From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 04 Jul 2022 14:19:28 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1o8L2y-005XTs-PG for lore@lore.pengutronix.de; Mon, 04 Jul 2022 14:19:28 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1o8L30-0003os-K9; Mon, 04 Jul 2022 14:19:26 +0200 Received: from mail.thorsis.com ([92.198.35.195]) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1o8L28-0002vu-VB for ptxdist@pengutronix.de; Mon, 04 Jul 2022 14:18:34 +0200 Received: from adahl by ada.ifak-system.com with local (Exim 4.92) (envelope-from ) id 1o8L27-0006Cb-8f; Mon, 04 Jul 2022 14:18:31 +0200 From: Alexander Dahl To: ptxdist@pengutronix.de Date: Mon, 4 Jul 2022 14:18:27 +0200 Message-Id: <20220704121831.23787-5-ada@thorsis.com> In-Reply-To: <20220704121831.23787-1-ada@thorsis.com> References: <20220704121831.23787-1-ada@thorsis.com> Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH 4/8] dropbear: Make Chacha20-Poly1305 encryption optional X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Ian Abbott , Bruno Thomsen Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Making this optional was basically for testing purposes, but might be interesting for users who want to squeeze out the last few bytes. The option is enabled by dropbear by default, so now it's possible to disable it in ptxdist. Signed-off-by: Alexander Dahl --- rules/dropbear.in | 10 ++++++++++ rules/dropbear.make | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/rules/dropbear.in b/rules/dropbear.in index bbeb25f89..375d4c57c 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -169,6 +169,16 @@ config DROPBEAR_AES256 algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information. +config DROPBEAR_CHACHA20POLY1305 + bool + prompt "Chacha20-Poly1305" + default y + help + Enable Chacha20-Poly1305 authenticated encryption mode. + This is generally faster than AES256 on CPU w/o dedicated AES + instructions, having the same key size. + Recommended. + config DROPBEAR_CBC_CIPHERS bool prompt "CBC mode ciphers" diff --git a/rules/dropbear.make b/rules/dropbear.make index a5ff02c9e..7653cf3e5 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -127,6 +127,14 @@ else @echo "#define DROPBEAR_AES256 0" >> $(DROPBEAR_LOCALOPTIONS) endif +ifdef PTXCONF_DROPBEAR_CHACHA20POLY1305 + @echo "ptxdist: enabling chacha20-poly1305" + @echo "#define DROPBEAR_CHACHA20POLY1305 1" >> $(DROPBEAR_LOCALOPTIONS) +else + @echo "ptxdist: disabling chacha20-poly1305" + @echo "#define DROPBEAR_CHACHA20POLY1305 0" >> $(DROPBEAR_LOCALOPTIONS) +endif + # ciphers ifdef PTXCONF_DROPBEAR_CBC_CIPHERS @echo "ptxdist: enabling cbc ciphers" -- 2.30.2