dropbear: split ECC support to basic and full

[openwrt/openwrt.git] / package / network / services / dropbear / Config.in

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index e2a761034fa64225439db4a18030dee75fb0775c..9106322eeac5816a37e2b6e5dc56dd5e85793553 100644 (file)
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -1,27 +1,76 @@
 menu "Configuration"
        depends on PACKAGE_dropbear
 
+config DROPBEAR_CURVE25519
+       bool "Curve25519 support"
+       default y
+       help
+               This enables the following key exchange algorithm:
+                 curve25519-sha256@libssh.org
+
+               Increases binary size by about 8 kB uncompressed (MIPS).
+
 config DROPBEAR_ECC
        bool "Elliptic curve cryptography (ECC)"
        default n
        help
-               Enables elliptic curve cryptography (ECC) support in key exchange and public key
-               authentication.
+               Enables basic support for elliptic curve cryptography (ECC)
+               in key exchange and public key authentication.
 
                Key exchange algorithms:
                  ecdh-sha2-nistp256
+
+               Public key algorithms:
+                 ecdsa-sha2-nistp256
+
+               Increases binary size by about 24 kB (MIPS).
+
+               If full ECC support is required, also select DROPBEAR_ECC_FULL.
+
+config DROPBEAR_ECC_FULL
+       bool "Elliptic curve cryptography (ECC), full support"
+       default n
+       depends on DROPBEAR_ECC
+       help
+               Enables full support for elliptic curve cryptography (ECC)
+               in key exchange and public key authentication.
+
+               Key exchange algorithms:
+                 ecdh-sha2-nistp256 (*)
                  ecdh-sha2-nistp384
                  ecdh-sha2-nistp521
-                 curve25519-sha256@libssh.org
 
                Public key algorithms:
-                 ecdsa-sha2-nistp256
+                 ecdsa-sha2-nistp256 (*)
                  ecdsa-sha2-nistp384
                  ecdsa-sha2-nistp521
 
-               Does not generate ECC host keys by default (ECC key exchange will not be used,
-               only ECC public key auth).
+               (*) - basic ECC support; provided by DROPBEAR_ECC.
+
+               Increases binary size by about 4 kB (MIPS).
+
+config DROPBEAR_ZLIB
+       bool "Enable compression"
+       default n
+       help
+               Enables compression using shared zlib library.
 
-               Increases binary size by about 36 kB (MIPS).
+               Increases binary size by about 0.1 kB (MIPS) and requires additional 62 kB (MIPS)
+               for a shared zlib library.
+
+config DROPBEAR_UTMP
+       bool "Utmp support"
+       default n
+       depends on BUSYBOX_CONFIG_FEATURE_UTMP
+       help
+               This enables dropbear utmp support, the file /var/run/utmp is used to
+               track who is currently logged in.
+
+config DROPBEAR_PUTUTLINE
+       bool "Pututline support"
+       default n
+       depends on DROPBEAR_UTMP
+       help
+               Dropbear will use pututline() to write the utmp structure into the utmp file.
 
 endmenu