diff options
Diffstat (limited to 'myproposal.h')
-rw-r--r-- | myproposal.h | 103 |
1 files changed, 76 insertions, 27 deletions
diff --git a/myproposal.h b/myproposal.h index 3a0f5aeab..b35b2b8bd 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: myproposal.h,v 1.35 2013/12/06 13:39:49 markus Exp $ */ | 1 | /* $OpenBSD: myproposal.h,v 1.41 2014/07/11 13:54:34 tedu Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -69,23 +69,28 @@ | |||
69 | #ifdef HAVE_EVP_SHA256 | 69 | #ifdef HAVE_EVP_SHA256 |
70 | # define KEX_SHA256_METHODS \ | 70 | # define KEX_SHA256_METHODS \ |
71 | "diffie-hellman-group-exchange-sha256," | 71 | "diffie-hellman-group-exchange-sha256," |
72 | #define KEX_CURVE25519_METHODS \ | ||
73 | "curve25519-sha256@libssh.org," | ||
74 | #define SHA2_HMAC_MODES \ | 72 | #define SHA2_HMAC_MODES \ |
75 | "hmac-sha2-256," \ | 73 | "hmac-sha2-256," \ |
76 | "hmac-sha2-512," | 74 | "hmac-sha2-512," |
77 | #else | 75 | #else |
78 | # define KEX_SHA256_METHODS | 76 | # define KEX_SHA256_METHODS |
79 | # define KEX_CURVE25519_METHODS | ||
80 | # define SHA2_HMAC_MODES | 77 | # define SHA2_HMAC_MODES |
81 | #endif | 78 | #endif |
82 | 79 | ||
83 | # define KEX_DEFAULT_KEX \ | 80 | #ifdef WITH_OPENSSL |
81 | # ifdef HAVE_EVP_SHA256 | ||
82 | # define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org," | ||
83 | # else | ||
84 | # define KEX_CURVE25519_METHODS "" | ||
85 | # endif | ||
86 | #define KEX_SERVER_KEX \ | ||
84 | KEX_CURVE25519_METHODS \ | 87 | KEX_CURVE25519_METHODS \ |
85 | KEX_ECDH_METHODS \ | 88 | KEX_ECDH_METHODS \ |
86 | KEX_SHA256_METHODS \ | 89 | KEX_SHA256_METHODS \ |
90 | "diffie-hellman-group14-sha1" | ||
91 | |||
92 | #define KEX_CLIENT_KEX KEX_SERVER_KEX "," \ | ||
87 | "diffie-hellman-group-exchange-sha1," \ | 93 | "diffie-hellman-group-exchange-sha1," \ |
88 | "diffie-hellman-group14-sha1," \ | ||
89 | "diffie-hellman-group1-sha1" | 94 | "diffie-hellman-group1-sha1" |
90 | 95 | ||
91 | #define KEX_DEFAULT_PK_ALG \ | 96 | #define KEX_DEFAULT_PK_ALG \ |
@@ -102,47 +107,91 @@ | |||
102 | 107 | ||
103 | /* the actual algorithms */ | 108 | /* the actual algorithms */ |
104 | 109 | ||
105 | #define KEX_DEFAULT_ENCRYPT \ | 110 | #define KEX_SERVER_ENCRYPT \ |
106 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | 111 | "aes128-ctr,aes192-ctr,aes256-ctr," \ |
107 | "arcfour256,arcfour128," \ | ||
108 | AESGCM_CIPHER_MODES \ | 112 | AESGCM_CIPHER_MODES \ |
109 | "chacha20-poly1305@openssh.com," \ | 113 | "chacha20-poly1305@openssh.com" |
114 | |||
115 | #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ | ||
116 | "arcfour256,arcfour128," \ | ||
110 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ | 117 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ |
111 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" | 118 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" |
112 | 119 | ||
113 | #define KEX_DEFAULT_MAC \ | 120 | #define KEX_SERVER_MAC \ |
114 | "hmac-md5-etm@openssh.com," \ | ||
115 | "hmac-sha1-etm@openssh.com," \ | ||
116 | "umac-64-etm@openssh.com," \ | 121 | "umac-64-etm@openssh.com," \ |
117 | "umac-128-etm@openssh.com," \ | 122 | "umac-128-etm@openssh.com," \ |
118 | "hmac-sha2-256-etm@openssh.com," \ | 123 | "hmac-sha2-256-etm@openssh.com," \ |
