annotate sysoptions.h @ 801:7dcb46da72d9 ecc

merge in HEAD
author Matt Johnston <matt@ucc.asn.au>
date Tue, 21 May 2013 12:09:35 +0800
parents 7f604f9b3756 e76614145aea
children 4095b6d7c9fc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*******************************************************************
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * You shouldn't edit this file unless you know you need to.
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 * This file is only included from options.h
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 *******************************************************************/
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 #ifndef DROPBEAR_VERSION
786
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 785
diff changeset
7 #define DROPBEAR_VERSION "2013.58"
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 #define PROGNAME "dropbear"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 /* Spec recommends after one hour or 1 gigabyte of data. One hour
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * is a bit too verbose, so we try 8 hours */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 #ifndef KEX_REKEY_TIMEOUT
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 #define KEX_REKEY_TIMEOUT (3600 * 8)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 #ifndef KEX_REKEY_DATA
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 #ifndef AUTH_TIMEOUT
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25
746
465fefc4f6e0 Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents: 745
diff changeset
26 /* A client should try and send an initial key exchange packet guessing
465fefc4f6e0 Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents: 745
diff changeset
27 * the algorithm that will match - saves a round trip connecting, has little
465fefc4f6e0 Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents: 745
diff changeset
28 * overhead if the guess was "wrong". */
465fefc4f6e0 Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents: 745
diff changeset
29 #define USE_KEX_FIRST_FOLLOWS
465fefc4f6e0 Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents: 745
diff changeset
30 /* Use protocol extension to allow "first follows" to succeed more frequently.
465fefc4f6e0 Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents: 745
diff changeset
31 * This is currently Dropbear-specific but will gracefully fallback when connecting
465fefc4f6e0 Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents: 745
diff changeset
32 * to other implementations. */
465fefc4f6e0 Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents: 745
diff changeset
33 #define USE_KEXGUESS2
465fefc4f6e0 Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents: 745
diff changeset
34
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 /* Minimum key sizes for DSS and RSA */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 #ifndef MIN_DSS_KEYLEN
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 #define MIN_DSS_KEYLEN 512
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 #ifndef MIN_RSA_KEYLEN
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40 #define MIN_RSA_KEYLEN 512
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43 #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44 #define MAX_BANNER_LINES 20 /* How many lines the client will display */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 * the clearenv() function */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 #define ENV_SIZE 100
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50 #define MAX_CMD_LEN 1024 /* max length of a command */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 #define MAX_TERM_LEN 200 /* max length of TERM name */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57 ipv4 and ipv6 don't count twice */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 /* Each port might have at least a v4 and a v6 address */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 #define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
61
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62 #define _PATH_TTY "/dev/tty"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 #define _PATH_CP "/bin/cp"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65
722
4a274f47eabd Add ~. and ~^Z handling to exit/suspend dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 718
diff changeset
66 #define DROPBEAR_ESCAPE_CHAR '~'
4a274f47eabd Add ~. and ~^Z handling to exit/suspend dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 718
diff changeset
67
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 /* success/failure defines */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 #define DROPBEAR_SUCCESS 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70 #define DROPBEAR_FAILURE -1
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 /* Required for pubkey auth */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73 #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 #define DROPBEAR_SIGNKEY_VERIFY
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
77 #define SHA1_HASH_SIZE 20
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
78 #define MD5_HASH_SIZE 16
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
79
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
80 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
762
a78a38e402d1 - Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents: 761
diff changeset
81 #define MAX_IV_LEN 20 /* must be same as max blocksize, */
715
cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents: 710
diff changeset
82
679
03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents: 668
diff changeset
83 #if defined(DROPBEAR_SHA2_512_HMAC)
715
cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents: 710
diff changeset
84 #define MAX_MAC_LEN 64
679
03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents: 668
diff changeset
85 #elif defined(DROPBEAR_SHA2_256_HMAC)
715
cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents: 710
diff changeset
86 #define MAX_MAC_LEN 32
679
03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents: 668
diff changeset
87 #else
715
cd3d3c63d189 Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents: 710
diff changeset
88 #define MAX_MAC_LEN 20
679
03073a27abb3 - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents: 668
diff changeset
89 #endif
