Add liboqs-backed implementation of [email protected]

`[email protected]` is a PQ key exchange algorithm available in upstream OpenSSH. This implements that algorithm using the sntrup761 implementation within liboqs. Using this, we are able to demonstrate interop with upstream OpenSSH for this specific algorithm and more generally the construction of the hybrid combiner. While sntrup761 has fallen out of fashion, we have received [reassurances](open-quantum-safe/liboqs#1328 (comment)) from upstream OpenSSH that it will be supported until at least 2027.

Support for the algorithm is added by adding the necessary entry to `generate.yml` and generating the relevant code snippets. In addition, we had to address the conflicting implementation from upstream by disabling the preprocessor macro and/or removing the conflicting code segment.

Testing

Updated `try_connection.py` to accept a specific KEX and/or SIG to test. This allows us to test arbitrary algorithms against arbitrary SSH implementations including the upstream OpenSSH. It was necessary to add a classical signature to the test so that there would be a supported signature in upstream OpenSSH that OQS could test against. In a follow-up PR I plan to add a CI job to do this, but am running short on time this week.

Related to Issue open-quantum-safe#163

Signed-off-by: Gerardo Ravago <[email protected]>

README.md

@@ -71,6 +71,7 @@ The following quantum-safe algorithms from liboqs are supported (assuming they h
 - **HQC**: `hqc-128-sha256`, `hqc-192-sha384`, `hqc-256-sha512`†
 - **Kyber**: `kyber-512-sha256`, `kyber-768-sha384`, `kyber-1024-sha512`
 - **ML-KEM**: `ml-kem-512-sha256`, `ml-kem-768-sha256`, `ml-kem-1024-sha384`
+- **NTRU-Prime**: `ntruprime-sntrup761-sha512`
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_ALL_KEXS_END -->
 
 The following hybrid algorithms are made available:
@@ -82,6 +83,7 @@ The following hybrid algorithms are made available:
 - **HQC**: `[email protected]` `[email protected]` `[email protected]` `[email protected]`
 - **Kyber**: `[email protected]` `[email protected]` `[email protected]` `[email protected]`
 - **ML-KEM**: `[email protected]` `[email protected]` `mlkem768nistp256-sha256` `mlkem768x25519-sha256` `mlkem1024nistp384-sha384`
+- **NTRU-Prime**: `[email protected]`
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_ALL_HYBRID_KEXS_END -->
 
 Note that algorithms marked with a dagger (†) have large stack usage and may cause failures when run on threads or in constrained environments. For example, McEliece require building `oqs-openssh` with a large(r) stack provision than is default: Adding `LDFLAGS="-Wl,--stack,20000000"` to [the `./configure` command below](#step-2-build-the-fork) is required to allow cygwin-based testing to pass.

defines.h

@@ -940,6 +940,7 @@ struct winsize {
  * so only enable if the compiler supports them.
  */
 #if defined(VARIABLE_LENGTH_ARRAYS) && defined(VARIABLE_DECLARATION_AFTER_CODE)
-# define USE_SNTRUP761X25519 1
+// OQS Note: Disabled upstream SNTRUP761X25519 support.
+# define USE_SNTRUP761X25519 0
 #endif
 #endif /* _DEFINES_H */

kex.c

@@ -113,10 +113,6 @@ static const struct kexalg kexalgs[] = {
 #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
 	{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
 	{ KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
-#ifdef USE_SNTRUP761X25519
-	{ KEX_SNTRUP761X25519_SHA512, KEX_KEM_SNTRUP761X25519_SHA512, 0,
-	    SSH_DIGEST_SHA512 },
-#endif
 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
 
