From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.kamstrup.com ([93.167.225.188]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1WrjSE-0001ZQ-Gj for ptxdist@pengutronix.de; Tue, 03 Jun 2014 09:48:20 +0200 From: Bruno Thomsen Date: Tue, 3 Jun 2014 09:47:38 +0200 Message-ID: <1401781658-20585-2-git-send-email-bth@kamstrup.dk> In-Reply-To: <1401781658-20585-1-git-send-email-bth@kamstrup.dk> References: <1401781658-20585-1-git-send-email-bth@kamstrup.dk> MIME-Version: 1.0 Subject: [ptxdist] [PATCH 2/2] dropbear: Added Elliptic Curve Cryptography options. Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de Cc: bth@kamstrup.dk Support for ecdsa, ecdh and curve25519-donna options. Signed-off-by: Bruno Thomsen --- rules/dropbear.in | 27 +++++++++++++++++++++++++++ rules/dropbear.make | 24 ++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/rules/dropbear.in b/rules/dropbear.in index 21301ba..c99d432 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -288,6 +288,33 @@ config DROPBEAR_DSS key size). In contrast, RSA signature length is a function of the key length employed. +config DROPBEAR_ECDSA + bool + prompt "ecdsa" + default n + help + ECDSA stands for Elliptic Curve Digital Signature Algorithm. + ECDSA is significantly faster than RSA or DSS. + +config DROPBEAR_ECDH + bool + prompt "ecdh" + default n + help + ECDH stands for Elliptic Curve Diffie-Hellman. + +config DROPBEAR_CURVE25519 + bool + depends on DROPBEAR_ECDSA || DROPBEAR_ECDH + prompt "curve25519-donna" + default n + help + Enable curve25519-donna for key exchange. + This is another elliptic curve method with good security properties. + This algorithm does not rely on NIST-based curves + and gives us more security confidence against a possible + backdoor in nistp-256 curve. + comment "Authentication types, at least one required --- RFC Draft requires pubkey auth" config DROPBEAR_PASSWD diff --git a/rules/dropbear.make b/rules/dropbear.make index 5ab6fd3..5cbd4aa 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -222,6 +222,30 @@ else @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_DSS) endif +ifdef PTXCONF_DROPBEAR_ECDSA + @echo "ptxdist: enabling ecdsa" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA) +else + @echo "ptxdist: disabling ecdsa" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA) +endif + +ifdef PTXCONF_DROPBEAR_ECDH + @echo "ptxdist: enabling ecdh" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH) +else + @echo "ptxdist: disabling ecdh" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH) +endif + +ifdef PTXCONF_DROPBEAR_CURVE25519 + @echo "ptxdist: enabling curve25519" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519) +else + @echo "ptxdist: disabling curve25519" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519) +endif + ifdef PTXCONF_DROPBEAR_PASSWD @echo "ptxdist: enabling passwd" @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH) -- 1.7.9.5 -- ptxdist mailing list ptxdist@pengutronix.de