[ptxdist] [PATCH 2/2] dropbear: Added Elliptic Curve Cryptography options.

[Bruno Thomsen]

Support for ecdsa, ecdh and curve25519-donna options.

Signed-off-by: Bruno Thomsen <b...@kamstrup.dk>
---
 rules/dropbear.in   |   27 +++++++++++++++++++++++++++
 rules/dropbear.make |   24 ++++++++++++++++++++++++
 2 files changed, 51 insertions(+)

diff --git a/rules/dropbear.in b/rules/dropbear.in
index 21301ba..c99d432 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -288,6 +288,33 @@ config DROPBEAR_DSS
          key size). In contrast, RSA signature length is a function
          of the key length employed.
 
+config DROPBEAR_ECDSA
+       bool
+       prompt "ecdsa"
+       default n
+       help
+         ECDSA stands for Elliptic Curve Digital Signature Algorithm.
+         ECDSA is significantly faster than RSA or DSS.
+
+config DROPBEAR_ECDH
+       bool
+       prompt "ecdh"
+       default n
+       help
+         ECDH stands for Elliptic Curve Diffie-Hellman.
+
+config DROPBEAR_CURVE25519
+       bool
+       depends on DROPBEAR_ECDSA || DROPBEAR_ECDH
+       prompt "curve25519-donna"
+       default n
+       help
+         Enable curve25519-donna for key exchange.
+         This is another elliptic curve method with good security properties.
+         This algorithm does not rely on NIST-based curves
+         and gives us more security confidence against a possible
+         backdoor in nistp-256 curve.
+
 comment "Authentication types, at least one required --- RFC Draft requires 
pubkey auth"
 
 config DROPBEAR_PASSWD
diff --git a/rules/dropbear.make b/rules/dropbear.make
index 5ab6fd3..5cbd4aa 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -222,6 +222,30 @@ else
        @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_DSS)
 endif
 
+ifdef PTXCONF_DROPBEAR_ECDSA
+       @echo "ptxdist: enabling ecdsa"
+       @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA)
+else
+       @echo "ptxdist: disabling ecdsa"
+       @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA)
+endif
+
+ifdef PTXCONF_DROPBEAR_ECDH
+       @echo "ptxdist: enabling ecdh"
+       @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH)
+else
+       @echo "ptxdist: disabling ecdh"
+       @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH)
+endif
+
+ifdef PTXCONF_DROPBEAR_CURVE25519
+       @echo "ptxdist: enabling curve25519"
+       @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519)
+else
+       @echo "ptxdist: disabling curve25519"
+       @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519)
+endif
+
 ifdef PTXCONF_DROPBEAR_PASSWD
        @echo "ptxdist: enabling passwd"
        @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH)
-- 
1.7.9.5


-- 
ptxdist mailing list
ptxdist@pengutronix.de