Add [email protected].

Signed-off-by: Simon Josefsson <[email protected]>

Makefile.in

@@ -55,6 +55,7 @@ GSSLIBS=@GSSLIBS@
 SSHDLIBS=@SSHDLIBS@
 LIBEDIT=@LIBEDIT@
 LIBFIDO2=@LIBFIDO2@
+LIBMCELIECE=@LIBMCELIECE@
 AR=@AR@
 AWK=@AWK@
 RANLIB=@RANLIB@
@@ -109,7 +110,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	hmac.o ed25519.o hash.o \
 	kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
 	kexgexc.o kexgexs.o \
-	kexsntrup761x25519.o sntrup761.o kexgen.o \
+	kexsntrup761x25519.o sntrup761.o kexmceliece6688128x25519.o kexgen.o \
 	sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
 	sshbuf-io.o
 
@@ -204,10 +205,10 @@ libssh.a: $(LIBSSH_OBJS)
 	$(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) $(CHANNELLIBS)
+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) $(CHANNELLIBS) $(LIBMCELIECE)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
-	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS)
+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS) $(LIBMCELIECE)
 
 scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS)
 	$(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -231,7 +232,7 @@ ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS)
 	$(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2) $(CHANNELLIBS)
 
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
-	$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(CHANNELLIBS)
+	$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(CHANNELLIBS) $(LIBMCELIECE)
 
 sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS)
 	$(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)

configure.ac

@@ -1756,6 +1756,30 @@ AC_ARG_WITH([libedit],
 	fi ]
 )
 
+# Check whether user wants libmceliece support
+LIBMCELIECE_MSG="no"
+AC_ARG_WITH([libmceliece],
+	[  --with-libmceliece[[=PATH]]   Enable libmceliece support.],
+        [],
+        [with_libmceliece=yes])
+if test "x$with_libmceliece" != "xno" ; then
+	if test "x$with_libmceliece" != "xyes" ; then
+		CPPFLAGS="$CPPFLAGS -I${with_libmceliece}/include"
+		if test -n "${rpath_opt}"; then
+			LDFLAGS="-L${with_libmceliece}/lib ${rpath_opt}${with_libmceliece}/lib ${LDFLAGS}"
+		else
+			LDFLAGS="-L${with_libmceliece}/lib ${LDFLAGS}"
+		fi
+	fi
+	AC_CHECK_LIB([mceliece], [mceliece_kem_6688128_keypair],
+		[ AC_DEFINE([USE_LIBMCELIECE], [1], [Use libmceliece])
+		  LIBMCELIECE_MSG="yes"
+		  LIBMCELIECE="-lmceliece"
+		  AC_SUBST([LIBMCELIECE])
+		]
+	)
+fi
+
 AUDIT_MODULE=none
 AC_ARG_WITH([audit],
 	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
@@ -5657,6 +5681,7 @@ echo "              Random number source: $RAND_MSG"
 echo "             Privsep sandbox style: $SANDBOX_STYLE"
 echo "                   PKCS#11 support: $enable_pkcs11"
 echo "                  U2F/FIDO support: $enable_sk"
+echo "               libmceliece support: $LIBMCELIECE_MSG"
 
 echo ""
 
@@ -5675,6 +5700,9 @@ fi
 if test ! -z "${SSHDLIBS}"; then
 echo "         +for sshd: ${SSHDLIBS}"
 fi
+if test ! -z "${LIBMCELIECE}"; then
+echo "     +for mceliece: ${LIBMCELIECE}"
+fi
 
 echo ""
 

crypto_api.h

@@ -53,4 +53,19 @@ int	crypto_kem_sntrup761_dec(unsigned char *k,
     const unsigned char *cstr, const unsigned char *sk);
 int	crypto_kem_sntrup761_keypair(unsigned char *pk, unsigned char *sk);
 
+#ifdef USE_MCELIECE6688128X25519
+#include "mceliece.h"
+#define crypto_kem_mceliece6688128_PUBLICKEYBYTES \
+  mceliece6688128f_PUBLICKEYBYTES
+#define crypto_kem_mceliece6688128_SECRETKEYBYTES \
+  mceliece6688128f_SECRETKEYBYTES
+#define crypto_kem_mceliece6688128_CIPHERTEXTBYTES \
+  mceliece6688128f_CIPHERTEXTBYTES
+#define crypto_kem_mceliece6688128_BYTES \
+  mceliece6688128f_BYTES
+#define crypto_kem_mceliece6688128_enc		mceliece6688128f_enc
+#define crypto_kem_mceliece6688128_dec		mceliece6688128f_dec
+#define crypto_kem_mceliece6688128_keypair	mceliece6688128f_keypair
+#endif
+
 #endif /* crypto_api_h */

