1 /* $OpenBSD: myproposal.h,v 1.32 2013/01/08 18:49:04 markus Exp $ */
5 * Copyright (c) 2000 Markus Friedl. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include <openssl/opensslv.h>
30 #ifdef OPENSSL_HAS_ECC
31 # define KEX_ECDH_METHODS \
32 "ecdh-sha2-nistp256," \
33 "ecdh-sha2-nistp384," \
35 # define HOSTKEY_ECDSA_CERT_METHODS \
36 "ecdsa-sha2-nistp256-cert-v01@openssh.com," \
37 "ecdsa-sha2-nistp384-cert-v01@openssh.com," \
38 "ecdsa-sha2-nistp521-cert-v01@openssh.com,"
39 # define HOSTKEY_ECDSA_METHODS \
40 "ecdsa-sha2-nistp256," \
41 "ecdsa-sha2-nistp384," \
42 "ecdsa-sha2-nistp521,"
44 # define KEX_ECDH_METHODS
45 # define HOSTKEY_ECDSA_CERT_METHODS
46 # define HOSTKEY_ECDSA_METHODS
49 /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
50 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
51 # define KEX_SHA256_METHODS \
52 "diffie-hellman-group-exchange-sha256,"
54 # define KEX_SHA256_METHODS
57 # define KEX_DEFAULT_KEX \
60 "diffie-hellman-group-exchange-sha1," \
61 "diffie-hellman-group14-sha1," \
62 "diffie-hellman-group1-sha1"
64 #define KEX_DEFAULT_PK_ALG \
65 HOSTKEY_ECDSA_CERT_METHODS \
66 "ssh-rsa-cert-v01@openssh.com," \
67 "ssh-dss-cert-v01@openssh.com," \
68 "ssh-rsa-cert-v00@openssh.com," \
69 "ssh-dss-cert-v00@openssh.com," \
70 HOSTKEY_ECDSA_METHODS \
74 #define KEX_DEFAULT_ENCRYPT \
75 "aes128-ctr,aes192-ctr,aes256-ctr," \
76 "arcfour256,arcfour128," \
77 "aes128-gcm@openssh.com,aes256-gcm@openssh.com," \
78 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
79 "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
80 #ifdef NONE_CIPHER_ENABLED
81 #define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
84 #ifdef HAVE_EVP_SHA256
85 #define SHA2_HMAC_MODES \
89 # define SHA2_HMAC_MODES
91 #define KEX_DEFAULT_MAC \
92 "hmac-md5-etm@openssh.com," \
93 "hmac-sha1-etm@openssh.com," \
94 "umac-64-etm@openssh.com," \
95 "umac-128-etm@openssh.com," \
96 "hmac-sha2-256-etm@openssh.com," \
97 "hmac-sha2-512-etm@openssh.com," \
98 "hmac-ripemd160-etm@openssh.com," \
99 "hmac-sha1-96-etm@openssh.com," \
100 "hmac-md5-96-etm@openssh.com," \
103 "umac-64@openssh.com," \
104 "umac-128@openssh.com," \
107 "hmac-ripemd160@openssh.com," \
111 #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
112 #define KEX_DEFAULT_LANG ""
115 static char *myproposal[PROPOSAL_MAX] = {