Skip to content

Commit 7c73f9d

Browse files
mkjmkj
committed
Add mlkem768x25519 hybrid PQ quantum key exchange
Tested to interoperate with OpenSSH, PuTTY, and Dropbear. It adds at least ~3kB to session state, and probably a few kB of stack size. It's enabled by default for std feature only at the moment.
1 parent 947a10e commit 7c73f9d

File tree

6 files changed

+313
-80
lines changed

6 files changed

+313
-80
lines changed

Cargo.lock

Lines changed: 33 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ subtle = { version = "2.4", default-features = false }
5555
ed25519-dalek = { version = "2.1", default-features = false, features = ["zeroize", "rand_core"] }
5656
x25519-dalek = { version = "2.0", default-features = false, features = ["zeroize"] }
5757
curve25519-dalek = { version = "4.1", default-features = false, features = ["zeroize"] }
58+
ml-kem = { version = "0.2.1", default-features = false, features = ["zeroize"], optional = true }
5859
# p521 = { version = "0.13.2", default-features = false, features = ["ecdh", "ecdsa"] }
5960
rsa = { version = "0.9", default-features = false, optional = true, features = ["sha2"] }
6061
# TODO: getrandom feature is a workaround for missing ssh-key dependency with rsa. fixed in pending 0.6
@@ -66,9 +67,11 @@ embedded-io = { version = "0.6", optional = true }
6667
pretty-hex = { version = "0.4", default-features = false }
6768

6869
[features]
69-
std = ["snafu/std", "ssh-key/alloc", "larger"]
70+
default = []
71+
std = ["snafu/std", "ssh-key/alloc", "larger", "mlkem"]
7072
backtrace = ["snafu/backtrace"]
7173
rsa = ["dep:rsa", "ssh-key/rsa"]
74+
mlkem = ["dep:ml-kem"]
7275
# allows conversion to/from OpenSSH key formats
7376
openssh-key = ["ssh-key"]
7477
# implements embedded_io::Error for sunset::Error

src/encrypt.rs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -790,8 +790,8 @@ mod tests {
790790
SessId::from_slice(&Sha256::digest("some sessid".as_bytes()))
791791
.unwrap();
792792
let sharedkey = b"hello";
793-
let ko = KexOutput::new_test(sharedkey, &algos, &h);
794-
let ko_b = KexOutput::new_test(sharedkey, &algos, &h);
793+
let ko = KexOutput::new_test(sharedkey, &h);
794+
let ko_b = KexOutput::new_test(sharedkey, &h);
795795

796796
trace!("algos enc {algos:?}");
797797
let newkeys = Keys::derive(ko, &sess_id, &algos).unwrap();
@@ -829,7 +829,7 @@ mod tests {
829829
let sess_id =
830830
SessId::from_slice(&Sha256::digest(b"some sessid")).unwrap();
831831
let sharedkey = b"hello";
832-
let ko = KexOutput::new_test(sharedkey, &algos, &h);
832+
let ko = KexOutput::new_test(sharedkey, &h);
833833
let newkeys = Keys::derive(ko, &sess_id, &algos).unwrap();
834834

835835
keys.rekey(newkeys);

0 commit comments

Comments
 (0)