUBKEY(_PATH_HOST_DILITHIUM_5_AES_KEY_FILE, 20); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP521_DILITHIUM_5_AES_KEY_FILE, 21); + L_PUBKEY(_PATH_HOST_PICNIC_L1_FULL_KEY_FILE, 22); + L_PUBKEY(_PATH_HOST_RSA3072_PICNIC_L1_FULL_KEY_FILE, 23); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_PICNIC_L1_FULL_KEY_FILE, 24); + L_PUBKEY(_PATH_HOST_PICNIC_L3_FS_KEY_FILE, 25); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP384_PICNIC_L3_FS_KEY_FILE, 26); + L_PUBKEY(_PATH_HOST_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 27); + L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 28); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 29); + L_PUBKEY(_PATH_HOST_SPHINCS_HARAKA_192F_ROBUST_KEY_FILE, 30); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP384_SPHINCS_HARAKA_192F_ROBUST_KEY_FILE, 31); ///// OQS_TEMPLATE_FRAGMENT_LOAD_PUBKEYS_END } } diff --git a/ssh_api.c b/ssh_api.c index 89d2059d7c5e..7cd181b97311 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -120,7 +120,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server; ///// OQS_TEMPLATE_FRAGMENT_POINT_TO_KEX_GEN_SERVER_START - ssh->kex->kex[KEX_KEM_OQS_DEFAULT_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_FRODOKEM_640_AES_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_FRODOKEM_976_AES_SHA384] = kex_gen_server; ssh->kex->kex[KEX_KEM_FRODOKEM_1344_AES_SHA512] = kex_gen_server; @@ -148,10 +147,8 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_server; ssh->kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_BIKE1_L1_CPA_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_BIKE1_L1_FO_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_BIKE1_L3_CPA_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_BIKE1_L3_FO_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_server; @@ -177,7 +174,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_NTRUPRIME_SNTRUP857_SHA384] = kex_gen_server; #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC - ssh->kex->kex[KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_FRODOKEM_976_AES_ECDH_NISTP384_SHA384] = kex_gen_server; ssh->kex->kex[KEX_KEM_FRODOKEM_1344_AES_ECDH_NISTP521_SHA512] = kex_gen_server; @@ -205,10 +201,8 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_server; ssh->kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_server; @@ -254,7 +248,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; ///// OQS_TEMPLATE_FRAGMENT_POINT_TO_KEX_GEN_CLIENT_START - ssh->kex->kex[KEX_KEM_OQS_DEFAULT_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_640_AES_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_976_AES_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_1344_AES_SHA512] = kex_gen_client; @@ -282,10 +275,8 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L1_CPA_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L1_FO_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L3_CPA_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L3_FO_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_client; @@ -311,7 +302,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_NTRUPRIME_SNTRUP857_SHA384] = kex_gen_client; #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC - ssh->kex->kex[KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_976_AES_ECDH_NISTP384_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_1344_AES_ECDH_NISTP521_SHA512] = kex_gen_client; @@ -339,10 +329,8 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_client; diff --git a/sshconnect2.c b/sshconnect2.c index 1c427825d14f..2c9fb805fa0f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -287,7 +287,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, #endif ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; ///// OQS_TEMPLATE_FRAGMENT_POINT_TO_KEX_GEN_START - ssh->kex->kex[KEX_KEM_OQS_DEFAULT_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_640_AES_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_976_AES_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_1344_AES_SHA512] = kex_gen_client; @@ -315,10 +314,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L1_CPA_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L1_FO_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L3_CPA_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L3_FO_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_client; @@ -344,7 +341,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->kex[KEX_KEM_NTRUPRIME_SNTRUP857_SHA384] = kex_gen_client; #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC - ssh->kex->kex[KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_976_AES_ECDH_NISTP384_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_FRODOKEM_1344_AES_ECDH_NISTP521_SHA512] = kex_gen_client; @@ -372,10 +368,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_client; diff --git a/sshd.c b/sshd.c index 65abe931ab60..6479b7b1a30a 100644 --- a/sshd.c +++ b/sshd.c @@ -2397,7 +2397,6 @@ do_ssh2_kex(struct ssh *ssh) #endif kex->kex[KEX_C25519_SHA256] = kex_gen_server; ///// OQS_TEMPLATE_FRAGMENT_POINT_TO_KEX_GEN_START - kex->kex[KEX_KEM_OQS_DEFAULT_SHA256] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_640_AES_SHA256] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_976_AES_SHA384] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_1344_AES_SHA512] = kex_gen_server; @@ -2425,10 +2424,8 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_server; kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_server; kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L1_CPA_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L1_FO_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L3_CPA_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L3_FO_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048509_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048677_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HRSS701_SHA512] = kex_gen_server; @@ -2454,7 +2451,6 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_KEM_NTRUPRIME_SNTRUP857_SHA384] = kex_gen_server; #ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC - kex->kex[KEX_KEM_OQS_DEFAULT_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_976_AES_ECDH_NISTP384_SHA384] = kex_gen_server; kex->kex[KEX_KEM_FRODOKEM_1344_AES_ECDH_NISTP521_SHA512] = kex_gen_server; @@ -2482,10 +2478,8 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_server; kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L1_CPA_ECDH_NISTP256_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L1_FO_ECDH_NISTP256_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L3_CPA_ECDH_NISTP384_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_BIKE1_L3_FO_ECDH_NISTP384_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_server; + kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048509_ECDH_NISTP256_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HPS2048677_ECDH_NISTP384_SHA512] = kex_gen_server; kex->kex[KEX_KEM_NTRU_HRSS701_ECDH_NISTP384_SHA512] = kex_gen_server; diff --git a/sshkey.c b/sshkey.c index 9f2bf165b41b..63b5883bc7ab 100644 --- a/sshkey.c +++ b/sshkey.c @@ -94,46 +94,28 @@ static size_t oqs_sig_pk_len(int type) { switch (type) { ///// OQS_TEMPLATE_FRAGMENT_RETURN_PK_LEN_START - case KEY_OQS_DEFAULT: - case KEY_RSA3072_OQS_DEFAULT: - case KEY_ECDSA_NISTP256_OQS_DEFAULT: - { // OQS-TODO: Find a cleaner way - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - size_t pk_len = sig->length_public_key; - OQS_SIG_free(sig); - return pk_len; - } case KEY_FALCON_512: case KEY_RSA3072_FALCON_512: - case KEY_ECDSA_NISTP256_FALCON_512: - return OQS_SIG_falcon_512_length_public_key; + case KEY_ECDSA_NISTP256_FALCON_512:return OQS_SIG_falcon_512_length_public_key; case KEY_FALCON_1024: - case KEY_ECDSA_NISTP521_FALCON_1024: - return OQS_SIG_falcon_1024_length_public_key; + case KEY_ECDSA_NISTP521_FALCON_1024:return OQS_SIG_falcon_1024_length_public_key; case KEY_DILITHIUM_3: - case KEY_ECDSA_NISTP384_DILITHIUM_3: - return OQS_SIG_dilithium_3_length_public_key; + case KEY_ECDSA_NISTP384_DILITHIUM_3:return OQS_SIG_dilithium_3_length_public_key; case KEY_DILITHIUM_2_AES: case