Skip to content

Add mlkem1024nistp384-sha384 and mlkem768x25519-sha256 #869

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ejohnstown wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add mlkem1024nistp384-sha384 and mlkem768x25519-sha256 #869

ejohnstown wants to merge 2 commits into from
+454 −152

Conversation

@ejohnstown
Copy link
Contributor

@ejohnstown ejohnstown commented Jan 14, 2026
edited
Loading

  1. Add the KEX algorithms mlkem1024nistp384-sha384 and mlkem768x25519-sha256.
  2. Performed some comment and whitespace maintenance.
  3. Updated the KEX test to test any KEX given the string with its name. Added the new KEX algorithms to the test.

This solves issue #757.

@ejohnstown ejohnstown mentioned this pull request Jan 14, 2026
Open
@ejohnstown ejohnstown self-assigned this Jan 14, 2026
@ejohnstown ejohnstown force-pushed the draft-ietf-sshm-mlkem-hybrid-kex branch from e096fc7 to f655529 Compare January 14, 2026 01:05
@ejohnstown ejohnstown requested a review from Copilot January 14, 2026 01:10
Copilot AI reviewed Jan 14, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds support for two new ML-KEM (post-quantum) hybrid key exchange algorithms to wolfSSH: mlkem1024nistp384-sha384 and mlkem768x25519-sha256. These algorithms combine traditional elliptic curve cryptography with post-quantum ML-KEM for enhanced security against future quantum computing threats.

Changes:

  • Added support for two new hybrid KEX algorithms combining ML-KEM with traditional elliptic curves
  • Refactored the KEX test infrastructure to accept algorithm names as parameters
  • Updated documentation and comments for the new algorithms

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 7 comments.

File Description
wolfssh/internal.h Added conditional compilation flags, algorithm IDs, buffer size updates, and HandshakeInfo bitfield for the new ML-KEM algorithms
src/internal.c Implemented client and server key agreement logic for the new algorithms, updated algorithm name mappings, hash functions, and prime curve lookups
src/ssh.c Updated display text for ML-KEM algorithm identification
tests/kex.c Refactored test to be algorithm-agnostic and added tests for the two new KEX algorithms

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

anhu and others added 2 commits January 13, 2026 21:54
@anhu @ejohnstown
mlkem1024nistp384-sha384 mlkem768x25519-sha256
d5d02ae
@ejohnstown
Add ML-KEM with Curve25519 and NISTp384
303cafc 
1. Reorganize the KEX test to allow for testing any KEX algorithm. Add test
   cases for the new algorithms to the KEX test.
2. Reorder the cannedKexAlgoNames with the ML-KEM algos first.
3. Add the new algos to wolfSSH_GetText().
4. Add comments and whitespace cleanup.
@ejohnstown ejohnstown force-pushed the draft-ietf-sshm-mlkem-hybrid-kex branch from f655529 to 303cafc Compare January 14, 2026 05:57
@ejohnstown ejohnstown requested a review from Copilot January 14, 2026 06:00
Copilot AI reviewed Jan 14, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ejohnstown ejohnstown assigned wolfSSL-Bot and unassigned ejohnstown Jan 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JacobBarthelmeh JacobBarthelmeh Awaiting requested review from JacobBarthelmeh

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ejohnstown @wolfSSL-Bot @anhu