Commit cce9c3a7 authored by Niels Möller's avatar Niels Möller
Browse files

Add support for diffie-hellman-group14-sha256.

parent 08649f8b
2022-02-18 Niels Möller <nisse@lysator.liu.se>
* src/atoms.in: Add diffie-hellman-group14-sha256, RFC 9142.
* src/lshd.c (lshd_config_handler): Add
diffie-hellman-group14-sha256, and also the old
diffie-hellman-group1-sha1, which was missing.
* src/lsh-transport.c (make_lsh_transport_config): Add diffie-hellman-group14-sha256.
* src/algorithms.c (lookup_kex_algorithm): Add diffie-hellman-group14-sha256.
* src/algorithms.c (filter_algorithms, filter_algorithms_l)
(default_crypto_algorithms, all_crypto_algorithms)
(default_mac_algorithms, default_compression_algorithms): Declare
......
......@@ -144,7 +144,8 @@ default_hostkey_algorithms(void)
struct int_list *
default_kex_algorithms(void)
{
return make_int_list(2, ATOM_DIFFIE_HELLMAN_GROUP14_SHA1,
return make_int_list(3, ATOM_DIFFIE_HELLMAN_GROUP14_SHA1,
ATOM_DIFFIE_HELLMAN_GROUP14_SHA256,
ATOM_DIFFIE_HELLMAN_GROUP1_SHA1, -1);
}
......@@ -324,8 +325,11 @@ lookup_kex_algorithm(const char *name)
"dh-group1-sha1", "dh-group1", NULL))
return ATOM_DIFFIE_HELLMAN_GROUP1_SHA1;
else if (strcasecmp_list(name, "diffie-hellman-group14-sha1",
"dh-group14-sha1", "dh-group14", NULL))
"dh-group14-sha1", NULL))
return ATOM_DIFFIE_HELLMAN_GROUP14_SHA1;
else if (strcasecmp_list(name, "diffie-hellman-group14-sha256",
"dh-group14-sha256", "dh-group14", NULL))
return ATOM_DIFFIE_HELLMAN_GROUP14_SHA256;
else
return 0;
}
......
......@@ -50,6 +50,7 @@ hmac-sha2-512 OPTIONAL length = 64
diffie-hellman-group1-sha1 REQUIRED
diffie-hellman-group14-sha1 (to be REQUIRED?)
diffie-hellman-group14-sha256 (to be REQUIRED?)
# Key and certificate types
......
......@@ -152,6 +152,9 @@ make_lsh_transport_config(void)
ALIST_SET(self->super.algorithms, ATOM_DIFFIE_HELLMAN_GROUP14_SHA1,
&make_client_dh_exchange(make_dh_group14(&nettle_sha1),
&self->host_db->super)->super);
ALIST_SET(self->super.algorithms, ATOM_DIFFIE_HELLMAN_GROUP14_SHA256,
&make_client_dh_exchange(make_dh_group14(&nettle_sha256),
&self->host_db->super)->super);
ALIST_SET(self->super.algorithms, ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
&make_client_dh_exchange(make_dh_group1(&nettle_sha1),
&self->host_db->super)->super);
......
......@@ -960,6 +960,14 @@ lshd_config_handler(int key, uint32_t value, const uint8_t *data,
ATOM_DIFFIE_HELLMAN_GROUP14_SHA1,
&make_server_dh_exchange(make_dh_group14(&nettle_sha1),
ctx->keys)->super);
ALIST_SET(ctx->super.algorithms,
ATOM_DIFFIE_HELLMAN_GROUP14_SHA256,
&make_server_dh_exchange(make_dh_group14(&nettle_sha256),
ctx->keys)->super);
ALIST_SET(ctx->super.algorithms,
ATOM_DIFFIE_HELLMAN_GROUP1_SHA1,
&make_server_dh_exchange(make_dh_group1(&nettle_sha1),
ctx->keys)->super);
hostkey_algorithms
= filter_algorithms(ctx->keys,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment