From: Alexander Dahl <ada@thorsis.com>
To: ptxdist@pengutronix.de
Cc: Ian Abbott <abbotti@mev.co.uk>, Bruno Thomsen <bruno.thomsen@gmail.com>
Subject: [ptxdist] [PATCH 4/8] dropbear: Make Chacha20-Poly1305 encryption optional
Date: Mon, 4 Jul 2022 14:18:27 +0200 [thread overview]
Message-ID: <20220704121831.23787-5-ada@thorsis.com> (raw)
In-Reply-To: <20220704121831.23787-1-ada@thorsis.com>
Making this optional was basically for testing purposes, but might be
interesting for users who want to squeeze out the last few bytes.
The option is enabled by dropbear by default, so now it's possible to
disable it in ptxdist.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
rules/dropbear.in | 10 ++++++++++
rules/dropbear.make | 8 ++++++++
2 files changed, 18 insertions(+)
diff --git a/rules/dropbear.in b/rules/dropbear.in
index bbeb25f89..375d4c57c 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -169,6 +169,16 @@ config DROPBEAR_AES256
algorithm that may be used by U.S. Government organizations
(and others) to protect sensitive information.
+config DROPBEAR_CHACHA20POLY1305
+ bool
+ prompt "Chacha20-Poly1305"
+ default y
+ help
+ Enable Chacha20-Poly1305 authenticated encryption mode.
+ This is generally faster than AES256 on CPU w/o dedicated AES
+ instructions, having the same key size.
+ Recommended.
+
config DROPBEAR_CBC_CIPHERS
bool
prompt "CBC mode ciphers"
diff --git a/rules/dropbear.make b/rules/dropbear.make
index a5ff02c9e..7653cf3e5 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -127,6 +127,14 @@ else
@echo "#define DROPBEAR_AES256 0" >> $(DROPBEAR_LOCALOPTIONS)
endif
+ifdef PTXCONF_DROPBEAR_CHACHA20POLY1305
+ @echo "ptxdist: enabling chacha20-poly1305"
+ @echo "#define DROPBEAR_CHACHA20POLY1305 1" >> $(DROPBEAR_LOCALOPTIONS)
+else
+ @echo "ptxdist: disabling chacha20-poly1305"
+ @echo "#define DROPBEAR_CHACHA20POLY1305 0" >> $(DROPBEAR_LOCALOPTIONS)
+endif
+
# ciphers
ifdef PTXCONF_DROPBEAR_CBC_CIPHERS
@echo "ptxdist: enabling cbc ciphers"
--
2.30.2
next prev parent reply other threads:[~2022-07-04 12:19 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-04 12:18 [ptxdist] [PATCH 0/8] dropbear: version bump and option revise Alexander Dahl
2022-07-04 12:18 ` [ptxdist] [PATCH 1/8] dropbear: version bump 2020.81 -> 2022.82 Alexander Dahl
2022-07-08 15:13 ` Michael Olbrich
2022-07-21 7:10 ` [ptxdist] [PATCH] dropbear: Add patch to fix build with X11 forwarding Alexander Dahl
2022-08-04 15:14 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-29 6:23 ` [ptxdist] [APPLIED] dropbear: version bump 2020.81 -> 2022.82 Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 2/8] dropbear: Add ed25519 hostkey/public key support Alexander Dahl
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 3/8] dropbear: Remove curve25519 dependency Alexander Dahl
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-04 12:18 ` Alexander Dahl [this message]
2022-07-29 6:23 ` [ptxdist] [APPLIED] dropbear: Make Chacha20-Poly1305 encryption optional Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 5/8] dropbear: Append hints to some menu prompts Alexander Dahl
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 6/8] dropbear: Rework key exchange algorithm options Alexander Dahl
2022-07-04 12:31 ` Ian Abbott
2022-07-08 9:09 ` Michael Olbrich
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 7/8] dropbear: Add conditional comments with warnings Alexander Dahl
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 8/8] dropbear: Move option groups to sub menus Alexander Dahl
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220704121831.23787-5-ada@thorsis.com \
--to=ada@thorsis.com \
--cc=abbotti@mev.co.uk \
--cc=bruno.thomsen@gmail.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox