From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 29 Jul 2022 08:26:15 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oHJRv-003G6L-1U for lore@lore.pengutronix.de; Fri, 29 Jul 2022 08:26:15 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1oHJRu-00019K-7Y; Fri, 29 Jul 2022 08:26:14 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oHJPH-00063D-Np; Fri, 29 Jul 2022 08:23:31 +0200 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1oHJPH-000SNS-13; Fri, 29 Jul 2022 08:23:31 +0200 Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1oHJPG-00A2FU-0J; Fri, 29 Jul 2022 08:23:30 +0200 From: Michael Olbrich To: ptxdist@pengutronix.de Date: Fri, 29 Jul 2022 08:23:30 +0200 Message-Id: <20220729062330.2391860-1-m.olbrich@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220704121831.23787-3-ada@thorsis.com> References: <20220704121831.23787-3-ada@thorsis.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: Re: [ptxdist] [APPLIED] dropbear: Add ed25519 hostkey/public key support X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Alexander Dahl Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Thanks, applied as 5b678ced4025abf60d5533cfdcd330bad8f90b65. Michael [sent from post-receive hook] On Fri, 29 Jul 2022 08:23:29 +0200, Alexander Dahl wrote: > This is supported by dropbear since version 2020.79, but was not used by > ptxdist yet. > > Signed-off-by: Alexander Dahl > Message-Id: <20220704121831.23787-3-ada@thorsis.com> > Signed-off-by: Michael Olbrich > > diff --git a/projectroot/etc/init.d/dropbear b/projectroot/etc/init.d/dropbear > index 2039340b2fbd..1b16de20ae8d 100644 > --- a/projectroot/etc/init.d/dropbear > +++ b/projectroot/etc/init.d/dropbear > @@ -25,6 +25,9 @@ dropbear_start() { > ecdsa) > test -f "$DROPBEAR_ECDSAKEY" && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_ECDSAKEY" > ;; > + ed25519) > + test -f "$DROPBEAR_ED25519KEY" && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_ED25519KEY" > + ;; > *) > echo "Key type '$keytype' not supported" > ;; > diff --git a/projectroot/etc/rc.once.d/dropbear b/projectroot/etc/rc.once.d/dropbear > index a8725616a7f2..191f6c61bfb9 100644 > --- a/projectroot/etc/rc.once.d/dropbear > +++ b/projectroot/etc/rc.once.d/dropbear > @@ -28,6 +28,9 @@ gen_keys() { > ecdsa) > gen_key ecdsa "$DROPBEAR_ECDSAKEY" || return > ;; > + ed25519) > + gen_key ed25519 "$DROPBEAR_ED25519KEY" || return > + ;; > *) > echo "Key type '$keytype' not supported" > ;; > diff --git a/projectroot/usr/lib/init/dropbear.sh b/projectroot/usr/lib/init/dropbear.sh > index 12fd6e5ce3f6..aa375fe3c298 100644 > --- a/projectroot/usr/lib/init/dropbear.sh > +++ b/projectroot/usr/lib/init/dropbear.sh > @@ -2,4 +2,5 @@ > > DROPBEAR_RSAKEY='@KEYDIR@/dropbear_rsa_host_key' > DROPBEAR_ECDSAKEY='@KEYDIR@/dropbear_ecdsa_host_key' > +DROPBEAR_ED25519KEY='@KEYDIR@/dropbear_ed25519_host_key' > DROPBEAR_KEYTYPES='@KEYTYPES@' > diff --git a/rules/dropbear.in b/rules/dropbear.in > index 0e726c70ef35..e7760df49453 100644 > --- a/rules/dropbear.in > +++ b/rules/dropbear.in > @@ -257,6 +257,18 @@ config DROPBEAR_ECDSA > ECDSA stands for Elliptic Curve Digital Signature Algorithm. > ECDSA is significantly faster than RSA. > > +config DROPBEAR_ED25519 > + bool > + prompt "ed25519" > + default y > + help > + Ed25519 is the EdDSA signature scheme using SHA-512 (SHA-2) > + and Curve25519. > + Ed25519 is intended to provide attack resistance comparable to > + quality 128-bit symmetric ciphers. > + Public keys are 256 bits long and signatures are 512 bits > + long. > + > comment "Key exchange algorithm ---" > > config DROPBEAR_ECDH > diff --git a/rules/dropbear.make b/rules/dropbear.make > index 3a434e2c8d37..a5ff02c9e0a0 100644 > --- a/rules/dropbear.make > +++ b/rules/dropbear.make > @@ -202,6 +202,14 @@ else > @echo "#define DROPBEAR_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS) > endif > > +ifdef PTXCONF_DROPBEAR_ED25519 > + @echo "ptxdist: enabling ed25519" > + @echo "#define DROPBEAR_ED25519 1" >> $(DROPBEAR_LOCALOPTIONS) > +else > + @echo "ptxdist: disabling ed25519" > + @echo "#define DROPBEAR_ED25519 0" >> $(DROPBEAR_LOCALOPTIONS) > +endif > + > @echo "ptxdist: disabling u2f security key support" > @echo "#define DROPBEAR_SK_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS) > @echo "#define DROPBEAR_SK_ED25519 0" >> $(DROPBEAR_LOCALOPTIONS) > @@ -263,6 +271,9 @@ endif > ifdef PTXCONF_DROPBEAR_ECDSA > DROPBEAR_KEY_TYPES += ecdsa > endif > +ifdef PTXCONF_DROPBEAR_ED25519 > +DROPBEAR_KEY_TYPES += ed25519 > +endif > > $(STATEDIR)/dropbear.targetinstall: > @$(call targetinfo)