Support for ecdsa, ecdh and curve25519-donna options. Signed-off-by: Bruno Thomsen <b...@kamstrup.dk> --- rules/dropbear.in | 27 +++++++++++++++++++++++++++ rules/dropbear.make | 24 ++++++++++++++++++++++++ 2 files changed, 51 insertions(+)
diff --git a/rules/dropbear.in b/rules/dropbear.in index 21301ba..c99d432 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -288,6 +288,33 @@ config DROPBEAR_DSS key size). In contrast, RSA signature length is a function of the key length employed. +config DROPBEAR_ECDSA + bool + prompt "ecdsa" + default n + help + ECDSA stands for Elliptic Curve Digital Signature Algorithm. + ECDSA is significantly faster than RSA or DSS. + +config DROPBEAR_ECDH + bool + prompt "ecdh" + default n + help + ECDH stands for Elliptic Curve Diffie-Hellman. + +config DROPBEAR_CURVE25519 + bool + depends on DROPBEAR_ECDSA || DROPBEAR_ECDH + prompt "curve25519-donna" + default n + help + Enable curve25519-donna for key exchange. + This is another elliptic curve method with good security properties. + This algorithm does not rely on NIST-based curves + and gives us more security confidence against a possible + backdoor in nistp-256 curve. + comment "Authentication types, at least one required --- RFC Draft requires pubkey auth" config DROPBEAR_PASSWD diff --git a/rules/dropbear.make b/rules/dropbear.make index 5ab6fd3..5cbd4aa 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -222,6 +222,30 @@ else @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_DSS) endif +ifdef PTXCONF_DROPBEAR_ECDSA + @echo "ptxdist: enabling ecdsa" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA) +else + @echo "ptxdist: disabling ecdsa" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA) +endif + +ifdef PTXCONF_DROPBEAR_ECDH + @echo "ptxdist: enabling ecdh" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH) +else + @echo "ptxdist: disabling ecdh" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH) +endif + +ifdef PTXCONF_DROPBEAR_CURVE25519 + @echo "ptxdist: enabling curve25519" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519) +else + @echo "ptxdist: disabling curve25519" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519) +endif + ifdef PTXCONF_DROPBEAR_PASSWD @echo "ptxdist: enabling passwd" @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH) -- 1.7.9.5 -- ptxdist mailing list ptxdist@pengutronix.de