1251875Speter/* $OpenBSD: myproposal.h,v 1.71 2022/03/30 21:13:23 djm Exp $ */ 2251875Speter 3251875Speter/* 4251875Speter * Copyright (c) 2000 Markus Friedl. All rights reserved. 5251875Speter * 6251875Speter * Redistribution and use in source and binary forms, with or without 7251875Speter * modification, are permitted provided that the following conditions 8251875Speter * are met: 9251875Speter * 1. Redistributions of source code must retain the above copyright 10251875Speter * notice, this list of conditions and the following disclaimer. 11251875Speter * 2. Redistributions in binary form must reproduce the above copyright 12251875Speter * notice, this list of conditions and the following disclaimer in the 13251875Speter * documentation and/or other materials provided with the distribution. 14251875Speter * 15251875Speter * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16251875Speter * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17251875Speter * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18251875Speter * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19251875Speter * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20251875Speter * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21251875Speter * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22251875Speter * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23251875Speter * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24251875Speter * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25251875Speter */ 26251875Speter 27251875Speter#define KEX_SERVER_KEX \ 28251875Speter "sntrup761x25519-sha512@openssh.com," \ 29251875Speter "curve25519-sha256," \ 30251875Speter "curve25519-sha256@libssh.org," \ 31251875Speter "ecdh-sha2-nistp256," \ 32251875Speter "ecdh-sha2-nistp384," \ 33251875Speter "ecdh-sha2-nistp521," \ 34251875Speter "diffie-hellman-group-exchange-sha256," \ 35251875Speter "diffie-hellman-group16-sha512," \ 36251875Speter "diffie-hellman-group18-sha512," \ 37251875Speter "diffie-hellman-group14-sha256" 38251875Speter 39251875Speter#define KEX_CLIENT_KEX KEX_SERVER_KEX 40251875Speter 41251875Speter#define KEX_DEFAULT_PK_ALG \ 42251875Speter "ssh-ed25519-cert-v01@openssh.com," \ 43251875Speter "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ 44251875Speter "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ 45251875Speter "ecdsa-sha2-nistp521-cert-v01@openssh.com," \ 46251875Speter "sk-ssh-ed25519-cert-v01@openssh.com," \ 47251875Speter "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \ 48251875Speter "rsa-sha2-512-cert-v01@openssh.com," \ 49251875Speter "rsa-sha2-256-cert-v01@openssh.com," \ 50251875Speter "ssh-ed25519," \ 51251875Speter "ecdsa-sha2-nistp256," \ 52251875Speter "ecdsa-sha2-nistp384," \ 53251875Speter "ecdsa-sha2-nistp521," \ 54251875Speter "sk-ssh-ed25519@openssh.com," \ 55251875Speter "sk-ecdsa-sha2-nistp256@openssh.com," \ 56251875Speter "rsa-sha2-512," \ 57251875Speter "rsa-sha2-256" 58251875Speter 59251875Speter#define KEX_SERVER_ENCRYPT \ 60251875Speter "chacha20-poly1305@openssh.com," \ 61251875Speter "aes128-ctr,aes192-ctr,aes256-ctr," \ 62251875Speter "aes128-gcm@openssh.com,aes256-gcm@openssh.com" 63251875Speter 64251875Speter#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT 65251875Speter 66251875Speter#define KEX_SERVER_MAC \ 67251875Speter "umac-64-etm@openssh.com," \ 68251875Speter "umac-128-etm@openssh.com," \ 69251875Speter "hmac-sha2-256-etm@openssh.com," \ 70251875Speter "hmac-sha2-512-etm@openssh.com," \ 71251875Speter "hmac-sha1-etm@openssh.com," \ 72251875Speter "umac-64@openssh.com," \ 73251875Speter "umac-128@openssh.com," \ 74251875Speter "hmac-sha2-256," \ 75251875Speter "hmac-sha2-512," \ 76251875Speter "hmac-sha1" 77251875Speter 78251875Speter#define KEX_CLIENT_MAC KEX_SERVER_MAC 79251875Speter 80251875Speter/* Not a KEX value, but here so all the algorithm defaults are together */ 81251875Speter#define SSH_ALLOWED_CA_SIGALGS \ 82251875Speter "ssh-ed25519," \ 83251875Speter "ecdsa-sha2-nistp256," \ 84251875Speter "ecdsa-sha2-nistp384," \ 85251875Speter "ecdsa-sha2-nistp521," \ 86251875Speter "sk-ssh-ed25519@openssh.com," \ 87251875Speter "sk-ecdsa-sha2-nistp256@openssh.com," \ 88251875Speter "rsa-sha2-512," \ 89251875Speter "rsa-sha2-256" 90251875Speter 91251875Speter#define KEX_DEFAULT_COMP "none,zlib@openssh.com" 92251875Speter#define KEX_DEFAULT_LANG "" 93251875Speter 94251875Speter#define KEX_CLIENT \ 95251875Speter KEX_CLIENT_KEX, \ 96251875Speter KEX_DEFAULT_PK_ALG, \ 97251875Speter KEX_CLIENT_ENCRYPT, \ 98251875Speter KEX_CLIENT_ENCRYPT, \ 99251875Speter KEX_CLIENT_MAC, \ 100251875Speter KEX_CLIENT_MAC, \ 101251875Speter KEX_DEFAULT_COMP, \ 102251875Speter KEX_DEFAULT_COMP, \ 103251875Speter KEX_DEFAULT_LANG, \ 104251875Speter KEX_DEFAULT_LANG 105251875Speter 106251875Speter#define KEX_SERVER \ 107251875Speter KEX_SERVER_KEX, \ 108251875Speter KEX_DEFAULT_PK_ALG, \ 109251875Speter KEX_SERVER_ENCRYPT, \ 110251875Speter KEX_SERVER_ENCRYPT, \ 111251875Speter KEX_SERVER_MAC, \ 112251875Speter KEX_SERVER_MAC, \ 113251875Speter KEX_DEFAULT_COMP, \ 114251875Speter KEX_DEFAULT_COMP, \ 115251875Speter KEX_DEFAULT_LANG, \ 116251875Speter KEX_DEFAULT_LANG 117251875Speter