 ///// OQS_TEMPLATE_FRAGMENT_ADD_KEX_ALGS_START
@@ -157,6 +153,8 @@ static const struct kexalg kexalgs[] = {
 	{ KEX_ML_KEM_768_SHA256, KEX_KEM_ML_KEM_768_SHA256, 0, SSH_DIGEST_SHA256 },
 	{ KEX_ML_KEM_768_X25519_SHA256, KEX_KEM_ML_KEM_768_X25519_SHA256, 0, SSH_DIGEST_SHA256 },
 	{ KEX_ML_KEM_1024_SHA384, KEX_KEM_ML_KEM_1024_SHA384, 0, SSH_DIGEST_SHA384 },
+	{ KEX_NTRUPRIME_SNTRUP761_SHA512, KEX_KEM_NTRUPRIME_SNTRUP761_SHA512, 0, SSH_DIGEST_SHA512 },
+	{ KEX_NTRUPRIME_SNTRUP761_X25519_SHA512, KEX_KEM_NTRUPRIME_SNTRUP761_X25519_SHA512, 0, SSH_DIGEST_SHA512 },
 #ifdef OPENSSL_HAS_ECC
 	{ KEX_FRODOKEM_640_AES_ECDH_NISTP256_SHA256, KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256, NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
 	{ KEX_FRODOKEM_976_AES_ECDH_NISTP384_SHA384, KEX_KEM_FRODOKEM_976_AES_ECDH_NISTP384_SHA384, NID_secp384r1, SSH_DIGEST_SHA384 },

kex.h

@@ -63,7 +63,6 @@
 #define	KEX_ECDH_SHA2_NISTP521		"ecdh-sha2-nistp521"
 #define	KEX_CURVE25519_SHA256		"curve25519-sha256"
 #define	KEX_CURVE25519_SHA256_OLD	"[email protected]"
-#define	KEX_SNTRUP761X25519_SHA512	"[email protected]"
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEX_PRETTY_NAMES_START
 #define	KEX_FRODOKEM_640_AES_SHA256	"frodokem-640-aes-sha256"
 #define	KEX_FRODOKEM_640_AES_X25519_SHA256	"[email protected]"
@@ -102,6 +101,8 @@
 #define	KEX_ML_KEM_768_SHA256	"ml-kem-768-sha256"
 #define	KEX_ML_KEM_768_X25519_SHA256	"mlkem768x25519-sha256"
 #define	KEX_ML_KEM_1024_SHA384	"ml-kem-1024-sha384"
+#define	KEX_NTRUPRIME_SNTRUP761_SHA512	"sntrup761-sha512"
+#define	KEX_NTRUPRIME_SNTRUP761_X25519_SHA512	"[email protected]"
 #ifdef WITH_OPENSSL
 #ifdef OPENSSL_HAS_ECC
 #define	KEX_FRODOKEM_640_AES_ECDH_NISTP256_SHA256	"[email protected]"
@@ -173,7 +174,6 @@ enum kex_exchange {
 	KEX_DH_GEX_SHA256,
 	KEX_ECDH_SHA2,
 	KEX_C25519_SHA256,
-	KEX_KEM_SNTRUP761X25519_SHA512,
 ///// OQS_TEMPLATE_FRAGMENT_ADD_KEX_ENUMS_START
 	KEX_KEM_FRODOKEM_640_AES_SHA256,
 	KEX_KEM_FRODOKEM_640_AES_X25519_SHA256,
@@ -212,6 +212,8 @@ enum kex_exchange {
 	KEX_KEM_ML_KEM_768_SHA256,
 	KEX_KEM_ML_KEM_768_X25519_SHA256,
 	KEX_KEM_ML_KEM_1024_SHA384,
+	KEX_KEM_NTRUPRIME_SNTRUP761_SHA512,
+	KEX_KEM_NTRUPRIME_SNTRUP761_X25519_SHA512,
 #ifdef WITH_OPENSSL
 #ifdef OPENSSL_HAS_ECC
 	KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256,
@@ -380,12 +382,6 @@ int	 kex_c25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
     struct sshbuf **);
 int	 kex_c25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
 
