32 #define TRACE_LEVEL SSH_TRACE_LEVEL
43 #if (SSH_SUPPORT == ENABLED)
50 static const char_t *
const sshSupportedKexAlgos[] =
52 #if (SSH_HYBRID_KEX_SUPPORT == ENABLED && SSH_SNTRUP761_SUPPORT == ENABLED && \
53 SSH_CURVE25519_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED)
54 "sntrup761x25519-sha512@openssh.com",
56 #if (SSH_HYBRID_KEX_SUPPORT == ENABLED && SSH_KYBER512_SUPPORT == ENABLED && \
57 SSH_CURVE25519_SUPPORT == ENABLED && SSH_SHA256_SUPPORT == ENABLED)
58 "x25519-kyber-512r3-sha256-d00@amazon.com",
60 #if (SSH_HYBRID_KEX_SUPPORT == ENABLED && SSH_KYBER512_SUPPORT == ENABLED && \
61 SSH_NISTP256_SUPPORT == ENABLED && SSH_SHA256_SUPPORT == ENABLED)
62 "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org",
64 #if (SSH_HYBRID_KEX_SUPPORT == ENABLED && SSH_KYBER768_SUPPORT == ENABLED && \
65 SSH_NISTP384_SUPPORT == ENABLED && SSH_SHA384_SUPPORT == ENABLED)
66 "ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org",
68 #if (SSH_HYBRID_KEX_SUPPORT == ENABLED && SSH_KYBER1024_SUPPORT == ENABLED && \
69 SSH_NISTP521_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED)
70 "ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org",
72 #if (SSH_ECDH_KEX_SUPPORT == ENABLED && SSH_CURVE25519_SUPPORT == ENABLED && \
73 SSH_SHA256_SUPPORT == ENABLED)
75 "curve25519-sha256@libssh.org",
77 #if (SSH_ECDH_KEX_SUPPORT == ENABLED && SSH_CURVE448_SUPPORT == ENABLED && \
78 SSH_SHA512_SUPPORT == ENABLED)
81 #if (SSH_ECDH_KEX_SUPPORT == ENABLED && SSH_NISTP256_SUPPORT == ENABLED && \
82 SSH_SHA256_SUPPORT == ENABLED)
85 #if (SSH_ECDH_KEX_SUPPORT == ENABLED && SSH_NISTP384_SUPPORT == ENABLED && \
86 SSH_SHA384_SUPPORT == ENABLED)
89 #if (SSH_ECDH_KEX_SUPPORT == ENABLED && SSH_NISTP521_SUPPORT == ENABLED && \
90 SSH_SHA512_SUPPORT == ENABLED)
93 #if (SSH_DH_GEX_KEX_SUPPORT == ENABLED && SSH_SHA256_SUPPORT == ENABLED)
94 "diffie-hellman-group-exchange-sha256",
96 #if (SSH_DH_GEX_KEX_SUPPORT == ENABLED && SSH_SHA384_SUPPORT == ENABLED)
97 "diffie-hellman-group-exchange-sha384@ssh.com",
99 #if (SSH_DH_GEX_KEX_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED)
100 "diffie-hellman-group-exchange-sha512@ssh.com",
102 #if (SSH_DH_KEX_SUPPORT == ENABLED && SSH_SHA256_SUPPORT == ENABLED && \
103 SSH_MAX_DH_MODULUS_SIZE >= 2048 && SSH_MIN_DH_MODULUS_SIZE <= 2048)
104 "diffie-hellman-group14-sha256",
106 #if (SSH_DH_KEX_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED && \
107 SSH_MAX_DH_MODULUS_SIZE >= 3072 && SSH_MIN_DH_MODULUS_SIZE <= 3072)
108 "diffie-hellman-group15-sha512",
110 #if (SSH_DH_KEX_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED && \
111 SSH_MAX_DH_MODULUS_SIZE >= 4096 && SSH_MIN_DH_MODULUS_SIZE <= 4096)
112 "diffie-hellman-group16-sha512",
114 #if (SSH_DH_KEX_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED && \
115 SSH_MAX_DH_MODULUS_SIZE >= 6144 && SSH_MIN_DH_MODULUS_SIZE <= 6144)
116 "diffie-hellman-group17-sha512",
118 #if (SSH_DH_KEX_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED && \
119 SSH_MAX_DH_MODULUS_SIZE >= 8192 && SSH_MIN_DH_MODULUS_SIZE <= 8192)
120 "diffie-hellman-group18-sha512",
