From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from ptx.hi.pengutronix.de ([2001:6f8:1178:2:5054:ff:fec0:8e10]
	ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72)
	(envelope-from <mol@pengutronix.de>) id 1WwcLG-0005A0-5R
	for ptxdist@pengutronix.de; Mon, 16 Jun 2014 21:13:18 +0200
Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.80)
	(envelope-from <mol@pengutronix.de>) id 1WwcLG-0005DQ-3v
	for ptxdist@pengutronix.de; Mon, 16 Jun 2014 21:13:18 +0200
Date: Mon, 16 Jun 2014 21:13:18 +0200
From: Michael Olbrich <m.olbrich@pengutronix.de>
Message-ID: <20140616191318.GI22932@pengutronix.de>
References: <1402920161-4345-1-git-send-email-bth@kamstrup.dk>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1402920161-4345-1-git-send-email-bth@kamstrup.dk>
Subject: Re: [ptxdist] [PATCH v2] dropbear: Added Elliptic Curve
 Cryptography options.
Reply-To: ptxdist@pengutronix.de
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: ptxdist@pengutronix.de

On Mon, Jun 16, 2014 at 02:02:41PM +0200, Bruno Thomsen wrote:
> Support for ecdsa, ecdh and curve25519-donna options.
> 
> Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
> ---
> v1..v2:
> Removed redundant default n from Kconfig file.

Thanks, applied.

Michael

> 
> 
>  rules/dropbear.in   |   26 ++++++++++++++++++++++++--
>  rules/dropbear.make |   24 ++++++++++++++++++++++++
>  2 files changed, 48 insertions(+), 2 deletions(-)
> 
> diff --git a/rules/dropbear.in b/rules/dropbear.in
> index 21301ba..fe2ada3 100644
> --- a/rules/dropbear.in
> +++ b/rules/dropbear.in
> @@ -235,7 +235,6 @@ config DROPBEAR_SHA1_96
>  config DROPBEAR_SHA256
>  	bool
>  	prompt "sha256"
> -	default n
>  	help
>  	  SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256,
>  	  SHA-384, SHA-512) designed by the National Security Agency (NSA)
> @@ -248,7 +247,6 @@ config DROPBEAR_SHA256
>  config DROPBEAR_SHA512
>  	bool
>  	prompt "sha512"
> -	default n
>  	help
>  	  SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256,
>  	  SHA-384, SHA-512) designed by the National Security Agency (NSA)
> @@ -288,6 +286,30 @@ config DROPBEAR_DSS
>  	  key size). In contrast, RSA signature length is a function
>  	  of the key length employed.
>  
> +config DROPBEAR_ECDSA
> +	bool
> +	prompt "ecdsa"
> +	help
> +	  ECDSA stands for Elliptic Curve Digital Signature Algorithm.
> +	  ECDSA is significantly faster than RSA or DSS.
> +
> +config DROPBEAR_ECDH
> +	bool
> +	prompt "ecdh"
> +	help
> +	  ECDH stands for Elliptic Curve Diffie-Hellman.
> +
> +config DROPBEAR_CURVE25519
> +	bool
> +	depends on DROPBEAR_ECDSA || DROPBEAR_ECDH
> +	prompt "curve25519-donna"
> +	help
> +	  Enable curve25519-donna for key exchange.
> +	  This is another elliptic curve method with good security properties.
> +	  This algorithm does not rely on NIST-based curves
> +	  and gives us more security confidence against a possible
> +	  backdoor in nistp-256 curve.
> +
>  comment "Authentication types, at least one required --- RFC Draft requires pubkey auth"
>  
>  config DROPBEAR_PASSWD
> diff --git a/rules/dropbear.make b/rules/dropbear.make
> index 5ab6fd3..5cbd4aa 100644
> --- a/rules/dropbear.make
> +++ b/rules/dropbear.make
> @@ -222,6 +222,30 @@ else
>  	@$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_DSS)
>  endif
>  
> +ifdef PTXCONF_DROPBEAR_ECDSA
> +	@echo "ptxdist: enabling ecdsa"
> +	@$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA)
> +else
> +	@echo "ptxdist: disabling ecdsa"
> +	@$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA)
> +endif
> +
> +ifdef PTXCONF_DROPBEAR_ECDH
> +	@echo "ptxdist: enabling ecdh"
> +	@$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH)
> +else
> +	@echo "ptxdist: disabling ecdh"
> +	@$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH)
> +endif
> +
> +ifdef PTXCONF_DROPBEAR_CURVE25519
> +	@echo "ptxdist: enabling curve25519"
> +	@$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519)
> +else
> +	@echo "ptxdist: disabling curve25519"
> +	@$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519)
> +endif
> +
>  ifdef PTXCONF_DROPBEAR_PASSWD
>  	@echo "ptxdist: enabling passwd"
>  	@$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH)
> -- 
> 1.7.9.5
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de