-int	 kex_kem_sntrup761x25519_keypair(struct kex *);
-int	 kex_kem_sntrup761x25519_enc(struct kex *, const struct sshbuf *,
-    struct sshbuf **, struct sshbuf **);
-int	 kex_kem_sntrup761x25519_dec(struct kex *, const struct sshbuf *,
-    struct sshbuf **);
-
 ///// OQS_TEMPLATE_FRAGMENT_DECLARE_KEX_PROTOTYPES_START
 /* frodokem_640_aes prototypes */
 int	 kex_kem_frodokem_640_aes_keypair(struct kex *);
@@ -535,6 +531,14 @@ int	 kex_kem_ml_kem_768_x25519_dec(struct kex *, const struct sshbuf *, struct s
 int	 kex_kem_ml_kem_1024_keypair(struct kex *);
 int	 kex_kem_ml_kem_1024_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **);
 int	 kex_kem_ml_kem_1024_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
+/* ntruprime_sntrup761 prototypes */
+int	 kex_kem_ntruprime_sntrup761_keypair(struct kex *);
+int	 kex_kem_ntruprime_sntrup761_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **);
+int	 kex_kem_ntruprime_sntrup761_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
+/* ntruprime_sntrup761_x25519 prototypes */
+int	 kex_kem_ntruprime_sntrup761_x25519_keypair(struct kex *);
+int	 kex_kem_ntruprime_sntrup761_x25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **, struct sshbuf **);
+int	 kex_kem_ntruprime_sntrup761_x25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
 #ifdef WITH_OPENSSL
 #ifdef OPENSSL_HAS_ECC
 /* frodokem_640_aes_nistp256 prototypes */

kexgen.c

@@ -118,9 +118,6 @@ kex_gen_client(struct ssh *ssh)
 	case KEX_C25519_SHA256:
 		r = kex_c25519_keypair(kex);
 		break;
-	case KEX_KEM_SNTRUP761X25519_SHA512:
-		r = kex_kem_sntrup761x25519_keypair(kex);
-		break;
 ///// OQS_TEMPLATE_FRAGMENT_ADD_CLIENT_SWITCH_CASES_START
 	case KEX_KEM_FRODOKEM_640_AES_SHA256:
 		r = kex_kem_frodokem_640_aes_keypair(kex);
@@ -233,6 +230,12 @@ kex_gen_client(struct ssh *ssh)
 	case KEX_KEM_ML_KEM_1024_SHA384:
 		r = kex_kem_ml_kem_1024_keypair(kex);
 		break;
+	case KEX_KEM_NTRUPRIME_SNTRUP761_SHA512:
+		r = kex_kem_ntruprime_sntrup761_keypair(kex);
+		break;
+	case KEX_KEM_NTRUPRIME_SNTRUP761_X25519_SHA512:
+		r = kex_kem_ntruprime_sntrup761_x25519_keypair(kex);
+		break;
 #ifdef WITH_OPENSSL
 #ifdef OPENSSL_HAS_ECC
 	case KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256:
@@ -390,10 +393,6 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
 	case KEX_C25519_SHA256:
 		r = kex_c25519_dec(kex, server_blob, &shared_secret);
 		break;
-	case KEX_KEM_SNTRUP761X25519_SHA512:
-		r = kex_kem_sntrup761x25519_dec(kex, server_blob,
-		    &shared_secret);
-		break;
 ///// OQS_TEMPLATE_FRAGMENT_ADD_REPLY_SWITCH_CASES_START
 	case KEX_KEM_FRODOKEM_640_AES_SHA256:
 		r = kex_kem_frodokem_640_aes_dec(kex, server_blob, &shared_secret);
@@ -506,6 +505,12 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
 	case KEX_KEM_ML_KEM_1024_SHA384:
 		r = kex_kem_ml_kem_1024_dec(kex, server_blob, &shared_secret);
 		break;
+	case KEX_KEM_NTRUPRIME_SNTRUP761_SHA512:
+		r = kex_kem_ntruprime_sntrup761_dec(kex, server_blob, &shared_secret);
+		break;
+	case KEX_KEM_NTRUPRIME_SNTRUP761_X25519_SHA512:
+		r = kex_kem_ntruprime_sntrup761_x25519_dec(kex, server_blob, &shared_secret);
+		break;
 #ifdef WITH_OPENSSL
 #ifdef OPENSSL_HAS_ECC
 	case KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256:
@@ -714,10 +719,6 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh)
 		r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
 		    &shared_secret);
 		break;
-	case KEX_KEM_SNTRUP761X25519_SHA512:
-		r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
-		    &server_pubkey, &shared_secret);
-		break;
 ///// OQS_TEMPLATE_FRAGMENT_ADD_INIT_SWITCH_CASES_START
 	case KEX_KEM_FRODOKEM_640_AES_SHA256:
 		r = kex_kem_frodokem_640_aes_enc(kex, client_pubkey,
@@ -867,6 +868,14 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh)
 		r = kex_kem_ml_kem_1024_enc(kex, client_pubkey,
 		    &server_pubkey, &shared_secret);
 		break;
+	case KEX_KEM_NTRUPRIME_SNTRUP761_SHA512:
+		r = kex_kem_ntruprime_sntrup761_enc(kex, client_pubkey,
+		    &server_pubkey, &shared_secret);
+		break;
+	case KEX_KEM_NTRUPRIME_SNTRUP761_X25519_SHA512:
+		r = kex_kem_ntruprime_sntrup761_x25519_enc(kex, client_pubkey,
+		    &server_pubkey, &shared_secret);
+		break;
 #ifdef WITH_OPENSSL
 #ifdef OPENSSL_HAS_ECC
 	case KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256:

