CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2024/09/02 06:13:56
Modified files:
usr.bin/ssh : Makefile.inc crypto_api.h kex-names.c kex.h
kexc25519.c kexgen.c monitor.c ssh-keyscan.c
ssh_api.c sshconnect2.c sshd-session.c
Added files:
usr.bin/ssh : kexmlkem768x25519.c libcrux_mlkem768_sha3.h
mlkem768.sh
Log message:
Add experimental support for hybrid post-quantum key exchange
ML-KEM768 with ECDH/X25519 from the Internet-draft:
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This is based on previous patches from markus@ but adapted to use the
final FIPS203 standard ML-KEM using a formally-verified implementation
from libcrux.
Note this key exchange method is still a draft and thus subject to
change. It is therefore disabled by default; set MLKEM=yes to build it.
We're making it available now to make it easy for other SSH
implementations to test against it.
ok markus@ deraadt@
