Mercurial > dropbear
comparison default_options.h @ 1916:3f4cdf839a1a
Make SHA1 optional, implement SHA256 fingerprints
SHA256 is always compiled and only enable SHA1 when needed. Fingerprints
are always SHA256: base64 format, md5 and sha1 are removed. dbrandom now
uses sha256 its hash function.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 30 Mar 2022 11:44:04 +0800 |
| parents | 13cb8cc1b0e4 |
| children | ff8a81386a2b |
comparison
equal
deleted
inserted
replaced
| 1915:13cb8cc1b0e4 | 1916:3f4cdf839a1a |
|---|---|
| 114 * for security and forwards compatibility, but slower than CTR on | 114 * for security and forwards compatibility, but slower than CTR on |
| 115 * CPU w/o dedicated AES/GHASH instructions. | 115 * CPU w/o dedicated AES/GHASH instructions. |
| 116 * Compiling in will add ~6kB to binary size on x86-64 */ | 116 * Compiling in will add ~6kB to binary size on x86-64 */ |
| 117 #define DROPBEAR_ENABLE_GCM_MODE 0 | 117 #define DROPBEAR_ENABLE_GCM_MODE 0 |
| 118 | 118 |
| 119 /* Message integrity. sha2-256 is recommended as a default, | 119 /* Message integrity. sha2-256 is recommended as a default, |
| 120 sha1 for compatibility */ | 120 sha1 for compatibility */ |
| 121 #define DROPBEAR_SHA1_HMAC 1 | 121 #define DROPBEAR_SHA1_HMAC 1 |
| 122 #define DROPBEAR_SHA2_256_HMAC 1 | 122 #define DROPBEAR_SHA2_256_HMAC 1 |
| 123 #define DROPBEAR_SHA1_96_HMAC 0 | 123 #define DROPBEAR_SHA1_96_HMAC 0 |
| 124 | 124 |
| 170 * curve25519 increases binary size by ~2,5kB on x86-64 | 170 * curve25519 increases binary size by ~2,5kB on x86-64 |
| 171 * including either ECDH or ECDSA increases binary size by ~30kB on x86-64 | 171 * including either ECDH or ECDSA increases binary size by ~30kB on x86-64 |
| 172 | 172 |
| 173 * Small systems should generally include either curve25519 or ecdh for performance. | 173 * Small systems should generally include either curve25519 or ecdh for performance. |
| 174 * curve25519 is less widely supported but is faster | 174 * curve25519 is less widely supported but is faster |
| 175 */ | 175 */ |
| 176 #define DROPBEAR_DH_GROUP14_SHA1 1 | 176 #define DROPBEAR_DH_GROUP14_SHA1 1 |
| 177 #define DROPBEAR_DH_GROUP14_SHA256 1 | 177 #define DROPBEAR_DH_GROUP14_SHA256 1 |
| 178 #define DROPBEAR_DH_GROUP16 0 | 178 #define DROPBEAR_DH_GROUP16 0 |
| 179 #define DROPBEAR_CURVE25519 1 | 179 #define DROPBEAR_CURVE25519 1 |
| 180 #define DROPBEAR_ECDH 1 | 180 #define DROPBEAR_ECDH 1 |