From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:6f8:1178:2:5054:ff:fec0:8e10] ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1WwcLG-0005A0-5R for ptxdist@pengutronix.de; Mon, 16 Jun 2014 21:13:18 +0200 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.80) (envelope-from ) id 1WwcLG-0005DQ-3v for ptxdist@pengutronix.de; Mon, 16 Jun 2014 21:13:18 +0200 Date: Mon, 16 Jun 2014 21:13:18 +0200 From: Michael Olbrich Message-ID: <20140616191318.GI22932@pengutronix.de> References: <1402920161-4345-1-git-send-email-bth@kamstrup.dk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1402920161-4345-1-git-send-email-bth@kamstrup.dk> Subject: Re: [ptxdist] [PATCH v2] dropbear: Added Elliptic Curve Cryptography options. Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Mon, Jun 16, 2014 at 02:02:41PM +0200, Bruno Thomsen wrote: > Support for ecdsa, ecdh and curve25519-donna options. > > Signed-off-by: Bruno Thomsen > --- > v1..v2: > Removed redundant default n from Kconfig file. Thanks, applied. Michael > > > rules/dropbear.in | 26 ++++++++++++++++++++++++-- > rules/dropbear.make | 24 ++++++++++++++++++++++++ > 2 files changed, 48 insertions(+), 2 deletions(-) > > diff --git a/rules/dropbear.in b/rules/dropbear.in > index 21301ba..fe2ada3 100644 > --- a/rules/dropbear.in > +++ b/rules/dropbear.in > @@ -235,7 +235,6 @@ config DROPBEAR_SHA1_96 > config DROPBEAR_SHA256 > bool > prompt "sha256" > - default n > help > SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, > SHA-384, SHA-512) designed by the National Security Agency (NSA) > @@ -248,7 +247,6 @@ config DROPBEAR_SHA256 > config DROPBEAR_SHA512 > bool > prompt "sha512" > - default n > help > SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, > SHA-384, SHA-512) designed by the National Security Agency (NSA) > @@ -288,6 +286,30 @@ config DROPBEAR_DSS > key size). In contrast, RSA signature length is a function > of the key length employed. > > +config DROPBEAR_ECDSA > + bool > + prompt "ecdsa" > + help > + ECDSA stands for Elliptic Curve Digital Signature Algorithm. > + ECDSA is significantly faster than RSA or DSS. > + > +config DROPBEAR_ECDH > + bool > + prompt "ecdh" > + help > + ECDH stands for Elliptic Curve Diffie-Hellman. > + > +config DROPBEAR_CURVE25519 > + bool > + depends on DROPBEAR_ECDSA || DROPBEAR_ECDH > + prompt "curve25519-donna" > + help > + Enable curve25519-donna for key exchange. > + This is another elliptic curve method with good security properties. > + This algorithm does not rely on NIST-based curves > + and gives us more security confidence against a possible > + backdoor in nistp-256 curve. > + > comment "Authentication types, at least one required --- RFC Draft requires pubkey auth" > > config DROPBEAR_PASSWD > diff --git a/rules/dropbear.make b/rules/dropbear.make > index 5ab6fd3..5cbd4aa 100644 > --- a/rules/dropbear.make > +++ b/rules/dropbear.make > @@ -222,6 +222,30 @@ else > @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_DSS) > endif > > +ifdef PTXCONF_DROPBEAR_ECDSA > + @echo "ptxdist: enabling ecdsa" > + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA) > +else > + @echo "ptxdist: disabling ecdsa" > + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA) > +endif > + > +ifdef PTXCONF_DROPBEAR_ECDH > + @echo "ptxdist: enabling ecdh" > + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH) > +else > + @echo "ptxdist: disabling ecdh" > + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH) > +endif > + > +ifdef PTXCONF_DROPBEAR_CURVE25519 > + @echo "ptxdist: enabling curve25519" > + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519) > +else > + @echo "ptxdist: disabling curve25519" > + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519) > +endif > + > ifdef PTXCONF_DROPBEAR_PASSWD > @echo "ptxdist: enabling passwd" > @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH) > -- > 1.7.9.5 > > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de