qssh 0.3.0

Post-quantum secure shell with NIST PQC algorithms (Falcon, SPHINCS+, ML-KEM), configurable security tiers, and quantum-resistant protocol design
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

# Changelog

All notable changes to QSSH are documented in this file.

## [1.0.0] - 2026-01-30

### Added

- **Security Tiers (T0-T5)**: Configurable security levels based on threat model
  - T0: Classical (deprecated, for compatibility only)
  - T1: Post-Quantum algorithms
  - T2: Hardened PQ with 768-byte fixed frames (default)
  - T3: Entropy-Enhanced with QRNG
  - T4: Quantum-Secured with QKD
  - T5: Hybrid Quantum (all layers)

- **Connection Multiplexing**: Full SSH-style ControlMaster implementation
  - `create_channel()`: Proper SSH_MSG_CHANNEL_OPEN handling
  - `forward_to_channel()`: Data chunking per SSH limits
  - Graceful shutdown with cleanup
  - 11 new tests for multiplexing

- **Quantum Transport KEM**: Complete bidirectional key exchange
  - Client-side encapsulation with network transmission
  - Server-side decapsulation with proper validation
  - HKDF-SHA256 key derivation with domain separation
  - DoS protection (ciphertext size validation)

- **Session Encryption**: Production-ready session state protection
  - HKDF-based session key derivation
  - AES-256-GCM authenticated encryption
  - Proper salt and nonce generation

- **Production Documentation**: `PRODUCTION_READINESS.md`
  - Deployment guide
  - API reference
  - Security architecture
  - Troubleshooting guide

### Fixed

- **DirectTcpipChannel::into_stream()**: Returns `Result` instead of `panic!`
- **qssh-keygen**: Handles all PqAlgorithm variants (Falcon512, Falcon1024, SPHINCS+)
- **Session keys**: No longer uses placeholder zeros
- **Session state encryption**: Actually encrypts (was returning plaintext)

### Changed

- Moved Drista integration to separate repository (github.com/Paraxiom/drista)
- Renamed `quantum_native` module to `quantum_resistant` for accuracy
- Default security tier is now T2 (HardenedPQ)

### Security

- All panic! calls removed from production code paths
- Session encryption uses proper cryptographic primitives
- KEM handshake includes DoS protection
- Fixed frame sizes (768 bytes) for traffic analysis resistance

### Known Issues

- Falcon algorithm segfaults on macOS (pqcrypto library issue)
  - Workaround: Use SPHINCS+ on macOS
  - Tests pass on Linux
- Remote port forwarding (-R) partially implemented
- ProxyJump/ProxyCommand incomplete
- X11 forwarding transport mock needed

### Test Coverage

- Library: 75 tests passing, 4 ignored (macOS pqcrypto)
- Integration: 35 tests passing, 40 ignored (macOS pqcrypto)
- Total: 110 tests passing

## [0.9.0] - 2026-01-27

### Added

- Initial quantum-native transport with 768-byte frames
- SPHINCS+ and Falcon signature support
- Basic QKD integration
- Port forwarding (local and dynamic)

### Security

- Removed vulnerable Kyber algorithms (KyberSlash)
- Added replay attack protection with sequence numbers