From eb9950c8fc778887b7de60e3c8e4d54b757c3027 Mon Sep 17 00:00:00 2001 From: Goutam Tamvada Date: Tue, 23 May 2023 10:13:13 -0400 Subject: [PATCH] Syncing with new liboqs algorithm list. (#143) --- README.md | 8 +- kex.c | 6 - kex.h | 36 ----- kexgen.c | 60 -------- kexoqs.c | 120 --------------- kexoqsecdh.c | 123 --------------- monitor.c | 6 - myproposal.h | 6 - oqs-template/generate.yml | 299 ++----------------------------------- oqs-test/try_connection.py | 21 +-- oqs-utils.c | 12 +- oqs-utils.h | 15 +- pathnames.h | 30 ++-- readconf.c | 15 +- regress/keygen-comment.sh | 6 +- servconf.c | 20 +-- sk-api.h | 15 +- ssh-add.c | 15 +- ssh-keygen.c | 95 ++++-------- ssh-keyscan.c | 108 ++++---------- ssh-keysign.c | 17 +-- ssh-oqs.c | 96 ++---------- ssh-rsa.c | 3 +- ssh.c | 17 +-- ssh_api.c | 12 -- sshconnect2.c | 6 - sshd.c | 6 - sshkey.c | 166 +++++++------------- sshkey.h | 27 ++-- 29 files changed, 206 insertions(+), 1160 deletions(-) diff --git a/README.md b/README.md index 55c19be33adb..5f9060559b63 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ The following quantum-safe algorithms from liboqs are supported (assuming they h - **ClassicMcEliece**: `classic-mceliece-348864-sha256`, `classic-mceliece-348864f-sha256`, `classic-mceliece-460896-sha512`, `classic-mceliece-460896f-sha512`, `classic-mceliece-6688128-sha512`, `classic-mceliece-6688128f-sha512`, `classic-mceliece-6960119-sha512`, `classic-mceliece-6960119f-sha512`, `classic-mceliece-8192128-sha512`, `classic-mceliece-8192128f-sha512` - **FrodoKEM**: `frodokem-640-aes-sha256`, `frodokem-976-aes-sha384`, `frodokem-1344-aes-sha512`, `frodokem-640-shake-sha256`, `frodokem-976-shake-sha384`, `frodokem-1344-shake-sha512` - **HQC**: `hqc-128-sha256`, `hqc-192-sha384`, `hqc-256-sha512`† -- **Kyber**: `kyber-512-sha256`, `kyber-768-sha384`, `kyber-1024-sha512`, `kyber-512-90s-sha256`, `kyber-768-90s-sha384`, `kyber-1024-90s-sha512` +- **Kyber**: `kyber-512-sha256`, `kyber-768-sha384`, `kyber-1024-sha512` The following hybrid algorithms are made available: @@ -77,7 +77,7 @@ The following hybrid algorithms are made available: - **ClassicMcEliece**: `ecdh-nistp256-classic-mceliece-348864r3-sha256@openquantumsafe.org` `ecdh-nistp256-classic-mceliece-348864fr3-sha256@openquantumsafe.org` `ecdh-nistp384-classic-mceliece-460896r3-sha512@openquantumsafe.org` `ecdh-nistp384-classic-mceliece-460896fr3-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6688128r3-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6688128fr3-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6960119r3-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-6960119fr3-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-8192128r3-sha512@openquantumsafe.org` `ecdh-nistp521-classic-mceliece-8192128fr3-sha512@openquantumsafe.org` - **FrodoKEM**: `ecdh-nistp256-frodokem-640-aesr2-sha256@openquantumsafe.org` `ecdh-nistp384-frodokem-976-aesr2-sha384@openquantumsafe.org` `ecdh-nistp521-frodokem-1344-aesr2-sha512@openquantumsafe.org` `ecdh-nistp256-frodokem-640-shaker2-sha256@openquantumsafe.org` `ecdh-nistp384-frodokem-976-shaker2-sha384@openquantumsafe.org` `ecdh-nistp521-frodokem-1344-shaker2-sha512@openquantumsafe.org` - **HQC**: `ecdh-nistp256-hqc-128r3-sha256@openquantumsafe.org` `ecdh-nistp384-hqc-192r3-sha384@openquantumsafe.org` `ecdh-nistp521-hqc-256r3-sha512@openquantumsafe.org` -- **Kyber**: `ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org` `ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org` `ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org` `ecdh-nistp256-kyber-512-90sr3-sha256@openquantumsafe.org` `ecdh-nistp384-kyber-768-90sr3-sha384@openquantumsafe.org` `ecdh-nistp521-kyber-1024-90sr3-sha512@openquantumsafe.org` +- **Kyber**: `ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org` `ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org` `ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org` Note that algorithms marked with a dagger (†) have large stack usage and may cause failures when run on threads or in constrained environments. For example, McEliece require building `oqs-openssh` with a large(r) stack provision than is default: Adding `LDFLAGS="-Wl,--stack,20000000"` to [the `./configure` command below](#step-2-build-the-fork) is required to allow cygwin-based testing to pass. @@ -87,9 +87,9 @@ Note that algorithms marked with a dagger (†) have large stack usage and may c The following digital signature algorithms from liboqs are supported (assuming they have been enabled in liboqs). Note that only select L3 signature variants are enabled by default. In general, algorithms that are enabled by default are marked with an asterisk, and should you wish to enable additional variants, consult [the "Code Generation" section of the documentation in the wiki](https://github.com/open-quantum-safe/openssh/wiki/Using-liboqs-supported-algorithms-in-the-fork#code-generation). -- **Dilithium**: `dilithium2`\*, `dilithium3`\*, `dilithium5`\*, `dilithium2aes`, `dilithium3aes`, `dilithium5aes` +- **Dilithium**: `dilithium2`\*, `dilithium3`\*, `dilithium5`\* - **Falcon**: `falcon512`\*, `falcon1024`\* -- **SPHINCS**: `sphincsharaka128frobust`, `sphincsharaka128fsimple`\*, `sphincsharaka128srobust`, `sphincsharaka128ssimple`, `sphincssha256128frobust`, `sphincssha256128srobust`, `sphincssha256128fsimple`\*, `sphincssha256128ssimple`, `sphincsshake256128frobust`, `sphincsshake256128srobust`, `sphincsshake256128fsimple`, `sphincsshake256128ssimple`, `sphincsharaka192frobust`, `sphincsharaka192srobust`, `sphincsharaka192fsimple`, `sphincsharaka192ssimple`, `sphincssha256192frobust`, `sphincssha256192srobust`\*, `sphincssha256192fsimple`, `sphincssha256192ssimple`, `sphincsshake256192frobust`, `sphincsshake256192srobust`, `sphincsshake256192fsimple`, `sphincsshake256192ssimple`, `sphincsharaka256frobust`, `sphincsharaka256srobust`, `sphincsharaka256fsimple`, `sphincsharaka256ssimple`, `sphincssha256256frobust`, `sphincssha256256srobust`, `sphincssha256256fsimple`\*, `sphincssha256256ssimple`, `sphincsshake256256frobust`, `sphincsshake256256srobust`, `sphincsshake256256fsimple`, `sphincsshake256256ssimple` +- **SPHINCS**: `sphincssha2128fsimple`\*, `sphincssha2128ssimple`, `sphincsshake128fsimple`, `sphincsshake128ssimple`, `sphincssha2192fsimple`, `sphincssha2192ssimple`, `sphincsshake192fsimple`, `sphincsshake192ssimple`, `sphincssha2256fsimple`\*, `sphincssha2256ssimple`, `sphincsshake256fsimple`, `sphincsshake256ssimple` diff --git a/kex.c b/kex.c index 5670fb8c3245..0064de3b8399 100644 --- a/kex.c +++ b/kex.c @@ -127,9 +127,6 @@ static const struct kexalg kexalgs[] = { { KEX_KYBER_512_SHA256, KEX_KEM_KYBER_512_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_KYBER_768_SHA384, KEX_KEM_KYBER_768_SHA384, 0, SSH_DIGEST_SHA384 }, { KEX_KYBER_1024_SHA512, KEX_KEM_KYBER_1024_SHA512, 0, SSH_DIGEST_SHA512 }, - { KEX_KYBER_512_90S_SHA256, KEX_KEM_KYBER_512_90S_SHA256, 0, SSH_DIGEST_SHA256 }, - { KEX_KYBER_768_90S_SHA384, KEX_KEM_KYBER_768_90S_SHA384, 0, SSH_DIGEST_SHA384 }, - { KEX_KYBER_1024_90S_SHA512, KEX_KEM_KYBER_1024_90S_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_BIKE_L1_SHA512, KEX_KEM_BIKE_L1_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_BIKE_L3_SHA512, KEX_KEM_BIKE_L3_SHA512, 0, SSH_DIGEST_SHA512 }, { KEX_CLASSIC_MCELIECE_348864_SHA256, KEX_KEM_CLASSIC_MCELIECE_348864_SHA256, 0, SSH_DIGEST_SHA256 }, @@ -155,9 +152,6 @@ static const struct kexalg kexalgs[] = { { KEX_KYBER_512_ECDH_NISTP256_SHA256, KEX_KEM_KYBER_512_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, { KEX_KYBER_768_ECDH_NISTP384_SHA384, KEX_KEM_KYBER_768_ECDH_NISTP384_SHA384, NID_secp384r1, SSH_DIGEST_SHA384 }, { KEX_KYBER_1024_ECDH_NISTP521_SHA512, KEX_KEM_KYBER_1024_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, - { KEX_KYBER_512_90S_ECDH_NISTP256_SHA256, KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, - { KEX_KYBER_768_90S_ECDH_NISTP384_SHA384, KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384, NID_secp384r1, SSH_DIGEST_SHA384 }, - { KEX_KYBER_1024_90S_ECDH_NISTP521_SHA512, KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512, NID_secp521r1, SSH_DIGEST_SHA512 }, { KEX_BIKE_L1_ECDH_NISTP256_SHA512, KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512, NID_X9_62_prime256v1, SSH_DIGEST_SHA512 }, { KEX_BIKE_L3_ECDH_NISTP384_SHA512, KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512, NID_secp384r1, SSH_DIGEST_SHA512 }, { KEX_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256, KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, diff --git a/kex.h b/kex.h index 4ffc767890e5..f355c581f9dd 100644 --- a/kex.h +++ b/kex.h @@ -73,9 +73,6 @@ #define KEX_KYBER_512_SHA256 "kyber-512-sha256" #define KEX_KYBER_768_SHA384 "kyber-768-sha384" #define KEX_KYBER_1024_SHA512 "kyber-1024-sha512" -#define KEX_KYBER_512_90S_SHA256 "kyber-512-90s-sha256" -#define KEX_KYBER_768_90S_SHA384 "kyber-768-90s-sha384" -#define KEX_KYBER_1024_90S_SHA512 "kyber-1024-90s-sha512" #define KEX_BIKE_L1_SHA512 "bike-l1-sha512" #define KEX_BIKE_L3_SHA512 "bike-l3-sha512" #define KEX_CLASSIC_MCELIECE_348864_SHA256 "classic-mceliece-348864-sha256" @@ -102,9 +99,6 @@ #define KEX_KYBER_512_ECDH_NISTP256_SHA256 "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org" #define KEX_KYBER_768_ECDH_NISTP384_SHA384 "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org" #define KEX_KYBER_1024_ECDH_NISTP521_SHA512 "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org" -#define KEX_KYBER_512_90S_ECDH_NISTP256_SHA256 "ecdh-nistp256-kyber-512-90sr3-sha256@openquantumsafe.org" -#define KEX_KYBER_768_90S_ECDH_NISTP384_SHA384 "ecdh-nistp384-kyber-768-90sr3-sha384@openquantumsafe.org" -#define KEX_KYBER_1024_90S_ECDH_NISTP521_SHA512 "ecdh-nistp521-kyber-1024-90sr3-sha512@openquantumsafe.org" #define KEX_BIKE_L1_ECDH_NISTP256_SHA512 "ecdh-nistp256-bike-l1r3-sha512@openquantumsafe.org" #define KEX_BIKE_L3_ECDH_NISTP384_SHA512 "ecdh-nistp384-bike-l3r3-sha512@openquantumsafe.org" #define KEX_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256 "ecdh-nistp256-classic-mceliece-348864r3-sha256@openquantumsafe.org" @@ -173,9 +167,6 @@ enum kex_exchange { KEX_KEM_KYBER_512_SHA256, KEX_KEM_KYBER_768_SHA384, KEX_KEM_KYBER_1024_SHA512, - KEX_KEM_KYBER_512_90S_SHA256, - KEX_KEM_KYBER_768_90S_SHA384, - KEX_KEM_KYBER_1024_90S_SHA512, KEX_KEM_BIKE_L1_SHA512, KEX_KEM_BIKE_L3_SHA512, KEX_KEM_CLASSIC_MCELIECE_348864_SHA256, @@ -202,9 +193,6 @@ enum kex_exchange { KEX_KEM_KYBER_512_ECDH_NISTP256_SHA256, KEX_KEM_KYBER_768_ECDH_NISTP384_SHA384, KEX_KEM_KYBER_1024_ECDH_NISTP521_SHA512, - KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256, - KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384, - KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512, KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512, KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512, KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256, @@ -391,18 +379,6 @@ int kex_kem_kyber_768_dec(struct kex *, const struct sshbuf *, struct sshbuf ** int kex_kem_kyber_1024_keypair(struct kex *); int kex_kem_kyber_1024_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); int kex_kem_kyber_1024_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* kyber_512_90s prototypes */ -int kex_kem_kyber_512_90s_keypair(struct kex *); -int kex_kem_kyber_512_90s_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_kyber_512_90s_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* kyber_768_90s prototypes */ -int kex_kem_kyber_768_90s_keypair(struct kex *); -int kex_kem_kyber_768_90s_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_kyber_768_90s_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* kyber_1024_90s prototypes */ -int kex_kem_kyber_1024_90s_keypair(struct kex *); -int kex_kem_kyber_1024_90s_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_kyber_1024_90s_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* bike_l1 prototypes */ int kex_kem_bike_l1_keypair(struct kex *); int kex_kem_bike_l1_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); @@ -501,18 +477,6 @@ int kex_kem_kyber_768_ecdh_nistp384_dec(struct kex *, const struct sshbuf *, st int kex_kem_kyber_1024_ecdh_nistp521_keypair(struct kex *); int kex_kem_kyber_1024_ecdh_nistp521_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); int kex_kem_kyber_1024_ecdh_nistp521_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* kyber_512_90s_nistp256 prototypes */ -int kex_kem_kyber_512_90s_ecdh_nistp256_keypair(struct kex *); -int kex_kem_kyber_512_90s_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_kyber_512_90s_ecdh_nistp256_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* kyber_768_90s_nistp384 prototypes */ -int kex_kem_kyber_768_90s_ecdh_nistp384_keypair(struct kex *); -int kex_kem_kyber_768_90s_ecdh_nistp384_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_kyber_768_90s_ecdh_nistp384_dec(struct kex *, const struct sshbuf *, struct sshbuf **); -/* kyber_1024_90s_nistp521 prototypes */ -int kex_kem_kyber_1024_90s_ecdh_nistp521_keypair(struct kex *); -int kex_kem_kyber_1024_90s_ecdh_nistp521_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); -int kex_kem_kyber_1024_90s_ecdh_nistp521_dec(struct kex *, const struct sshbuf *, struct sshbuf **); /* bike_l1_nistp256 prototypes */ int kex_kem_bike_l1_ecdh_nistp256_keypair(struct kex *); int kex_kem_bike_l1_ecdh_nistp256_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **); diff --git a/kexgen.c b/kexgen.c index 8fde3c9961f7..119a3d6927b5 100644 --- a/kexgen.c +++ b/kexgen.c @@ -149,15 +149,6 @@ kex_gen_client(struct ssh *ssh) case KEX_KEM_KYBER_1024_SHA512: r = kex_kem_kyber_1024_keypair(kex); break; - case KEX_KEM_KYBER_512_90S_SHA256: - r = kex_kem_kyber_512_90s_keypair(kex); - break; - case KEX_KEM_KYBER_768_90S_SHA384: - r = kex_kem_kyber_768_90s_keypair(kex); - break; - case KEX_KEM_KYBER_1024_90S_SHA512: - r = kex_kem_kyber_1024_90s_keypair(kex); - break; case KEX_KEM_BIKE_L1_SHA512: r = kex_kem_bike_l1_keypair(kex); break; @@ -232,15 +223,6 @@ kex_gen_client(struct ssh *ssh) case KEX_KEM_KYBER_1024_ECDH_NISTP521_SHA512: r = kex_kem_kyber_1024_ecdh_nistp521_keypair(kex); break; - case KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256: - r = kex_kem_kyber_512_90s_ecdh_nistp256_keypair(kex); - break; - case KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384: - r = kex_kem_kyber_768_90s_ecdh_nistp384_keypair(kex); - break; - case KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512: - r = kex_kem_kyber_1024_90s_ecdh_nistp521_keypair(kex); - break; case KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512: r = kex_kem_bike_l1_ecdh_nistp256_keypair(kex); break; @@ -389,15 +371,6 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_KEM_KYBER_1024_SHA512: r = kex_kem_kyber_1024_dec(kex, server_blob, &shared_secret); break; - case KEX_KEM_KYBER_512_90S_SHA256: - r = kex_kem_kyber_512_90s_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_KYBER_768_90S_SHA384: - r = kex_kem_kyber_768_90s_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_KYBER_1024_90S_SHA512: - r = kex_kem_kyber_1024_90s_dec(kex, server_blob, &shared_secret); - break; case KEX_KEM_BIKE_L1_SHA512: r = kex_kem_bike_l1_dec(kex, server_blob, &shared_secret); break; @@ -472,15 +445,6 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) case KEX_KEM_KYBER_1024_ECDH_NISTP521_SHA512: r = kex_kem_kyber_1024_ecdh_nistp521_dec(kex, server_blob, &shared_secret); break; - case KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256: - r = kex_kem_kyber_512_90s_ecdh_nistp256_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384: - r = kex_kem_kyber_768_90s_ecdh_nistp384_dec(kex, server_blob, &shared_secret); - break; - case KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512: - r = kex_kem_kyber_1024_90s_ecdh_nistp521_dec(kex, server_blob, &shared_secret); - break; case KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512: r = kex_kem_bike_l1_ecdh_nistp256_dec(kex, server_blob, &shared_secret); break; @@ -689,18 +653,6 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_kem_kyber_1024_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; - case KEX_KEM_KYBER_512_90S_SHA256: - r = kex_kem_kyber_512_90s_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_KYBER_768_90S_SHA384: - r = kex_kem_kyber_768_90s_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_KYBER_1024_90S_SHA512: - r = kex_kem_kyber_1024_90s_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; case KEX_KEM_BIKE_L1_SHA512: r = kex_kem_bike_l1_enc(kex, client_pubkey, &server_pubkey, &shared_secret); @@ -799,18 +751,6 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) r = kex_kem_kyber_1024_ecdh_nistp521_enc(kex, client_pubkey, &server_pubkey, &shared_secret); break; - case KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256: - r = kex_kem_kyber_512_90s_ecdh_nistp256_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384: - r = kex_kem_kyber_768_90s_ecdh_nistp384_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; - case KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512: - r = kex_kem_kyber_1024_90s_ecdh_nistp521_enc(kex, client_pubkey, - &server_pubkey, &shared_secret); - break; case KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512: r = kex_kem_bike_l1_ecdh_nistp256_enc(kex, client_pubkey, &server_pubkey, &shared_secret); diff --git a/kexoqs.c b/kexoqs.c index 808ce2088264..52651215aa30 100644 --- a/kexoqs.c +++ b/kexoqs.c @@ -523,126 +523,6 @@ int kex_kem_kyber_1024_dec(struct kex *kex, OQS_KEM_free(kem); return r; } -/*--------------------------------------------------- - * KYBER_512_90S METHODS - *--------------------------------------------------- - */ -int kex_kem_kyber_512_90s_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_512_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} -int kex_kem_kyber_512_90s_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_512_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_kyber_512_90s_dec(struct kex *kex, - const struct sshbuf *server_blob, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_512_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------- - * KYBER_768_90S METHODS - *--------------------------------------------------- - */ -int kex_kem_kyber_768_90s_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_768_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} -int kex_kem_kyber_768_90s_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_768_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_kyber_768_90s_dec(struct kex *kex, - const struct sshbuf *server_blob, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_768_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------- - * KYBER_1024_90S METHODS - *--------------------------------------------------- - */ -int kex_kem_kyber_1024_90s_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_1024_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} -int kex_kem_kyber_1024_90s_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_1024_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_kyber_1024_90s_dec(struct kex *kex, - const struct sshbuf *server_blob, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_1024_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp); - OQS_KEM_free(kem); - return r; -} /*--------------------------------------------------- * BIKE_L1 METHODS *--------------------------------------------------- diff --git a/kexoqsecdh.c b/kexoqsecdh.c index b5124c9fda2a..36eabce5ffc1 100644 --- a/kexoqsecdh.c +++ b/kexoqsecdh.c @@ -721,129 +721,6 @@ int kex_kem_kyber_1024_ecdh_nistp521_dec(struct kex *kex, OQS_KEM_free(kem); return r; } -/*--------------------------------------------------------------- - * KYBER_512_90S_ECDH_NISTP256 METHODS - *--------------------------------------------------------------- - */ -int kex_kem_kyber_512_90s_ecdh_nistp256_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_512_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_kyber_512_90s_ecdh_nistp256_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_512_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_kyber_512_90s_ecdh_nistp256_dec(struct kex *kex, - const struct sshbuf *server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_512_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------------------- - * KYBER_768_90S_ECDH_NISTP384 METHODS - *--------------------------------------------------------------- - */ -int kex_kem_kyber_768_90s_ecdh_nistp384_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_768_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_kyber_768_90s_ecdh_nistp384_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_768_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_kyber_768_90s_ecdh_nistp384_dec(struct kex *kex, - const struct sshbuf *server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_768_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} -/*--------------------------------------------------------------- - * KYBER_1024_90S_ECDH_NISTP521 METHODS - *--------------------------------------------------------------- - */ -int kex_kem_kyber_1024_90s_ecdh_nistp521_keypair(struct kex *kex) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_1024_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_keypair(kem, kex); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_kyber_1024_90s_ecdh_nistp521_enc(struct kex *kex, - const struct sshbuf *client_blob, - struct sshbuf **server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_1024_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_enc(kem, kex, client_blob, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} - -int kex_kem_kyber_1024_90s_ecdh_nistp521_dec(struct kex *kex, - const struct sshbuf *server_blobp, - struct sshbuf **shared_secretp) -{ - OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_kyber_1024_90s); - if (kem == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = kex_kem_generic_with_ec_dec(kem, kex, server_blobp, shared_secretp); - OQS_KEM_free(kem); - return r; -} /*--------------------------------------------------------------- * BIKE_L1_ECDH_NISTP256 METHODS *--------------------------------------------------------------- diff --git a/monitor.c b/monitor.c index 7db7b2ca5236..3ebf388d1b6c 100644 --- a/monitor.c +++ b/monitor.c @@ -1761,9 +1761,6 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_KEM_KYBER_512_SHA256] = kex_gen_server; kex->kex[KEX_KEM_KYBER_768_SHA384] = kex_gen_server; kex->kex[KEX_KEM_KYBER_1024_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_server; kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_server; kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_server; @@ -1790,9 +1787,6 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) kex->kex[KEX_KEM_KYBER_512_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_KYBER_768_ECDH_NISTP384_SHA384] = kex_gen_server; kex->kex[KEX_KEM_KYBER_1024_ECDH_NISTP521_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_server; kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_server; kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_server; diff --git a/myproposal.h b/myproposal.h index 43dd0042266b..227225c5f695 100644 --- a/myproposal.h +++ b/myproposal.h @@ -57,12 +57,6 @@ "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org," \ "kyber-1024-sha512," \ "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org," \ - "kyber-512-90s-sha256," \ - "ecdh-nistp256-kyber-512-90sr3-sha256@openquantumsafe.org," \ - "kyber-768-90s-sha384," \ - "ecdh-nistp384-kyber-768-90sr3-sha384@openquantumsafe.org," \ - "kyber-1024-90s-sha512," \ - "ecdh-nistp521-kyber-1024-90sr3-sha512@openquantumsafe.org," \ "bike-l1-sha512," \ "ecdh-nistp256-bike-l1r3-sha512@openquantumsafe.org," \ "bike-l3-sha512," \ diff --git a/oqs-template/generate.yml b/oqs-template/generate.yml index cdac4fabd918..d7e29fabe013 100644 --- a/oqs-template/generate.yml +++ b/oqs-template/generate.yml @@ -90,36 +90,6 @@ kexs: name: 'nistp521' openssl_nid: 'NID_secp521r1' pretty_name: 'ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org' - - - family: 'Kyber' - name: 'kyber_512_90s' - hash: 'sha256' - pretty_name: 'kyber-512-90s-sha256' - mix_with: - - - name: 'nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - pretty_name: 'ecdh-nistp256-kyber-512-90sr3-sha256@openquantumsafe.org' - - - family: 'Kyber' - name: 'kyber_768_90s' - hash: 'sha384' - pretty_name: 'kyber-768-90s-sha384' - mix_with: - - - name: 'nistp384' - openssl_nid: 'NID_secp384r1' - pretty_name: 'ecdh-nistp384-kyber-768-90sr3-sha384@openquantumsafe.org' - - - family: 'Kyber' - name: 'kyber_1024_90s' - hash: 'sha512' - pretty_name: 'kyber-1024-90s-sha512' - mix_with: - - - name: 'nistp521' - openssl_nid: 'NID_secp521r1' - pretty_name: 'ecdh-nistp521-kyber-1024-90sr3-sha512@openquantumsafe.org' - family: 'BIKE' name: 'bike_l1' @@ -323,103 +293,9 @@ sigs: - name: 'ecdsa_nistp521' openssl_nid: 'NID_secp521r1' - - - family: 'Dilithium' - name: 'dilithium_2_aes' - level: 1 - mix_with: - - - name: 'rsa3072' - rsa: true - - - name: 'ecdsa_nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - - - family: 'Dilithium' - name: 'dilithium_3_aes' - level: 3 - mix_with: - - - name: 'ecdsa_nistp384' - openssl_nid: 'NID_secp384r1' - - - family: 'Dilithium' - name: 'dilithium_5_aes' - level: 5 - mix_with: - - - name: 'ecdsa_nistp521' - openssl_nid: 'NID_secp521r1' - - - family: 'SPHINCS' - name: 'sphincs_haraka_128f_robust' - level: 1 - mix_with: - - - name: 'rsa3072' - rsa: true - - - name: 'ecdsa_nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - - - family: 'SPHINCS' - name: 'sphincs_haraka_128f_simple' - enable: true - level: 1 - mix_with: - - - name: 'rsa3072' - rsa: true - - - name: 'ecdsa_nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - - - family: 'SPHINCS' - name: 'sphincs_haraka_128s_robust' - level: 1 - mix_with: - - - name: 'rsa3072' - rsa: true - - - name: 'ecdsa_nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - - - family: 'SPHINCS' - name: 'sphincs_haraka_128s_simple' - level: 1 - mix_with: - - - name: 'rsa3072' - rsa: true - - - name: 'ecdsa_nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - - - family: 'SPHINCS' - name: 'sphincs_sha256_128f_robust' - level: 1 - mix_with: - - - name: 'rsa3072' - rsa: true - - - name: 'ecdsa_nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - - - family: 'SPHINCS' - name: 'sphincs_sha256_128s_robust' - level: 1 - mix_with: - - - name: 'rsa3072' - rsa: true - - - name: 'ecdsa_nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - family: 'SPHINCS' - name: 'sphincs_sha256_128f_simple' + name: 'sphincs_sha2_128f_simple' enable: true level: 1 mix_with: @@ -431,7 +307,7 @@ sigs: openssl_nid: 'NID_X9_62_prime256v1' - family: 'SPHINCS' - name: 'sphincs_sha256_128s_simple' + name: 'sphincs_sha2_128s_simple' level: 1 mix_with: - @@ -442,7 +318,7 @@ sigs: openssl_nid: 'NID_X9_62_prime256v1' - family: 'SPHINCS' - name: 'sphincs_shake256_128f_robust' + name: 'sphincs_shake_128f_simple' level: 1 mix_with: - @@ -453,7 +329,7 @@ sigs: openssl_nid: 'NID_X9_62_prime256v1' - family: 'SPHINCS' - name: 'sphincs_shake256_128s_robust' + name: 'sphincs_shake_128s_simple' level: 1 mix_with: - @@ -464,29 +340,7 @@ sigs: openssl_nid: 'NID_X9_62_prime256v1' - family: 'SPHINCS' - name: 'sphincs_shake256_128f_simple' - level: 1 - mix_with: - - - name: 'rsa3072' - rsa: true - - - name: 'ecdsa_nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - - - family: 'SPHINCS' - name: 'sphincs_shake256_128s_simple' - level: 1 - mix_with: - - - name: 'rsa3072' - rsa: true - - - name: 'ecdsa_nistp256' - openssl_nid: 'NID_X9_62_prime256v1' - - - family: 'SPHINCS' - name: 'sphincs_haraka_192f_robust' + name: 'sphincs_sha2_192f_simple' level: 3 mix_with: - @@ -494,7 +348,7 @@ sigs: openssl_nid: 'NID_secp384r1' - family: 'SPHINCS' - name: 'sphincs_haraka_192s_robust' + name: 'sphincs_sha2_192s_simple' level: 3 mix_with: - @@ -502,7 +356,7 @@ sigs: openssl_nid: 'NID_secp384r1' - family: 'SPHINCS' - name: 'sphincs_haraka_192f_simple' + name: 'sphincs_shake_192f_simple' level: 3 mix_with: - @@ -510,7 +364,7 @@ sigs: openssl_nid: 'NID_secp384r1' - family: 'SPHINCS' - name: 'sphincs_haraka_192s_simple' + name: 'sphincs_shake_192s_simple' level: 3 mix_with: - @@ -518,137 +372,8 @@ sigs: openssl_nid: 'NID_secp384r1' - family: 'SPHINCS' - name: 'sphincs_sha256_192f_robust' - level: 3 - mix_with: - - - name: 'ecdsa_nistp384' - openssl_nid: 'NID_secp384r1' - - - family: 'SPHINCS' - name: 'sphincs_sha256_192s_robust' + name: 'sphincs_sha2_256f_simple' enable: true - level: 3 - mix_with: - - - name: 'ecdsa_nistp384' - openssl_nid: 'NID_secp384r1' - - - family: 'SPHINCS' - name: 'sphincs_sha256_192f_simple' - level: 3 - mix_with: - - - name: 'ecdsa_nistp384' - openssl_nid: 'NID_secp384r1' - - - family: 'SPHINCS' - name: 'sphincs_sha256_192s_simple' - level: 3 - mix_with: - - - name: 'ecdsa_nistp384' - openssl_nid: 'NID_secp384r1' - - - family: 'SPHINCS' - name: 'sphincs_shake256_192f_robust' - level: 3 - mix_with: - - - name: 'ecdsa_nistp384' - openssl_nid: 'NID_secp384r1' - - - family: 'SPHINCS' - name: 'sphincs_shake256_192s_robust' - level: 3 - mix_with: - - - name: 'ecdsa_nistp384' - openssl_nid: 'NID_secp384r1' - - - family: 'SPHINCS' - name: 'sphincs_shake256_192f_simple' - level: 3 - mix_with: - - - name: 'ecdsa_nistp384' - openssl_nid: 'NID_secp384r1' - - - family: 'SPHINCS' - name: 'sphincs_shake256_192s_simple' - level: 3 - mix_with: - - - name: 'ecdsa_nistp384' - openssl_nid: 'NID_secp384r1' - - - family: 'SPHINCS' - name: 'sphincs_haraka_256f_robust' - level: 5 - mix_with: - - - name: 'ecdsa_nistp521' - openssl_nid: 'NID_secp521r1' - - - family: 'SPHINCS' - name: 'sphincs_haraka_256s_robust' - level: 5 - mix_with: - - - name: 'ecdsa_nistp521' - openssl_nid: 'NID_secp521r1' - - - family: 'SPHINCS' - name: 'sphincs_haraka_256f_simple' - level: 5 - mix_with: - - - name: 'ecdsa_nistp521' - openssl_nid: 'NID_secp521r1' - - - family: 'SPHINCS' - name: 'sphincs_haraka_256s_simple' - level: 5 - mix_with: - - - name: 'ecdsa_nistp521' - openssl_nid: 'NID_secp521r1' - - - family: 'SPHINCS' - name: 'sphincs_sha256_256f_robust' - level: 5 - mix_with: - - - name: 'ecdsa_nistp521' - openssl_nid: 'NID_secp521r1' - - - family: 'SPHINCS' - name: 'sphincs_sha256_256s_robust' - level: 5 - mix_with: - - - name: 'ecdsa_nistp521' - openssl_nid: 'NID_secp521r1' - - - family: 'SPHINCS' - name: 'sphincs_sha256_256f_simple' - enable: true - level: 5 - mix_with: - - - name: 'ecdsa_nistp521' - openssl_nid: 'NID_secp521r1' - - - family: 'SPHINCS' - name: 'sphincs_sha256_256s_simple' - level: 5 - mix_with: - - - name: 'ecdsa_nistp521' - openssl_nid: 'NID_secp521r1' - - - family: 'SPHINCS' - name: 'sphincs_shake256_256f_robust' level: 5 mix_with: - @@ -656,7 +381,7 @@ sigs: openssl_nid: 'NID_secp521r1' - family: 'SPHINCS' - name: 'sphincs_shake256_256s_robust' + name: 'sphincs_sha2_256s_simple' level: 5 mix_with: - @@ -664,7 +389,7 @@ sigs: openssl_nid: 'NID_secp521r1' - family: 'SPHINCS' - name: 'sphincs_shake256_256f_simple' + name: 'sphincs_shake_256f_simple' level: 5 mix_with: - @@ -672,7 +397,7 @@ sigs: openssl_nid: 'NID_secp521r1' - family: 'SPHINCS' - name: 'sphincs_shake256_256s_simple' + name: 'sphincs_shake_256s_simple' level: 5 mix_with: - diff --git a/oqs-test/try_connection.py b/oqs-test/try_connection.py index bd7665101e2e..7898d73176ea 100644 --- a/oqs-test/try_connection.py +++ b/oqs-test/try_connection.py @@ -30,12 +30,6 @@ "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org", "kyber-1024-sha512", "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org", - "kyber-512-90s-sha256", - "ecdh-nistp256-kyber-512-90sr3-sha256@openquantumsafe.org", - "kyber-768-90s-sha384", - "ecdh-nistp384-kyber-768-90sr3-sha384@openquantumsafe.org", - "kyber-1024-90s-sha512", - "ecdh-nistp521-kyber-1024-90sr3-sha512@openquantumsafe.org", "bike-l1-sha512", "ecdh-nistp256-bike-l1r3-sha512@openquantumsafe.org", "bike-l3-sha512", @@ -83,16 +77,11 @@ "ssh-ecdsa-nistp384-dilithium3", "ssh-dilithium5", "ssh-ecdsa-nistp521-dilithium5", - "ssh-sphincsharaka128fsimple", - "ssh-rsa3072-sphincsharaka128fsimple", - "ssh-ecdsa-nistp256-sphincsharaka128fsimple", - "ssh-sphincssha256128fsimple", - "ssh-rsa3072-sphincssha256128fsimple", - "ssh-ecdsa-nistp256-sphincssha256128fsimple", - "ssh-sphincssha256192srobust", - "ssh-ecdsa-nistp384-sphincssha256192srobust", - "ssh-sphincssha256256fsimple", - "ssh-ecdsa-nistp521-sphincssha256256fsimple", + "ssh-sphincssha2128fsimple", + "ssh-rsa3072-sphincssha2128fsimple", + "ssh-ecdsa-nistp256-sphincssha2128fsimple", + "ssh-sphincssha2256fsimple", + "ssh-ecdsa-nistp521-sphincssha2256fsimple", ##### OQS_TEMPLATE_FRAGMENT_LIST_ALL_SIGS_END ] diff --git a/oqs-utils.c b/oqs-utils.c index 27a1870af19a..e4c5a1cfcbc9 100644 --- a/oqs-utils.c +++ b/oqs-utils.c @@ -7,9 +7,7 @@ int oqs_utils_is_rsa_hybrid(int keytype) { return 1; case KEY_RSA3072_DILITHIUM_2: return 1; - case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: - return 1; - case KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE: + case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: return 1; ///// OQS_TEMPLATE_FRAGMENT_LIST_RSA_HYBRIDS_END } @@ -29,13 +27,9 @@ int oqs_utils_is_ecdsa_hybrid(int keytype) { return 1; case KEY_ECDSA_NISTP521_DILITHIUM_5: return 1; - case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE: - return 1; - case KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE: - return 1; - case KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST: + case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: return 1; - case KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE: + case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: return 1; ///// OQS_TEMPLATE_FRAGMENT_LIST_ECDSA_HYBRIDS_END } diff --git a/oqs-utils.h b/oqs-utils.h index 660ae73be6a3..58a5c90a0e11 100644 --- a/oqs-utils.h +++ b/oqs-utils.h @@ -12,16 +12,13 @@ case KEY_DILITHIUM_2: \ case KEY_DILITHIUM_3: \ case KEY_DILITHIUM_5: \ - case KEY_SPHINCS_HARAKA_128F_SIMPLE: \ - case KEY_SPHINCS_SHA256_128F_SIMPLE: \ - case KEY_SPHINCS_SHA256_192S_ROBUST: \ - case KEY_SPHINCS_SHA256_256F_SIMPLE + case KEY_SPHINCS_SHA2_128F_SIMPLE: \ + case KEY_SPHINCS_SHA2_256F_SIMPLE #define CASE_KEY_RSA_HYBRID \ case KEY_RSA3072_FALCON_512: \ case KEY_RSA3072_DILITHIUM_2: \ - case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: \ - case KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE + case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE #define CASE_KEY_ECDSA_HYBRID \ case KEY_ECDSA_NISTP256_FALCON_512: \ @@ -29,10 +26,8 @@ case KEY_ECDSA_NISTP256_DILITHIUM_2: \ case KEY_ECDSA_NISTP384_DILITHIUM_3: \ case KEY_ECDSA_NISTP521_DILITHIUM_5: \ - case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE: \ - case KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE: \ - case KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST: \ - case KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE + case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: \ + case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEY_CASE_MACROS_END #define CASE_KEY_HYBRID \ diff --git a/pathnames.h b/pathnames.h index b06d38ec5371..591b8df9f5b4 100644 --- a/pathnames.h +++ b/pathnames.h @@ -54,16 +54,11 @@ #define _PATH_HOST_ECDSA_NISTP384_DILITHIUM_3_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp384_dilithium3_key" #define _PATH_HOST_DILITHIUM_5_KEY_FILE SSHDIR "/ssh_host_dilithium5_key" #define _PATH_HOST_ECDSA_NISTP521_DILITHIUM_5_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp521_dilithium5_key" -#define _PATH_HOST_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_sphincsharaka128fsimple_key" -#define _PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_rsa3072_sphincsharaka128fsimple_key" -#define _PATH_HOST_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp256_sphincsharaka128fsimple_key" -#define _PATH_HOST_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_sphincssha256128fsimple_key" -#define _PATH_HOST_RSA3072_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_rsa3072_sphincssha256128fsimple_key" -#define _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp256_sphincssha256128fsimple_key" -#define _PATH_HOST_SPHINCS_SHA256_192S_ROBUST_KEY_FILE SSHDIR "/ssh_host_sphincssha256192srobust_key" -#define _PATH_HOST_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp384_sphincssha256192srobust_key" -#define _PATH_HOST_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_sphincssha256256fsimple_key" -#define _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp521_sphincssha256256fsimple_key" +#define _PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_sphincssha2128fsimple_key" +#define _PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_rsa3072_sphincssha2128fsimple_key" +#define _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp256_sphincssha2128fsimple_key" +#define _PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_sphincssha2256fsimple_key" +#define _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE SSHDIR "/ssh_host_ecdsa_nistp521_sphincssha2256fsimple_key" ///// OQS_TEMPLATE_FRAGMENT_ADD_KEY_FILE_PATHS_END #define _PATH_DH_MODULI SSHDIR "/moduli" @@ -116,16 +111,11 @@ #define _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_DILITHIUM_3 _PATH_SSH_USER_DIR "/id_ecdsa_nistp384_dilithium3" #define _PATH_SSH_CLIENT_ID_DILITHIUM_5 _PATH_SSH_USER_DIR "/id_dilithium5" #define _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_DILITHIUM_5 _PATH_SSH_USER_DIR "/id_ecdsa_nistp521_dilithium5" -#define _PATH_SSH_CLIENT_ID_SPHINCS_HARAKA_128F_SIMPLE _PATH_SSH_USER_DIR "/id_sphincsharaka128fsimple" -#define _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_HARAKA_128F_SIMPLE _PATH_SSH_USER_DIR "/id_rsa3072_sphincsharaka128fsimple" -#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE _PATH_SSH_USER_DIR "/id_ecdsa_nistp256_sphincsharaka128fsimple" -#define _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_128F_SIMPLE _PATH_SSH_USER_DIR "/id_sphincssha256128fsimple" -#define _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA256_128F_SIMPLE _PATH_SSH_USER_DIR "/id_rsa3072_sphincssha256128fsimple" -#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE _PATH_SSH_USER_DIR "/id_ecdsa_nistp256_sphincssha256128fsimple" -#define _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_192S_ROBUST _PATH_SSH_USER_DIR "/id_sphincssha256192srobust" -#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST _PATH_SSH_USER_DIR "/id_ecdsa_nistp384_sphincssha256192srobust" -#define _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_256F_SIMPLE _PATH_SSH_USER_DIR "/id_sphincssha256256fsimple" -#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE _PATH_SSH_USER_DIR "/id_ecdsa_nistp521_sphincssha256256fsimple" +#define _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_128F_SIMPLE _PATH_SSH_USER_DIR "/id_sphincssha2128fsimple" +#define _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA2_128F_SIMPLE _PATH_SSH_USER_DIR "/id_rsa3072_sphincssha2128fsimple" +#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE _PATH_SSH_USER_DIR "/id_ecdsa_nistp256_sphincssha2128fsimple" +#define _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_256F_SIMPLE _PATH_SSH_USER_DIR "/id_sphincssha2256fsimple" +#define _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE _PATH_SSH_USER_DIR "/id_ecdsa_nistp521_sphincssha2256fsimple" ///// OQS_TEMPLATE_FRAGMENT_ADD_ID_FILE_PATHS_END /* diff --git a/readconf.c b/readconf.c index 6d80546f1372..6d91270f692d 100644 --- a/readconf.c +++ b/readconf.c @@ -2549,25 +2549,20 @@ fill_default_options(Options * options) add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DILITHIUM_2, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DILITHIUM_3, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DILITHIUM_5, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SPHINCS_HARAKA_128F_SIMPLE, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_128F_SIMPLE, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_192S_ROBUST, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_256F_SIMPLE, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_128F_SIMPLE, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_256F_SIMPLE, 0); #ifdef WITH_OPENSSL add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_FALCON_512, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_DILITHIUM_2, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_HARAKA_128F_SIMPLE, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA256_128F_SIMPLE, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA2_128F_SIMPLE, 0); #ifdef OPENSSL_HAS_ECC add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_FALCON_512, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_FALCON_1024, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_DILITHIUM_2, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_DILITHIUM_3, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_DILITHIUM_5, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST, 0); - add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE, 0); + add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE, 0); #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ ///// OQS_TEMPLATE_FRAGMENT_ADD_ID_FILES_END diff --git a/regress/keygen-comment.sh b/regress/keygen-comment.sh index 7cee15eb4989..622de5b46ec0 100644 --- a/regress/keygen-comment.sh +++ b/regress/keygen-comment.sh @@ -36,10 +36,8 @@ for fmt in '' RFC4716 PKCS8 PEM; do *dilithium2*) test -z "$oldfmt" || continue ;; *dilithium3*) test -z "$oldfmt" || continue ;; *dilithium5*) test -z "$oldfmt" || continue ;; - *sphincsharaka128fsimple*) test -z "$oldfmt" || continue ;; - *sphincssha256128fsimple*) test -z "$oldfmt" || continue ;; - *sphincssha256192srobust*) test -z "$oldfmt" || continue ;; - *sphincssha256256fsimple*) test -z "$oldfmt" || continue ;; + *sphincssha2128fsimple*) test -z "$oldfmt" || continue ;; + *sphincssha2256fsimple*) test -z "$oldfmt" || continue ;; ##### OQS_TEMPLATE_FRAGMENT_EXCLUDE_OQS_ALGS_END esac comment="foo bar" diff --git a/servconf.c b/servconf.c index 81c6ec034e25..18407edd1a2a 100644 --- a/servconf.c +++ b/servconf.c @@ -306,22 +306,16 @@ fill_default_server_options(ServerOptions *options) servconf_add_hostkey("[default]", 0, options, _PATH_HOST_DILITHIUM_5_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 0); + _PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, 0); - servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_SPHINCS_SHA256_192S_ROBUST_KEY_FILE, 0); - servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE, 0); + _PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, 0); #ifdef WITH_OPENSSL servconf_add_hostkey("[default]", 0, options, _PATH_HOST_RSA3072_FALCON_512_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, _PATH_HOST_RSA3072_DILITHIUM_2_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 0); - servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_RSA3072_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, 0); + _PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 0); #ifdef OPENSSL_HAS_ECC servconf_add_hostkey("[default]", 0, options, _PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE, 0); @@ -334,13 +328,9 @@ fill_default_server_options(ServerOptions *options) servconf_add_hostkey("[default]", 0, options, _PATH_HOST_ECDSA_NISTP521_DILITHIUM_5_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 0); - servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, 0); - servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST_KEY_FILE, 0); + _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 0); servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE, 0); + _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, 0); #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ ///// OQS_TEMPLATE_FRAGMENT_SERVER_ADD_HOSTKEYS_END diff --git a/sk-api.h b/sk-api.h index f0b62464ca36..7b40797552ec 100644 --- a/sk-api.h +++ b/sk-api.h @@ -44,16 +44,11 @@ #define SSH_SK_ECDSA_NISTP384_DILITHIUM_3 0x0B #define SSH_SK_DILITHIUM_5 0x0C #define SSH_SK_ECDSA_NISTP521_DILITHIUM_5 0x0D -#define SSH_SK_SPHINCS_HARAKA_128F_SIMPLE 0x0E -#define SSH_SK_RSA3072_SPHINCS_HARAKA_128F_SIMPLE 0x0F -#define SSH_SK_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE 0x10 -#define SSH_SK_SPHINCS_SHA256_128F_SIMPLE 0x11 -#define SSH_SK_RSA3072_SPHINCS_SHA256_128F_SIMPLE 0x12 -#define SSH_SK_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE 0x13 -#define SSH_SK_SPHINCS_SHA256_192S_ROBUST 0x14 -#define SSH_SK_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST 0x15 -#define SSH_SK_SPHINCS_SHA256_256F_SIMPLE 0x16 -#define SSH_SK_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE 0x17 +#define SSH_SK_SPHINCS_SHA2_128F_SIMPLE 0x0E +#define SSH_SK_RSA3072_SPHINCS_SHA2_128F_SIMPLE 0x0F +#define SSH_SK_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE 0x10 +#define SSH_SK_SPHINCS_SHA2_256F_SIMPLE 0x11 +#define SSH_SK_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE 0x12 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_SSH_SKS_END /* Error codes */ diff --git a/ssh-add.c b/ssh-add.c index 60ea15e12bb0..eb6cde803404 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -92,25 +92,20 @@ static char *default_files[] = { _PATH_SSH_CLIENT_ID_DILITHIUM_2, _PATH_SSH_CLIENT_ID_DILITHIUM_3, _PATH_SSH_CLIENT_ID_DILITHIUM_5, - _PATH_SSH_CLIENT_ID_SPHINCS_HARAKA_128F_SIMPLE, - _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_128F_SIMPLE, - _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_192S_ROBUST, - _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_256F_SIMPLE, + _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_128F_SIMPLE, + _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_256F_SIMPLE, #ifdef WITH_OPENSSL _PATH_SSH_CLIENT_ID_RSA3072_FALCON_512, _PATH_SSH_CLIENT_ID_RSA3072_DILITHIUM_2, - _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_HARAKA_128F_SIMPLE, - _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA256_128F_SIMPLE, + _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA2_128F_SIMPLE, #ifdef OPENSSL_HAS_ECC _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_FALCON_512, _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_FALCON_1024, _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_DILITHIUM_2, _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_DILITHIUM_3, _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_DILITHIUM_5, - _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE, - _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE, - _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST, - _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE, + _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE, + _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE, #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ ///// OQS_TEMPLATE_FRAGMENT_ADD_DEFAULT_ID_FILES_END diff --git a/ssh-keygen.c b/ssh-keygen.c index 822b0fa64ff8..b29aa050ad77 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -229,10 +229,7 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) case KEY_ECDSA_NISTP521_DILITHIUM_5: *bitsp = 521; break; - case KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST: - *bitsp = 384; - break; - case KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE: + case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: *bitsp = 521; break; ///// OQS_TEMPLATE_FRAGMENT_HANDLE_ECDSA_HYBRIDS_END @@ -347,17 +344,11 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_DILITHIUM_5: name = _PATH_SSH_CLIENT_ID_DILITHIUM_5; break; - case KEY_SPHINCS_HARAKA_128F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_SPHINCS_HARAKA_128F_SIMPLE; - break; - case KEY_SPHINCS_SHA256_128F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_128F_SIMPLE; + case KEY_SPHINCS_SHA2_128F_SIMPLE: + name = _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_128F_SIMPLE; break; - case KEY_SPHINCS_SHA256_192S_ROBUST: - name = _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_192S_ROBUST; - break; - case KEY_SPHINCS_SHA256_256F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_SPHINCS_SHA256_256F_SIMPLE; + case KEY_SPHINCS_SHA2_256F_SIMPLE: + name = _PATH_SSH_CLIENT_ID_SPHINCS_SHA2_256F_SIMPLE; break; #ifdef WITH_OPENSSL case KEY_RSA3072_FALCON_512: @@ -366,11 +357,8 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_RSA3072_DILITHIUM_2: name = _PATH_SSH_CLIENT_ID_RSA3072_DILITHIUM_2; break; - case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_HARAKA_128F_SIMPLE; - break; - case KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA256_128F_SIMPLE; + case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: + name = _PATH_SSH_CLIENT_ID_RSA3072_SPHINCS_SHA2_128F_SIMPLE; break; #ifdef OPENSSL_HAS_ECC case KEY_ECDSA_NISTP256_FALCON_512: @@ -388,17 +376,11 @@ ask_filename(struct passwd *pw, const char *prompt) case KEY_ECDSA_NISTP521_DILITHIUM_5: name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_DILITHIUM_5; break; - case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE; + case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: + name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE; break; - case KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE; - break; - case KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST: - name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST; - break; - case KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE: - name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE; + case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: + name = _PATH_SSH_CLIENT_ID_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE; break; #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ @@ -1167,25 +1149,20 @@ do_gen_all_hostkeys(struct passwd *pw) { "dilithium2", "DILITHIUM_2", _PATH_HOST_DILITHIUM_2_KEY_FILE }, { "dilithium3", "DILITHIUM_3", _PATH_HOST_DILITHIUM_3_KEY_FILE }, { "dilithium5", "DILITHIUM_5", _PATH_HOST_DILITHIUM_5_KEY_FILE }, - { "sphincsharaka128fsimple", "SPHINCS_HARAKA_128F_SIMPLE", _PATH_HOST_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE }, - { "sphincssha256128fsimple", "SPHINCS_SHA256_128F_SIMPLE", _PATH_HOST_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE }, - { "sphincssha256192srobust", "SPHINCS_SHA256_192S_ROBUST", _PATH_HOST_SPHINCS_SHA256_192S_ROBUST_KEY_FILE }, - { "sphincssha256256fsimple", "SPHINCS_SHA256_256F_SIMPLE", _PATH_HOST_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE }, + { "sphincssha2128fsimple", "SPHINCS_SHA2_128F_SIMPLE", _PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE }, + { "sphincssha2256fsimple", "SPHINCS_SHA2_256F_SIMPLE", _PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE }, #ifdef WITH_OPENSSL { "rsa3072_falcon512", "RSA3072_FALCON_512", _PATH_HOST_RSA3072_FALCON_512_KEY_FILE }, { "rsa3072_dilithium2", "RSA3072_DILITHIUM_2", _PATH_HOST_RSA3072_DILITHIUM_2_KEY_FILE }, - { "rsa3072_sphincsharaka128fsimple", "RSA3072_SPHINCS_HARAKA_128F_SIMPLE", _PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE }, - { "rsa3072_sphincssha256128fsimple", "RSA3072_SPHINCS_SHA256_128F_SIMPLE", _PATH_HOST_RSA3072_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE }, + { "rsa3072_sphincssha2128fsimple", "RSA3072_SPHINCS_SHA2_128F_SIMPLE", _PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE }, #ifdef OPENSSL_HAS_ECC { "ecdsa_nistp256_falcon512", "ECDSA_NISTP256_FALCON_512", _PATH_HOST_ECDSA_NISTP256_FALCON_512_KEY_FILE }, { "ecdsa_nistp521_falcon1024", "ECDSA_NISTP521_FALCON_1024", _PATH_HOST_ECDSA_NISTP521_FALCON_1024_KEY_FILE }, { "ecdsa_nistp256_dilithium2", "ECDSA_NISTP256_DILITHIUM_2", _PATH_HOST_ECDSA_NISTP256_DILITHIUM_2_KEY_FILE }, { "ecdsa_nistp384_dilithium3", "ECDSA_NISTP384_DILITHIUM_3", _PATH_HOST_ECDSA_NISTP384_DILITHIUM_3_KEY_FILE }, { "ecdsa_nistp521_dilithium5", "ECDSA_NISTP521_DILITHIUM_5", _PATH_HOST_ECDSA_NISTP521_DILITHIUM_5_KEY_FILE }, - { "ecdsa_nistp256_sphincsharaka128fsimple", "ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE", _PATH_HOST_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE }, - { "ecdsa_nistp256_sphincssha256128fsimple", "ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE", _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE }, - { "ecdsa_nistp384_sphincssha256192srobust", "ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST", _PATH_HOST_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST_KEY_FILE }, - { "ecdsa_nistp521_sphincssha256256fsimple", "ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE", _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE }, + { "ecdsa_nistp256_sphincssha2128fsimple", "ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE", _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE }, + { "ecdsa_nistp521_sphincssha2256fsimple", "ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE", _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE }, #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEY_TYPES_END @@ -1680,25 +1657,20 @@ do_change_comment(struct passwd *pw, const char *identity_comment) private->type != KEY_DILITHIUM_2 && private->type != KEY_DILITHIUM_3 && private->type != KEY_DILITHIUM_5 && - private->type != KEY_SPHINCS_HARAKA_128F_SIMPLE && - private->type != KEY_SPHINCS_SHA256_128F_SIMPLE && - private->type != KEY_SPHINCS_SHA256_192S_ROBUST && - private->type != KEY_SPHINCS_SHA256_256F_SIMPLE && + private->type != KEY_SPHINCS_SHA2_128F_SIMPLE && + private->type != KEY_SPHINCS_SHA2_256F_SIMPLE && #ifdef WITH_OPENSSL private->type != KEY_RSA3072_FALCON_512 && private->type != KEY_RSA3072_DILITHIUM_2 && - private->type != KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE && - private->type != KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE && + private->type != KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE && #ifdef OPENSSL_HAS_ECC private->type != KEY_ECDSA_NISTP256_FALCON_512 && private->type != KEY_ECDSA_NISTP521_FALCON_1024 && private->type != KEY_ECDSA_NISTP256_DILITHIUM_2 && private->type != KEY_ECDSA_NISTP384_DILITHIUM_3 && private->type != KEY_ECDSA_NISTP521_DILITHIUM_5 && - private->type != KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE && - private->type != KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE && - private->type != KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST && - private->type != KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE && + private->type != KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE && + private->type != KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE && #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ ///// OQS_TEMPLATE_FRAGMENT_CHECK_PRIVATE_KEY_TYPE_END @@ -3880,34 +3852,19 @@ main(int argc, char **argv) _PATH_HOST_ECDSA_NISTP521_DILITHIUM_5_KEY_FILE, rr_hostname, print_generic); n += do_print_resource_record(pw, - _PATH_HOST_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, rr_hostname, - print_generic); - n += do_print_resource_record(pw, - _PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, rr_hostname, - print_generic); - n += do_print_resource_record(pw, - _PATH_HOST_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, rr_hostname, - print_generic); - n += do_print_resource_record(pw, - _PATH_HOST_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, rr_hostname, - print_generic); - n += do_print_resource_record(pw, - _PATH_HOST_RSA3072_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, rr_hostname, - print_generic); - n += do_print_resource_record(pw, - _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, rr_hostname, + _PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, rr_hostname, print_generic); n += do_print_resource_record(pw, - _PATH_HOST_SPHINCS_SHA256_192S_ROBUST_KEY_FILE, rr_hostname, + _PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, rr_hostname, print_generic); n += do_print_resource_record(pw, - _PATH_HOST_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST_KEY_FILE, rr_hostname, + _PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, rr_hostname, print_generic); n += do_print_resource_record(pw, - _PATH_HOST_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE, rr_hostname, + _PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, rr_hostname, print_generic); n += do_print_resource_record(pw, - _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE, rr_hostname, + _PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, rr_hostname, print_generic); ///// OQS_TEMPLATE_FRAGMENT_PRINT_RESOURCE_RECORDS_END if (n == 0) diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 9b89190bcd41..5ae0c83f2d15 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -80,17 +80,12 @@ int ssh_port = SSH_DEFAULT_PORT; #define KT_ECDSA_NISTP384_DILITHIUM_3 ((uint64_t)1<<16) #define KT_DILITHIUM_5 ((uint64_t)1<<17) #define KT_ECDSA_NISTP521_DILITHIUM_5 ((uint64_t)1<<18) -#define KT_SPHINCS_HARAKA_128F_SIMPLE ((uint64_t)1<<19) -#define KT_RSA3072_SPHINCS_HARAKA_128F_SIMPLE ((uint64_t)1<<20) -#define KT_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE ((uint64_t)1<<21) -#define KT_SPHINCS_SHA256_128F_SIMPLE ((uint64_t)1<<22) -#define KT_RSA3072_SPHINCS_SHA256_128F_SIMPLE ((uint64_t)1<<23) -#define KT_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE ((uint64_t)1<<24) -#define KT_SPHINCS_SHA256_192S_ROBUST ((uint64_t)1<<25) -#define KT_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST ((uint64_t)1<<26) -#define KT_SPHINCS_SHA256_256F_SIMPLE ((uint64_t)1<<27) -#define KT_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE ((uint64_t)1<<28) -#define KT_MAX ((uint64_t)1<<28) +#define KT_SPHINCS_SHA2_128F_SIMPLE ((uint64_t)1<<19) +#define KT_RSA3072_SPHINCS_SHA2_128F_SIMPLE ((uint64_t)1<<20) +#define KT_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE ((uint64_t)1<<21) +#define KT_SPHINCS_SHA2_256F_SIMPLE ((uint64_t)1<<22) +#define KT_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE ((uint64_t)1<<23) +#define KT_MAX ((uint64_t)1<<23) ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_KT_MASKS_END #define KT_MIN KT_DSA @@ -109,16 +104,11 @@ uint64_t get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519|KT_ECDSA_SK|KT_ED25519_SK|\ KT_ECDSA_NISTP384_DILITHIUM_3 | \ KT_DILITHIUM_5 | \ KT_ECDSA_NISTP521_DILITHIUM_5 | \ - KT_SPHINCS_HARAKA_128F_SIMPLE | \ - KT_RSA3072_SPHINCS_HARAKA_128F_SIMPLE | \ - KT_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE | \ - KT_SPHINCS_SHA256_128F_SIMPLE | \ - KT_RSA3072_SPHINCS_SHA256_128F_SIMPLE | \ - KT_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE | \ - KT_SPHINCS_SHA256_192S_ROBUST | \ - KT_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST | \ - KT_SPHINCS_SHA256_256F_SIMPLE | \ - KT_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE; + KT_SPHINCS_SHA2_128F_SIMPLE | \ + KT_RSA3072_SPHINCS_SHA2_128F_SIMPLE | \ + KT_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE | \ + KT_SPHINCS_SHA2_256F_SIMPLE | \ + KT_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE; ///// OQS_TEMPLATE_FRAGMENT_ADD_KEYTYPES_END int hash_hosts = 0; /* Hash hostname on output */ @@ -337,17 +327,11 @@ keygrab_ssh2(con *c) case KT_DILITHIUM_5: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-dilithium5"; break; - case KT_SPHINCS_HARAKA_128F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-sphincsharaka128fsimple"; + case KT_SPHINCS_SHA2_128F_SIMPLE: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-sphincssha2128fsimple"; break; - case KT_SPHINCS_SHA256_128F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-sphincssha256128fsimple"; - break; - case KT_SPHINCS_SHA256_192S_ROBUST: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-sphincssha256192srobust"; - break; - case KT_SPHINCS_SHA256_256F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-sphincssha256256fsimple"; + case KT_SPHINCS_SHA2_256F_SIMPLE: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-sphincssha2256fsimple"; break; #ifdef WITH_OPENSSL case KT_RSA3072_FALCON_512: @@ -356,11 +340,8 @@ keygrab_ssh2(con *c) case KT_RSA3072_DILITHIUM_2: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-dilithium2"; break; - case KT_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-sphincsharaka128fsimple"; - break; - case KT_RSA3072_SPHINCS_SHA256_128F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-sphincssha256128fsimple"; + case KT_RSA3072_SPHINCS_SHA2_128F_SIMPLE: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-rsa3072-sphincssha2128fsimple"; break; #ifdef OPENSSL_HAS_ECC case KT_ECDSA_NISTP256_FALCON_512: @@ -378,17 +359,11 @@ keygrab_ssh2(con *c) case KT_ECDSA_NISTP521_DILITHIUM_5: myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp521-dilithium5"; break; - case KT_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp256-sphincsharaka128fsimple"; - break; - case KT_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp256-sphincssha256128fsimple"; - break; - case KT_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp384-sphincssha256192srobust"; + case KT_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp256-sphincssha2128fsimple"; break; - case KT_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE: - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp521-sphincssha256256fsimple"; + case KT_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "ssh-ecdsa-nistp521-sphincssha2256fsimple"; break; #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ @@ -425,9 +400,6 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_KEM_KYBER_512_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_KYBER_768_SHA384] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_KYBER_1024_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_client; @@ -454,9 +426,6 @@ keygrab_ssh2(con *c) c->c_ssh->kex->kex[KEX_KEM_KYBER_512_ECDH_NISTP256_SHA256] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_KYBER_768_ECDH_NISTP384_SHA384] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_KYBER_1024_ECDH_NISTP521_SHA512] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_client; - c->c_ssh->kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_client; c->c_ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_client; @@ -960,35 +929,20 @@ main(int argc, char **argv) case KEY_ECDSA_NISTP521_DILITHIUM_5: get_keytypes |= KT_ECDSA_NISTP521_DILITHIUM_5; break; - case KEY_SPHINCS_HARAKA_128F_SIMPLE: - get_keytypes |= KT_SPHINCS_HARAKA_128F_SIMPLE; - break; - case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: - get_keytypes |= KT_RSA3072_SPHINCS_HARAKA_128F_SIMPLE; - break; - case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE: - get_keytypes |= KT_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE; - break; - case KEY_SPHINCS_SHA256_128F_SIMPLE: - get_keytypes |= KT_SPHINCS_SHA256_128F_SIMPLE; - break; - case KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE: - get_keytypes |= KT_RSA3072_SPHINCS_SHA256_128F_SIMPLE; - break; - case KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE: - get_keytypes |= KT_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE; + case KEY_SPHINCS_SHA2_128F_SIMPLE: + get_keytypes |= KT_SPHINCS_SHA2_128F_SIMPLE; break; - case KEY_SPHINCS_SHA256_192S_ROBUST: - get_keytypes |= KT_SPHINCS_SHA256_192S_ROBUST; + case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: + get_keytypes |= KT_RSA3072_SPHINCS_SHA2_128F_SIMPLE; break; - case KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST: - get_keytypes |= KT_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST; + case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: + get_keytypes |= KT_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE; break; - case KEY_SPHINCS_SHA256_256F_SIMPLE: - get_keytypes |= KT_SPHINCS_SHA256_256F_SIMPLE; + case KEY_SPHINCS_SHA2_256F_SIMPLE: + get_keytypes |= KT_SPHINCS_SHA2_256F_SIMPLE; break; - case KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE: - get_keytypes |= KT_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE; + case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: + get_keytypes |= KT_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE; break; ///// OQS_TEMPLATE_FRAGMENT_ADD_TO_GET_KEYTYPES_END case KEY_UNSPEC: diff --git a/ssh-keysign.c b/ssh-keysign.c index 94c69e92eda6..1ce1485bc4e0 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -180,7 +180,7 @@ main(int argc, char **argv) struct sshbuf *b; Options options; ///// OQS_TEMPLATE_FRAGMENT_COUNT_KEYTYPES_START -#define NUM_KEYTYPES 5 + 22 +#define NUM_KEYTYPES 5 + 17 ///// OQS_TEMPLATE_FRAGMENT_COUNT_KEYTYPES_END struct sshkey *keys[NUM_KEYTYPES], *key = NULL; struct passwd *pw; @@ -219,16 +219,11 @@ main(int argc, char **argv) key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP384_DILITHIUM_3_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_DILITHIUM_5_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP521_DILITHIUM_5_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_RSA3072_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_SPHINCS_SHA256_192S_ROBUST_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, O_RDONLY); ///// OQS_TEMPLATE_FRAGMENT_OPEN_KEY_FILES_END if ((pw = getpwuid(getuid())) == NULL) fatal("getpwuid failed"); diff --git a/ssh-oqs.c b/ssh-oqs.c index 5937282c2df8..56b22a380b10 100644 --- a/ssh-oqs.c +++ b/ssh-oqs.c @@ -349,138 +349,70 @@ int ssh_dilithium5_verify(const struct sshkey *key, return r; } /*--------------------------------------------------- - * SPHINCS_HARAKA_128F_SIMPLE METHODS + * SPHINCS_SHA2_128F_SIMPLE METHODS *--------------------------------------------------- */ -int ssh_sphincsharaka128fsimple_sign(const struct sshkey *key, +int ssh_sphincssha2128fsimple_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat) { - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_haraka_128f_simple); + OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha2_128f_simple); if (sig == NULL) { return SSH_ERR_ALLOC_FAIL; } - int r = ssh_generic_sign(sig, "sphincsharaka128fsimple", key, sigp, lenp, data, datalen, compat); + int r = ssh_generic_sign(sig, "sphincssha2128fsimple", key, sigp, lenp, data, datalen, compat); OQS_SIG_free(sig); return r; } -int ssh_sphincsharaka128fsimple_verify(const struct sshkey *key, +int ssh_sphincssha2128fsimple_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat) { - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_haraka_128f_simple); + OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha2_128f_simple); if (sig == NULL) { return SSH_ERR_ALLOC_FAIL; } - int r = ssh_generic_verify(sig, "sphincsharaka128fsimple", key, signature, signaturelen, data, datalen, compat); + int r = ssh_generic_verify(sig, "sphincssha2128fsimple", key, signature, signaturelen, data, datalen, compat); OQS_SIG_free(sig); return r; } /*--------------------------------------------------- - * SPHINCS_SHA256_128F_SIMPLE METHODS + * SPHINCS_SHA2_256F_SIMPLE METHODS *--------------------------------------------------- */ -int ssh_sphincssha256128fsimple_sign(const struct sshkey *key, +int ssh_sphincssha2256fsimple_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat) { - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha256_128f_simple); + OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha2_256f_simple); if (sig == NULL) { return SSH_ERR_ALLOC_FAIL; } - int r = ssh_generic_sign(sig, "sphincssha256128fsimple", key, sigp, lenp, data, datalen, compat); + int r = ssh_generic_sign(sig, "sphincssha2256fsimple", key, sigp, lenp, data, datalen, compat); OQS_SIG_free(sig); return r; } -int ssh_sphincssha256128fsimple_verify(const struct sshkey *key, +int ssh_sphincssha2256fsimple_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat) { - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha256_128f_simple); + OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha2_256f_simple); if (sig == NULL) { return SSH_ERR_ALLOC_FAIL; } - int r = ssh_generic_verify(sig, "sphincssha256128fsimple", key, signature, signaturelen, data, datalen, compat); - OQS_SIG_free(sig); - return r; -} -/*--------------------------------------------------- - * SPHINCS_SHA256_192S_ROBUST METHODS - *--------------------------------------------------- - */ -int ssh_sphincssha256192srobust_sign(const struct sshkey *key, - u_char **sigp, - size_t *lenp, - const u_char *data, - size_t datalen, - u_int compat) -{ - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha256_192s_robust); - if (sig == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = ssh_generic_sign(sig, "sphincssha256192srobust", key, sigp, lenp, data, datalen, compat); - OQS_SIG_free(sig); - return r; -} -int ssh_sphincssha256192srobust_verify(const struct sshkey *key, - const u_char *signature, - size_t signaturelen, - const u_char *data, - size_t datalen, - u_int compat) -{ - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha256_192s_robust); - if (sig == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = ssh_generic_verify(sig, "sphincssha256192srobust", key, signature, signaturelen, data, datalen, compat); - OQS_SIG_free(sig); - return r; -} -/*--------------------------------------------------- - * SPHINCS_SHA256_256F_SIMPLE METHODS - *--------------------------------------------------- - */ -int ssh_sphincssha256256fsimple_sign(const struct sshkey *key, - u_char **sigp, - size_t *lenp, - const u_char *data, - size_t datalen, - u_int compat) -{ - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha256_256f_simple); - if (sig == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = ssh_generic_sign(sig, "sphincssha256256fsimple", key, sigp, lenp, data, datalen, compat); - OQS_SIG_free(sig); - return r; -} -int ssh_sphincssha256256fsimple_verify(const struct sshkey *key, - const u_char *signature, - size_t signaturelen, - const u_char *data, - size_t datalen, - u_int compat) -{ - OQS_SIG *sig = OQS_SIG_new(OQS_SIG_alg_sphincs_sha256_256f_simple); - if (sig == NULL) { - return SSH_ERR_ALLOC_FAIL; - } - int r = ssh_generic_verify(sig, "sphincssha256256fsimple", key, signature, signaturelen, data, datalen, compat); + int r = ssh_generic_verify(sig, "sphincssha2256fsimple", key, signature, signaturelen, data, datalen, compat); OQS_SIG_free(sig); return r; } diff --git a/ssh-rsa.c b/ssh-rsa.c index 4f1031403552..dbf6706f1afe 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -68,8 +68,7 @@ rsa_hash_id_from_ident(const char *ident) ///// OQS_TEMPLATE_FRAGMENT_LIST_L1_RSA_HYBRIDS_START strcmp(ident, "ssh-rsa3072-falcon512") == 0 || strcmp(ident, "ssh-rsa3072-dilithium2") == 0 || - strcmp(ident, "ssh-rsa3072-sphincsharaka128fsimple") == 0 || - strcmp(ident, "ssh-rsa3072-sphincssha256128fsimple") == 0) + strcmp(ident, "ssh-rsa3072-sphincssha2128fsimple") == 0) ///// OQS_TEMPLATE_FRAGMENT_LIST_L1_RSA_HYBRIDS_END return SSH_DIGEST_SHA256; if (strcmp(ident, "rsa-sha2-512") == 0) diff --git a/ssh.c b/ssh.c index 5366c2873951..88c08c316826 100644 --- a/ssh.c +++ b/ssh.c @@ -1568,7 +1568,7 @@ main(int ac, char **av) sensitive_data.keys = NULL; if (options.hostbased_authentication) { ///// OQS_TEMPLATE_FRAGMENT_COUNT_KEYTYPES_START - sensitive_data.nkeys = 10 + 22; + sensitive_data.nkeys = 10 + 17; ///// OQS_TEMPLATE_FRAGMENT_COUNT_KEYTYPES_END sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(struct sshkey)); @@ -1616,16 +1616,11 @@ main(int ac, char **av) L_PUBKEY(_PATH_HOST_ECDSA_NISTP384_DILITHIUM_3_KEY_FILE, 19); L_PUBKEY(_PATH_HOST_DILITHIUM_5_KEY_FILE, 20); L_PUBKEY(_PATH_HOST_ECDSA_NISTP521_DILITHIUM_5_KEY_FILE, 21); - L_PUBKEY(_PATH_HOST_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 22); - L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 23); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE_KEY_FILE, 24); - L_PUBKEY(_PATH_HOST_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, 25); - L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, 26); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE_KEY_FILE, 27); - L_PUBKEY(_PATH_HOST_SPHINCS_SHA256_192S_ROBUST_KEY_FILE, 28); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST_KEY_FILE, 29); - L_PUBKEY(_PATH_HOST_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE, 30); - L_PUBKEY(_PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE_KEY_FILE, 31); + L_PUBKEY(_PATH_HOST_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 22); + L_PUBKEY(_PATH_HOST_RSA3072_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 23); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE_KEY_FILE, 24); + L_PUBKEY(_PATH_HOST_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, 25); + L_PUBKEY(_PATH_HOST_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE_KEY_FILE, 26); ///// OQS_TEMPLATE_FRAGMENT_LOAD_PUBKEYS_END } } diff --git a/ssh_api.c b/ssh_api.c index d2ce8c5f150f..6cd338134db5 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -129,9 +129,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_KYBER_512_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_KYBER_768_SHA384] = kex_gen_server; ssh->kex->kex[KEX_KEM_KYBER_1024_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_server; - ssh->kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_server; - ssh->kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_server; @@ -158,9 +155,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_KYBER_512_ECDH_NISTP256_SHA256] = kex_gen_server; ssh->kex->kex[KEX_KEM_KYBER_768_ECDH_NISTP384_SHA384] = kex_gen_server; ssh->kex->kex[KEX_KEM_KYBER_1024_ECDH_NISTP521_SHA512] = kex_gen_server; - ssh->kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_server; - ssh->kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_server; - ssh->kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_server; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_server; @@ -207,9 +201,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_KYBER_512_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_768_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_1024_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_client; @@ -236,9 +227,6 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_KEM_KYBER_512_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_768_ECDH_NISTP384_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_1024_ECDH_NISTP521_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_client; diff --git a/sshconnect2.c b/sshconnect2.c index e17e107ba928..53c38c835cdf 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -296,9 +296,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->kex[KEX_KEM_KYBER_512_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_768_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_1024_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_client; @@ -325,9 +322,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->kex[KEX_KEM_KYBER_512_ECDH_NISTP256_SHA256] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_768_ECDH_NISTP384_SHA384] = kex_gen_client; ssh->kex->kex[KEX_KEM_KYBER_1024_ECDH_NISTP521_SHA512] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_client; - ssh->kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_client; ssh->kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_client; diff --git a/sshd.c b/sshd.c index 464d9c032e68..8dcdd2229987 100644 --- a/sshd.c +++ b/sshd.c @@ -2414,9 +2414,6 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_KEM_KYBER_512_SHA256] = kex_gen_server; kex->kex[KEX_KEM_KYBER_768_SHA384] = kex_gen_server; kex->kex[KEX_KEM_KYBER_1024_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_512_90S_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_768_90S_SHA384] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_1024_90S_SHA512] = kex_gen_server; kex->kex[KEX_KEM_BIKE_L1_SHA512] = kex_gen_server; kex->kex[KEX_KEM_BIKE_L3_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_SHA256] = kex_gen_server; @@ -2443,9 +2440,6 @@ do_ssh2_kex(struct ssh *ssh) kex->kex[KEX_KEM_KYBER_512_ECDH_NISTP256_SHA256] = kex_gen_server; kex->kex[KEX_KEM_KYBER_768_ECDH_NISTP384_SHA384] = kex_gen_server; kex->kex[KEX_KEM_KYBER_1024_ECDH_NISTP521_SHA512] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_512_90S_ECDH_NISTP256_SHA256] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_768_90S_ECDH_NISTP384_SHA384] = kex_gen_server; - kex->kex[KEX_KEM_KYBER_1024_90S_ECDH_NISTP521_SHA512] = kex_gen_server; kex->kex[KEX_KEM_BIKE_L1_ECDH_NISTP256_SHA512] = kex_gen_server; kex->kex[KEX_KEM_BIKE_L3_ECDH_NISTP384_SHA512] = kex_gen_server; kex->kex[KEX_KEM_CLASSIC_MCELIECE_348864_ECDH_NISTP256_SHA256] = kex_gen_server; diff --git a/sshkey.c b/sshkey.c index daddae7b91a2..7ac668031a1c 100644 --- a/sshkey.c +++ b/sshkey.c @@ -106,16 +106,11 @@ static size_t oqs_sig_pk_len(int type) { case KEY_ECDSA_NISTP384_DILITHIUM_3:return OQS_SIG_dilithium_3_length_public_key; case KEY_DILITHIUM_5: case KEY_ECDSA_NISTP521_DILITHIUM_5:return OQS_SIG_dilithium_5_length_public_key; - case KEY_SPHINCS_HARAKA_128F_SIMPLE: - case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: - case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE:return OQS_SIG_sphincs_haraka_128f_simple_length_public_key; - case KEY_SPHINCS_SHA256_128F_SIMPLE: - case KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE: - case KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE:return OQS_SIG_sphincs_sha256_128f_simple_length_public_key; - case KEY_SPHINCS_SHA256_192S_ROBUST: - case KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST:return OQS_SIG_sphincs_sha256_192s_robust_length_public_key; - case KEY_SPHINCS_SHA256_256F_SIMPLE: - case KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE:return OQS_SIG_sphincs_sha256_256f_simple_length_public_key; + case KEY_SPHINCS_SHA2_128F_SIMPLE: + case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: + case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE:return OQS_SIG_sphincs_sha2_128f_simple_length_public_key; + case KEY_SPHINCS_SHA2_256F_SIMPLE: + case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE:return OQS_SIG_sphincs_sha2_256f_simple_length_public_key; ///// OQS_TEMPLATE_FRAGMENT_RETURN_PK_LEN_END } return 0; @@ -142,20 +137,13 @@ static size_t oqs_sig_sk_len(int type) { case KEY_DILITHIUM_5: case KEY_ECDSA_NISTP521_DILITHIUM_5: return OQS_SIG_dilithium_5_length_secret_key; - case KEY_SPHINCS_HARAKA_128F_SIMPLE: - case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: - case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE: - return OQS_SIG_sphincs_haraka_128f_simple_length_secret_key; - case KEY_SPHINCS_SHA256_128F_SIMPLE: - case KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE: - case KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE: - return OQS_SIG_sphincs_sha256_128f_simple_length_secret_key; - case KEY_SPHINCS_SHA256_192S_ROBUST: - case KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST: - return OQS_SIG_sphincs_sha256_192s_robust_length_secret_key; - case KEY_SPHINCS_SHA256_256F_SIMPLE: - case KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE: - return OQS_SIG_sphincs_sha256_256f_simple_length_secret_key; + case KEY_SPHINCS_SHA2_128F_SIMPLE: + case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: + case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: + return OQS_SIG_sphincs_sha2_128f_simple_length_secret_key; + case KEY_SPHINCS_SHA2_256F_SIMPLE: + case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: + return OQS_SIG_sphincs_sha2_256f_simple_length_secret_key; ///// OQS_TEMPLATE_FRAGMENT_RETURN_SK_LEN_END } return 0; @@ -246,23 +234,17 @@ static const struct keytype keytypes[] = { KEY_DILITHIUM_3, 0, 0, 0 }, { "ssh-dilithium5", "DILITHIUM5", NULL, KEY_DILITHIUM_5, 0, 0, 0 }, - { "ssh-sphincsharaka128fsimple", "SPHINCSHARAKA128FSIMPLE", NULL, - KEY_SPHINCS_HARAKA_128F_SIMPLE, 0, 0, 0 }, - { "ssh-sphincssha256128fsimple", "SPHINCSSHA256128FSIMPLE", NULL, - KEY_SPHINCS_SHA256_128F_SIMPLE, 0, 0, 0 }, - { "ssh-sphincssha256192srobust", "SPHINCSSHA256192SROBUST", NULL, - KEY_SPHINCS_SHA256_192S_ROBUST, 0, 0, 0 }, - { "ssh-sphincssha256256fsimple", "SPHINCSSHA256256FSIMPLE", NULL, - KEY_SPHINCS_SHA256_256F_SIMPLE, 0, 0, 0 }, + { "ssh-sphincssha2128fsimple", "SPHINCSSHA2128FSIMPLE", NULL, + KEY_SPHINCS_SHA2_128F_SIMPLE, 0, 0, 0 }, + { "ssh-sphincssha2256fsimple", "SPHINCSSHA2256FSIMPLE", NULL, + KEY_SPHINCS_SHA2_256F_SIMPLE, 0, 0, 0 }, #ifdef WITH_OPENSSL { "ssh-rsa3072-falcon512", "RSA3072_FALCON512", NULL, KEY_RSA3072_FALCON_512, 0, 0, 0 }, { "ssh-rsa3072-dilithium2", "RSA3072_DILITHIUM2", NULL, KEY_RSA3072_DILITHIUM_2, 0, 0, 0 }, - { "ssh-rsa3072-sphincsharaka128fsimple", "RSA3072_SPHINCSHARAKA128FSIMPLE", NULL, - KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE, 0, 0, 0 }, - { "ssh-rsa3072-sphincssha256128fsimple", "RSA3072_SPHINCSSHA256128FSIMPLE", NULL, - KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE, 0, 0, 0 }, + { "ssh-rsa3072-sphincssha2128fsimple", "RSA3072_SPHINCSSHA2128FSIMPLE", NULL, + KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE, 0, 0, 0 }, #ifdef OPENSSL_HAS_ECC { "ssh-ecdsa-nistp256-falcon512", "ECDSA_NISTP256_FALCON512", NULL, KEY_ECDSA_NISTP256_FALCON_512, NID_X9_62_prime256v1, 0, 0 }, @@ -274,14 +256,10 @@ static const struct keytype keytypes[] = { KEY_ECDSA_NISTP384_DILITHIUM_3, NID_secp384r1, 0, 0 }, { "ssh-ecdsa-nistp521-dilithium5", "ECDSA_NISTP521_DILITHIUM5", NULL, KEY_ECDSA_NISTP521_DILITHIUM_5, NID_secp521r1, 0, 0 }, - { "ssh-ecdsa-nistp256-sphincsharaka128fsimple", "ECDSA_NISTP256_SPHINCSHARAKA128FSIMPLE", NULL, - KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE, NID_X9_62_prime256v1, 0, 0 }, - { "ssh-ecdsa-nistp256-sphincssha256128fsimple", "ECDSA_NISTP256_SPHINCSSHA256128FSIMPLE", NULL, - KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE, NID_X9_62_prime256v1, 