Mercurial > dropbear
comparison common-algo.c @ 994:5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Prefer diffie-hellman-group14-sha1 (2048 bit) over
diffie-hellman-group1-sha1 (1024 bit).
Due to meet-in-the-middle attacks the effective key length of
three key 3DES is 112 bits. AES is stronger and faster then 3DES.
Prefer to delay the start of compression until after authentication
has completed. This avoids exposing compression code to attacks
from unauthenticated users.
(github pull request #9)
| author | Fedor Brunner <fedor.brunner@azet.sk> |
|---|---|
| date | Fri, 23 Jan 2015 23:00:25 +0800 |
| parents | 731f624af902 |
| children | 47643024fc90 |
comparison
equal
deleted
inserted
replaced
| 993:1e496ad473bd | 994:5c5ade336926 |
|---|---|
| 139 algo_type sshciphers[] = { | 139 algo_type sshciphers[] = { |
| 140 #ifdef DROPBEAR_ENABLE_CTR_MODE | 140 #ifdef DROPBEAR_ENABLE_CTR_MODE |
| 141 #ifdef DROPBEAR_AES128 | 141 #ifdef DROPBEAR_AES128 |
| 142 {"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr}, | 142 {"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr}, |
| 143 #endif | 143 #endif |
| 144 #ifdef DROPBEAR_3DES | |
| 145 {"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr}, | |
| 146 #endif | |
| 147 #ifdef DROPBEAR_AES256 | 144 #ifdef DROPBEAR_AES256 |
| 148 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr}, | 145 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr}, |
| 149 #endif | 146 #endif |
| 150 #endif /* DROPBEAR_ENABLE_CTR_MODE */ | 147 #endif /* DROPBEAR_ENABLE_CTR_MODE */ |
| 151 | 148 |
| 152 #ifdef DROPBEAR_ENABLE_CBC_MODE | 149 #ifdef DROPBEAR_ENABLE_CBC_MODE |
| 153 #ifdef DROPBEAR_AES128 | 150 #ifdef DROPBEAR_AES128 |
| 154 {"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc}, | 151 {"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc}, |
| 155 #endif | 152 #endif |
| 156 #ifdef DROPBEAR_3DES | |
| 157 {"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc}, | |
| 158 #endif | |
| 159 #ifdef DROPBEAR_AES256 | 153 #ifdef DROPBEAR_AES256 |
| 160 {"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc}, | 154 {"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc}, |
| 161 #endif | 155 #endif |
| 162 #ifdef DROPBEAR_TWOFISH256 | 156 #ifdef DROPBEAR_TWOFISH256 |
| 163 {"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, | 157 {"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, |
| 164 {"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, | 158 {"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, |
| 165 #endif | 159 #endif |
| 166 #ifdef DROPBEAR_TWOFISH128 | 160 #ifdef DROPBEAR_TWOFISH128 |
| 167 {"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc}, | 161 {"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc}, |
| 168 #endif | 162 #endif |
| 163 #ifdef DROPBEAR_3DES | |
| 164 {"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr}, | |
| 165 #endif | |
| 166 #ifdef DROPBEAR_3DES | |
| 167 {"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc}, | |
| 168 #endif | |
| 169 #ifdef DROPBEAR_BLOWFISH | 169 #ifdef DROPBEAR_BLOWFISH |
| 170 {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc}, | 170 {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc}, |
| 171 #endif | 171 #endif |
| 172 #endif /* DROPBEAR_ENABLE_CBC_MODE */ | 172 #endif /* DROPBEAR_ENABLE_CBC_MODE */ |
| 173 #ifdef DROPBEAR_NONE_CIPHER | 173 #ifdef DROPBEAR_NONE_CIPHER |
| 198 {NULL, 0, NULL, 0, NULL} | 198 {NULL, 0, NULL, 0, NULL} |
| 199 }; | 199 }; |
| 200 | 200 |
| 201 #ifndef DISABLE_ZLIB | 201 #ifndef DISABLE_ZLIB |
| 202 algo_type ssh_compress[] = { | 202 algo_type ssh_compress[] = { |
| 203 {"[email protected]", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, | |
| 203 {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL}, | 204 {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL}, |
| 204 {"[email protected]", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, | |
| 205 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, | 205 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, |
| 206 {NULL, 0, NULL, 0, NULL} | 206 {NULL, 0, NULL, 0, NULL} |
| 207 }; | 207 }; |
| 208 #endif | 208 #endif |
| 209 | 209 |
| 268 #endif | 268 #endif |
| 269 #ifdef DROPBEAR_ECC_256 | 269 #ifdef DROPBEAR_ECC_256 |
| 270 {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, | 270 {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, |
| 271 #endif | 271 #endif |
| 272 #endif | 272 #endif |
| 273 {"diffie-hellman-group14-sha1", 0, &kex_dh_group14, 1, NULL}, | |
| 273 {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL}, | 274 {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL}, |
| 274 {"diffie-hellman-group14-sha1", 0, &kex_dh_group14, 1, NULL}, | |
| 275 #ifdef USE_KEXGUESS2 | 275 #ifdef USE_KEXGUESS2 |
| 276 {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL}, | 276 {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL}, |
| 277 #endif | 277 #endif |
| 278 {NULL, 0, NULL, 0, NULL} | 278 {NULL, 0, NULL, 0, NULL} |
| 279 }; | 279 }; |