[PATCH 2/3] dropbear: create a submenu for encryption algorithms
Rui Salvaterra
rsalvaterra at gmail.com
Tue Oct 13 08:54:11 EDT 2020
This allows the user to select only the encryption algorithms (s)he requires
(e.g., disabling AES and keeping only ChaCha20-Poly1305). The default selection
maintains the current functionality.
Additionally, make sure at least one encryption algorithm is selected, lest the
build would fail.
Signed-off-by: Rui Salvaterra <rsalvaterra at gmail.com>
---
package/network/services/dropbear/Config.in | 21 +++++++++++++++++++++
package/network/services/dropbear/Makefile | 12 +++++++++---
2 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index d2771eca93..9cea6242a6 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -64,6 +64,20 @@ config DROPBEAR_AUTOSEL_PK
endmenu
+menu "Encryption algorithm selection"
+
+config DROPBEAR_AES128
+ bool "AES-128 support"
+ default y
+ help
+ This enables support for the 128-bit AES cipher
+
+config DROPBEAR_AES256
+ bool "AES-256 support"
+ default y
+ help
+ This enables support for the 256-bit AES cipher
+
config DROPBEAR_CHACHA20POLY1305
bool "Chacha20-Poly1305 support"
default y
@@ -73,6 +87,13 @@ config DROPBEAR_CHACHA20POLY1305
Increases binary size by about 4 kB (MIPS).
+config DROPBEAR_AUTOSEL_EA
+ def_bool y
+ depends on !(DROPBEAR_AES256 || DROPBEAR_CHACHA20POLY1305)
+ select DROPBEAR_AES128
+
+endmenu
+
config DROPBEAR_CURVE25519
bool "Curve25519 support"
default y
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 2ab2cd396d..768058718c 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -30,9 +30,9 @@ PKG_FLAGS:=nonshared
PKG_CONFIG_DEPENDS:= \
CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_ECC_FULL \
CONFIG_DROPBEAR_RSA CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \
- CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
- CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
- CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP
+ CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_AES128 CONFIG_DROPBEAR_AES256 \
+ CONFIG_DROPBEAR_CHACHA20POLY1305 CONFIG_DROPBEAR_UTMP \
+ CONFIG_DROPBEAR_PUTUTLINE CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP
include $(INCLUDE_DIR)/package.mk
@@ -121,6 +121,12 @@ define Build/Configure
echo '#define DROPBEAR_ED25519 $(if $(CONFIG_DROPBEAR_ED25519),1,0)' >> \
$(PKG_BUILD_DIR)/localoptions.h
+ echo '#define DROPBEAR_AES128 $(if $(CONFIG_DROPBEAR_AES128),1,0)' >> \
+ $(PKG_BUILD_DIR)/localoptions.h
+
+ echo '#define DROPBEAR_AES256 $(if $(CONFIG_DROPBEAR_AES256),1,0)' >> \
+ $(PKG_BUILD_DIR)/localoptions.h
+
echo '#define DROPBEAR_CHACHA20POLY1305 $(if $(CONFIG_DROPBEAR_CHACHA20POLY1305),1,0)' >> \
$(PKG_BUILD_DIR)/localoptions.h
--
2.28.0
More information about the openwrt-devel
mailing list