119 | "hmac-sha2-512-etm@openssh.com," \ | 124 | "hmac-sha2-512-etm@openssh.com," \ |
125 | "hmac-sha1-etm@openssh.com," \ | ||
126 | "umac-64@openssh.com," \ | ||
127 | "umac-128@openssh.com," \ | ||
128 | "hmac-sha2-256," \ | ||
129 | "hmac-sha2-512," \ | ||
130 | "hmac-sha1" | ||
131 | |||
132 | #define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ | ||
133 | "hmac-md5-etm@openssh.com," \ | ||
120 | "hmac-ripemd160-etm@openssh.com," \ | 134 | "hmac-ripemd160-etm@openssh.com," \ |
121 | "hmac-sha1-96-etm@openssh.com," \ | 135 | "hmac-sha1-96-etm@openssh.com," \ |
122 | "hmac-md5-96-etm@openssh.com," \ | 136 | "hmac-md5-96-etm@openssh.com," \ |
123 | "hmac-md5," \ | 137 | "hmac-md5," \ |
124 | "hmac-sha1," \ | ||
125 | "umac-64@openssh.com," \ | ||
126 | "umac-128@openssh.com," \ | ||
127 | SHA2_HMAC_MODES \ | ||
128 | "hmac-ripemd160," \ | 138 | "hmac-ripemd160," \ |
129 | "hmac-ripemd160@openssh.com," \ | 139 | "hmac-ripemd160@openssh.com," \ |
130 | "hmac-sha1-96," \ | 140 | "hmac-sha1-96," \ |
131 | "hmac-md5-96" | 141 | "hmac-md5-96" |
132 | 142 | ||
143 | #else | ||
144 | |||
145 | #define KEX_SERVER_KEX \ | ||
146 | "curve25519-sha256@libssh.org" | ||
147 | #define KEX_DEFAULT_PK_ALG \ | ||
148 | "ssh-ed25519-cert-v01@openssh.com," \ | ||
149 | "ssh-ed25519" | ||
150 | #define KEX_SERVER_ENCRYPT \ | ||
151 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | ||
152 | "chacha20-poly1305@openssh.com" | ||
153 | #define KEX_SERVER_MAC \ | ||
154 | "umac-64-etm@openssh.com," \ | ||
155 | "umac-128-etm@openssh.com," \ | ||
156 | "hmac-sha2-256-etm@openssh.com," \ | ||
157 | "hmac-sha2-512-etm@openssh.com," \ | ||
158 | "hmac-sha1-etm@openssh.com," \ | ||
159 | "umac-64@openssh.com," \ | ||
160 | "umac-128@openssh.com," \ | ||
161 | "hmac-sha2-256," \ | ||
162 | "hmac-sha2-512," \ | ||
163 | "hmac-sha1" | ||
164 | |||
165 | #define KEX_CLIENT_KEX KEX_SERVER_KEX | ||
166 | #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT | ||
167 | #define KEX_CLIENT_MAC KEX_SERVER_MAC | ||
168 | |||
169 | #endif /* WITH_OPENSSL */ | ||
170 | |||
133 | #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" | 171 | #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" |
134 | #define KEX_DEFAULT_LANG "" | 172 | #define KEX_DEFAULT_LANG "" |
135 | 173 | ||
174 | #define KEX_CLIENT \ | ||
175 | KEX_CLIENT_KEX, \ | ||
176 | KEX_DEFAULT_PK_ALG, \ | ||
177 | KEX_CLIENT_ENCRYPT, \ | ||
178 | KEX_CLIENT_ENCRYPT, \ | ||
179 | KEX_CLIENT_MAC, \ | ||
180 | KEX_CLIENT_MAC, \ | ||
181 | KEX_DEFAULT_COMP, \ | ||
182 | KEX_DEFAULT_COMP, \ | ||
183 | KEX_DEFAULT_LANG, \ | ||
184 | KEX_DEFAULT_LANG | ||
136 | 185 | ||
137 | static char *myproposal[PROPOSAL_MAX] = { | 186 | #define KEX_SERVER \ |
138 | KEX_DEFAULT_KEX, | 187 | KEX_SERVER_KEX, \ |
139 | KEX_DEFAULT_PK_ALG, | 188 | KEX_DEFAULT_PK_ALG, \ |
140 | KEX_DEFAULT_ENCRYPT, | 189 | KEX_SERVER_ENCRYPT, \ |
141 | KEX_DEFAULT_ENCRYPT, | 190 | KEX_SERVER_ENCRYPT, \ |
142 | KEX_DEFAULT_MAC, | 191 | KEX_SERVER_MAC, \ |
143 | KEX_DEFAULT_MAC, | 192 | KEX_SERVER_MAC, \ |
144 | KEX_DEFAULT_COMP, | 193 | KEX_DEFAULT_COMP, \ |
145 | KEX_DEFAULT_COMP, | 194 | KEX_DEFAULT_COMP, \ |
146 | KEX_DEFAULT_LANG, | 195 | KEX_DEFAULT_LANG, \ |
147 | KEX_DEFAULT_LANG | 196 | KEX_DEFAULT_LANG |
148 | }; | 197 | |