0, 0 }, - { "ssh-ecdsa-nistp384-sphincssha256192srobust", "ECDSA_NISTP384_SPHINCSSHA256192SROBUST", NULL, - KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST, NID_secp384r1, 0, 0 }, - { "ssh-ecdsa-nistp521-sphincssha256256fsimple", "ECDSA_NISTP521_SPHINCSSHA256256FSIMPLE", NULL, - KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE, NID_secp521r1, 0, 0 }, + { "ssh-ecdsa-nistp256-sphincssha2128fsimple", "ECDSA_NISTP256_SPHINCSSHA2128FSIMPLE", NULL, + KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE, NID_X9_62_prime256v1, 0, 0 }, + { "ssh-ecdsa-nistp521-sphincssha2256fsimple", "ECDSA_NISTP521_SPHINCSSHA2256FSIMPLE", NULL, + KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE, NID_secp521r1, 0, 0 }, #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEYTYPES_END @@ -2059,17 +2037,11 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) case KEY_DILITHIUM_5: ret = OQS_SIG_dilithium_5_keypair(k->oqs_pk, k->oqs_sk); break; - case KEY_SPHINCS_HARAKA_128F_SIMPLE: - ret = OQS_SIG_sphincs_haraka_128f_simple_keypair(k->oqs_pk, k->oqs_sk); + case KEY_SPHINCS_SHA2_128F_SIMPLE: + ret = OQS_SIG_sphincs_sha2_128f_simple_keypair(k->oqs_pk, k->oqs_sk); break; - case KEY_SPHINCS_SHA256_128F_SIMPLE: - ret = OQS_SIG_sphincs_sha256_128f_simple_keypair(k->oqs_pk, k->oqs_sk); - break; - case KEY_SPHINCS_SHA256_192S_ROBUST: - ret = OQS_SIG_sphincs_sha256_192s_robust_keypair(k->oqs_pk, k->oqs_sk); - break; - case KEY_SPHINCS_SHA256_256F_SIMPLE: - ret = OQS_SIG_sphincs_sha256_256f_simple_keypair(k->oqs_pk, k->oqs_sk); + case KEY_SPHINCS_SHA2_256F_SIMPLE: + ret = OQS_SIG_sphincs_sha2_256f_simple_keypair(k->oqs_pk, k->oqs_sk); break; #ifdef WITH_OPENSSL case KEY_RSA3072_FALCON_512: @@ -2078,11 +2050,8 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) case KEY_RSA3072_DILITHIUM_2: ret = OQS_SIG_dilithium_2_keypair(k->oqs_pk, k->oqs_sk); break; - case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: - ret = OQS_SIG_sphincs_haraka_128f_simple_keypair(k->oqs_pk, k->oqs_sk); - break; - case KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE: - ret = OQS_SIG_sphincs_sha256_128f_simple_keypair(k->oqs_pk, k->oqs_sk); + case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: + ret = OQS_SIG_sphincs_sha2_128f_simple_keypair(k->oqs_pk, k->oqs_sk); break; #ifdef OPENSSL_HAS_ECC case KEY_ECDSA_NISTP256_FALCON_512: @@ -2100,17 +2069,11 @@ sshkey_generate(int type, u_int bits, struct sshkey **keyp) case KEY_ECDSA_NISTP521_DILITHIUM_5: ret = OQS_SIG_dilithium_5_keypair(k->oqs_pk, k->oqs_sk); break; - case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE: - ret = OQS_SIG_sphincs_haraka_128f_simple_keypair(k->oqs_pk, k->oqs_sk); - break; - case KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE: - ret = OQS_SIG_sphincs_sha256_128f_simple_keypair(k->oqs_pk, k->oqs_sk); - break; - case KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST: - ret = OQS_SIG_sphincs_sha256_192s_robust_keypair(k->oqs_pk, k->oqs_sk); + case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: + ret = OQS_SIG_sphincs_sha2_128f_simple_keypair(k->oqs_pk, k->oqs_sk); break; - case KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE: - ret = OQS_SIG_sphincs_sha256_256f_simple_keypair(k->oqs_pk, k->oqs_sk); + case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: + ret = OQS_SIG_sphincs_sha2_256f_simple_keypair(k->oqs_pk, k->oqs_sk); break; #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ @@ -3230,17 +3193,11 @@ sshkey_sign(struct sshkey *key, case KEY_DILITHIUM_5: r = ssh_dilithium5_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; - case KEY_SPHINCS_HARAKA_128F_SIMPLE: - r = ssh_sphincsharaka128fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); + case KEY_SPHINCS_SHA2_128F_SIMPLE: + r = ssh_sphincssha2128fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; - case KEY_SPHINCS_SHA256_128F_SIMPLE: - r = ssh_sphincssha256128fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); - break; - case KEY_SPHINCS_SHA256_192S_ROBUST: - r = ssh_sphincssha256192srobust_sign(key, &sig_pq, &len_pq, data, datalen, compat); - break; - case KEY_SPHINCS_SHA256_256F_SIMPLE: - r = ssh_sphincssha256256fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); + case KEY_SPHINCS_SHA2_256F_SIMPLE: + r = ssh_sphincssha2256fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; #ifdef WITH_OPENSSL case KEY_RSA3072_FALCON_512: @@ -3249,11 +3206,8 @@ sshkey_sign(struct sshkey *key, case KEY_RSA3072_DILITHIUM_2: r = ssh_dilithium2_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; - case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: - r = ssh_sphincsharaka128fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); - break; - case KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE: - r = ssh_sphincssha256128fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); + case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: + r = ssh_sphincssha2128fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; #ifdef OPENSSL_HAS_ECC case KEY_ECDSA_NISTP256_FALCON_512: @@ -3271,17 +3225,11 @@ sshkey_sign(struct sshkey *key, case KEY_ECDSA_NISTP521_DILITHIUM_5: r = ssh_dilithium5_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; - case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE: - r = ssh_sphincsharaka128fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); - break; - case KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE: - r = ssh_sphincssha256128fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); - break; - case KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST: - r = ssh_sphincssha256192srobust_sign(key, &sig_pq, &len_pq, data, datalen, compat); + case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: + r = ssh_sphincssha2128fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; - case KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE: - r = ssh_sphincssha256256fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); + case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: + r = ssh_sphincssha2256fsimple_sign(key, &sig_pq, &len_pq, data, datalen, compat); break; #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ @@ -3443,23 +3391,17 @@ sshkey_verify(const struct sshkey *key, return ssh_dilithium3_verify(key, sig_pq, siglen_pq, data, dlen, compat); case KEY_DILITHIUM_5: return ssh_dilithium5_verify(key, sig_pq, siglen_pq, data, dlen, compat); - case KEY_SPHINCS_HARAKA_128F_SIMPLE: - return ssh_sphincsharaka128fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); - case KEY_SPHINCS_SHA256_128F_SIMPLE: - return ssh_sphincssha256128fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); - case KEY_SPHINCS_SHA256_192S_ROBUST: - return ssh_sphincssha256192srobust_verify(key, sig_pq, siglen_pq, data, dlen, compat); - case KEY_SPHINCS_SHA256_256F_SIMPLE: - return ssh_sphincssha256256fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); + case KEY_SPHINCS_SHA2_128F_SIMPLE: + return ssh_sphincssha2128fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); + case KEY_SPHINCS_SHA2_256F_SIMPLE: + return ssh_sphincssha2256fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); #ifdef WITH_OPENSSL case KEY_RSA3072_FALCON_512: return ssh_falcon512_verify(key, sig_pq, siglen_pq, data, dlen, compat); case KEY_RSA3072_DILITHIUM_2: return ssh_dilithium2_verify(key, sig_pq, siglen_pq, data, dlen, compat); - case KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE: - return ssh_sphincsharaka128fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); - case KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE: - return ssh_sphincssha256128fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); + case KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE: + return ssh_sphincssha2128fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); #ifdef OPENSSL_HAS_ECC case KEY_ECDSA_NISTP256_FALCON_512: return ssh_falcon512_verify(key, sig_pq, siglen_pq, data, dlen, compat); @@ -3471,14 +3413,10 @@ sshkey_verify(const struct sshkey *key, return ssh_dilithium3_verify(key, sig_pq, siglen_pq, data, dlen, compat); case KEY_ECDSA_NISTP521_DILITHIUM_5: return ssh_dilithium5_verify(key, sig_pq, siglen_pq, data, dlen, compat); - case KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE: - return ssh_sphincsharaka128fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); - case KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE: - return ssh_sphincssha256128fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); - case KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST: - return ssh_sphincssha256192srobust_verify(key, sig_pq, siglen_pq, data, dlen, compat); - case KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE: - return ssh_sphincssha256256fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); + case KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE: + return ssh_sphincssha2128fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); + case KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE: + return ssh_sphincssha2256fsimple_verify(key, sig_pq, siglen_pq, data, dlen, compat); #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ ///// OQS_TEMPLATE_FRAGMENT_SSHKEY_VERIFY_SWITCH_KEYTYPE_END diff --git a/sshkey.h b/sshkey.h index 79b1b5641bab..dd2459b3ffb0 100644 --- a/sshkey.h +++ b/sshkey.h @@ -88,16 +88,11 @@ enum sshkey_types { KEY_ECDSA_NISTP384_DILITHIUM_3, KEY_DILITHIUM_5, KEY_ECDSA_NISTP521_DILITHIUM_5, - KEY_SPHINCS_HARAKA_128F_SIMPLE, - KEY_RSA3072_SPHINCS_HARAKA_128F_SIMPLE, - KEY_ECDSA_NISTP256_SPHINCS_HARAKA_128F_SIMPLE, - KEY_SPHINCS_SHA256_128F_SIMPLE, - KEY_RSA3072_SPHINCS_SHA256_128F_SIMPLE, - KEY_ECDSA_NISTP256_SPHINCS_SHA256_128F_SIMPLE, - KEY_SPHINCS_SHA256_192S_ROBUST, - KEY_ECDSA_NISTP384_SPHINCS_SHA256_192S_ROBUST, - KEY_SPHINCS_SHA256_256F_SIMPLE, - KEY_ECDSA_NISTP521_SPHINCS_SHA256_256F_SIMPLE, + KEY_SPHINCS_SHA2_128F_SIMPLE, + KEY_RSA3072_SPHINCS_SHA2_128F_SIMPLE, + KEY_ECDSA_NISTP256_SPHINCS_SHA2_128F_SIMPLE, + KEY_SPHINCS_SHA2_256F_SIMPLE, + KEY_ECDSA_NISTP521_SPHINCS_SHA2_256F_SIMPLE, ///// OQS_TEMPLATE_FRAGMENT_ENUMERATE_KEYTYPES_END KEY_UNSPEC }; @@ -364,14 +359,10 @@ int ssh_dilithium3_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, c int ssh_dilithium3_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); int ssh_dilithium5_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); int ssh_dilithium5_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); -int ssh_sphincsharaka128fsimple_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); -int ssh_sphincsharaka128fsimple_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); -int ssh_sphincssha256128fsimple_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); -int ssh_sphincssha256128fsimple_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); -int ssh_sphincssha256192srobust_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); -int ssh_sphincssha256192srobust_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); -int ssh_sphincssha256256fsimple_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); -int ssh_sphincssha256256fsimple_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); +int ssh_sphincssha2128fsimple_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); +int ssh_sphincssha2128fsimple_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); +int ssh_sphincssha2256fsimple_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); +int ssh_sphincssha2256fsimple_verify(const struct sshkey *key, const u_char *signature, size_t signaturelen, const u_char *data, size_t datalen, u_int compat); ///// OQS_TEMPLATE_FRAGMENT_DECLARE_PROTOTYPES_END #endif