122 #if (SSH_RSA_KEX_SUPPORT == ENABLED && SSH_SHA256_SUPPORT == ENABLED && \
123 SSH_MAX_RSA_MODULUS_SIZE >= 2048)
126 #if (SSH_DH_GEX_KEX_SUPPORT == ENABLED && SSH_SHA224_SUPPORT == ENABLED)
127 "diffie-hellman-group-exchange-sha224@ssh.com",
129 #if (SSH_DH_GEX_KEX_SUPPORT == ENABLED && SSH_SHA1_SUPPORT == ENABLED)
130 "diffie-hellman-group-exchange-sha1",
132 #if (SSH_DH_KEX_SUPPORT == ENABLED && SSH_SHA1_SUPPORT == ENABLED && \
133 SSH_MAX_DH_MODULUS_SIZE >= 2048 && SSH_MIN_DH_MODULUS_SIZE <= 2048)
134 "diffie-hellman-group14-sha1",
136 #if (SSH_DH_KEX_SUPPORT == ENABLED && SSH_SHA1_SUPPORT == ENABLED && \
137 SSH_MAX_DH_MODULUS_SIZE >= 1024 && SSH_MIN_DH_MODULUS_SIZE <= 1024)
138 "diffie-hellman-group1-sha1",
140 #if (SSH_RSA_KEX_SUPPORT == ENABLED && SSH_SHA1_SUPPORT == ENABLED && \
141 SSH_MAX_RSA_MODULUS_SIZE >= 1024)
153 #if (SSH_ED25519_SIGN_SUPPORT == ENABLED && SSH_CERT_SUPPORT == ENABLED)
155 "ssh-ed25519-cert-v01@openssh.com",
156 "ssh-ed25519-cert-v01@openssh.com",
160 #if (SSH_ED25519_SIGN_SUPPORT == ENABLED)
167 #if (SSH_ED448_SIGN_SUPPORT == ENABLED)
174 #if (SSH_ECDSA_SIGN_SUPPORT == ENABLED && SSH_NISTP256_SUPPORT == ENABLED && \
175 SSH_SHA256_SUPPORT == ENABLED && SSH_CERT_SUPPORT == ENABLED)
177 "ecdsa-sha2-nistp256-cert-v01@openssh.com",
178 "ecdsa-sha2-nistp256-cert-v01@openssh.com",
179 "ecdsa-sha2-nistp256"
182 #if (SSH_ECDSA_SIGN_SUPPORT == ENABLED && SSH_NISTP256_SUPPORT == ENABLED && \
183 SSH_SHA256_SUPPORT == ENABLED)
185 "ecdsa-sha2-nistp256",
186 "ecdsa-sha2-nistp256",
187 "ecdsa-sha2-nistp256"
190 #if (SSH_ECDSA_SIGN_SUPPORT == ENABLED && SSH_NISTP384_SUPPORT == ENABLED && \
191 SSH_SHA384_SUPPORT == ENABLED && SSH_CERT_SUPPORT == ENABLED)
193 "ecdsa-sha2-nistp384-cert-v01@openssh.com",
194 "ecdsa-sha2-nistp384-cert-v01@openssh.com",
195 "ecdsa-sha2-nistp384"
198 #if (SSH_ECDSA_SIGN_SUPPORT == ENABLED && SSH_NISTP384_SUPPORT == ENABLED && \
199 SSH_SHA384_SUPPORT == ENABLED)
201 "ecdsa-sha2-nistp384",
202 "ecdsa-sha2-nistp384",
203 "ecdsa-sha2-nistp384"
206 #if (SSH_ECDSA_SIGN_SUPPORT == ENABLED && SSH_NISTP521_SUPPORT == ENABLED && \
207 SSH_SHA512_SUPPORT == ENABLED && SSH_CERT_SUPPORT == ENABLED)
209 "ecdsa-sha2-nistp521-cert-v01@openssh.com",
210 "ecdsa-sha2-nistp521-cert-v01@openssh.com",
211 "ecdsa-sha2-nistp521"
214 #if (SSH_ECDSA_SIGN_SUPPORT == ENABLED && SSH_NISTP521_SUPPORT == ENABLED && \
215 SSH_SHA512_SUPPORT == ENABLED)
217 "ecdsa-sha2-nistp521",
218 "ecdsa-sha2-nistp521",
219 "ecdsa-sha2-nistp521"
222 #if (SSH_RSA_SIGN_SUPPORT == ENABLED && SSH_SHA256_SUPPORT == ENABLED && \
223 SSH_CERT_SUPPORT == ENABLED)
225 "rsa-sha2-256-cert-v01@openssh.com",
226 "ssh-rsa-cert-v01@openssh.com",
230 #if (SSH_RSA_SIGN_SUPPORT == ENABLED && SSH_SHA256_SUPPORT == ENABLED)
237 #if (SSH_RSA_SIGN_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED && \
238 SSH_CERT_SUPPORT == ENABLED)
240 "rsa-sha2-512-cert-v01@openssh.com",
241 "ssh-rsa-cert-v01@openssh.com",
245 #if (SSH_RSA_SIGN_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED)
252 #if (SSH_RSA_SIGN_SUPPORT == ENABLED && SSH_SHA1_SUPPORT == ENABLED && \