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
90
755
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents: 722
diff changeset
91 #if defined(DROPBEAR_ECDH) || defined (DROPBEAR_ECDSA)
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents: 722
diff changeset
92 #define DROPBEAR_ECC
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents: 722
diff changeset
93 #endif
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents: 722
diff changeset
94
756
bf9dc2d9c2b1 more bits on ecc branch
Matt Johnston <matt@ucc.asn.au>
parents: 755
diff changeset
95 #ifdef DROPBEAR_ECC
bf9dc2d9c2b1 more bits on ecc branch
Matt Johnston <matt@ucc.asn.au>
parents: 755
diff changeset
96 #define DROPBEAR_ECC_256
bf9dc2d9c2b1 more bits on ecc branch
Matt Johnston <matt@ucc.asn.au>
parents: 755
diff changeset
97 #define DROPBEAR_ECC_384
bf9dc2d9c2b1 more bits on ecc branch
Matt Johnston <matt@ucc.asn.au>
parents: 755
diff changeset
98 #define DROPBEAR_ECC_521
bf9dc2d9c2b1 more bits on ecc branch
Matt Johnston <matt@ucc.asn.au>
parents: 755
diff changeset
99 #endif
bf9dc2d9c2b1 more bits on ecc branch
Matt Johnston <matt@ucc.asn.au>
parents: 755
diff changeset
100
761
ac2158e3e403 ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents: 759
diff changeset
101 #ifdef DROPBEAR_ECC
ac2158e3e403 ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents: 759
diff changeset
102 #define DROPBEAR_LTC_PRNG
ac2158e3e403 ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents: 759
diff changeset
103 #endif
ac2158e3e403 ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents: 759
diff changeset
104
759
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
105 // hashes which will be linked and registered
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
106 #if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256)
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
107 #define DROPBEAR_SHA256
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
108 #endif
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
109 #if defined(DROPBEAR_ECC_384)
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
110 #define DROPBEAR_SHA384
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
111 #endif
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
112 #if defined(DROPBEAR_SHA2_512_HMAC) || defined(DROPBEAR_ECC_521)
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
113 #define DROPBEAR_SHA512
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
114 #endif
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
115 #if defined(DROPBEAR_MD5_HMAC)
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
116 #define DROPBEAR_MD5
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
117 #endif
76fba0856749 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents: 756
diff changeset
118
755
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents: 722
diff changeset
119 // roughly 2x 521 bits
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents: 722
diff changeset
120 #define MAX_ECC_SIZE 140
b07eb3dc23ec refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents: 722
diff changeset
121
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
122 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123 explicitly specified for all protocols (just
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124 for algos) but seems valid */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
125
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
126 #define MAX_PROPOSED_ALGO 20
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
127
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
128 /* size/count limits */
603
3aa74a4d83ae Refer to RFCs rather than drafts, update some section references
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
129 /* From transport rfc */
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
130 #define MIN_PACKET_LEN 16
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
131
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
132 #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100)))
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
134 /* for channel code */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
135 #define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
136 #define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
137
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
138 #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
139 RECV_WINDOWEXTEND bytes */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140 #define MAX_RECV_WINDOW (1024*1024) /* 1 MB should be enough */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
142 #define MAX_CHANNELS 100 /* simple mem restriction, includes each tcp/x11
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
143 connection, so can't be _too_ small */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
144
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
145 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146 is the max length for a password etc */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 /* For a 4096 bit DSS key, empirically determined */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149 #define MAX_PUBKEY_SIZE 1700
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
150 /* For a 4096 bit DSS key, empirically determined */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
151 #define MAX_PRIVKEY_SIZE 1700
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
153 #define MAX_HOSTKEYS 3
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
154
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
155 /* The maximum size of the bignum portion of the kexhash buffer */
603
3aa74a4d83ae Refer to RFCs rather than drafts, update some section references
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
156 /* Sect. 8 of the transport rfc 4253, K_S + e + f + K */
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
157 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
158
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
159 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
160 in a few years time.... */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
161
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
162 #define DROPBEAR_MAX_CLI_PASS 1024
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
163
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
