https://gitlab.synchro.net/main/sbbs/-/commit/5d08d0fd82da038c83be4903
Added Files:
src/ssh/kex/sntrup761.c sntrup761.h sntrup761x25519-sha512.c
Modified Files:
src/ssh/CMakeLists.txt client.c deucessh-algorithms.h deucessh-kex.h ssh-trans.c ssh-trans.h src/ssh/test/CMakeLists.txt dssh_test_ossl.c test_alloc.c test_auth.c test_conn.c test_dhgex_provider.h test_selftest.c test_transport.c test_transport_errors.c
Log Message:
Implement sntrup761x25519-sha512 post-quantum hybrid KEX

Adds sntrup761x25519-sha512 key exchange per
draft-josefsson-ntruprime-ssh-02. Combines Streamlined NTRU Prime
761 KEM with X25519, hashed with SHA-512. Default KEX in OpenSSH
since 9.0; verified interop against OpenSSH 9.9.

New files:
- kex/sntrup761.h, kex/sntrup761.c: public-domain SUPERCOP reference
implementation adapted for OpenSSL (RAND_bytes, EVP_Digest). Error
propagation added to randombytes, crypto_hash_sha512, and all
internal callers (Hash_prefix, Short_random, Small_random, KeyGen,
ZKeyGen, Hide, HashConfirm, HashSession).
- kex/sntrup761x25519-sha512.c: KEX handler module with client and
server paths, exchange hash (SHA-512), shared secret computation.

Transport layer:
- DSSH_KEX_FLAG_K_ENCODING_STRING flag: hybrid PQ KEX encodes K as
string (fixed-length, no sign padding) instead of mpint.
- ssh-trans.c newkeys: conditional K encoding based on flag.

Test infrastructure:
- EVP_Digest ossl injection wrapper (dssh_test_EVP_Digest) for
sntrup761's one-shot SHA-512 calls.
- Test matrix expanded from 4 to 6 variants (sntrup, sntrup_rsa).
- Alloc test iteration limits raised for sntrup (100000 vs 500).
- Proper 1190-byte Q_C construction in alloc kex server/client tests.
- CTest COST properties on alloc tests for scheduling priority.
- Handshake thread socket-close-on-failure across all test files.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
￭ Synchronet ￭ Vertrauen ￭ Home of Synchronet ￭ [vert/cvs/bbs].synchro.net