253 SSH_CERT_SUPPORT == ENABLED)
255 "ssh-rsa-cert-v01@openssh.com",
256 "ssh-rsa-cert-v01@openssh.com",
260 #if (SSH_RSA_SIGN_SUPPORT == ENABLED && SSH_SHA1_SUPPORT == ENABLED)
267 #if (SSH_DSA_SIGN_SUPPORT == ENABLED && SSH_SHA1_SUPPORT == ENABLED && \
268 SSH_CERT_SUPPORT == ENABLED)
270 "ssh-dss-cert-v01@openssh.com",
271 "ssh-dss-cert-v01@openssh.com",
275 #if (SSH_DSA_SIGN_SUPPORT == ENABLED && SSH_SHA1_SUPPORT == ENABLED)
289 static const char_t *
const sshSupportedEncAlgos[] =
291 #if (SSH_CHACHA20_POLY1305_SUPPORT == ENABLED)
292 "chacha20-poly1305@openssh.com",
294 #if (SSH_AES_128_SUPPORT == ENABLED && SSH_GCM_CIPHER_SUPPORT == ENABLED)
295 "aes128-gcm@openssh.com",
297 #if (SSH_AES_256_SUPPORT == ENABLED && SSH_GCM_CIPHER_SUPPORT == ENABLED)
298 "aes256-gcm@openssh.com",
300 #if (SSH_AES_128_SUPPORT == ENABLED && SSH_RFC5647_SUPPORT == ENABLED)
303 #if (SSH_AES_256_SUPPORT == ENABLED && SSH_RFC5647_SUPPORT == ENABLED)
306 #if (SSH_CAMELLIA_128_SUPPORT == ENABLED && SSH_RFC5647_SUPPORT == ENABLED)
307 "AEAD_CAMELLIA_128_GCM",
309 #if (SSH_CAMELLIA_256_SUPPORT == ENABLED && SSH_RFC5647_SUPPORT == ENABLED)
310 "AEAD_CAMELLIA_256_GCM",
312 #if (SSH_AES_128_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
315 #if (SSH_AES_192_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
318 #if (SSH_AES_256_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
321 #if (SSH_TWOFISH_128_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
324 #if (SSH_TWOFISH_192_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
327 #if (SSH_TWOFISH_256_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
330 #if (SSH_SERPENT_128_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
333 #if (SSH_SERPENT_192_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
336 #if (SSH_SERPENT_256_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
339 #if (SSH_CAMELLIA_128_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
342 #if (SSH_CAMELLIA_192_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
345 #if (SSH_CAMELLIA_256_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
348 #if (SSH_AES_128_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
351 #if (SSH_AES_192_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
354 #if (SSH_AES_256_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
357 #if (SSH_TWOFISH_128_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
360 #if (SSH_TWOFISH_192_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
363 #if (SSH_TWOFISH_256_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
367 #if (SSH_SERPENT_128_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
370 #if (SSH_SERPENT_192_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
373 #if (SSH_SERPENT_256_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
376 #if (SSH_CAMELLIA_128_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
379 #if (SSH_CAMELLIA_192_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
382 #if (SSH_CAMELLIA_256_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
