[PATCH 2/3] dropbear: create a submenu for encryption algorithms

[Rui Salvaterra]

This allows the user to select only the encryption algorithms (s)he requires
(e.g., disabling AES and keeping only ChaCha20-Poly1305). The default selection
maintains the current functionality.

Additionally, make sure at least one encryption algorithm is selected, lest the
build would fail.

Signed-off-by: Rui Salvaterra <rsalvaterra at gmail.com>
---
 package/network/services/dropbear/Config.in | 21 +++++++++++++++++++++
 package/network/services/dropbear/Makefile  | 12 +++++++++---
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index d2771eca93..9cea6242a6 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -64,6 +64,20 @@ config DROPBEAR_AUTOSEL_PK
 
 endmenu
 
+menu "Encryption algorithm selection"
+
+config DROPBEAR_AES128
+	bool "AES-128 support"
+	default y
+	help
+		This enables support for the 128-bit AES cipher
+
+config DROPBEAR_AES256
+	bool "AES-256 support"
+	default y
+	help
+		This enables support for the 256-bit AES cipher
+
 config DROPBEAR_CHACHA20POLY1305
 	bool "Chacha20-Poly1305 support"
 	default y
@@ -73,6 +87,13 @@ config DROPBEAR_CHACHA20POLY1305
 
 		Increases binary size by about 4 kB (MIPS).
 
+config DROPBEAR_AUTOSEL_EA
+	def_bool y
+	depends on !(DROPBEAR_AES256 || DROPBEAR_CHACHA20POLY1305)
+	select DROPBEAR_AES128
+
+endmenu
+
 config DROPBEAR_CURVE25519
 	bool "Curve25519 support"
 	default y
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 2ab2cd396d..768058718c 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -30,9 +30,9 @@ PKG_FLAGS:=nonshared
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_ECC_FULL \
 	CONFIG_DROPBEAR_RSA CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \
-	CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
-	CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
-	CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP
+	CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_AES128 CONFIG_DROPBEAR_AES256 \
+	CONFIG_DROPBEAR_CHACHA20POLY1305 CONFIG_DROPBEAR_UTMP \
+	CONFIG_DROPBEAR_PUTUTLINE CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -121,6 +121,12 @@ define Build/Configure
 	echo '#define DROPBEAR_ED25519 $(if $(CONFIG_DROPBEAR_ED25519),1,0)' >> \
 		$(PKG_BUILD_DIR)/localoptions.h
 
+	echo '#define DROPBEAR_AES128 $(if $(CONFIG_DROPBEAR_AES128),1,0)' >> \
+		$(PKG_BUILD_DIR)/localoptions.h
+
+	echo '#define DROPBEAR_AES256 $(if $(CONFIG_DROPBEAR_AES256),1,0)' >> \
+		$(PKG_BUILD_DIR)/localoptions.h
+
 	echo '#define DROPBEAR_CHACHA20POLY1305 $(if $(CONFIG_DROPBEAR_CHACHA20POLY1305),1,0)' >> \
 		$(PKG_BUILD_DIR)/localoptions.h
 
-- 
2.28.0