Add liboqs-backed implementation of [email protected] #170
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`[email protected]` is a PQ key exchange algorithm available in upstream OpenSSH. This implements that algorithm using the sntrup761 implementation within liboqs. Using this, we are able to demonstrate interop with upstream OpenSSH for this specific algorithm and more generally the construction of the hybrid combiner. While sntrup761 has fallen out of fashion, we have received [reassurances](open-quantum-safe/liboqs#1328 (comment)) from upstream OpenSSH that it will be supported until at least 2027. Support for the algorithm is added by adding the necessary entry to `generate.yml` and generating the relevant code snippets. In addition, we had to address the conflicting implementation from upstream by disabling the preprocessor macro and/or removing the conflicting code segment. Testing Updated `try_connection.py` to accept a specific KEX and/or SIG to test. This allows us to test arbitrary algorithms against arbitrary SSH implementations including the upstream OpenSSH. It was necessary to add a classical signature to the test so that there would be a supported signature in upstream OpenSSH that OQS could test against. In a follow-up PR I plan to add a CI job to do this, but am running short on time this week. Related to Issue open-quantum-safe#163 Signed-off-by: Gerardo Ravago <[email protected]>
dstebila
approved these changes
Aug 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[email protected]is a PQ key exchange algorithm available in upstream OpenSSH. This implements that algorithm using the sntrup761 implementation within liboqs. Using this, we are able to demonstrate interop with upstream OpenSSH for this specific algorithm and more generally the construction of the hybrid combiner. While sntrup761 has fallen out of fashion, we have received reassurances from upstream OpenSSH that it will be supported until at least 2027.Support for the algorithm is added by adding the necessary entry to
generate.ymland generating the relevant code snippets. In addition, we had to address the conflicting implementation from upstream by disabling the preprocessor macro and/or removing the conflicting code segment.Related to Issue #163
Testing
Updated
try_connection.pyto accept a specific KEX and/or SIG to test. This allows us to test arbitrary algorithms against arbitrary SSH implementations including the upstream OpenSSH. It was necessary to add a classical signature to the test so that there would be a supported signature in upstream OpenSSH that OQS could test against. In a follow-up PR I plan to add a CI job to do this, but am running short on time this week.