Hi,
Just ran a quick test on a Kindle (armv7-a/cortex-a8), it seems to work
fine, and, provided both sides handle ecdh, indeed gets rid of the slow kex
'bug' that has plagued some slow devices for a while, so, thanks :).
A few notes:
* libtomcrypt has to be built w/ -DLTM_DESC for ECC support (I'm using
external libtom* libs).
* I had to patch the configure script to detect libtommath before
libtomcrypt so that the LIBS var was built in the right order to please
recent binutils versions (libtomcrypt depends on libtommath, so -ltommath
has to come *after* -ltomcrypt).
diff -NuarpBZ dropbear-2013.61test-ori/configure.ac
dropbear-2013.61test/configure.ac
--- dropbear-2013.61test-ori/configure.ac 2013-11-16 16:40:51.904116642
+0100
+++ dropbear-2013.61test/configure.ac 2013-11-16 16:42:46.796680288 +0100
@@ -371,16 +371,16 @@ AC_ARG_ENABLE(bundled-libtom,
AC_MSG_NOTICE(Forcing bundled libtom*)
else
BUNDLED_LIBTOM=0
- AC_CHECK_LIB(tomcrypt, register_cipher, ,
- [AC_MSG_ERROR([Missing system libtomcrypt and
--disable-bundled-libtom
was specified])] )
AC_CHECK_LIB(tommath, mp_exptmod, ,
[AC_MSG_ERROR([Missing system libtomcrypt and
--disable-bundled-libtom
was specified])] )
+ AC_CHECK_LIB(tomcrypt, register_cipher, ,
+ [AC_MSG_ERROR([Missing system libtomcrypt and
--disable-bundled-libtom
was specified])] )
fi
],
[
BUNDLED_LIBTOM=0
- AC_CHECK_LIB(tomcrypt, register_cipher, , BUNDLED_LIBTOM=1)
AC_CHECK_LIB(tommath, mp_exptmod, , BUNDLED_LIBTOM=1)
+ AC_CHECK_LIB(tomcrypt, register_cipher, , BUNDLED_LIBTOM=1)
]
)
* Didn't really look further than that, but dropbearconvert dropbear ->
openssh on a fresh ecdsa key generated by dropbearkey dies with a "*** glibc
detected *** dropbearconvert: free(): corrupted unsorted chunks: 0x000530b0
***" (take this one with a grain of salt, that's on a Kindle 5 [eglibc
2.12], so there may be some weirdness involved).