385 #if (SSH_SEED_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
388 #if (SSH_3DES_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
391 #if (SSH_3DES_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
394 #if (SSH_BLOWFISH_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
397 #if (SSH_BLOWFISH_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
400 #if (SSH_IDEA_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
403 #if (SSH_IDEA_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
406 #if (SSH_CAST128_SUPPORT == ENABLED && SSH_CTR_CIPHER_SUPPORT == ENABLED)
409 #if (SSH_CAST128_SUPPORT == ENABLED && SSH_CBC_CIPHER_SUPPORT == ENABLED)
412 #if (SSH_RC4_256_SUPPORT == ENABLED && SSH_STREAM_CIPHER_SUPPORT == ENABLED)
415 #if (SSH_RC4_128_SUPPORT == ENABLED && SSH_STREAM_CIPHER_SUPPORT == ENABLED)
418 #if (SSH_RC4_SUPPORT == ENABLED && SSH_STREAM_CIPHER_SUPPORT == ENABLED)
428 static const char_t *
const sshSupportedMacAlgos[] =
430 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_SHA256_SUPPORT == ENABLED && \
431 SSH_ETM_SUPPORT == ENABLED)
432 "hmac-sha2-256-etm@openssh.com",
434 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_SHA256_SUPPORT == ENABLED)
437 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED && \
438 SSH_ETM_SUPPORT == ENABLED)
439 "hmac-sha2-512-etm@openssh.com",
441 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_SHA512_SUPPORT == ENABLED)
444 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_SHA1_SUPPORT == ENABLED && \
445 SSH_ETM_SUPPORT == ENABLED)
446 "hmac-sha1-etm@openssh.com",
448 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_SHA1_SUPPORT == ENABLED)
451 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_RIPEMD160_SUPPORT == ENABLED && \
452 SSH_ETM_SUPPORT == ENABLED)
453 "hmac-ripemd160-etm@openssh.com",
455 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_RIPEMD160_SUPPORT == ENABLED)
457 "hmac-ripemd160@openssh.com",
459 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_MD5_SUPPORT == ENABLED && \
460 SSH_ETM_SUPPORT == ENABLED)
461 "hmac-md5-etm@openssh.com",
463 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_MD5_SUPPORT == ENABLED)
466 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_SHA1_96_SUPPORT == ENABLED && \
467 SSH_ETM_SUPPORT == ENABLED)
468 "hmac-sha1-96-etm@openssh.com",
470 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_SHA1_96_SUPPORT == ENABLED)
473 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_MD5_96_SUPPORT == ENABLED && \
474 SSH_ETM_SUPPORT == ENABLED)
475 "hmac-md5-96-etm@openssh.com",
477 #if (SSH_HMAC_SUPPORT == ENABLED && SSH_MD5_96_SUPPORT == ENABLED)
480 #if (SSH_AES_128_SUPPORT == ENABLED && SSH_RFC5647_SUPPORT == ENABLED)
483 #if (SSH_AES_256_SUPPORT == ENABLED && SSH_RFC5647_SUPPORT == ENABLED)
486 #if (SSH_CAMELLIA_128_SUPPORT == ENABLED && SSH_RFC5647_SUPPORT == ENABLED)
487 "AEAD_CAMELLIA_128_GCM",
489 #if (SSH_CAMELLIA_256_SUPPORT == ENABLED && SSH_RFC5647_SUPPORT == ENABLED)
490 "AEAD_CAMELLIA_256_GCM",
500 static const char_t *
const sshSupportedCompressionAlgos[] =
523 n =
sizeof(uint32_t);
