comparison options.h @ 228:5e4110bb753a

- Fixed twofish algorithm naming so it actually works. - Added support for aes256, twofish256 and sha1-96 - Fixed some debugging statements
author Matt Johnston <matt@ucc.asn.au>
date Tue, 30 Aug 2005 16:58:57 +0000
parents 9089929fb2b7
children 1c03b27e1ceb
comparison
equal deleted inserted replaced
227:ad1b24e39bf3 228:5e4110bb753a
60 60
61 /* Enable Authentication Agent Forwarding - server only for now */ 61 /* Enable Authentication Agent Forwarding - server only for now */
62 #define ENABLE_AGENTFWD 62 #define ENABLE_AGENTFWD
63 63
64 /* Encryption - at least one required. 64 /* Encryption - at least one required.
65 * RFC Draft requires 3DES, and recommends Blowfish, AES128 & Twofish128 */ 65 * RFC Draft requires 3DES and recommends AES128 for interoperability.
66 * Including multiple keysize variants the same cipher
67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/
66 #define DROPBEAR_AES128_CBC 68 #define DROPBEAR_AES128_CBC
69 #define DROPBEAR_3DES_CBC
70 #define DROPBEAR_AES256_CBC
67 #define DROPBEAR_BLOWFISH_CBC 71 #define DROPBEAR_BLOWFISH_CBC
72 #define DROPBEAR_TWOFISH256_CBC
68 #define DROPBEAR_TWOFISH128_CBC 73 #define DROPBEAR_TWOFISH128_CBC
69 #define DROPBEAR_3DES_CBC 74
70 75 /* Message Integrity - at least one required.
71 /* Integrity - at least one required. 76 * RFC Draft requires sha1 and recommends sha1-96.
72 * RFC Draft requires sha1-hmac, and recommends md5-hmac. 77 * sha1-96 may be of use for slow links, as it has a smaller overhead.
73 * 78 *
74 * Note: there's no point disabling sha1 to save space, since it's used in the 79 * Note: there's no point disabling sha1 to save space, since it's used
75 * for the random number generator and public-key cryptography anyway. 80 * for the random number generator and public-key cryptography anyway.
76 * Disabling it here will just stop it from being used as the integrity portion 81 * Disabling it here will just stop it from being used as the integrity portion
77 * of the ssh protocol. 82 * of the ssh protocol.
78 * 83 *
79 * These are also used for key fingerprints in logs (when pubkey auth is used), 84 * These hashes are also used for public key fingerprints in logs.
80 * MD5 fingerprints are printed if available, however SHA1 fingerprints will be 85 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
81 * generated otherwise. This isn't exactly optimal, although SHA1 fingerprints 86 * which are not the standard form. */
82 * are not too hard to create from pubkeys if required. */
83 #define DROPBEAR_SHA1_HMAC 87 #define DROPBEAR_SHA1_HMAC
88 #define DROPBEAR_SHA1_96_HMAC
84 #define DROPBEAR_MD5_HMAC 89 #define DROPBEAR_MD5_HMAC
85 90
86 /* Hostkey/public key algorithms - at least one required, these are used 91 /* Hostkey/public key algorithms - at least one required, these are used
87 * for hostkey as well as for verifying signatures with pubkey auth. 92 * for hostkey as well as for verifying signatures with pubkey auth.
88 * Removing either of these won't save very much space. 93 * Removing either of these won't save very much space.
308 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit 313 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
309 in a few years time.... */ 314 in a few years time.... */
310 315
311 #define DROPBEAR_MAX_CLI_PASS 1024 316 #define DROPBEAR_MAX_CLI_PASS 1024
312 317
318 #if defined(DROPBEAR_AES256_CBC) || defined(DROPBEAR_AES128_CBC)
319 #define DROPBEAR_AES_CBC
320 #endif
321
322 #if defined(DROPBEAR_TWOFISH256_CBC) || defined(DROPBEAR_TWOFISH128_CBC)
323 #define DROPBEAR_TWOFISH_CBC
324 #endif
325
313 #ifndef ENABLE_X11FWD 326 #ifndef ENABLE_X11FWD
314 #define DISABLE_X11FWD 327 #define DISABLE_X11FWD
315 #endif 328 #endif
316 329
317 #ifndef ENABLE_AGENTFWD 330 #ifndef ENABLE_AGENTFWD