Forum: Lost Crypt BBS

src/ssh/kex/libcrux_mlkem

From Deuc¿@VERT to Git commit to main/sbbs/m on Thursday, March 26, 2026 03:45:00

https://gitlab.synchro.net/main/sbbs/-/commit/2eea8a78fa3f28b81c861559
Added Files:
src/ssh/kex/libcrux_mlkem768_sha3.h mlkem768.c mlkem768.h mlkem768x25519-sha256.c
Modified Files:
src/ssh/CMakeLists.txt client.c deucessh-algorithms.h src/ssh/test/CMakeLists.txt test_alloc.c test_auth.c test_conn.c test_dhgex_provider.h test_selftest.c test_transport.c
Log Message:
Implement mlkem768x25519-sha256 post-quantum hybrid KEX

Adds mlkem768x25519-sha256 key exchange combining ML-KEM-768
(FIPS 203) with X25519, hashed with SHA-256. Supported in OpenSSH
since 9.9; verified interop against OpenSSH 9.9.

New files:
- kex/libcrux_mlkem768_sha3.h: ML-KEM-768 implementation from
libcrux (Cryspen, MIT license). Self-contained with its own
SHA-3/SHAKE. 23 -Wconversion casts fixed, stdbool.h added,
KRML_HOST_EXIT changed from fatal_f to abort.
- kex/mlkem768.h, kex/mlkem768.c: thin wrappers providing a
byte-array API with RAND_bytes for randomness. Public key
validation via libcrux validate_public_key. Error propagation
on RAND_bytes failure.
- kex/mlkem768x25519-sha256.c: KEX handler module following the
sntrup761x25519-sha512 pattern. SHA-256 hash, string-encoded K.

Test matrix expanded from 6 to 8 variants (mlkem, mlkem_rsa).
4277 tests passing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Friday, March 27, 2026 20:57:00

https://gitlab.synchro.net/main/sbbs/-/commit/26addde18e25b790b1778e71
Modified Files:
src/ssh/kex/libcrux_mlkem768_sha3.h sntrup761.c src/ssh/ssh-arch.c src/ssh/test/dssh_test_ossl.c test_alloc.c test_transport.c
Log Message:
Fix all GCC13 -Wconversion/-Wpedantic warnings for clean -Werror builds

Add explicit narrowing casts throughout sntrup761.c (popcount helpers,
XOR-swap loops, field element arithmetic), libcrux_mlkem768_sha3.h
(Barrett reduction), ssh-arch.c and test helpers (serialize shifts).
Fix missing openssl/rsa.h include for EVP_PKEY_CTX_set_rsa_padding
declaration. Replace ISO C-forbidden object-to-function-pointer casts
in tests with memcpy. Both GCC13 and Clang now build clean with
-Werror -Wconversion; 4487/4487 tests pass on both compilers.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Who's Online
Recent Visitors
- Guest
  Tuesday, March 10, 2026 18:06:38
  from Hackertown, North Korea via Telnet
- Guest
  Monday, March 09, 2026 22:42:26
  from Philidelphia, Pa via Telnet
- BitByter
  Saturday, March 07, 2026 04:14:30
  from Groton, CT via Telnet
- Guest
  Friday, February 13, 2026 04:32:48
  from Plano via Raw

System Info

Sysop:	Zerthwind
Location:	Worcester, Ma
Users:	6
Nodes:	10 (0 / 10)
Uptime:	271:21:42
Calls:	24
Files:	1,878
Messages:	15,915

src/ssh/kex/libcrux_mlkem

Who's Online

Recent Visitors

System Info