defines.h

@@ -942,4 +942,10 @@ struct winsize {
 #if defined(VARIABLE_LENGTH_ARRAYS) && defined(VARIABLE_DECLARATION_AFTER_CODE)
 # define USE_SNTRUP761X25519 1
 #endif
+
+/* Enable [email protected] if we have libmceliece. */
+#ifdef USE_LIBMCELIECE
+# define USE_MCELIECE6688128X25519 1
+#endif
+
 #endif /* _DEFINES_H */

kex.c

@@ -116,6 +116,10 @@ static const struct kexalg kexalgs[] = {
 	{ KEX_SNTRUP761X25519_SHA512, KEX_KEM_SNTRUP761X25519_SHA512, 0,
 	    SSH_DIGEST_SHA512 },
 #endif
+#ifdef USE_MCELIECE6688128X25519
+	{ KEX_MCELIECE6688128X25519_SHA512, KEX_KEM_MCELIECE6688128X25519_SHA512, 0,
+	  SSH_DIGEST_SHA512 },
+#endif
 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
 	{ NULL, 0, -1, -1},
 };

kex.h

@@ -63,6 +63,7 @@
 #define	KEX_CURVE25519_SHA256		"curve25519-sha256"
 #define	KEX_CURVE25519_SHA256_OLD	"[email protected]"
 #define	KEX_SNTRUP761X25519_SHA512	"[email protected]"
+#define	KEX_MCELIECE6688128X25519_SHA512 "[email protected]"
 
 #define COMP_NONE	0
 /* pre-auth compression (COMP_ZLIB) is only supported in the client */
@@ -102,6 +103,7 @@ enum kex_exchange {
 	KEX_ECDH_SHA2,
 	KEX_C25519_SHA256,
 	KEX_KEM_SNTRUP761X25519_SHA512,
+	KEX_KEM_MCELIECE6688128X25519_SHA512,
 	KEX_MAX
 };
 
@@ -176,6 +178,9 @@ struct kex {
 	u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */
 	u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
 	u_char sntrup761_client_key[crypto_kem_sntrup761_SECRETKEYBYTES]; /* KEM */
+#ifdef USE_MCELIECE6688128X25519
+	u_char mceliece6688128_client_key[crypto_kem_mceliece6688128_SECRETKEYBYTES]; /* KEM */
+#endif
 	struct sshbuf *client_pub;
 };
 
@@ -235,6 +240,12 @@ int	 kex_kem_sntrup761x25519_enc(struct kex *, const struct sshbuf *,
 int	 kex_kem_sntrup761x25519_dec(struct kex *, const struct sshbuf *,
     struct sshbuf **);
 
+int	 kex_kem_mceliece6688128x25519_keypair(struct kex *);
+int	 kex_kem_mceliece6688128x25519_enc(struct kex *, const struct sshbuf *,
+    struct sshbuf **, struct sshbuf **);
+int	 kex_kem_mceliece6688128x25519_dec(struct kex *, const struct sshbuf *,
+    struct sshbuf **);
+
 int	 kex_dh_keygen(struct kex *);
 int	 kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *);
 

kexgen.c

@@ -120,6 +120,9 @@ kex_gen_client(struct ssh *ssh)
 	case KEX_KEM_SNTRUP761X25519_SHA512:
 		r = kex_kem_sntrup761x25519_keypair(kex);
 		break;
+	case KEX_KEM_MCELIECE6688128X25519_SHA512:
+		r = kex_kem_mceliece6688128x25519_keypair(kex);
+		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
 		break;
@@ -192,6 +195,10 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
 		r = kex_kem_sntrup761x25519_dec(kex, server_blob,
 		    &shared_secret);
 		break;
+	case KEX_KEM_MCELIECE6688128X25519_SHA512:
+		r = kex_kem_mceliece6688128x25519_dec(kex, server_blob,
+		    &shared_secret);
+		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
 		break;
@@ -243,6 +250,10 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
 	explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key));
 	explicit_bzero(kex->sntrup761_client_key,
 	    sizeof(kex->sntrup761_client_key));
+#ifdef USE_MCELIECE6688128X25519
+	explicit_bzero(kex->mceliece6688128_client_key,
+	    sizeof(kex->mceliece6688128_client_key));
+#endif
 	sshbuf_free(server_host_key_blob);
 	free(signature);
 	sshbuf_free(tmp);
@@ -310,6 +321,10 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh)
 		r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
 		    &server_pubkey, &shared_secret);
 		break;
+	case KEX_KEM_MCELIECE6688128X25519_SHA512:
+		r = kex_kem_mceliece6688128x25519_enc(kex, client_pubkey,
+		    &server_pubkey, &shared_secret);
+		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
 		break;