* Re: [ptxdist] [PATCH v2] dropbear: Added Elliptic Curve Cryptography options.
2014-06-16 12:02 ` [ptxdist] [PATCH v2] dropbear: Added Elliptic Curve Cryptography options Bruno Thomsen
@ 2014-06-16 19:13 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2014-06-16 19:13 UTC (permalink / raw)
To: ptxdist
On Mon, Jun 16, 2014 at 02:02:41PM +0200, Bruno Thomsen wrote:
> Support for ecdsa, ecdh and curve25519-donna options.
>
> Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
> ---
> v1..v2:
> Removed redundant default n from Kconfig file.
Thanks, applied.
Michael
>
>
> rules/dropbear.in | 26 ++++++++++++++++++++++++--
> rules/dropbear.make | 24 ++++++++++++++++++++++++
> 2 files changed, 48 insertions(+), 2 deletions(-)
>
> diff --git a/rules/dropbear.in b/rules/dropbear.in
> index 21301ba..fe2ada3 100644
> --- a/rules/dropbear.in
> +++ b/rules/dropbear.in
> @@ -235,7 +235,6 @@ config DROPBEAR_SHA1_96
> config DROPBEAR_SHA256
> bool
> prompt "sha256"
> - default n
> help
> SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256,
> SHA-384, SHA-512) designed by the National Security Agency (NSA)
> @@ -248,7 +247,6 @@ config DROPBEAR_SHA256
> config DROPBEAR_SHA512
> bool
> prompt "sha512"
> - default n
> help
> SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256,
> SHA-384, SHA-512) designed by the National Security Agency (NSA)
> @@ -288,6 +286,30 @@ config DROPBEAR_DSS
> key size). In contrast, RSA signature length is a function
> of the key length employed.
>
> +config DROPBEAR_ECDSA
> + bool
> + prompt "ecdsa"
> + help
> + ECDSA stands for Elliptic Curve Digital Signature Algorithm.
> + ECDSA is significantly faster than RSA or DSS.
> +
> +config DROPBEAR_ECDH
> + bool
> + prompt "ecdh"
> + help
> + ECDH stands for Elliptic Curve Diffie-Hellman.
> +
> +config DROPBEAR_CURVE25519
> + bool
> + depends on DROPBEAR_ECDSA || DROPBEAR_ECDH
> + prompt "curve25519-donna"
> + help
> + Enable curve25519-donna for key exchange.
> + This is another elliptic curve method with good security properties.
> + This algorithm does not rely on NIST-based curves
> + and gives us more security confidence against a possible
> + backdoor in nistp-256 curve.
> +
> comment "Authentication types, at least one required --- RFC Draft requires pubkey auth"
>
> config DROPBEAR_PASSWD
> diff --git a/rules/dropbear.make b/rules/dropbear.make
> index 5ab6fd3..5cbd4aa 100644
> --- a/rules/dropbear.make
> +++ b/rules/dropbear.make
> @@ -222,6 +222,30 @@ else
> @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_DSS)
> endif
>
> +ifdef PTXCONF_DROPBEAR_ECDSA
> + @echo "ptxdist: enabling ecdsa"
> + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA)
> +else
> + @echo "ptxdist: disabling ecdsa"
> + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA)
> +endif
> +
> +ifdef PTXCONF_DROPBEAR_ECDH
> + @echo "ptxdist: enabling ecdh"
> + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH)
> +else
> + @echo "ptxdist: disabling ecdh"
> + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH)
> +endif
> +
> +ifdef PTXCONF_DROPBEAR_CURVE25519
> + @echo "ptxdist: enabling curve25519"
> + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519)
> +else
> + @echo "ptxdist: disabling curve25519"
> + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519)
> +endif
> +
> ifdef PTXCONF_DROPBEAR_PASSWD
> @echo "ptxdist: enabling passwd"
> @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH)
> --
> 1.7.9.5
>
>
> --
> ptxdist mailing list
> ptxdist@pengutronix.de
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 2+ messages in thread