diff options
author | Bruno Thomsen <bth@kamstrup.dk> | 2014-06-16 14:02:41 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2014-06-16 21:04:06 +0200 |
commit | 54afea33423c6bef00f64ca92292299e238923c0 (patch) | |
tree | a6bf9f65bab3de1bc10a255ea31891da89ad4c28 /rules/dropbear.in | |
parent | 6051eeb1f419c5016412e2f0cbb2b01d0b677ea1 (diff) | |
download | ptxdist-54afea33423c6bef00f64ca92292299e238923c0.tar.gz ptxdist-54afea33423c6bef00f64ca92292299e238923c0.tar.xz |
dropbear: Added Elliptic Curve Cryptography options.
Support for ecdsa, ecdh and curve25519-donna options.
Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'rules/dropbear.in')
-rw-r--r-- | rules/dropbear.in | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/rules/dropbear.in b/rules/dropbear.in index 21301bab8..fe2ada369 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -235,7 +235,6 @@ config DROPBEAR_SHA1_96 config DROPBEAR_SHA256 bool prompt "sha256" - default n help SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512) designed by the National Security Agency (NSA) @@ -248,7 +247,6 @@ config DROPBEAR_SHA256 config DROPBEAR_SHA512 bool prompt "sha512" - default n help SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512) designed by the National Security Agency (NSA) @@ -288,6 +286,30 @@ config DROPBEAR_DSS key size). In contrast, RSA signature length is a function of the key length employed. +config DROPBEAR_ECDSA + bool + prompt "ecdsa" + help + ECDSA stands for Elliptic Curve Digital Signature Algorithm. + ECDSA is significantly faster than RSA or DSS. + +config DROPBEAR_ECDH + bool + prompt "ecdh" + help + ECDH stands for Elliptic Curve Diffie-Hellman. + +config DROPBEAR_CURVE25519 + bool + depends on DROPBEAR_ECDSA || DROPBEAR_ECDH + prompt "curve25519-donna" + help + Enable curve25519-donna for key exchange. + This is another elliptic curve method with good security properties. + This algorithm does not rely on NIST-based curves + and gives us more security confidence against a possible + backdoor in nistp-256 curve. + comment "Authentication types, at least one required --- RFC Draft requires pubkey auth" config DROPBEAR_PASSWD |