KEY_RSA3072_DILITHIUM_2_AES: - case KEY_ECDSA_NISTP256_DILITHIUM_2_AES: - return OQS_SIG_dilithium_2_aes_length_public_key; + case KEY_ECDSA_NISTP256_DILITHIUM_2_AES:return OQS_SIG_dilithium_2_aes_length_public_key; case KEY_DILITHIUM_5_AES: - case KEY_ECDSA_NISTP521_DILITHIUM_5_AES: - return OQS_SIG_dilithium_5_aes_length_public_key; + case KEY_ECDSA_NISTP521_DILITHIUM_5_AES:return OQS_SIG_dilithium_5_aes_length_public_key; case KEY_PICNIC_L1_FULL: case KEY_RSA3072_PICNIC_L1_FULL: - case KEY_ECDSA_NISTP256_PICNIC_L1_FULL: - return OQS_SIG_picnic_L1_full_length_public_key; + case KEY_ECDSA_NISTP256_PICNIC_L1_FULL:return OQS_SIG_picnic_L1_full_length_public_key; case KEY_PICNIC_L3_FS: - case KEY_ECDSA_NISTP384_PICNIC_L3_FS: - return OQS_SIG_picnic_L3_FS_length_public_key; + case KEY_ECDSA_NISTP384_PICNIC_L3_FS:return OQS_SIG_picnic_L3_FS_length_public_key; case KEY_SPHINCS_HARAKA_128F_SIMPLE: case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: - case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE: - return OQS_SIG_sphincs_haraka_128f_simple_length_public_key; + case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE:return OQS_SIG_sphincs_haraka_128f_simple_length_public_key; case KEY_SPHINCS_HARAKA_192F_ROBUST: - case KEY_ECDSA_NISTP384_SPHINCS_HARAKA_192F_ROBUST: - return OQS_SIG_sphincs_haraka_192f_robust_length_public_key; + case KEY_ECDSA_NISTP384_SPHINCS_HARAKA_192F_ROBUST:return OQS_SIG_sphincs_haraka_192f_robust_length_public_key; ///// OQS_TEMPLATE_FRAGMENT_RETURN_PK_LEN_END } return 0; @@ -143,15 +125,6 @@ static size_t oqs_sig_pk_len(int type) { static size_t oqs_sig_sk_len(int type) { switch (type) { ///// OQS_TEMPLATE_FRAGMENT_RETURN_SK_LEN_START - case KEY_OQS_DEFAULT: - case KEY_RSA3072_OQS_DEFAULT: - case KEY_ECDSA_NISTP256_OQS_DEFAULT: - { // OQS-TODO: Find a cleaner way - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - size_t sk_len = sig->length_secret_key; - OQS_SIG_free(sig); - return sk_len; - } case KEY_FALCON_512: case KEY_RSA3072_FALCON_512: case KEY_ECDSA_NISTP256_FALCON_512: @@ -257,8 +230,6 @@ static const struct keytype keytypes[] = { # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEYTYPES_START - { "ssh-oqsdefault", "OQSDEFAULT", NULL, - KEY_OQS_DEFAULT, 0, 0, 0 }, { "ssh-falcon512", "FALCON512", NULL, KEY_FALCON_512, 0, 0, 0 }, { "ssh-falcon1024", "FALCON1024", NULL, @@ -278,8 +249,6 @@ static const struct keytype keytypes[] = { { "ssh-sphincsharaka192frobust", "SPHINCSHARAKA192FROBUST", NULL, KEY_SPHINCS_HARAKA_192F_ROBUST, 0, 0, 0 }, #ifdef WITH_OPENSSL - { "ssh-rsa3072-oqsdefault", "RSA3072_OQSDEFAULT", NULL, - KEY_RSA3072_OQS_DEFAULT, 0, 0, 0 }, { "ssh-rsa3072-falcon512", "RSA3072_FALCON512", NULL, KEY_RSA3072_FALCON_512, 0, 0, 0 }, { "ssh-rsa3072-dilithium2aes", "RSA3072_DILITHIUM2AES", NULL, @@ -289,8 +258,6 @@ static const struct keytype keytypes[] = { { "ssh-rsa3072-sphincsharaka128fsimple", "RSA3072_SPHINCSHARAKA128FSIMPLE", NULL, KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE, 0, 0, 0 }, #ifdef OPENSSL_HAS_ECC - { "ssh-ecdsa-nistp256-oqsdefault", "ECDSA_NISTP256_OQSDEFAULT", NULL, - KEY_ECDSA_NISTP256_OQS_DEFAULT, NID_X9_62_prime256v1, 0, 0 }, { "ssh-ecdsa-nistp256-falcon512", "ECDSA_NISTP256_FALCON512", NULL, KEY_ECDSA_NISTP256_FALCON_512, NID_X9_62_prime256v1, 0, 0 }, { "ssh-ecdsa-nistp521-falcon1024", "ECDSA_NISTP521_FALCON1024", NULL, @@ -2048,13 +2015,6 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) } switch (type) { ///// OQS_TEMPLATE_FRAGMENT_SSHKEY_GENERATE_SWITCH_KEYTYPE_START - case KEY_OQS_DEFAULT: - { // OQS-TODO: Clean this up - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - ret = sig->keypair(k->oqs_pk, k->oqs_sk); - OQS_SIG_free(sig); - break; - } case KEY_FALCON_512: ret = OQS_SIG_falcon_512_keypair(k->oqs_pk, k->oqs_sk); break; @@ -2083,13 +2043,6 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) ret = OQS_SIG_sphincs_haraka_192f_robust_keypair(k->oqs_pk, k->oqs_sk); break; #ifdef WITH_OPENSSL - case KEY_RSA3072_OQS_DEFAULT: - { // OQS-TODO: Clean this up - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - ret = sig->keypair(k->oqs_pk, k->oqs_sk); - OQS_SIG_free(sig); - break; - } case KEY_RSA3072_FALCON_512: ret = OQS_SIG_falcon_512_keypair(k->oqs_pk, k->oqs_sk); break; @@ -2103,13 +2056,6 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) ret = OQS_SIG_sphincs_haraka_128f_simple_keypair(k->oqs_pk, k->oqs_sk); break; #ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_NISTP256_OQS_DEFAULT: - { // OQS-TODO: Clean this up - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_default); - ret = sig->keypair(k->oqs_pk, k->oqs_sk); - OQS_SIG_free(sig); - break; - } case KEY_ECDSA_NISTP256_FALCON_512: ret = OQS_SIG_falcon_512_keypair(k->oqs_pk, k->oqs_sk); break; @@ -3240,9 +3186,6 @@ sshkey_sign(struct sshkey *key, processing is done there. */ switch (key->type) { ///// OQS_TEMPLATE_FRAGMENT_SSHKEY_SIGN_SWITCH_KEYTYPE_START - case KEY_OQS_DEFAULT: - r = ssh_oqsdefault_sign(key, &sig_pq, &len_pq, data, datalen, compat); - break; case KEY_FALCON_512: r = ssh_falcon512_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; @@ -3271,9 +3214,6 @@ sshkey_sign(struct sshkey *key, r = ssh_sphincsharaka192frobust_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; #ifdef WITH_OPENSSL - case KEY_RSA3072_OQS_DEFAULT: - r = ssh_oqsdefault_sign(key, &sig_pq, &len_pq, data, datalen, compat); - break; case KEY_RSA3072_FALCON_512: r = ssh_falcon512_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; @@ -3287,9 +3227,6 @@ sshkey_sign(struct sshkey *key, r = ssh_sphincsharaka128fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; #ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_NISTP256_OQS_DEFAULT: - r = ssh_oqsdefault_sign(key, &sig_pq, &len_pq, data, datalen, compat); - break; case KEY_ECDSA_NISTP256_FALCON_512: r = ssh_falcon512_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; @@ -3467,8 +3404,6 @@ sshkey_verify(const struct sshkey *key, processing is done there. */ switch (key->type) { ///// OQS_TEMPLATE_FRAGMENT_SSHKEY_VERIFY_SWITCH_KEYTYPE_START - case KEY_OQS_DEFAULT: - return ssh_oqsdefault_verify(key, sig_pq, siglen_pq, data, dlen, compat); case KEY_FALCON_512: return ssh_falcon512_verify(key, sig_pq, siglen_pq, data, dlen, compat); case KEY_FALCON_1024: @@ -3488,8 +3423,6 @@ sshkey_verify(const struct sshkey *key, case KEY_SPHINCS_HARAKA_192F_ROBUST: return ssh_sphincsharaka192frobust_verify(key, sig_pq, siglen_pq, data, dlen, compat); #ifdef WITH_OPENSSL - case KEY_RSA3072_OQS_DEFAULT: - return ssh_oqsdefault_verify(key, sig_pq, siglen_pq, data, dlen, compat); case KEY_RSA3072_FALCON_512: return ssh_falcon512_verify(key, sig_pq, siglen_pq, data, dlen, compat); case KEY_RSA3072_DILITHIUM_2_AES: @@ -3499,8 +3432,6 @@ sshkey_verify(const struct sshkey *key, case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: return ssh_sphincsharaka128fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); #ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_NISTP256_OQS_DEFAULT: - return ssh_oqsdefault_verify(key, sig_pq, siglen_pq, data, dlen, compat); case KEY_ECDSA_NISTP256_FALCON_512: return ssh_falcon512_verify(key, sig_pq, siglen_pq, data, dlen, compat); case KEY_ECDSA_NISTP521_FALCON_1024: diff --git a/sshkey.h b/sshkey.h index ec2694d25b96..a95b5d4c20e5 100644 --- a/sshkey.h +++ b/sshkey.h @@ -76,9 +76,6 @@ enum sshkey_types { KEY_ED25519_SK, KEY_ED25519_SK_CERT, ///// OQS_TEMPLATE_FRAGMENT_ENUMERATE_KEYTYPES_START - KEY_OQS_DEFAULT, - KEY_RSA3072_OQS_DEFAULT, - KEY_ECDSA_NISTP256_OQS_DEFAULT, KEY_FALCON_512, KEY_RSA3072_FALCON_512, KEY_ECDSA_NISTP256_FALCON_512, @@ -351,8 +348,6 @@ int ssh_xmss_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); ///// OQS_TEMPLATE_FRAGMENT_DECLARE_PROTOTYPES_START -int ssh_oqsdefault_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); -int ssh_oqsdefault_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); int ssh_falcon512_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); int ssh_falcon512_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); int ssh_falcon1024_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat);