diff options
| author | Vladislav Grishenko <themiron@users.noreply.github.com> | 2020-03-11 21:09:45 +0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-12 00:09:45 +0800 |
| commit | 3d12521735e7ef7e48be217af0f27d68e23050a7 (patch) | |
| tree | 5e6a8afcc2ff403d235f0157095db5b80aa173b3 /default_options.h | |
| parent | b2007beeb0203c8f9f3d6d07329d0d1fceea91c7 (diff) | |
Add Ed25519 support (#91)
* Add support for Ed25519 as a public key type
Ed25519 is a elliptic curve signature scheme that offers
better security than ECDSA and DSA and good performance. It may be
used for both user and host keys.
OpenSSH key import and fuzzer are not supported yet.
Initially inspired by Peter Szabo.
* Add curve25519 and ed25519 fuzzers
* Add import and export of Ed25519 keys
Diffstat (limited to 'default_options.h')
| -rw-r--r-- | default_options.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/default_options.h b/default_options.h index 9000fcc..5b232dd 100644 --- a/default_options.h +++ b/default_options.h @@ -22,6 +22,7 @@ IMPORTANT: Some options will require "make clean" after changes */ #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" +#define ED25519_PRIV_FILENAME "/etc/dropbear/dropbear_ed25519_host_key" /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens * on chosen ports and keeps accepting connections. This is the default. @@ -116,11 +117,15 @@ IMPORTANT: Some options will require "make clean" after changes */ * code (either ECDSA or ECDH) increases binary size - around 30kB * on x86-64 */ #define DROPBEAR_ECDSA 1 +/* Ed25519 is faster than ECDSA. Compiling in Ed25519 code increases + binary size - around 7,5kB on x86-64 */ +#define DROPBEAR_ED25519 1 /* RSA must be >=1024 */ #define DROPBEAR_DEFAULT_RSA_SIZE 2048 /* DSS is always 1024 */ /* ECDSA defaults to largest size configured, usually 521 */ +/* Ed25519 is always 256 */ /* Add runtime flag "-R" to generate hostkeys as-needed when the first connection using that key type occurs. @@ -143,7 +148,7 @@ IMPORTANT: Some options will require "make clean" after changes */ * group14 is supported by most implementations. * group16 provides a greater strength level but is slower and increases binary size * curve25519 and ecdh algorithms are faster than non-elliptic curve methods - * curve25519 increases binary size by ~8kB on x86-64 + * curve25519 increases binary size by ~2,5kB on x86-64 * including either ECDH or ECDSA increases binary size by ~30kB on x86-64 * Small systems should generally include either curve25519 or ecdh for performance. |