diff options
Diffstat (limited to 'myproposal.h')
| -rw-r--r-- | myproposal.h | 69 |
1 files changed, 42 insertions, 27 deletions
diff --git a/myproposal.h b/myproposal.h index 3a0f5aeab..94d6f7061 100644 --- a/myproposal.h +++ b/myproposal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: myproposal.h,v 1.35 2013/12/06 13:39:49 markus Exp $ */ | 1 | /* $OpenBSD: myproposal.h,v 1.38 2014/03/27 23:01:27 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| @@ -69,23 +69,22 @@ | |||
| 69 | #ifdef HAVE_EVP_SHA256 | 69 | #ifdef HAVE_EVP_SHA256 |
| 70 | # define KEX_SHA256_METHODS \ | 70 | # define KEX_SHA256_METHODS \ |
| 71 | "diffie-hellman-group-exchange-sha256," | 71 | "diffie-hellman-group-exchange-sha256," |
| 72 | #define KEX_CURVE25519_METHODS \ | ||
| 73 | "curve25519-sha256@libssh.org," | ||
| 74 | #define SHA2_HMAC_MODES \ | 72 | #define SHA2_HMAC_MODES \ |
| 75 | "hmac-sha2-256," \ | 73 | "hmac-sha2-256," \ |
| 76 | "hmac-sha2-512," | 74 | "hmac-sha2-512," |
| 77 | #else | 75 | #else |
| 78 | # define KEX_SHA256_METHODS | 76 | # define KEX_SHA256_METHODS |
| 79 | # define KEX_CURVE25519_METHODS | ||
| 80 | # define SHA2_HMAC_MODES | 77 | # define SHA2_HMAC_MODES |
| 81 | #endif | 78 | #endif |
| 82 | 79 | ||
| 83 | # define KEX_DEFAULT_KEX \ | 80 | #define KEX_SERVER_KEX \ |
| 84 | KEX_CURVE25519_METHODS \ | 81 | "curve25519-sha256@libssh.org," \ |
| 85 | KEX_ECDH_METHODS \ | 82 | KEX_ECDH_METHODS \ |
| 86 | KEX_SHA256_METHODS \ | 83 | KEX_SHA256_METHODS \ |
| 84 | "diffie-hellman-group14-sha1" | ||
| 85 | |||
| 86 | #define KEX_CLIENT_KEX KEX_SERVER_KEX "," \ | ||
| 87 | "diffie-hellman-group-exchange-sha1," \ | 87 | "diffie-hellman-group-exchange-sha1," \ |
| 88 | "diffie-hellman-group14-sha1," \ | ||
| 89 | "diffie-hellman-group1-sha1" | 88 | "diffie-hellman-group1-sha1" |
| 90 | 89 | ||
| 91 | #define KEX_DEFAULT_PK_ALG \ | 90 | #define KEX_DEFAULT_PK_ALG \ |
| @@ -102,29 +101,34 @@ | |||
| 102 | 101 | ||
| 103 | /* the actual algorithms */ | 102 | /* the actual algorithms */ |
| 104 | 103 | ||
| 105 | #define KEX_DEFAULT_ENCRYPT \ | 104 | #define KEX_SERVER_ENCRYPT \ |
| 106 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | 105 | "aes128-ctr,aes192-ctr,aes256-ctr," \ |
| 107 | "arcfour256,arcfour128," \ | ||
| 108 | AESGCM_CIPHER_MODES \ | 106 | AESGCM_CIPHER_MODES \ |
| 109 | "chacha20-poly1305@openssh.com," \ | 107 | "chacha20-poly1305@openssh.com" |
| 108 | |||
| 109 | #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ | ||
| 110 | "arcfour256,arcfour128," \ | ||
| 110 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ | 111 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ |
| 111 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" | 112 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" |
