[PATCH v4 2/3] dropbear: create a submenu for encryption algorithms

Tue, 15 Dec 2020 09:06:13 -0800 

This allows the user to select only the encryption algorithms (s)he requires
(e.g., disabling AES and keeping only ChaCha20-Poly1305). The default selection
maintains the current functionality.

Additionally, make sure at least one encryption algorithm is selected, lest the
build would fail.

Signed-off-by: Rui Salvaterra <rsalvate...@gmail.com>
---
 package/network/services/dropbear/Config.in | 21 +++++++++++++++++++++
 package/network/services/dropbear/Makefile  |  4 +++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/package/network/services/dropbear/Config.in 
b/package/network/services/dropbear/Config.in
index 5b7be04ade..6d2b4cdfae 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -64,6 +64,20 @@ config DROPBEAR_AUTOSEL_PK
 
 endmenu
 
+menu "Encryption algorithm selection"
+
+config DROPBEAR_AES128
+       bool "AES-128 support"
+       default y
+       help
+               This enables support for the 128-bit AES cipher
+
+config DROPBEAR_AES256
+       bool "AES-256 support"
+       default y
+       help
+               This enables support for the 256-bit AES cipher
+
 config DROPBEAR_CHACHA20POLY1305
        bool "Chacha20-Poly1305 support"
        default y
@@ -73,6 +87,13 @@ config DROPBEAR_CHACHA20POLY1305
 
                Increases binary size by about 4 kB (MIPS).
 
+config DROPBEAR_AUTOSEL_EA
+       def_bool y
+       depends on !(DROPBEAR_AES256 || DROPBEAR_CHACHA20POLY1305)
+       select DROPBEAR_AES128
+
+endmenu
+
 config DROPBEAR_CURVE25519
        bool "Curve25519 support"
        default y
diff --git a/package/network/services/dropbear/Makefile 
b/package/network/services/dropbear/Makefile
index d0b6a4b7ea..1d131455a2 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -33,7 +33,7 @@ PKG_CONFIG_DEPENDS:= \
        CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
        CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
        CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS \
-       CONFIG_DROPBEAR_RSA
+       CONFIG_DROPBEAR_RSA CONFIG_DROPBEAR_AES128 CONFIG_DROPBEAR_AES256
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -139,6 +139,8 @@ DB_OPT_CONFIG = \
        !!DROPBEAR_ECC_521|CONFIG_DROPBEAR_ECC_FULL|1|0 \
        DROPBEAR_CLI_ASKPASS_HELPER|CONFIG_DROPBEAR_ASKPASS|1|0 \
        DROPBEAR_RSA|CONFIG_DROPBEAR_RSA|1|0 \
+       DROPBEAR_AES128|CONFIG_DROPBEAR_AES128|1|0 \
+       DROPBEAR_AES256|CONFIG_DROPBEAR_AES256|1|0
 
 TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections -flto
 TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver
-- 
2.29.2


_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to