dropbear: add ed25519 and chacha20-poly1305

- add Ed25519 support (backport): * DROPBEAR_ED25519 option for ssh-ed25519, * disabled by default - add Chacha20-Poly1305 support (backport): * DROPBEAR_CHACHA20POLY1305 for chacha20-poly1305@openssh.com, * enabled by default - update feature costs in binary size Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
openwrt · May 30, 2020 · f166cf9 · f166cf9 · rugk · Aug 21, 2020
1 parent 02f0805
commit f166cf9
Show file tree

Hide file tree

Showing 5 changed files with 3,613 additions and 3 deletions.
diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
@@ -8,7 +8,7 @@ config DROPBEAR_CURVE25519
 		This enables the following key exchange algorithm:
 		  curve25519-sha256@libssh.org
 
-		Increases binary size by about 8 kB uncompressed (MIPS).
+		Increases binary size by about 4 kB (MIPS).
 
 config DROPBEAR_ECC
 	bool "Elliptic curve cryptography (ECC)"
@@ -49,6 +49,24 @@ config DROPBEAR_ECC_FULL
 
 		Increases binary size by about 4 kB (MIPS).
 
+config DROPBEAR_ED25519
+	bool "Ed25519 support"
+	default n
+	help
+		This enables the following public key algorithm:
+		  ssh-ed25519
+
+		Increases binary size by about 12 kB (MIPS).
+
+config DROPBEAR_CHACHA20POLY1305
+	bool "Chacha20-Poly1305 support"
+	default y
+	help
+		This enables the following authenticated encryption cipher:
+		  chacha20-poly1305@openssh.com
+
+		Increases binary size by about 4 kB (MIPS).
+
 config DROPBEAR_ZLIB
 	bool "Enable compression"
 	default n

diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dropbear
 PKG_VERSION:=2019.78
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
@@ -29,6 +29,7 @@ PKG_FIXUP:=autoreconf
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_ECC_FULL \
 	CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \
+	CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
 	CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
 	CONFIG_DROPBEAR_DBCLIENT
 
@@ -63,6 +64,7 @@ define Package/dropbear/description
 endef
 
 define Package/dropbear/conffiles
+$(if $(CONFIG_DROPBEAR_ED25519),/etc/dropbear/dropbear_ed25519_host_key)
 $(if $(CONFIG_DROPBEAR_ECC),/etc/dropbear/dropbear_ecdsa_host_key)
 /etc/dropbear/dropbear_rsa_host_key
 /etc/config/dropbear
@@ -110,6 +112,12 @@ define Build/Configure
 			$(PKG_BUILD_DIR)/localoptions.h; \
 	done
 
+	echo '#define DROPBEAR_ED25519 $(if $(CONFIG_DROPBEAR_ED25519),1,0)' >> \
+		$(PKG_BUILD_DIR)/localoptions.h
+
+	echo '#define DROPBEAR_CHACHA20POLY1305 $(if $(CONFIG_DROPBEAR_CHACHA20POLY1305),1,0)' >> \
+		$(PKG_BUILD_DIR)/localoptions.h
+
 	# remove protocol idented software version number
 	$(ESED) 's,^(#define LOCAL_IDENT) .*$$$$,\1 "SSH-2.0-dropbear",g' \
 		$(PKG_BUILD_DIR)/sysoptions.h
@@ -160,6 +168,7 @@ define Package/dropbear/install
 	$(INSTALL_DIR) $(1)/etc/dropbear
 	$(INSTALL_DIR) $(1)/lib/preinit
 	$(INSTALL_DATA) ./files/dropbear.failsafe $(1)/lib/preinit/99_10_failsafe_dropbear
+	$(if $(CONFIG_DROPBEAR_ED25519),touch $(1)/etc/dropbear/dropbear_ed25519_host_key)
 	$(if $(CONFIG_DROPBEAR_ECC),touch $(1)/etc/dropbear/dropbear_ecdsa_host_key)
 	touch $(1)/etc/dropbear/dropbear_rsa_host_key
 endef

diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init
@@ -66,7 +66,7 @@ hk_generate_as_needed()
 	kdir='/etc/dropbear'
 
 	kgen=''
-	for ktype in ecdsa rsa; do
+	for ktype in ed25519 ecdsa rsa; do
 		hk_verify "${kdir}/dropbear_${ktype}_host_key" && continue
 
 		kgen="${kgen} ${ktype}"