From 5ac781935f068abd4c1bfe04a70f804cce4c603f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 11 Aug 2025 16:02:03 +1000 Subject: [PATCH] support sntrup761x25519-sha512 alias OpenSSH 9.2 supports the sntrup761x25519-sha512@openssh.com key agreement algorithm. As part of standardisation, this algorithm has been assigned the name sntrup761x25519-sha512. This commit enables the existing algorithm under this new name. --- kex.c | 2 ++ kex.h | 1 + myproposal.h | 1 + 3 files changed, 4 insertions(+) diff --git a/kex.c b/kex.c index 8cdefcf7c..cbc6ae724 100644 --- a/kex.c +++ b/kex.c @@ -111,6 +111,8 @@ static const struct kexalg kexalgs[] = { { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, #ifdef USE_SNTRUP761X25519 + { KEX_SNTRUP761X25519_SHA512_IANA, KEX_KEM_SNTRUP761X25519_SHA512, 0, + SSH_DIGEST_SHA512 }, { KEX_SNTRUP761X25519_SHA512, KEX_KEM_SNTRUP761X25519_SHA512, 0, SSH_DIGEST_SHA512 }, #endif diff --git a/kex.h b/kex.h index c35329501..5282f2825 100644 --- a/kex.h +++ b/kex.h @@ -63,6 +63,7 @@ #define KEX_CURVE25519_SHA256 "curve25519-sha256" #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" #define KEX_SNTRUP761X25519_SHA512 "sntrup761x25519-sha512@openssh.com" +#define KEX_SNTRUP761X25519_SHA512_IANA "sntrup761x25519-sha512" #define COMP_NONE 0 /* pre-auth compression (COMP_ZLIB) is only supported in the client */ diff --git a/myproposal.h b/myproposal.h index ee6e9f741..0528cd783 100644 --- a/myproposal.h +++ b/myproposal.h @@ -25,6 +25,7 @@ */ #define KEX_SERVER_KEX \ + "sntrup761x25519-sha512," \ "sntrup761x25519-sha512@openssh.com," \ "curve25519-sha256," \ "curve25519-sha256@libssh.org," \ -- 2.47.3