summaryrefslogtreecommitdiffhomepage
path: root/common-algo.c
AgeCommit message (Collapse)Author
2020-10-24Make "Too many remote algorithms" exit rather than logMatt Johnston
It's fatal anyway, makes logs more concise.
2020-10-23Increase MAX_PROPOSED_ALGO to 50, warn if exceededMatt Johnston
2020-06-10Remove blowfishMatt Johnston
2020-05-26merge rsa-sha256Matt Johnston
2020-05-25CBC mode cleanup (#95)Vladislav Grishenko
* Fix CBC mode can't be fully disabled * Fix CBC mode can't be the only mode
2020-05-25Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)Vladislav Grishenko
* Add Chacha20-Poly1305 authenticated encryption * Add general AEAD approach. * Add chacha20-poly1305@openssh.com algo using LibTomCrypt chacha and poly1305 routines. Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated AES instructions, having the same key size. Compiling in will add ~5,5kB to binary size on x86-64. function old new delta chacha_crypt - 1397 +1397 _poly1305_block - 608 +608 poly1305_done - 595 +595 dropbear_chachapoly_crypt - 457 +457 .rodata 26976 27392 +416 poly1305_process - 290 +290 poly1305_init - 221 +221 chacha_setup - 218 +218 encrypt_packet 1068 1270 +202 dropbear_chachapoly_getlength - 147 +147 decrypt_packet 756 897 +141 chacha_ivctr64 - 137 +137 read_packet 543 637 +94 dropbear_chachapoly_start - 94 +94 read_kex_algos 792 880 +88 chacha_keystream - 69 +69 dropbear_mode_chachapoly - 48 +48 sshciphers 280 320 +40 dropbear_mode_none 24 48 +24 dropbear_mode_ctr 24 48 +24 dropbear_mode_cbc 24 48 +24 dropbear_chachapoly_mac - 24 +24 dropbear_chachapoly - 24 +24 gen_new_keys 848 854 +6 ------------------------------------------------------------------------------ (add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes * Add AES128-GCM and AES256-GCM authenticated encryption * Add general AES-GCM mode. * Add aes128-gcm@openssh.com and aes256-gcm@openssh.com algo using LibTomCrypt gcm routines. AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on CPU w/o dedicated AES/GHASH instructions therefore disabled by default. Compiling in will add ~6kB to binary size on x86-64. function old new delta gcm_process - 1060 +1060 .rodata 26976 27808 +832 gcm_gf_mult - 820 +820 gcm_add_aad - 660 +660 gcm_shift_table - 512 +512 gcm_done - 471 +471 gcm_add_iv - 384 +384 gcm_init - 347 +347 dropbear_gcm_crypt - 309 +309 encrypt_packet 1068 1270 +202 decrypt_packet 756 897 +141 gcm_reset - 118 +118 read_packet 543 637 +94 read_kex_algos 792 880 +88 sshciphers 280 360 +80 gcm_mult_h - 80 +80 dropbear_gcm_start - 62 +62 dropbear_mode_gcm - 48 +48 dropbear_mode_none 24 48 +24 dropbear_mode_ctr 24 48 +24 dropbear_mode_cbc 24 48 +24 dropbear_ghash - 24 +24 dropbear_gcm_getlength - 24 +24 gen_new_keys 848 854 +6 ------------------------------------------------------------------------------ (add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
2020-05-24send and handle SSH_MSG_EXT_INFO only at the correct pointMatt Johnston
- other fixes for rsa pubkey auth - only include ext-info handling when rsa pubkey auth is compiled
2020-05-21Make server send SSH_MSG_EXT_INFOMatt Johnston
Ensure that only valid hostkey algorithms are sent in the first kex guess
2020-05-19ext-info handling for server-sig-algsMatt Johnston
only client side is handled
2020-05-17split signkey_type and signature_type for RSA sha1 vs sha256Matt Johnston
2020-04-06use sigtype where appropriateMatt Johnston
2020-03-12Add Ed25519 support (#91)Vladislav Grishenko
