From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: From: Bruno Thomsen Date: Mon, 16 Jun 2014 14:02:41 +0200 Message-ID: <1402920161-4345-1-git-send-email-bth@kamstrup.dk> In-Reply-To: References: MIME-Version: 1.0 Subject: [ptxdist] [PATCH v2] dropbear: Added Elliptic Curve Cryptography options. Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: m.olbrich@pengutronix.de Cc: bth@kamstrup.dk, ptxdist@pengutronix.de Support for ecdsa, ecdh and curve25519-donna options. Signed-off-by: Bruno Thomsen --- v1..v2: Removed redundant default n from Kconfig file. rules/dropbear.in | 26 ++++++++++++++++++++++++-- rules/dropbear.make | 24 ++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/rules/dropbear.in b/rules/dropbear.in index 21301ba..fe2ada3 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -235,7 +235,6 @@ config DROPBEAR_SHA1_96 config DROPBEAR_SHA256 bool prompt "sha256" - default n help SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512) designed by the National Security Agency (NSA) @@ -248,7 +247,6 @@ config DROPBEAR_SHA256 config DROPBEAR_SHA512 bool prompt "sha512" - default n help SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512) designed by the National Security Agency (NSA) @@ -288,6 +286,30 @@ config DROPBEAR_DSS key size). In contrast, RSA signature length is a function of the key length employed. +config DROPBEAR_ECDSA + bool + prompt "ecdsa" + help + ECDSA stands for Elliptic Curve Digital Signature Algorithm. + ECDSA is significantly faster than RSA or DSS. + +config DROPBEAR_ECDH + bool + prompt "ecdh" + help + ECDH stands for Elliptic Curve Diffie-Hellman. + +config DROPBEAR_CURVE25519 + bool + depends on DROPBEAR_ECDSA || DROPBEAR_ECDH + prompt "curve25519-donna" + help + Enable curve25519-donna for key exchange. + This is another elliptic curve method with good security properties. + This algorithm does not rely on NIST-based curves + and gives us more security confidence against a possible + backdoor in nistp-256 curve. + comment "Authentication types, at least one required --- RFC Draft requires pubkey auth" config DROPBEAR_PASSWD diff --git a/rules/dropbear.make b/rules/dropbear.make index 5ab6fd3..5cbd4aa 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -222,6 +222,30 @@ else @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_DSS) endif +ifdef PTXCONF_DROPBEAR_ECDSA + @echo "ptxdist: enabling ecdsa" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA) +else + @echo "ptxdist: disabling ecdsa" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA) +endif + +ifdef PTXCONF_DROPBEAR_ECDH + @echo "ptxdist: enabling ecdh" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH) +else + @echo "ptxdist: disabling ecdh" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH) +endif + +ifdef PTXCONF_DROPBEAR_CURVE25519 + @echo "ptxdist: enabling curve25519" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519) +else + @echo "ptxdist: disabling curve25519" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519) +endif + ifdef PTXCONF_DROPBEAR_PASSWD @echo "ptxdist: enabling passwd" @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH) -- 1.7.9.5 -- ptxdist mailing list ptxdist@pengutronix.de