164 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
165 accept for keyb-interactive
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
166 auth */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
167
502
43bbe17d6ba0 - Add Counter Mode support
Matt Johnston <matt@ucc.asn.au>
parents: 501
diff changeset
168 #if defined(DROPBEAR_AES256) || defined(DROPBEAR_AES128)
43bbe17d6ba0 - Add Counter Mode support
Matt Johnston <matt@ucc.asn.au>
parents: 501
diff changeset
169 #define DROPBEAR_AES
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
170 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
171
502
43bbe17d6ba0 - Add Counter Mode support
Matt Johnston <matt@ucc.asn.au>
parents: 501
diff changeset
172 #if defined(DROPBEAR_TWOFISH256) || defined(DROPBEAR_TWOFISH128)
43bbe17d6ba0 - Add Counter Mode support
Matt Johnston <matt@ucc.asn.au>
parents: 501
diff changeset
173 #define DROPBEAR_TWOFISH
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
174 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
175
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
176 #ifndef ENABLE_X11FWD
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
177 #define DISABLE_X11FWD
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
180 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181 #define ENABLE_CLI_ANYTCPFWD
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
182 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
183
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
184 #if defined(ENABLE_CLI_LOCALTCPFWD) || defined(ENABLE_SVR_REMOTETCPFWD)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
185 #define DROPBEAR_TCP_ACCEPT
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
186 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
187
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
188 #if defined(ENABLE_CLI_REMOTETCPFWD) || defined(ENABLE_CLI_LOCALTCPFWD) || \
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
189 defined(ENABLE_SVR_REMOTETCPFWD) || defined(ENABLE_SVR_LOCALTCPFWD) || \
547
cf376c696dfc Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents: 521
diff changeset
190 defined(ENABLE_SVR_AGENTFWD) || defined(ENABLE_X11FWD)
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
191 #define USING_LISTENERS
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
192 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
193
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
194 #if defined(ENABLE_CLI_NETCAT) && defined(ENABLE_CLI_PROXYCMD)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
195 #define ENABLE_CLI_MULTIHOP
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
196 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
197
547
cf376c696dfc Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents: 521
diff changeset
198 #if defined(ENABLE_CLI_AGENTFWD) || defined(DROPBEAR_PRNGD_SOCKET)
cf376c696dfc Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents: 521
diff changeset
199 #define ENABLE_CONNECT_UNIX
cf376c696dfc Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents: 521
diff changeset
200 #endif
cf376c696dfc Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents: 521
diff changeset
201
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
202 #if defined(DROPBEAR_CLIENT) || defined(ENABLE_SVR_PUBKEY_AUTH)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
203 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
204 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
205
605
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
206 /* Changing this is inadvisable, it appears to have problems
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
207 * with flushing compressed data */
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
208 #define DROPBEAR_ZLIB_MEM_LEVEL 8
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
209
499
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
210 #if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
212 #endif
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
213
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
214 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
215 * code, if we're just compiling as client or server */
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
216 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
217
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
218 #define IS_DROPBEAR_SERVER (ses.isserver == 1)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
219 #define IS_DROPBEAR_CLIENT (ses.isserver == 0)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
220
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
221 #elif defined(DROPBEAR_SERVER)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
223 #define IS_DROPBEAR_SERVER 1
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
224 #define IS_DROPBEAR_CLIENT 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
225
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
226 #elif defined(DROPBEAR_CLIENT)
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
227
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
228 #define IS_DROPBEAR_SERVER 0
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
229 #define IS_DROPBEAR_CLIENT 1
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
230
f3ca5ebc319a Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
231 #else
521
cc2dff9bd671 - Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents: 516
diff changeset
232 /* Just building key utils? */
cc2dff9bd671 - Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents: 516
diff changeset
233 #define IS_DROPBEAR_SERVER 0
cc2dff9bd671 - Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents: 516
diff changeset
234 #define IS_DROPBEAR_CLIENT 0
cc2dff9bd671 - Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents: 516
diff changeset
235
667
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
236 #endif /* neither DROPBEAR_SERVER nor DROPBEAR_CLIENT */
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
237
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
238 #ifndef HAVE_FORK
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
239 #define USE_VFORK
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
240 #endif /* don't HAVE_FORK */
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
241
fc7ae88e63b3 Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
242 /* no include guard for this file */