Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org

using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@
author: djm <djm@openbsd.org> 2019-01-21 10:20:12 +0000
committer: djm <djm@openbsd.org> 2019-01-21 10:20:12 +0000
commit: b869f5f7ec8b43f9976e8e6bfdf5991563bf2670 (patch)
tree: 253f6ada4333902a7fe9fda2e454f82963a7c26b /usr.bin/ssh/ssh-keyscan.c
parent: factor out kex_verify_hostkey() - again, duplicated almost exactly (diff)
download: wireguard-openbsd-b869f5f7ec8b43f9976e8e6bfdf5991563bf2670.tar.xz
wireguard-openbsd-b869f5f7ec8b43f9976e8e6bfdf5991563bf2670.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c
index 329a582e6f4..5b277bc43e9 100644
--- a/usr.bin/ssh/ssh-keyscan.c
+++ b/usr.bin/ssh/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.120 2018/06/06 18:29:18 markus Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.121 2019/01/21 10:20:12 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -254,6 +254,7 @@ keygrab_ssh2(con *c)
 	c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
 #endif
 	c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+	c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client;
 	ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
 	/*
 	 * do the key-exchange until an error occurs or until
author	djm <djm@openbsd.org>	2019-01-21 10:20:12 +0000
committer	djm <djm@openbsd.org>	2019-01-21 10:20:12 +0000
commit	b869f5f7ec8b43f9976e8e6bfdf5991563bf2670 (patch)
tree	253f6ada4333902a7fe9fda2e454f82963a7c26b /usr.bin/ssh/ssh-keyscan.c
parent	factor out kex_verify_hostkey() - again, duplicated almost exactly (diff)
download	wireguard-openbsd-b869f5f7ec8b43f9976e8e6bfdf5991563bf2670.tar.xz wireguard-openbsd-b869f5f7ec8b43f9976e8e6bfdf5991563bf2670.zip