| 112 | 113 | ||
| 113 | #define KEX_DEFAULT_MAC \ | 114 | #define KEX_SERVER_MAC \ |
| 114 | "hmac-md5-etm@openssh.com," \ | ||
| 115 | "hmac-sha1-etm@openssh.com," \ | ||
| 116 | "umac-64-etm@openssh.com," \ | 115 | "umac-64-etm@openssh.com," \ |
| 117 | "umac-128-etm@openssh.com," \ | 116 | "umac-128-etm@openssh.com," \ |
| 118 | "hmac-sha2-256-etm@openssh.com," \ | 117 | "hmac-sha2-256-etm@openssh.com," \ |
| 119 | "hmac-sha2-512-etm@openssh.com," \ | 118 | "hmac-sha2-512-etm@openssh.com," \ |
| 119 | "umac-64@openssh.com," \ | ||
| 120 | "umac-128@openssh.com," \ | ||
| 121 | "hmac-sha2-256," \ | ||
| 122 | "hmac-sha2-512" | ||
| 123 | |||
| 124 | #define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ | ||
| 125 | "hmac-md5-etm@openssh.com," \ | ||
| 126 | "hmac-sha1-etm@openssh.com," \ | ||
| 120 | "hmac-ripemd160-etm@openssh.com," \ | 127 | "hmac-ripemd160-etm@openssh.com," \ |
| 121 | "hmac-sha1-96-etm@openssh.com," \ | 128 | "hmac-sha1-96-etm@openssh.com," \ |
| 122 | "hmac-md5-96-etm@openssh.com," \ | 129 | "hmac-md5-96-etm@openssh.com," \ |
| 123 | "hmac-md5," \ | 130 | "hmac-md5," \ |
| 124 | "hmac-sha1," \ | 131 | "hmac-sha1," \ |
| 125 | "umac-64@openssh.com," \ | ||
| 126 | "umac-128@openssh.com," \ | ||
| 127 | SHA2_HMAC_MODES \ | ||
| 128 | "hmac-ripemd160," \ | 132 | "hmac-ripemd160," \ |
| 129 | "hmac-ripemd160@openssh.com," \ | 133 | "hmac-ripemd160@openssh.com," \ |
| 130 | "hmac-sha1-96," \ | 134 | "hmac-sha1-96," \ |
| @@ -133,16 +137,27 @@ | |||
| 133 | #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" | 137 | #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" |
| 134 | #define KEX_DEFAULT_LANG "" | 138 | #define KEX_DEFAULT_LANG "" |
| 135 | 139 | ||
| 140 | #define KEX_CLIENT \ | ||
| 141 | KEX_CLIENT_KEX, \ | ||
| 142 | KEX_DEFAULT_PK_ALG, \ | ||
| 143 | KEX_CLIENT_ENCRYPT, \ | ||
| 144 | KEX_CLIENT_ENCRYPT, \ | ||
| 145 | KEX_CLIENT_MAC, \ | ||
| 146 | KEX_CLIENT_MAC, \ | ||
| 147 | KEX_DEFAULT_COMP, \ | ||
| 148 | KEX_DEFAULT_COMP, \ | ||
| 149 | KEX_DEFAULT_LANG, \ | ||
| 150 | KEX_DEFAULT_LANG | ||
| 136 | 151 | ||
| 137 | static char *myproposal[PROPOSAL_MAX] = { | 152 | #define KEX_SERVER \ |
| 138 | KEX_DEFAULT_KEX, | 153 | KEX_SERVER_KEX, \ |
| 139 | KEX_DEFAULT_PK_ALG, | 154 | KEX_DEFAULT_PK_ALG, \ |
| 140 | KEX_DEFAULT_ENCRYPT, | 155 | KEX_SERVER_ENCRYPT, \ |
| 141 | KEX_DEFAULT_ENCRYPT, | 156 | KEX_SERVER_ENCRYPT, \ |
| 142 | KEX_DEFAULT_MAC, | 157 | KEX_SERVER_MAC, \ |
| 143 | KEX_DEFAULT_MAC, | 158 | KEX_SERVER_MAC, \ |
| 144 | KEX_DEFAULT_COMP, | 159 | KEX_DEFAULT_COMP, \ |
| 145 | KEX_DEFAULT_COMP, | 160 | KEX_DEFAULT_COMP, \ |
| 146 | KEX_DEFAULT_LANG, | 161 | KEX_DEFAULT_LANG, \ |
| 147 | KEX_DEFAULT_LANG | 162 | KEX_DEFAULT_LANG |
| 148 | }; | 163 | |