* Add support for Ed25519 as a public key type Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. OpenSSH key import and fuzzer are not supported yet. Initially inspired by Peter Szabo. * Add curve25519 and ed25519 fuzzers * Add import and export of Ed25519 keys
2018-02-20add curve25519-sha256 without @libssh.orgMatt Johnston
2018-02-18group14-sha256 should be higher than group14-sha1Matt Johnston
2018-02-09Remove none cipherMatt Johnston
2017-08-19Pointer parameter could be declared as pointing to constFrancois Perrad
2016-07-21merge 2016.74Matt Johnston
2016-05-04Convert #ifdef to #if, other build changesMatt Johnston
2016-05-02options for disabling "normal" DHMatt Johnston
2016-07-11improve algorithm list parsingMatt Johnston
2016-03-16const variablesFrancois Perrad
2016-03-12Get rid of group15, move group16 to sha512.Matt Johnston
New groups are disabled by default pending draft-ietf-curdle-ssh-kex-sha2-02 being finalised
2016-01-15add dh group15 and group16, disabled by defaultMatt Johnston
2016-01-14Move dh group constants to a separate fileMatt Johnston
2015-12-11diffie-hellman-group14-sha256Matt Johnston
2015-06-04buf_getstring and buf_putstring now use non-unsigned char*Matt Johnston
2015-06-04Merge pull request #13 from gazoo74/fix-warningsMatt Johnston
Fix warnings
2015-06-03Disable twofish-ctr by default, add config optionMatt Johnston
2015-05-05Turn Algo_Type's name attribute into const char *Gaël PORTAY
2015-05-05Fix pointer differ in signess warnings [-Werror=pointer-sign]Gaël PORTAY
2015-02-24Fix for old compilers, variable declarations at beginning of functionsThorsten Horstmann
and /**/ comments
2015-02-13mergeMatt Johnston
2015-02-04twofish ctr modesMatt Johnston
2015-01-28Keep sha1 defaultMatt Johnston
2015-01-28Disable non-delayed zlib for serverMatt Johnston
2015-01-23Prefer stronger algorithms in algorithm negotiation.Fedor Brunner
Prefer diffie-hellman-group14-sha1 (2048 bit) over diffie-hellman-group1-sha1 (1024 bit). Due to meet-in-the-middle attacks the effective key length of three key 3DES is 112 bits. AES is stronger and faster then 3DES. Prefer to delay the start of compression until after authentication has completed. This avoids exposing compression code to attacks from unauthenticated users. (github pull request #9)
2015-01-23Add config option to disable cbc. Disable twofish by defaultMatt Johnston
2013-11-14use oldstyle commentsMatt Johnston
2013-11-12Various cleanups and fixes for warningsMatt Johnston
--HG-- branch : ecc
2013-11-08curve25519Matt Johnston
--HG-- branch : ecc
2013-10-31Default to some larger key sizesMatt Johnston
--HG-- branch : ecc
2013-05-21merge in HEADMatt Johnston
--HG-- branch : ecc
2013-05-03ecdsa is workingMatt Johnston
--HG-- branch : ecc
2013-04-09start on ecdsa keysMatt Johnston
--HG-- branch : ecc
2013-04-08- Fix various hardcoded uses of SHA1Matt Johnston
- rename curves to nistp256 etc - fix svr-auth.c TRACE problem --HG-- branch : ecc
2013-04-07ecc kind of works, needs fixing/testingMatt Johnston
--HG-- branch : ecc
2013-04-03merge kexguess branchMatt Johnston
2013-04-03Put some #ifdef options around first-follows options in case theyMatt Johnston
need to be disabled --HG-- branch : kexguess
2013-04-03Don't usually need to recalculate dh_e for the repeated kexdh_init packetMatt Johnston
--HG-- branch : kexguess
2013-03-30Get rid of client/server specific buf_match_algo, use singleMatt Johnston
function with a couple of if statements instead --HG-- branch : kexguess
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 13:03:44 +0000