From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Mon, 04 Jul 2022 14:19:22 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1o8L2t-005XT5-6l
	for lore@lore.pengutronix.de; Mon, 04 Jul 2022 14:19:22 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1o8L2v-0003YI-Mz; Mon, 04 Jul 2022 14:19:21 +0200
Received: from mail.thorsis.com ([92.198.35.195])
 by metis.ext.pengutronix.de with esmtp (Exim 4.92)
 (envelope-from <ada@thorsis.com>) id 1o8L28-0002vf-8T
 for ptxdist@pengutronix.de; Mon, 04 Jul 2022 14:18:34 +0200
Received: from adahl by ada.ifak-system.com with local (Exim 4.92)
 (envelope-from <ada@thorsis.com>)
 id 1o8L27-0006CV-6n; Mon, 04 Jul 2022 14:18:31 +0200
From: Alexander Dahl <ada@thorsis.com>
To: ptxdist@pengutronix.de
Date: Mon,  4 Jul 2022 14:18:25 +0200
Message-Id: <20220704121831.23787-3-ada@thorsis.com>
In-Reply-To: <20220704121831.23787-1-ada@thorsis.com>
References: <20220704121831.23787-1-ada@thorsis.com>
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 metis.ext.pengutronix.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_HELO_NONE,
 SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
 version=3.4.2
Subject: [ptxdist] [PATCH 2/8] dropbear: Add ed25519 hostkey/public key
 support
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: Ian Abbott <abbotti@mev.co.uk>, Bruno Thomsen <bruno.thomsen@gmail.com>
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

This is supported by dropbear since version 2020.79, but was not used by
ptxdist yet.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 projectroot/etc/init.d/dropbear      |  3 +++
 projectroot/etc/rc.once.d/dropbear   |  3 +++
 projectroot/usr/lib/init/dropbear.sh |  1 +
 rules/dropbear.in                    | 12 ++++++++++++
 rules/dropbear.make                  | 11 +++++++++++
 5 files changed, 30 insertions(+)

diff --git a/projectroot/etc/init.d/dropbear b/projectroot/etc/init.d/dropbear
index 2039340b2..1b16de20a 100644
--- a/projectroot/etc/init.d/dropbear
+++ b/projectroot/etc/init.d/dropbear
@@ -25,6 +25,9 @@ dropbear_start() {
             ecdsa)
                 test -f "$DROPBEAR_ECDSAKEY" && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_ECDSAKEY"
                 ;;
+            ed25519)
+                test -f "$DROPBEAR_ED25519KEY" && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_ED25519KEY"
+                ;;
             *)
                 echo "Key type '$keytype' not supported"
                 ;;
diff --git a/projectroot/etc/rc.once.d/dropbear b/projectroot/etc/rc.once.d/dropbear
index a8725616a..191f6c61b 100644
--- a/projectroot/etc/rc.once.d/dropbear
+++ b/projectroot/etc/rc.once.d/dropbear
@@ -28,6 +28,9 @@ gen_keys() {
 			ecdsa)
 				gen_key ecdsa "$DROPBEAR_ECDSAKEY" || return
 				;;
+			ed25519)
+				gen_key ed25519 "$DROPBEAR_ED25519KEY" || return
+				;;
 			*)
 				echo "Key type '$keytype' not supported"
 				;;
diff --git a/projectroot/usr/lib/init/dropbear.sh b/projectroot/usr/lib/init/dropbear.sh
index 12fd6e5ce..aa375fe3c 100644
--- a/projectroot/usr/lib/init/dropbear.sh
+++ b/projectroot/usr/lib/init/dropbear.sh
@@ -2,4 +2,5 @@
 
 DROPBEAR_RSAKEY='@KEYDIR@/dropbear_rsa_host_key'
 DROPBEAR_ECDSAKEY='@KEYDIR@/dropbear_ecdsa_host_key'
+DROPBEAR_ED25519KEY='@KEYDIR@/dropbear_ed25519_host_key'
 DROPBEAR_KEYTYPES='@KEYTYPES@'
diff --git a/rules/dropbear.in b/rules/dropbear.in
index 553e0268c..a7698ba20 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -256,6 +256,18 @@ config DROPBEAR_ECDSA
 	  ECDSA stands for Elliptic Curve Digital Signature Algorithm.
 	  ECDSA is significantly faster than RSA.
 
+config DROPBEAR_ED25519
+	bool
+	prompt "ed25519"
+	default y
+	help
+	  Ed25519 is the EdDSA signature scheme using SHA-512 (SHA-2)
+	  and Curve25519.
+	  Ed25519 is intended to provide attack resistance comparable to
+	  quality 128-bit symmetric ciphers.
+	  Public keys are 256 bits long and signatures are 512 bits
+	  long.
+
 comment "Key exchange algorithm ---"
 
 config DROPBEAR_ECDH
diff --git a/rules/dropbear.make b/rules/dropbear.make
index 3a434e2c8..a5ff02c9e 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -202,6 +202,14 @@ else
 	@echo "#define DROPBEAR_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
+ifdef PTXCONF_DROPBEAR_ED25519
+	@echo "ptxdist: enabling ed25519"
+	@echo "#define DROPBEAR_ED25519 1" >> $(DROPBEAR_LOCALOPTIONS)
+else
+	@echo "ptxdist: disabling ed25519"
+	@echo "#define DROPBEAR_ED25519 0" >> $(DROPBEAR_LOCALOPTIONS)
+endif
+
 	@echo "ptxdist: disabling u2f security key support"
 	@echo "#define DROPBEAR_SK_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS)
 	@echo "#define DROPBEAR_SK_ED25519 0" >> $(DROPBEAR_LOCALOPTIONS)
@@ -263,6 +271,9 @@ endif
 ifdef PTXCONF_DROPBEAR_ECDSA
 DROPBEAR_KEY_TYPES	+= ecdsa
 endif
+ifdef PTXCONF_DROPBEAR_ED25519
+DROPBEAR_KEY_TYPES	+= ed25519
+endif
 
 $(STATEDIR)/dropbear.targetinstall:
 	@$(call targetinfo)
-- 
2.30.2