1248619Sdes/* $OpenBSD: myproposal.h,v 1.32 2013/01/08 18:49:04 markus Exp $ */ 2224638Sbrooks/* $FreeBSD$ */ 376259Sgreen 465668Skris/* 565668Skris * Copyright (c) 2000 Markus Friedl. All rights reserved. 665668Skris * 765668Skris * Redistribution and use in source and binary forms, with or without 865668Skris * modification, are permitted provided that the following conditions 965668Skris * are met: 1065668Skris * 1. Redistributions of source code must retain the above copyright 1165668Skris * notice, this list of conditions and the following disclaimer. 1265668Skris * 2. Redistributions in binary form must reproduce the above copyright 1365668Skris * notice, this list of conditions and the following disclaimer in the 1465668Skris * documentation and/or other materials provided with the distribution. 1565668Skris * 1665668Skris * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1765668Skris * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1865668Skris * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1965668Skris * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 2065668Skris * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 2165668Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 2265668Skris * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2365668Skris * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2465668Skris * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2565668Skris * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2665668Skris */ 27162856Sdes 28162856Sdes#include <openssl/opensslv.h> 29162856Sdes 30255767Sdes/* conditional algorithm support */ 31255767Sdes 32221420Sdes#ifdef OPENSSL_HAS_ECC 33221420Sdes# define KEX_ECDH_METHODS \ 34221420Sdes "ecdh-sha2-nistp256," \ 35221420Sdes "ecdh-sha2-nistp384," \ 36221420Sdes "ecdh-sha2-nistp521," 37221420Sdes# define HOSTKEY_ECDSA_CERT_METHODS \ 38221420Sdes "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ 39221420Sdes "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ 40221420Sdes "ecdsa-sha2-nistp521-cert-v01@openssh.com," 41221420Sdes# define HOSTKEY_ECDSA_METHODS \ 42221420Sdes "ecdsa-sha2-nistp256," \ 43221420Sdes "ecdsa-sha2-nistp384," \ 44221420Sdes "ecdsa-sha2-nistp521," 45221420Sdes#else 46221420Sdes# define KEX_ECDH_METHODS 47221420Sdes# define HOSTKEY_ECDSA_CERT_METHODS 48221420Sdes# define HOSTKEY_ECDSA_METHODS 49221420Sdes#endif 50221420Sdes 51255767Sdes#ifdef OPENSSL_HAVE_EVPGCM 52255767Sdes# define AESGCM_CIPHER_MODES \ 53255767Sdes "aes128-gcm@openssh.com,aes256-gcm@openssh.com," 54255767Sdes#else 55255767Sdes# define AESGCM_CIPHER_MODES 56255767Sdes#endif 57255767Sdes 58255767Sdes#ifdef HAVE_EVP_SHA256 59221420Sdes# define KEX_SHA256_METHODS \ 60221420Sdes "diffie-hellman-group-exchange-sha256," 61255767Sdes#define SHA2_HMAC_MODES \ 62255767Sdes "hmac-sha2-256," \ 63255767Sdes "hmac-sha2-512," 64162856Sdes#else 65221420Sdes# define KEX_SHA256_METHODS 66255767Sdes# define SHA2_HMAC_MODES 67221420Sdes#endif 68221420Sdes 69221420Sdes# define KEX_DEFAULT_KEX \ 70221420Sdes KEX_ECDH_METHODS \ 71221420Sdes KEX_SHA256_METHODS \ 72162856Sdes "diffie-hellman-group-exchange-sha1," \ 73162856Sdes "diffie-hellman-group14-sha1," \ 74162856Sdes "diffie-hellman-group1-sha1" 75162856Sdes 76215116Sdes#define KEX_DEFAULT_PK_ALG \ 77221420Sdes HOSTKEY_ECDSA_CERT_METHODS \ 78221420Sdes "ssh-rsa-cert-v01@openssh.com," \ 79221420Sdes "ssh-dss-cert-v01@openssh.com," \ 80221420Sdes "ssh-rsa-cert-v00@openssh.com," \ 81221420Sdes "ssh-dss-cert-v00@openssh.com," \ 82221420Sdes HOSTKEY_ECDSA_METHODS \ 83221420Sdes "ssh-rsa," \ 84221420Sdes "ssh-dss" 85192595Sdes 86255767Sdes/* the actual algorithms */ 87255767Sdes 8869587Sgreen#define KEX_DEFAULT_ENCRYPT \ 89192595Sdes "aes128-ctr,aes192-ctr,aes256-ctr," \ 90192595Sdes "arcfour256,arcfour128," \ 91255767Sdes AESGCM_CIPHER_MODES \ 92149753Sdes "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ 93192595Sdes "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" 94224638Sbrooks#ifdef NONE_CIPHER_ENABLED 95224638Sbrooks#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \ 96224638Sbrooks ",none" 97224638Sbrooks#endif 98255767Sdes 9976259Sgreen#define KEX_DEFAULT_MAC \ 100248619Sdes "hmac-md5-etm@openssh.com," \ 101248619Sdes "hmac-sha1-etm@openssh.com," \ 102248619Sdes "umac-64-etm@openssh.com," \ 103248619Sdes "umac-128-etm@openssh.com," \ 104248619Sdes "hmac-sha2-256-etm@openssh.com," \ 105248619Sdes "hmac-sha2-512-etm@openssh.com," \ 106248619Sdes "hmac-ripemd160-etm@openssh.com," \ 107248619Sdes "hmac-sha1-96-etm@openssh.com," \ 108248619Sdes "hmac-md5-96-etm@openssh.com," \ 109226046Sdes "hmac-md5," \ 110226046Sdes "hmac-sha1," \ 111226046Sdes "umac-64@openssh.com," \ 112248619Sdes "umac-128@openssh.com," \ 113226046Sdes SHA2_HMAC_MODES \ 114226046Sdes "hmac-ripemd160," \ 11576259Sgreen "hmac-ripemd160@openssh.com," \ 116226046Sdes "hmac-sha1-96," \ 117226046Sdes "hmac-md5-96" 118226046Sdes 119149753Sdes#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" 12060573Skris#define KEX_DEFAULT_LANG "" 12160573Skris 12260573Skris 12361209Skrisstatic char *myproposal[PROPOSAL_MAX] = { 12460573Skris KEX_DEFAULT_KEX, 12560573Skris KEX_DEFAULT_PK_ALG, 12660573Skris KEX_DEFAULT_ENCRYPT, 12760573Skris KEX_DEFAULT_ENCRYPT, 12860573Skris KEX_DEFAULT_MAC, 12960573Skris KEX_DEFAULT_MAC, 13060573Skris KEX_DEFAULT_COMP, 13160573Skris KEX_DEFAULT_COMP, 13260573Skris KEX_DEFAULT_LANG, 13360573Skris KEX_DEFAULT_LANG 13460573Skris}; 135