https://gitlab.synchro.net/main/sbbs/-/commit/2eea8a78fa3f28b81c861559
Added Files:
src/ssh/kex/libcrux_mlkem768_sha3.h mlkem768.c mlkem768.h mlkem768x25519-sha256.c
Modified Files:
src/ssh/CMakeLists.txt client.c deucessh-algorithms.h src/ssh/test/CMakeLists.txt test_alloc.c test_auth.c test_conn.c test_dhgex_provider.h test_selftest.c test_transport.c
Log Message:
Implement mlkem768x25519-sha256 post-quantum hybrid KEX
Adds mlkem768x25519-sha256 key exchange combining ML-KEM-768
(FIPS 203) with X25519, hashed with SHA-256. Supported in OpenSSH
since 9.9; verified interop against OpenSSH 9.9.
New files:
- kex/libcrux_mlkem768_sha3.h: ML-KEM-768 implementation from
libcrux (Cryspen, MIT license). Self-contained with its own
SHA-3/SHAKE. 23 -Wconversion casts fixed, stdbool.h added,
KRML_HOST_EXIT changed from fatal_f to abort.
- kex/mlkem768.h, kex/mlkem768.c: thin wrappers providing a
byte-array API with RAND_bytes for randomness. Public key
validation via libcrux validate_public_key. Error propagation
on RAND_bytes failure.
- kex/mlkem768x25519-sha256.c: KEX handler module following the
sntrup761x25519-sha512 pattern. SHA-256 hash, string-encoded K.
Test matrix expanded from 6 to 8 variants (mlkem, mlkem_rsa).
4277 tests passing.
Co-Authored-By: Claude Opus 4.6 (1M context) <
noreply@anthropic.com>
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net