Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 8deed3863330758e290ad0f81d14aef1362e508e / . / myproposal.h
blob: 5312e60581ced928a6766677bf46f2772174c71e [file] [log] [blame]
djm@openbsd.orgc3368a52020-01-24 00:28:57 +0000[diff] [blame]1/* $OpenBSD: myproposal.h,v 1.67 2020/01/24 00:28:57 djm Exp $ */
Ben Lindstrom36579d32001-01-29 07:39:26 +0000[diff] [blame]2
Damien Millere4340be2000-09-16 13:29:08 +1100[diff] [blame]3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
Tim Rice425a6882006-03-15 20:17:05 -0800[diff] [blame]26
dtucker@openbsd.orgc4b3a122020-01-23 02:46:49 +0000[diff] [blame]27#define KEX_SERVER_KEX \
28 "curve25519-sha256," \
29 "curve25519-sha256@libssh.org," \
Damien Millereb8b60e2010-08-31 22:41:14 +1000[diff] [blame]30 "ecdh-sha2-nistp256," \
31 "ecdh-sha2-nistp384," \
dtucker@openbsd.orgc4b3a122020-01-23 02:46:49 +0000[diff] [blame]32 "ecdh-sha2-nistp521," \
djm@openbsd.org0e8eeec2016-05-02 10:26:04 +0000[diff] [blame]33 "diffie-hellman-group-exchange-sha256," \
34 "diffie-hellman-group16-sha512," \
dtucker@openbsd.orgc4b3a122020-01-23 02:46:49 +0000[diff] [blame]35 "diffie-hellman-group18-sha512," \
36 "diffie-hellman-group14-sha256"
Tim Rice425a6882006-03-15 20:17:05 -0800[diff] [blame]37
djm@openbsd.org9b611302019-02-23 08:20:43 +0000[diff] [blame]38#define KEX_CLIENT_KEX KEX_SERVER_KEX
39
Damien Miller4e270b02010-04-16 15:56:21 +1000[diff] [blame]40#define KEX_DEFAULT_PK_ALG \
dtucker@openbsd.orgc4b3a122020-01-23 02:46:49 +0000[diff] [blame]41 "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
42 "ecdsa-sha2-nistp384-cert-v01@openssh.com," \
43 "ecdsa-sha2-nistp521-cert-v01@openssh.com," \
44 "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \
Damien Miller5be9d9e2013-12-07 11:24:01 +1100[diff] [blame]45 "ssh-ed25519-cert-v01@openssh.com," \
djm@openbsd.org56584cc2019-12-15 18:57:30 +0000[diff] [blame]46 "sk-ssh-ed25519-cert-v01@openssh.com," \
djm@openbsd.org4ba0d542018-07-03 11:39:54 +0000[diff] [blame]47 "rsa-sha2-512-cert-v01@openssh.com," \
48 "rsa-sha2-256-cert-v01@openssh.com," \
Damien Millereb8b60e2010-08-31 22:41:14 +1000[diff] [blame]49 "ssh-rsa-cert-v01@openssh.com," \
dtucker@openbsd.orgc4b3a122020-01-23 02:46:49 +0000[diff] [blame]50 "ecdsa-sha2-nistp256," \
51 "ecdsa-sha2-nistp384," \
52 "ecdsa-sha2-nistp521," \
53 "sk-ecdsa-sha2-nistp256@openssh.com," \
Damien Miller5be9d9e2013-12-07 11:24:01 +1100[diff] [blame]54 "ssh-ed25519," \
djm@openbsd.org56584cc2019-12-15 18:57:30 +0000[diff] [blame]55 "sk-ssh-ed25519@openssh.com," \
markus@openbsd.org76c9fbb2015-12-04 16:41:28 +0000[diff] [blame]56 "rsa-sha2-512," \
markus@openbsd.org3da893f2015-12-05 20:53:21 +0000[diff] [blame]57 "rsa-sha2-256," \
markus@openbsd.org76c9fbb2015-12-04 16:41:28 +0000[diff] [blame]58 "ssh-rsa"
Damien Miller67081b52009-01-28 16:33:31 +1100[diff] [blame]59
dtucker@openbsd.orgc4b3a122020-01-23 02:46:49 +0000[diff] [blame]60#define KEX_SERVER_ENCRYPT \