kexoqs.c

@@ -1283,4 +1283,44 @@ int kex_kem_ml_kem_1024_dec(struct kex *kex,
     OQS_KEM_free(kem);
     return r;
 }
+/*---------------------------------------------------
+ * NTRUPRIME_SNTRUP761 METHODS
+ *---------------------------------------------------
+ */
+int kex_kem_ntruprime_sntrup761_keypair(struct kex *kex)
+{
+    OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntruprime_sntrup761);
+    if (kem == NULL) {
+        return SSH_ERR_ALLOC_FAIL;
+    }
+    int r = kex_kem_generic_keypair(kem, kex);
+    OQS_KEM_free(kem);
+    return r;
+}
+int kex_kem_ntruprime_sntrup761_enc(struct kex *kex,
+                                  const struct sshbuf *client_blob,
+                                  struct sshbuf **server_blobp,
+                                  struct sshbuf **shared_secretp)
+{
+    OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntruprime_sntrup761);
+    if (kem == NULL) {
+        return SSH_ERR_ALLOC_FAIL;
+    }
+    int r = kex_kem_generic_enc(kem, kex, client_blob, server_blobp, shared_secretp);
+    OQS_KEM_free(kem);
+    return r;
+}
+
+int kex_kem_ntruprime_sntrup761_dec(struct kex *kex,
+                                  const struct sshbuf *server_blob,
+                                  struct sshbuf **shared_secretp)
+{
+    OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntruprime_sntrup761);
+    if (kem == NULL) {
+        return SSH_ERR_ALLOC_FAIL;
+    }
+    int r = kex_kem_generic_dec(kem, kex, server_blob, shared_secretp);
+    OQS_KEM_free(kem);
+    return r;
+}
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEX_METHODS_END

kexoqsx25519.c

@@ -579,4 +579,45 @@ int kex_kem_ml_kem_768_x25519_dec(struct kex *kex,
     OQS_KEM_free(kem);
     return r;
 }
+/*---------------------------------------------------------------
+ * NTRUPRIME_SNTRUP761_X25519 METHODS
+ *---------------------------------------------------------------
+ */
+int kex_kem_ntruprime_sntrup761_x25519_keypair(struct kex *kex)
+{
+    OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntruprime_sntrup761);
+    if (kem == NULL) {
+        return SSH_ERR_ALLOC_FAIL;
+    }
+    int r = kex_kem_generic_with_x25519_keypair(kem, kex);
+    OQS_KEM_free(kem);
+    return r;
+}
+
+int kex_kem_ntruprime_sntrup761_x25519_enc(struct kex *kex,
+                                   const struct sshbuf *client_blob,
+                                   struct sshbuf **server_blobp,
+                                   struct sshbuf **shared_secretp)
+{
+    OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntruprime_sntrup761);
+    if (kem == NULL) {
+        return SSH_ERR_ALLOC_FAIL;
+    }
+    int r = kex_kem_generic_with_x25519_enc(kem, kex, client_blob, server_blobp, shared_secretp);
+    OQS_KEM_free(kem);
+    return r;
+}
+
+int kex_kem_ntruprime_sntrup761_x25519_dec(struct kex *kex,
+                                       const struct sshbuf *server_blobp,
+                                       struct sshbuf **shared_secretp)
+{
+    OQS_KEM *kem = OQS_KEM_new(OQS_KEM_alg_ntruprime_sntrup761);
+    if (kem == NULL) {
+        return SSH_ERR_ALLOC_FAIL;
+    }
+    int r = kex_kem_generic_with_x25519_dec(kem, kex, server_blobp, shared_secretp);
+    OQS_KEM_free(kem);
+    return r;
+}
 ///// OQS_TEMPLATE_FRAGMENT_DEFINE_KEX_WITH_X25519_METHODS_END

monitor.c

@@ -1748,7 +1748,6 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
 # endif
 #endif /* WITH_OPENSSL */
 	kex->kex[KEX_C25519_SHA256] = kex_gen_server;
-	kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
 ///// OQS_TEMPLATE_FRAGMENT_APPLY_KEYSTATE_START
 	kex->kex[KEX_KEM_FRODOKEM_640_AES_SHA256] = kex_gen_server;
 	kex->kex[KEX_KEM_FRODOKEM_640_AES_X25519_SHA256] = kex_gen_server;
@@ -1787,6 +1786,8 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
 	kex->kex[KEX_KEM_ML_KEM_768_SHA256] = kex_gen_server;
 	kex->kex[KEX_KEM_ML_KEM_768_X25519_SHA256] = kex_gen_server;
 	kex->kex[KEX_KEM_ML_KEM_1024_SHA384] = kex_gen_server;
+	kex->kex[KEX_KEM_NTRUPRIME_SNTRUP761_SHA512] = kex_gen_server;
+	kex->kex[KEX_KEM_NTRUPRIME_SNTRUP761_X25519_SHA512] = kex_gen_server;
 #ifdef WITH_OPENSSL
 #ifdef OPENSSL_HAS_ECC
 	kex->kex[KEX_KEM_FRODOKEM_640_AES_ECDH_NISTP256_SHA256] = kex_gen_server;

myproposal.h

@@ -28,7 +28,6 @@
 // OQS-TODO: should I add the PQ auth methods here? they were not added in 7.9 branch...
 
 #define KEX_SERVER_KEX	\
-	"[email protected]," \
 	"curve25519-sha256," \
 	"[email protected]," \
 	"ecdh-sha2-nistp256," \
@@ -103,7 +102,9 @@
 	"mlkem768nistp256-sha256," \
 	"mlkem768x25519-sha256," \
 	"ml-kem-1024-sha384," \
-	"mlkem1024nistp384-sha384"
+	"mlkem1024nistp384-sha384," \
+	"sntrup761-sha512," \
+	"[email protected]"
 /*/// OQS_TEMPLATE_FRAGMENT_ADD_SERVER_KEXS_END */
 
