Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-125889

Allow NIST hybrid KEMs in OpenSSH

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-10.2
    • rhel-10.2
    • crypto-policies
    • None
    • crypto-policies-20251126-1.git918f03d.el10
    • No
    • Low
    • 1
    • rhel-security-crypto-spades
    • 26
    • 0.2
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25November
    • Hide

      AC1) openssh server/client generated policy contains mlkem768nistp256-sha256 if and only if KEM-ECDH is in key_exchange AND P256-MLKEM768 is in group AND SHA2-256 is in hash.

      AC2) openssh server/client generated policy contains mlkem1024nistp384-sha384 if and only if KEM-ECDH is in key_exchange AND P384-MLKEM1024 is in group AND SHA2-384 is in hash.

      Note: Extend /Sanity/PQ, there is already a similat test in "OpenSSH and ML-KEM (RHEL-63068)" phase.

      AC3) All generated base policies other than FIPS (LEGACY, DEFAULT, FUTURE) for openssh client/server have mlkem768nistp256-sha256, mlkem1024nistp384-sha384 after mlkem768x25519-sha256, but before the classic ones.

      Note: This will be covered by /Sanity/retention test.

      Show
      AC1) openssh server/client generated policy contains mlkem768nistp256-sha256 if and only if KEM-ECDH is in key_exchange AND P256-MLKEM768 is in group AND SHA2-256 is in hash. AC2) openssh server/client generated policy contains mlkem1024nistp384-sha384 if and only if KEM-ECDH is in key_exchange AND P384-MLKEM1024 is in group AND SHA2-384 is in hash. Note: Extend /Sanity/PQ, there is already a similat test in "OpenSSH and ML-KEM ( RHEL-63068 )" phase. AC3) All generated base policies other than FIPS (LEGACY, DEFAULT, FUTURE) for openssh client/server have mlkem768nistp256-sha256, mlkem1024nistp384-sha384 after mlkem768x25519-sha256, but before the classic ones. Note: This will be covered by /Sanity/retention test.
    • Pass
    • None
    • Enhancement
    • Hide
      Feature, enhancement: openssh KexAlgorithm mlkem768nistp256-sha256 is enabled when crypto-policies key_exchange includes KEM-ECDH, group includes P256-MLKEM768 and hash includes SHA2-256. mlkem1024nistp384-sha384 is enabled when key_exchange includes KEM-ECDH, group includes P384-MLKEM1024 and hash includes SHA2-384
      Reason: openssh gained support for these new post-quantum hybrid key exchanges
      Result: openssh key exchanges mlkem768nistp256-sha256 and mlkem1024nistp384-sha384 are enabled by default and can be negotiated for connections in all pre-defined policies (unless NO-PQ subpolicy is in effect, then there's no change)
      Show
      Feature, enhancement: openssh KexAlgorithm mlkem768nistp256-sha256 is enabled when crypto-policies key_exchange includes KEM-ECDH, group includes P256-MLKEM768 and hash includes SHA2-256. mlkem1024nistp384-sha384 is enabled when key_exchange includes KEM-ECDH, group includes P384-MLKEM1024 and hash includes SHA2-384 Reason: openssh gained support for these new post-quantum hybrid key exchanges Result: openssh key exchanges mlkem768nistp256-sha256 and mlkem1024nistp384-sha384 are enabled by default and can be negotiated for connections in all pre-defined policies (unless NO-PQ subpolicy is in effect, then there's no change)
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      We implemented mlkem768nistp256-sha256 and mlkem1024nistp384-sha384 KEX methods in OpenSSH, we need to allow them via crypto policies

              asosedki@redhat.com Alexander Sosedkin
              dbelyavs@redhat.com Dmitry Belyavskiy
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: