diff options
Diffstat (limited to 'crypto/openssh/myproposal.h')
-rw-r--r-- | crypto/openssh/myproposal.h | 115 |
1 files changed, 82 insertions, 33 deletions
diff --git a/crypto/openssh/myproposal.h b/crypto/openssh/myproposal.h index 89479e6..83fc943 100644 --- a/crypto/openssh/myproposal.h +++ b/crypto/openssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.35 2013/12/06 13:39:49 markus Exp $ */ +/* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */ /* $FreeBSD$ */ /* @@ -62,7 +62,7 @@ #ifdef OPENSSL_HAVE_EVPGCM # define AESGCM_CIPHER_MODES \ - "aes128-gcm@openssh.com,aes256-gcm@openssh.com," + ",aes128-gcm@openssh.com,aes256-gcm@openssh.com" #else # define AESGCM_CIPHER_MODES #endif @@ -70,32 +70,37 @@ #ifdef HAVE_EVP_SHA256 # define KEX_SHA256_METHODS \ "diffie-hellman-group-exchange-sha256," -#define KEX_CURVE25519_METHODS \ - "curve25519-sha256@libssh.org," #define SHA2_HMAC_MODES \ "hmac-sha2-256," \ "hmac-sha2-512," #else # define KEX_SHA256_METHODS -# define KEX_CURVE25519_METHODS # define SHA2_HMAC_MODES #endif -# define KEX_DEFAULT_KEX \ +#ifdef WITH_OPENSSL +# ifdef HAVE_EVP_SHA256 +# define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org," +# else +# define KEX_CURVE25519_METHODS "" +# endif +#define KEX_COMMON_KEX \ KEX_CURVE25519_METHODS \ KEX_ECDH_METHODS \ - KEX_SHA256_METHODS \ + KEX_SHA256_METHODS + +#define KEX_SERVER_KEX KEX_COMMON_KEX \ + "diffie-hellman-group14-sha1" \ + +#define KEX_CLIENT_KEX KEX_COMMON_KEX \ "diffie-hellman-group-exchange-sha1," \ - "diffie-hellman-group14-sha1," \ - "diffie-hellman-group1-sha1" + "diffie-hellman-group14-sha1" #define KEX_DEFAULT_PK_ALG \ HOSTKEY_ECDSA_CERT_METHODS \ "ssh-ed25519-cert-v01@openssh.com," \ "ssh-rsa-cert-v01@openssh.com," \ "ssh-dss-cert-v01@openssh.com," \ - "ssh-rsa-cert-v00@openssh.com," \ - "ssh-dss-cert-v00@openssh.com," \ HOSTKEY_ECDSA_METHODS \ "ssh-ed25519," \ "ssh-rsa," \ @@ -103,47 +108,91 @@ /* the actual algorithms */ -#define KEX_DEFAULT_ENCRYPT \ - "aes128-ctr,aes192-ctr,aes256-ctr," \ - "arcfour256,arcfour128," \ - AESGCM_CIPHER_MODES \ +#define KEX_SERVER_ENCRYPT \ "chacha20-poly1305@openssh.com," \ + "aes128-ctr,aes192-ctr,aes256-ctr" \ + AESGCM_CIPHER_MODES + +#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ + "arcfour256,arcfour128," \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" -#define KEX_DEFAULT_MAC \ - "hmac-md5-etm@openssh.com," \ - "hmac-sha1-etm@openssh.com," \ +#define KEX_SERVER_MAC \ "umac-64-etm@openssh.com," \ "umac-128-etm@openssh.com," \ "hmac-sha2-256-etm@openssh.com," \ "hmac-sha2-512-etm@openssh.com," \ + "hmac-sha1-etm@openssh.com," \ + "umac-64@openssh.com," \ + "umac-128@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512," \ + "hmac-sha1" + +#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ + "hmac-md5-etm@openssh.com," \ "hmac-ripemd160-etm@openssh.com," \ "hmac-sha1-96-etm@openssh.com," \ "hmac-md5-96-etm@openssh.com," \ "hmac-md5," \ - "hmac-sha1," \ - "umac-64@openssh.com," \ - "umac-128@openssh.com," \ - SHA2_HMAC_MODES \ "hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ "hmac-sha1-96," \ "hmac-md5-96" +#else + +#define KEX_SERVER_KEX \ + "curve25519-sha256@libssh.org" +#define KEX_DEFAULT_PK_ALG \ + "ssh-ed25519-cert-v01@openssh.com," \ + "ssh-ed25519" +#define KEX_SERVER_ENCRYPT \ + "chacha20-poly1305@openssh.com," \ + "aes128-ctr,aes192-ctr,aes256-ctr" +#define KEX_SERVER_MAC \ + "umac-64-etm@openssh.com," \ + "umac-128-etm@openssh.com," \ + "hmac-sha2-256-etm@openssh.com," \ + "hmac-sha2-512-etm@openssh.com," \ + "hmac-sha1-etm@openssh.com," \ + "umac-64@openssh.com," \ + "umac-128@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512," \ + "hmac-sha1" + +#define KEX_CLIENT_KEX KEX_SERVER_KEX +#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT +#define KEX_CLIENT_MAC KEX_SERVER_MAC + +#endif /* WITH_OPENSSL */ + #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" +#define KEX_CLIENT \ + KEX_CLIENT_KEX, \ + KEX_DEFAULT_PK_ALG, \ + KEX_CLIENT_ENCRYPT, \ + KEX_CLIENT_ENCRYPT, \ + KEX_CLIENT_MAC, \ + KEX_CLIENT_MAC, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_LANG, \ + KEX_DEFAULT_LANG -static char *myproposal[PROPOSAL_MAX] = { - KEX_DEFAULT_KEX, - KEX_DEFAULT_PK_ALG, - KEX_DEFAULT_ENCRYPT, - KEX_DEFAULT_ENCRYPT, - KEX_DEFAULT_MAC, - KEX_DEFAULT_MAC, - KEX_DEFAULT_COMP, - KEX_DEFAULT_COMP, - KEX_DEFAULT_LANG, +#define KEX_SERVER \ + KEX_SERVER_KEX, \ + KEX_DEFAULT_PK_ALG, \ + KEX_SERVER_ENCRYPT, \ + KEX_SERVER_ENCRYPT, \ + KEX_SERVER_MAC, \ + KEX_SERVER_MAC, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_LANG, \ KEX_DEFAULT_LANG -}; + |