 #define KEX_CLIENT_KEX KEX_SERVER_KEX

oqs-template/generate.yml

@@ -316,6 +316,16 @@ kexs:
         name: 'nistp384'
         openssl_nid: 'NID_secp384r1'
         pretty_name: 'mlkem1024nistp384-sha384'
+  -
+    family: 'NTRU-Prime'
+    name: 'ntruprime_sntrup761'
+    hash: 'sha512'
+    pretty_name: 'sntrup761-sha512'
+    mix_with:
+      -
+        name: 'x25519'
+        x25519: true
+        pretty_name: '[email protected]'
 
 sigs:
   -

oqs-test/try_connection.py

@@ -78,6 +78,8 @@
     "mlkem768x25519-sha256",
     "ml-kem-1024-sha384",
     "mlkem1024nistp384-sha384",
+    "sntrup761-sha512",
+    "[email protected]",
 ##### OQS_TEMPLATE_FRAGMENT_LIST_ALL_KEXS_END
 ]
 
@@ -108,6 +110,7 @@
     "ssh-mayo5",
     "ssh-ecdsa-nistp521-mayo5",
 ##### OQS_TEMPLATE_FRAGMENT_LIST_ALL_SIGS_END
+    "ssh-ed25519", # Classical signature algorithm for OpenSSH interop testing
 ]
 
 def do_handshake(ssh, sshd, test_sig, test_kex):
@@ -144,11 +147,11 @@ def do_handshake(ssh, sshd, test_sig, test_kex):
 
     print("Success! Key Exchange Algorithm: {}. Signature Algorithm: {}.".format(test_kex, test_sig))
 
-def try_handshake(ssh, sshd, dorandom="random"):
+def try_handshake(ssh, sshd, test_kexes, test_sigs, dorandom="random"):
     if dorandom!="random":
-       for test_kex in kexs:
-           for test_sig in sigs:
-               if dorandom=="doall" or (dorandom=="doone" and (test_kex==kexs[0] or test_sig==sigs[0])):
+       for test_kex in test_kexes:
+           for test_sig in test_sigs:
+               if dorandom=="doall" or (dorandom=="doone" and (test_kex==test_kexes[0] or test_sig==test_sigs[0])):
                    do_handshake(ssh, sshd, test_sig, test_kex)
     else:
        test_sig = random.choice(sigs)
@@ -158,9 +161,13 @@ def try_handshake(ssh, sshd, dorandom="random"):
 if __name__ == '__main__':
     parser = argparse.ArgumentParser(description="Test connections between ssh and sshd using PQ algorithms.")
     parser.add_argument("--ssh", default=os.path.abspath('ssh'), type=str, help="Override the ssh binary.")
+    parser.add_argument("--kex", choices=kexs, help="Specific KEX algorithm to test.")
+    parser.add_argument("--sig", choices=sigs, help="Specific SIG algorithm to test.")
     parser.add_argument("--sshd", default=os.path.abspath('sshd'), type=str, help="Override the sshd binary.")
     parser.add_argument("dorandom", type=str, default="random", choices=["doall", "doone", "random"],
                         help="Slice of test cases to run.")
     args = parser.parse_args()
-    try_handshake(args.ssh, args.sshd, args.dorandom)
+    test_kexes = [args.kex] if args.kex else kexs
+    test_sigs = [args.sig] if args.sig else sigs
+    try_handshake(args.ssh, args.sshd, test_kexes, test_sigs, args.dorandom)
 

regress/unittests/kex/test_kex.c

@@ -151,7 +151,6 @@ do_kex_with_key(char *kex, int keytype, int bits)
 #endif /* OPENSSL_HAS_ECC */
 #endif /* WITH_OPENSSL */
 	server2->kex->kex[KEX_C25519_SHA256] = kex_gen_server;
-	server2->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
 	server2->kex->load_host_public_key = server->kex->load_host_public_key;
 	server2->kex->load_host_private_key = server->kex->load_host_private_key;
 	server2->kex->sign = server->kex->sign;
@@ -203,8 +202,5 @@ kex_tests(void)
 	do_kex("diffie-hellman-group-exchange-sha1");
 	do_kex("diffie-hellman-group14-sha1");
 	do_kex("diffie-hellman-group1-sha1");
-# ifdef USE_SNTRUP761X25519
-	do_kex("[email protected]");
-# endif /* USE_SNTRUP761X25519 */
 #endif /* WITH_OPENSSL */
 }