diff mbox series

[v2,3/3] dropbear: create a submenu for key exchange algorithms

Message ID 20201014080051.2324-4-rsalvaterra@gmail.com
State Superseded
Headers show
Series dropbear: overhaul the crypto algorithm selection | expand

Commit Message

Rui Salvaterra Oct. 14, 2020, 8 a.m. UTC 
This allows the user to select only the key exchange algorithms (s)he requires
(e.g., disabling group 14 SHA-{1,256} and keeping only Curve25519). The default
selection maintains the current functionality.

Additionally, make sure at least one key exchange algorithm is selected, lest
the build would fail.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
---
 package/network/services/dropbear/Config.in | 12 ++++++++++++
 package/network/services/dropbear/Makefile  | 13 ++++++++++---
 2 files changed, 22 insertions(+), 3 deletions(-)

Comments

Rui Salvaterra Oct. 20, 2020, 8:55 a.m. UTC | #1 
Hi,

On Tue, 20 Oct 2020 at 08:59, xinglp <xinglp@gmail.com> wrote:
>
>   Seems not merged yet. I got the patches from https://patchwork.ozlabs.org/project/openwrt/list/ ,
> but failed to apply to package/network/services/dropbear/Makefile

That's strange, but I'm going to check if the series needs to be
rebased, thanks for the heads-up.

Cheers,
Rui
Rui Salvaterra Oct. 20, 2020, 9:05 a.m. UTC | #2 
Hi,

On Tue, 20 Oct 2020 at 09:41, xinglp <xinglp@gmail.com> wrote:
>
>
>>   Seems not merged yet. I got the patches from https://patchwork.ozlabs.org/project/openwrt/list/ ,
>> but failed to apply to package/network/services/dropbear/Makefile
>
> I manully edited this file, then I can login to my router with ssh much faster than before.
> Thanks for your work.

Have you applied the whole series in the correct sequence? I just
tested and It applied cleanly against the current master.

Thanks,
Rui
Rui Salvaterra Oct. 20, 2020, 10:39 a.m. UTC | #3 
Hi again,

On Tue, 20 Oct 2020 at 11:32, xinglp <xinglp@gmail.com> wrote:
>
> On Tue, Oct 20, 2020 at 5:05 PM Rui Salvaterra <rsalvaterra@gmail.com> wrote:
>>
>> Have you applied the whole series in the correct sequence? I just
>> tested and It applied cleanly against the current master.
>
> Sorry, my bad, it's my own patch conflict with it.

No problem, thanks for testing!

Cheers,
Rui
diff mbox series

Patch

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index 9cea6242a6..066dab0a9b 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -94,6 +94,16 @@  config DROPBEAR_AUTOSEL_EA
 
 endmenu
 
+menu "Key exchange algorithm selection"
+
+config DROPBEAR_DH_GROUP14_SHA1
+	bool "Group 14 SHA-1"
+	default y
+
+config DROPBEAR_DH_GROUP14_SHA256
+	bool "Group 14 SHA-256"
+	default y
+
 config DROPBEAR_CURVE25519
 	bool "Curve25519 support"
 	default y
@@ -103,6 +113,8 @@  config DROPBEAR_CURVE25519
 
 		Increases binary size by about 4 kB (MIPS).
 
+endmenu
+
 config DROPBEAR_ZLIB
 	bool "Enable compression"
 	default n
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 768058718c..d0b0dbf3dc 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -32,6 +32,7 @@  PKG_CONFIG_DEPENDS:= \
 	CONFIG_DROPBEAR_RSA CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \
 	CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_AES128 CONFIG_DROPBEAR_AES256 \
 	CONFIG_DROPBEAR_CHACHA20POLY1305 CONFIG_DROPBEAR_UTMP \
+	CONFIG_DROPBEAR_DH_GROUP14_SHA1 CONFIG_DROPBEAR_DH_GROUP14_SHA256 \
 	CONFIG_DROPBEAR_PUTUTLINE CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP
 
 include $(INCLUDE_DIR)/package.mk
@@ -110,9 +111,6 @@  define Build/Configure
 	echo '#define DROPBEAR_RSA $(if $(CONFIG_DROPBEAR_RSA),1,0)' >> \
 		$(PKG_BUILD_DIR)/localoptions.h
 
-	echo '#define DROPBEAR_CURVE25519 $(if $(CONFIG_DROPBEAR_CURVE25519),1,0)' >> \
-		$(PKG_BUILD_DIR)/localoptions.h
-
 	for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \
 		echo "#define $$$$OPTION $(if $(CONFIG_DROPBEAR_ECC),1,0)" >> \
 			$(PKG_BUILD_DIR)/localoptions.h; \
@@ -130,6 +128,15 @@  define Build/Configure
 	echo '#define DROPBEAR_CHACHA20POLY1305 $(if $(CONFIG_DROPBEAR_CHACHA20POLY1305),1,0)' >> \
 		$(PKG_BUILD_DIR)/localoptions.h
 
+	echo '#define DROPBEAR_DH_GROUP14_SHA1 $(if $(CONFIG_DROPBEAR_DH_GROUP14_SHA1),1,0)' >> \
+		$(PKG_BUILD_DIR)/localoptions.h
+
+	echo '#define DROPBEAR_DH_GROUP14_SHA256 $(if $(CONFIG_DROPBEAR_DH_GROUP14_SHA256),1,0)' >> \
+		$(PKG_BUILD_DIR)/localoptions.h
+
+	echo '#define DROPBEAR_CURVE25519 $(if $(CONFIG_DROPBEAR_CURVE25519),1,0)' >> \
+		$(PKG_BUILD_DIR)/localoptions.h
+
 	# remove protocol idented software version number
 	$(ESED) 's,^(#define LOCAL_IDENT) .*$$$$,\1 "SSH-2.0-dropbear",g' \
 		$(PKG_BUILD_DIR)/sysoptions.h