526 for(i = 0; i <
arraysize(sshSupportedKexAlgos); i++)
531 #if (SSH_RSA_KEX_SUPPORT == ENABLED)
539 sshSupportedKexAlgos[i]) >= 0)
546 #if (SSH_DH_GEX_KEX_SUPPORT == ENABLED)
571 if(
n !=
sizeof(uint32_t))
584 #if (SSH_EXT_INFO_SUPPORT == ENABLED)
589 if(!connection->newKeysSent)
591 const char_t *indicatorName;
594 if(
n !=
sizeof(uint32_t))
604 indicatorName =
"ext-info-c";
608 indicatorName =
"ext-info-s";
619 #if (SSH_KEX_STRICT_SUPPORT == ENABLED)
622 if(!connection->newKeysSent)
624 const char_t *indicatorName;
627 if(
n !=
sizeof(uint32_t))
637 indicatorName =
"kex-strict-c-v00@openssh.com";
641 indicatorName =
"kex-strict-s-v00@openssh.com";
680 n =
sizeof(uint32_t);
683 for(i = 0; i <
arraysize(sshSupportedHostKeyAlgos); i++)
686 entry = &sshSupportedHostKeyAlgos[i];
695 if(
n !=
sizeof(uint32_t))
749 arraysize(sshSupportedMacAlgos) - 1,
p, written);
767 arraysize(sshSupportedCompressionAlgos),
p, written);
788 n =
sizeof(uint32_t);
791 for(i = 0; i <
arraysize(sshSupportedHostKeyAlgos); i++)
794 entry = &sshSupportedHostKeyAlgos[i];
797 if(
n !=
sizeof(uint32_t))
830 const char_t *
const *supportedAlgoList,
uint_t supportedAlgoListLen)
835 const char_t *selectedAlgo;
844 for(i = 0; i < supportedAlgoListLen && selectedAlgo == NULL; i++)
847 for(j = 0; selectedAlgo == NULL; j++)
857 selectedAlgo = supportedAlgoList[i];
871 for(j = 0; selectedAlgo == NULL; j++)
877 for(i = 0; i < supportedAlgoListLen && selectedAlgo == NULL; i++)
884 selectedAlgo = supportedAlgoList[i];
914 const char_t *selectedAlgo;
923 for(i = 0; i <
arraysize(sshSupportedKexAlgos) &&
924 selectedAlgo == NULL; i++)
927 for(j = 0; selectedAlgo == NULL; j++)
937 selectedAlgo = sshSupportedKexAlgos[i];
951 for(j = 0; selectedAlgo == NULL; j++)
957 for(i = 0; i <
arraysize(sshSupportedKexAlgos) &&
958 selectedAlgo == NULL; i++)
963 #if (SSH_RSA_KEX_SUPPORT == ENABLED)
970 sshSupportedKexAlgos[i]) >= 0)
972 selectedAlgo = sshSupportedKexAlgos[i];
977 #if (SSH_DH_GEX_KEX_SUPPORT == ENABLED)
987 selectedAlgo = sshSupportedKexAlgos[i];
995 selectedAlgo = sshSupportedKexAlgos[i];
1008 #if (SSH_EXT_INFO_SUPPORT == ENABLED)
1013 if(!connection->newKeysSent)
1015 const char_t *indicatorName;
1022 indicatorName =
"ext-info-s";
1026 indicatorName =
"ext-info-c";
1032 connection->extInfoReceived =
TRUE;
1036 connection->extInfoReceived =
FALSE;
1041 #if (SSH_KEX_STRICT_SUPPORT == ENABLED)
1044 if(!connection->newKeysSent)
1046 const char_t *indicatorName;
1053 indicatorName =
"kex-strict-s-v00@openssh.com";
1057 indicatorName =
"kex-strict-c-v00@openssh.com";
1063 connection->kexStrictReceived =
TRUE;
1067 connection->kexStrictReceived =
FALSE;
1073 return selectedAlgo;
1090 const char_t *selectedAlgo;
1094 selectedAlgo = NULL;
1100 for(i = 0; i <
arraysize(sshSupportedHostKeyAlgos) &&
1101 selectedAlgo == NULL; i++)
1104 entry = &sshSupportedHostKeyAlgos[i];
1107 for(j = 0; selectedAlgo == NULL; j++)
1131 for(j = 0; selectedAlgo == NULL; j++)
1137 for(i = 0; i <
arraysize(sshSupportedHostKeyAlgos) &&
1138 selectedAlgo == NULL; i++)
1141 entry = &sshSupportedHostKeyAlgos[i];
