dropbear: split U2F/FIDO support

these options allow one to configure U2F/FIDO support in more granular way

inspired by upstream commit aa6559db

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index fd4d5f3c7a5e49a54fe2124d5230b204c1b7f560..a59ca911a042b8e5cd92539087328dc69ea5ea1d 100644 (file)
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -65,6 +65,34 @@ config DROPBEAR_CHACHA20POLY1305
 
                Increases binary size by about 4 kB (MIPS).
 
+config DROPBEAR_U2F
+       bool "U2F/FIDO support"
+       default y
+       help
+               This option itself doesn't enable any support for U2F/FIDO
+               but subordinate options do:
+
+               - DROPBEAR_ECDSA_SK   - ecdsa-sk keys support
+                 depends on DROPBEAR_ECC ("Elliptic curve cryptography (ECC)")
+               - DROPBEAR_ED25519_SK - ed25519-sk keys support
+                 depends on DROPBEAR_ED25519 ("Ed25519 support")
+
+config DROPBEAR_ECDSA_SK
+       bool "ECDSA-SK support"
+       default y
+       depends on DROPBEAR_U2F && DROPBEAR_ECC
+       help
+               This enables the following public key algorithm:
+                 sk-ecdsa-sha2-nistp256@openssh.com
+
+config DROPBEAR_ED25519_SK
+       bool "Ed25519-SK support"
+       default y
+       depends on DROPBEAR_U2F && DROPBEAR_ED25519
+       help
+               This enables the following public key algorithm:
+                 sk-ssh-ed25519@openssh.com
+
 config DROPBEAR_ZLIB
        bool "Enable compression"
        help

diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 653911b7647254933ac351f4fcbaff3f48b0aff2..c00f64006e3cfba77c0cf59f9c1536ff4e3e66ae 100644 (file)
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -31,6 +31,7 @@ PKG_CONFIG_DEPENDS:= \
        CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_ECC_FULL \
        CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \
        CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
+       CONFIG_DROPBEAR_U2F CONFIG_DROPBEAR_ECDSA_SK CONFIG_DROPBEAR_ED25519_SK \
        CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
        CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS \
        CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD CONFIG_DROPBEAR_AGENTFORWARD \
@@ -142,10 +143,11 @@ DB_OPT_CONFIG = \
        DROPBEAR_CURVE25519,CONFIG_DROPBEAR_CURVE25519,1,0 \
        DROPBEAR_CHACHA20POLY1305,CONFIG_DROPBEAR_CHACHA20POLY1305,1,0 \
        DROPBEAR_ED25519,CONFIG_DROPBEAR_ED25519,1,0 \
-       DROPBEAR_SK_ED25519,CONFIG_DROPBEAR_ED25519,1,0 \
        DROPBEAR_ECDSA,CONFIG_DROPBEAR_ECC,1,0 \
-       DROPBEAR_SK_ECDSA,CONFIG_DROPBEAR_ECC,1,0 \
        DROPBEAR_ECDH,CONFIG_DROPBEAR_ECC,1,0 \
+       DROPBEAR_SK_KEYS,CONFIG_DROPBEAR_U2F,1,0 \
+       DROPBEAR_SK_ECDSA,CONFIG_DROPBEAR_ECDSA_SK,1,0 \
+       DROPBEAR_SK_ED25519,CONFIG_DROPBEAR_ED25519_SK,1,0 \
        DROPBEAR_CLI_ASKPASS_HELPER,CONFIG_DROPBEAR_ASKPASS,1,0 \
        DROPBEAR_CLI_AGENTFWD,CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD,1,0 \
        DROPBEAR_SVR_AGENTFWD,CONFIG_DROPBEAR_AGENTFORWARD,1,0 \