Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.org

using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP
coupled with X25519 as a stop-loss. Not enabled by default.

introduce KEM API; a simplified framework for DH-ish KEX methods.

from markus@ feedback & ok djm@

1 files changed, 5 insertions, 2 deletions

diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index 1ec7cf69424..cab03175a07 100644
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.146 2019/01/21 10:07:22 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.147 2019/01/21 10:20:12 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -98,6 +98,8 @@ static const struct kexalg kexalgs[] = {
 #endif
 	{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
 	{ KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
+	{ KEX_SNTRUP4591761X25519_SHA512, KEX_KEM_SNTRUP4591761X25519_SHA512, 0,
+	    SSH_DIGEST_SHA512 },
 	{ NULL, -1, -1, -1},
 };
 
@@ -640,6 +642,7 @@ kex_free(struct kex *kex)
 	sshbuf_free(kex->my);
 	sshbuf_free(kex->client_version);
 	sshbuf_free(kex->server_version);
+	sshbuf_free(kex->kem_client_pub);
 	free(kex->session_id);
 	free(kex->failed_choice);
 	free(kex->hostkey_alg);
@@ -1076,7 +1079,7 @@ kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key)
 
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
 void
-dump_digest(char *msg, u_char *digest, int len)
+dump_digest(const char *msg, const u_char *digest, int len)
 {
 	fprintf(stderr, "%s\n", msg);
 	sshbuf_dump_data(digest, len, stderr);