1165 return selectedAlgo;
1181 return sshSelectAlgo(context, peerAlgoList, sshSupportedEncAlgos,
1197 const char_t *selectedAlgo;
1199 #if (SSH_GCM_CIPHER_SUPPORT == ENABLED || SSH_CHACHA20_POLY1305_SUPPORT == ENABLED)
1206 selectedAlgo = sshSupportedMacAlgos[
arraysize(sshSupportedMacAlgos) - 1];
1210 #if (SSH_RFC5647_SUPPORT == ENABLED)
1219 selectedAlgo = encAlgo;
1227 selectedAlgo =
sshSelectAlgo(context, peerAlgoList, sshSupportedMacAlgos,
1232 return selectedAlgo;
1248 return sshSelectAlgo(context, peerAlgoList, sshSupportedCompressionAlgos,
1249 arraysize(sshSupportedCompressionAlgos));
1268 const char_t *selectedAlgo;
1272 selectedAlgo = NULL;
1275 for(i = 0; i <
arraysize(sshSupportedHostKeyAlgos) &&
1276 selectedAlgo == NULL; i++)
1279 entry = &sshSupportedHostKeyAlgos[i];
1285 if(peerAlgoList != NULL)
1288 for(j = 0; selectedAlgo == NULL; j++)
1316 return selectedAlgo;
1329 const char_t *keyFormatId;
1336 for(i = 0; i <
arraysize(sshSupportedHostKeyAlgos) &&
1337 keyFormatId == NULL; i++)
1340 entry = &sshSupportedHostKeyAlgos[i];
1363 const char_t *signFormatId;
1367 signFormatId = NULL;
1370 for(i = 0; i <
arraysize(sshSupportedHostKeyAlgos) &&
1371 signFormatId == NULL; i++)
1374 entry = &sshSupportedHostKeyAlgos[i];
1384 return signFormatId;
1406 correct =
sshGetName(kexAlgoList, 0, &preferredKexAlgo);
1412 correct =
sshGetName(hostKeyAlgoList, 0, &preferredHostKeyAlgo);
1422 !
sshCompareString(&preferredHostKeyAlgo, sshSupportedHostKeyAlgos[0].publicKeyAlgo))
1489 if(
sshCompareAlgo(kexAlgo,
"diffie-hellman-group-exchange-sha1") ||
1490 sshCompareAlgo(kexAlgo,
"diffie-hellman-group-exchange-sha256") ||
1491 sshCompareAlgo(kexAlgo,
"diffie-hellman-group-exchange-sha224@ssh.com") ||
1492 sshCompareAlgo(kexAlgo,
"diffie-hellman-group-exchange-sha384@ssh.com") ||
1493 sshCompareAlgo(kexAlgo,
"diffie-hellman-group-exchange-sha512@ssh.com"))
1538 if(
sshCompareAlgo(kexAlgo,
"sntrup761x25519-sha512@openssh.com") ||
1539 sshCompareAlgo(kexAlgo,
"x25519-kyber-512r3-sha256-d00@amazon.com") ||
1540 sshCompareAlgo(kexAlgo,
"ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org") ||
1541 sshCompareAlgo(kexAlgo,
"ecdh-nistp384-kyber-768r3-sha384-d00@openquantumsafe.org") ||
1542 sshCompareAlgo(kexAlgo,
"ecdh-nistp521-kyber-1024r3-sha512-d00@openquantumsafe.org"))
1566 sshCompareString(publicKeyAlgo,
"ecdsa-sha2-nistp256-cert-v01@openssh.com") ||
1567 sshCompareString(publicKeyAlgo,
"ecdsa-sha2-nistp384-cert-v01@openssh.com") ||
1568 sshCompareString(publicKeyAlgo,
"ecdsa-sha2-nistp521-cert-v01@openssh.com") ||
@ SSH_OPERATION_MODE_SERVER
@ SSH_OPERATION_MODE_CLIENT
#define SSH_PREFERRED_DH_MODULUS_SIZE
#define SSH_MAX_DH_MODULUS_SIZE
#define SSH_MIN_DH_MODULUS_SIZE
bool_t sshIsDhKexAlgo(const char_t *kexAlgo)
Test if the specified algorithm is a Diffie-Hellman key exchange algorithm.
const char_t * sshSelectEncAlgo(SshContext *context, const SshNameList *peerAlgoList)
Encryption algorithm negotiation.
const char_t * sshSelectKexAlgo(SshConnection *connection, const SshNameList *peerAlgoList)
Key exchange algorithm negotiation.
bool_t sshIsDhGexKexAlgo(const char_t *kexAlgo)
Test if the specified algorithm is a DH GEX key exchange algorithm.
bool_t sshIsHybridKexAlgo(const char_t *kexAlgo)
Test if the specified algorithm is a PQ-hybrid key exchange algorithm.
const char_t * sshGetKeyFormatId(const SshString *publicKeyAlgo)
Get the key format identifier used by a given public key algorithm.
error_t sshFormatCompressionAlgoList(SshContext *context, uint8_t *p, size_t *written)
Format the list of compression algorithms.
const char_t * sshGetSignFormatId(const SshString *publicKeyAlgo)
Get the signature format identifier used by a given public key algorithm.
error_t sshFormatEncAlgoList(SshContext *context, uint8_t *p, size_t *written)
Format the list of encryption algorithms.
const char_t * sshSelectAlgo(SshContext *context, const SshNameList *peerAlgoList, const char_t *const *supportedAlgoList, uint_t supportedAlgoListLen)
Generic algorithm negotiation.
bool_t sshIsX509CertPublicKeyAlgo(const SshString *publicKeyAlgo)
Test if the specified public key algorithm is using X.509 certificates.
const char_t * sshSelectPublicKeyAlgo(SshContext *context, const char_t *keyFormatId, const SshNameList *peerAlgoList)
Public key algorithm selection.
bool_t sshIsGuessCorrect(SshContext *context, const SshNameList *kexAlgoList, const SshNameList *hostKeyAlgoList)
Check whether the other party's guess is correct.
const char_t * sshSelectMacAlgo(SshContext *context, const char_t *encAlgo, const SshNameList *peerAlgoList)
Integrity algorithm negotiation.
bool_t sshIsRsaKexAlgo(const char_t *kexAlgo)
Test if the specified algorithm is an RSA key exchange algorithm.
error_t sshFormatPublicKeyAlgoList(SshContext *context, uint8_t *p, size_t *written)
Format the list of public key algorithms.
const char_t * sshSelectCompressionAlgo(SshContext *context, const SshNameList *peerAlgoList)
Compression algorithm negotiation.
bool_t sshIsCertPublicKeyAlgo(const SshString *publicKeyAlgo)
Test if the specified public key algorithm is using certificates.
const char_t * sshSelectHostKeyAlgo(SshContext *context, const SshNameList *peerAlgoList)
Host key algorithm negotiation.
error_t sshFormatMacAlgoList(SshContext *context, uint8_t *p, size_t *written)
Format the list of integrity algorithms.
bool_t sshIsEcdhKexAlgo(const char_t *kexAlgo)
Test if the specified algorithm is an ECDH key exchange algorithm.
error_t sshFormatHostKeyAlgoList(SshContext *context, uint8_t *p, size_t *written)
Format the list of host key algorithms.
error_t sshFormatKexAlgoList(SshConnection *connection, uint8_t *p, size_t *written)
Format the list of key exchange algorithms.
SSH algorithm negotiation.
int_t sshSelectDhGexGroup(SshContext *context, uint32_t minDhModulusSize, uint32_t preferredDhModulusSize, uint32_t maxDhModulusSize)
Select a Diffie-Hellman group that best matches client's request.
DH GEX (Diffie-Hellman Group Exchange) key exchange.
int_t sshSelectTransientRsaKey(SshContext *context, const char_t *kexAlgo)
Select a transient RSA key.
int_t sshFindName(const SshNameList *nameList, const char_t *name)
Search a name list for a given name.
bool_t sshCompareString(const SshString *string, const char_t *value)
Compare a binary string against the supplied value.
bool_t sshGetName(const SshNameList *nameList, uint_t index, SshString *name)
Get the element at specified index.
int_t sshSelectHostKey(SshContext *context, const char_t *hostKeyAlgo)
Select a host key that matches then specified algorithm.
error_t sshFormatNameList(const char_t *const nameList[], uint_t nameListLen, uint8_t *p, size_t *written)
Format a comma-separated list of names.
bool_t sshCompareAlgo(const char_t *name1, const char_t *name2)
Compare algorithm names.
const char_t * signFormatId
Signature format identifier.
const char_t * publicKeyAlgo
Public key algorithm.
const char_t * keyFormatId
Key format identifier.
String containing a comma-separated list of names.