diff options
| author | Nicola Murino <nicola.murino@gmail.com> | 2025-08-24 10:53:36 +0200 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2025-08-26 00:42:33 -0700 |
| commit | 8f580defa01dec23898d3cd27f6369cdcc62f71f (patch) | |
| tree | 9206ee7b2359fbc0d2351bd3219d1e0b53e0596c /ssh | |
| parent | a4d1237429d6056ef197b0b911b8b9d7dca8ecf6 (diff) | |
| download | go-x-crypto-8f580defa01dec23898d3cd27f6369cdcc62f71f.tar.xz | |
ssh: remove Go 1.24 build tag for ML-KEM kex
Change-Id: Ia77ad1b6fef9919ab100fb10c42231725eb81c12
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/698775
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Diffstat (limited to 'ssh')
| -rw-r--r-- | ssh/common.go | 2 | ||||
| -rw-r--r-- | ssh/kex.go | 1 | ||||
| -rw-r--r-- | ssh/mlkem.go | 15 |
3 files changed, 3 insertions, 15 deletions
diff --git a/ssh/common.go b/ssh/common.go index f2ec089..8bfad16 100644 --- a/ssh/common.go +++ b/ssh/common.go @@ -83,6 +83,7 @@ var ( // supportedKexAlgos specifies key-exchange algorithms implemented by this // package in preference order, excluding those with security issues. supportedKexAlgos = []string{ + KeyExchangeMLKEM768X25519, KeyExchangeCurve25519, KeyExchangeECDHP256, KeyExchangeECDHP384, @@ -94,6 +95,7 @@ var ( // defaultKexAlgos specifies the default preference for key-exchange // algorithms in preference order. defaultKexAlgos = []string{ + KeyExchangeMLKEM768X25519, KeyExchangeCurve25519, KeyExchangeECDHP256, KeyExchangeECDHP384, @@ -438,6 +438,7 @@ func init() { kexAlgoMap[keyExchangeCurve25519LibSSH] = &curve25519sha256{} kexAlgoMap[InsecureKeyExchangeDHGEXSHA1] = &dhGEXSHA{hashFunc: crypto.SHA1} kexAlgoMap[KeyExchangeDHGEXSHA256] = &dhGEXSHA{hashFunc: crypto.SHA256} + kexAlgoMap[KeyExchangeMLKEM768X25519] = &mlkem768WithCurve25519sha256{} } // curve25519sha256 implements the curve25519-sha256 (formerly known as diff --git a/ssh/mlkem.go b/ssh/mlkem.go index 657e107..ddc0ed1 100644 --- a/ssh/mlkem.go +++ b/ssh/mlkem.go @@ -2,8 +2,6 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build go1.24 - package ssh import ( @@ -13,23 +11,10 @@ import ( "errors" "fmt" "io" - "runtime" - "slices" "golang.org/x/crypto/curve25519" ) -func init() { - // After Go 1.24rc1 mlkem swapped the order of return values of Encapsulate. - // See #70950. - if runtime.Version() == "go1.24rc1" { - return - } - supportedKexAlgos = slices.Insert(supportedKexAlgos, 0, KeyExchangeMLKEM768X25519) - defaultKexAlgos = slices.Insert(defaultKexAlgos, 0, KeyExchangeMLKEM768X25519) - kexAlgoMap[KeyExchangeMLKEM768X25519] = &mlkem768WithCurve25519sha256{} -} - // mlkem768WithCurve25519sha256 implements the hybrid ML-KEM768 with // curve25519-sha256 key exchange method, as described by // draft-kampanakis-curdle-ssh-pq-ke-05 section 2.3.3. |