djm@openbsd.orga22b9ef2015-03-24 09:17:21 +0000[diff] [blame]61 "chacha20-poly1305@openssh.com," \
dtucker@openbsd.orgc4b3a122020-01-23 02:46:49 +0000[diff] [blame]62 "aes128-ctr,aes192-ctr,aes256-ctr," \
63 "aes128-gcm@openssh.com,aes256-gcm@openssh.com"
Damien Miller9235a032014-04-20 13:17:20 +1000[diff] [blame]64
djm@openbsd.org70c12182017-05-07 23:13:42 +0000[diff] [blame]65#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
Darren Tuckerb8ae92d2013-06-11 12:10:02 +1000[diff] [blame]66
dtucker@openbsd.orgc4b3a122020-01-23 02:46:49 +0000[diff] [blame]67#define KEX_SERVER_MAC \
Damien Milleraf43a7a2012-12-12 10:46:31 +1100[diff] [blame]68 "umac-64-etm@openssh.com," \
69 "umac-128-etm@openssh.com," \
70 "hmac-sha2-256-etm@openssh.com," \
71 "hmac-sha2-512-etm@openssh.com," \
Damien Miller6262d762014-07-17 09:52:07 +1000[diff] [blame]72 "hmac-sha1-etm@openssh.com," \
Damien Miller9235a032014-04-20 13:17:20 +1000[diff] [blame]73 "umac-64@openssh.com," \
74 "umac-128@openssh.com," \
75 "hmac-sha2-256," \
Damien Miller6262d762014-07-17 09:52:07 +1000[diff] [blame]76 "hmac-sha2-512," \
77 "hmac-sha1"
Damien Miller9235a032014-04-20 13:17:20 +1000[diff] [blame]78
djm@openbsd.org714e3672016-02-09 05:30:04 +0000[diff] [blame]79#define KEX_CLIENT_MAC KEX_SERVER_MAC
Damien Miller20bd4532011-08-06 06:17:30 +1000[diff] [blame]80
djm@openbsd.org4cc259b2018-09-12 01:34:02 +0000[diff] [blame]81/* Not a KEX value, but here so all the algorithm defaults are together */
82#define SSH_ALLOWED_CA_SIGALGS \
dtucker@openbsd.orgc4b3a122020-01-23 02:46:49 +0000[diff] [blame]83 "ecdsa-sha2-nistp256," \
84 "ecdsa-sha2-nistp384," \
85 "ecdsa-sha2-nistp521," \
86 "sk-ecdsa-sha2-nistp256@openssh.com," \
djm@openbsd.org4cc259b2018-09-12 01:34:02 +0000[diff] [blame]87 "ssh-ed25519," \
djm@openbsd.org75f7f222019-12-10 22:43:19 +0000[diff] [blame]88 "sk-ssh-ed25519@openssh.com," \
djm@openbsd.org4cc259b2018-09-12 01:34:02 +0000[diff] [blame]89 "rsa-sha2-512," \
djm@openbsd.orgc3368a52020-01-24 00:28:57 +0000[diff] [blame]90 "rsa-sha2-256"
djm@openbsd.org4cc259b2018-09-12 01:34:02 +0000[diff] [blame]91
djm@openbsd.org0082fba2016-09-28 16:33:06 +0000[diff] [blame]92#define KEX_DEFAULT_COMP "none,zlib@openssh.com"
Damien Miller1383bd82000-04-06 12:32:37 +1000[diff] [blame]93#define KEX_DEFAULT_LANG ""
94
Damien Miller9235a032014-04-20 13:17:20 +1000[diff] [blame]95#define KEX_CLIENT \
96 KEX_CLIENT_KEX, \
97 KEX_DEFAULT_PK_ALG, \
98 KEX_CLIENT_ENCRYPT, \
99 KEX_CLIENT_ENCRYPT, \
100 KEX_CLIENT_MAC, \
101 KEX_CLIENT_MAC, \
102 KEX_DEFAULT_COMP, \
103 KEX_DEFAULT_COMP, \
104 KEX_DEFAULT_LANG, \
Damien Miller1383bd82000-04-06 12:32:37 +1000[diff] [blame]105 KEX_DEFAULT_LANG
Damien Miller9235a032014-04-20 13:17:20 +1000[diff] [blame]106
107#define KEX_SERVER \
108 KEX_SERVER_KEX, \
109 KEX_DEFAULT_PK_ALG, \
110 KEX_SERVER_ENCRYPT, \
111 KEX_SERVER_ENCRYPT, \
112 KEX_SERVER_MAC, \
113 KEX_SERVER_MAC, \
114 KEX_DEFAULT_COMP, \
115 KEX_DEFAULT_COMP, \
116 KEX_DEFAULT_LANG, \
117 KEX_DEFAULT_LANG