From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:6f8:1178:2:5054:ff:fec0:8e10] ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1WuEwI-0006LW-5X for ptxdist@pengutronix.de; Tue, 10 Jun 2014 07:49:42 +0200 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.80) (envelope-from ) id 1WuEwI-0004fv-3z for ptxdist@pengutronix.de; Tue, 10 Jun 2014 07:49:42 +0200 Date: Tue, 10 Jun 2014 07:49:42 +0200 From: Michael Olbrich Message-ID: <20140610054942.GF4904@pengutronix.de> References: <1401781658-20585-1-git-send-email-bth@kamstrup.dk> <1401781658-20585-2-git-send-email-bth@kamstrup.dk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1401781658-20585-2-git-send-email-bth@kamstrup.dk> Subject: Re: [ptxdist] [PATCH 2/2] dropbear: Added Elliptic Curve Cryptography options. Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Tue, Jun 03, 2014 at 09:47:38AM +0200, Bruno Thomsen wrote: > Support for ecdsa, ecdh and curve25519-donna options. > > Signed-off-by: Bruno Thomsen > --- > rules/dropbear.in | 27 +++++++++++++++++++++++++++ > rules/dropbear.make | 24 ++++++++++++++++++++++++ > 2 files changed, 51 insertions(+) > > diff --git a/rules/dropbear.in b/rules/dropbear.in > index 21301ba..c99d432 100644 > --- a/rules/dropbear.in > +++ b/rules/dropbear.in > @@ -288,6 +288,33 @@ config DROPBEAR_DSS > key size). In contrast, RSA signature length is a function > of the key length employed. > > +config DROPBEAR_ECDSA > + bool > + prompt "ecdsa" > + default n drop this line. It's redundant. > + help > + ECDSA stands for Elliptic Curve Digital Signature Algorithm. > + ECDSA is significantly faster than RSA or DSS. > + > +config DROPBEAR_ECDH > + bool > + prompt "ecdh" > + default n Here as well. > + help > + ECDH stands for Elliptic Curve Diffie-Hellman. > + > +config DROPBEAR_CURVE25519 > + bool > + depends on DROPBEAR_ECDSA || DROPBEAR_ECDH > + prompt "curve25519-donna" > + default n And here. Michael > + help > + Enable curve25519-donna for key exchange. > + This is another elliptic curve method with good security properties. > + This algorithm does not rely on NIST-based curves > + and gives us more security confidence against a possible > + backdoor in nistp-256 curve. > + > comment "Authentication types, at least one required --- RFC Draft requires pubkey auth" > > config DROPBEAR_PASSWD > diff --git a/rules/dropbear.make b/rules/dropbear.make > index 5ab6fd3..5cbd4aa 100644 > --- a/rules/dropbear.make > +++ b/rules/dropbear.make > @@ -222,6 +222,30 @@ else > @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_DSS) > endif > > +ifdef PTXCONF_DROPBEAR_ECDSA > + @echo "ptxdist: enabling ecdsa" > + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA) > +else > + @echo "ptxdist: disabling ecdsa" > + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA) > +endif > + > +ifdef PTXCONF_DROPBEAR_ECDH > + @echo "ptxdist: enabling ecdh" > + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH) > +else > + @echo "ptxdist: disabling ecdh" > + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH) > +endif > + > +ifdef PTXCONF_DROPBEAR_CURVE25519 > + @echo "ptxdist: enabling curve25519" > + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519) > +else > + @echo "ptxdist: disabling curve25519" > + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519) > +endif > + > ifdef PTXCONF_DROPBEAR_PASSWD > @echo "ptxdist: enabling passwd" > @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH) > -- > 1.7.9.5 > > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de