dropbear: split U2F/FIDO support

these options allow one to configure U2F/FIDO support in more granular way inspired by upstream commit aa6559db Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-01-09 03:40:01 +03:00 · 2024-01-09 03:40:01 +03:00 · c87a192386
commit c87a192386
parent bf900e02c7
2 changed files with 32 additions and 2 deletions
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@ -65,6 +65,34 @@ config DROPBEAR_CHACHA20POLY1305

 		Increases binary size by about 4 kB (MIPS).

+config DROPBEAR_U2F
+	bool "U2F/FIDO support"
+	default y
+	help
+		This option itself doesn't enable any support for U2F/FIDO
+		but subordinate options do:
+
+		- DROPBEAR_ECDSA_SK   - ecdsa-sk keys support
+		  depends on DROPBEAR_ECC ("Elliptic curve cryptography (ECC)")
+		- DROPBEAR_ED25519_SK - ed25519-sk keys support
+		  depends on DROPBEAR_ED25519 ("Ed25519 support")
+
+config DROPBEAR_ECDSA_SK
+	bool "ECDSA-SK support"
+	default y
+	depends on DROPBEAR_U2F && DROPBEAR_ECC
+	help
+		This enables the following public key algorithm:
+		  sk-ecdsa-sha2-nistp256@openssh.com
+
+config DROPBEAR_ED25519_SK
+	bool "Ed25519-SK support"
+	default y
+	depends on DROPBEAR_U2F && DROPBEAR_ED25519
+	help
+		This enables the following public key algorithm:
+		  sk-ssh-ed25519@openssh.com
+
 config DROPBEAR_ZLIB
 	bool "Enable compression"
 	help
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@ -31,6 +31,7 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_ECC_FULL \
 	CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \
 	CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
+	CONFIG_DROPBEAR_U2F CONFIG_DROPBEAR_ECDSA_SK CONFIG_DROPBEAR_ED25519_SK \
 	CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
 	CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS \
 	CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD CONFIG_DROPBEAR_AGENTFORWARD \
@ -142,10 +143,11 @@ DB_OPT_CONFIG = \
 	DROPBEAR_CURVE25519,CONFIG_DROPBEAR_CURVE25519,1,0 \
 	DROPBEAR_CHACHA20POLY1305,CONFIG_DROPBEAR_CHACHA20POLY1305,1,0 \
 	DROPBEAR_ED25519,CONFIG_DROPBEAR_ED25519,1,0 \
-	DROPBEAR_SK_ED25519,CONFIG_DROPBEAR_ED25519,1,0 \
 	DROPBEAR_ECDSA,CONFIG_DROPBEAR_ECC,1,0 \
-	DROPBEAR_SK_ECDSA,CONFIG_DROPBEAR_ECC,1,0 \
 	DROPBEAR_ECDH,CONFIG_DROPBEAR_ECC,1,0 \
+	DROPBEAR_SK_KEYS,CONFIG_DROPBEAR_U2F,1,0 \
+	DROPBEAR_SK_ECDSA,CONFIG_DROPBEAR_ECDSA_SK,1,0 \
+	DROPBEAR_SK_ED25519,CONFIG_DROPBEAR_ED25519_SK,1,0 \
 	DROPBEAR_CLI_ASKPASS_HELPER,CONFIG_DROPBEAR_ASKPASS,1,0 \
 	DROPBEAR_CLI_AGENTFWD,CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD,1,0 \
 	DROPBEAR_SVR_AGENTFWD,CONFIG_DROPBEAR_AGENTFORWARD,1,0 \