ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
new file mode 100644
index 0000000..0d012b2
--- /dev/null
+++ b/package/network/services/dropbear/Config.in
@@ -0,0 +1,196 @@
+menu "Configuration"
+ depends on PACKAGE_dropbear
+
+config DROPBEAR_CURVE25519
+ bool "Curve25519 support"
+ default y
+ help
+ This enables the following key exchange algorithm:
+ curve25519-sha256@libssh.org
+
+ Increases binary size by about 4 kB (MIPS).
+
+config DROPBEAR_ECC
+ bool "Elliptic curve cryptography (ECC)"
+ help
+ Enables basic support for elliptic curve cryptography (ECC)
+ in key exchange and public key authentication.
+
+ Key exchange algorithms:
+ ecdh-sha2-nistp256
+
+ Public key algorithms:
+ ecdsa-sha2-nistp256
+
+ Increases binary size by about 24 kB (MIPS).
+
+ Note: select DROPBEAR_ECC_FULL if full ECC support is required.
+
+config DROPBEAR_ECC_FULL
+ bool "Elliptic curve cryptography (ECC), full support"
+ depends on DROPBEAR_ECC
+ help
+ Enables full support for elliptic curve cryptography (ECC)
+ in key exchange and public key authentication.
+
+ Key exchange algorithms:
+ ecdh-sha2-nistp256 (*)
+ ecdh-sha2-nistp384
+ ecdh-sha2-nistp521
+
+ Public key algorithms:
+ ecdsa-sha2-nistp256 (*)
+ ecdsa-sha2-nistp384
+ ecdsa-sha2-nistp521
+
+ (*) - basic ECC support; provided by DROPBEAR_ECC.
+
+ Increases binary size by about 4 kB (MIPS).
+
+config DROPBEAR_ED25519
+ bool "Ed25519 support"
+ default y if !SMALL_FLASH
+ help
+ This enables the following public key algorithm:
+ ssh-ed25519
+
+ Increases binary size by about 12 kB (MIPS).
+
+config DROPBEAR_CHACHA20POLY1305
+ bool "Chacha20-Poly1305 support"
+ default y
+ help
+ This enables the following authenticated encryption cipher:
+ chacha20-poly1305@openssh.com
+
+ Increases binary size by about 4 kB (MIPS).
+
+config DROPBEAR_U2F
+ bool "U2F/FIDO support"
+ default y
+ help
+ This option itself doesn't enable any support for U2F/FIDO
+ but subordinate options do:
+
+ - DROPBEAR_ECDSA_SK - ecdsa-sk keys support
+ depends on DROPBEAR_ECC ("Elliptic curve cryptography (ECC)")
+ - DROPBEAR_ED25519_SK - ed25519-sk keys support
+ depends on DROPBEAR_ED25519 ("Ed25519 support")
+
+config DROPBEAR_ECDSA_SK
+ bool "ECDSA-SK support"
+ default y
+ depends on DROPBEAR_U2F && DROPBEAR_ECC
+ help
+ This enables the following public key algorithm:
+ sk-ecdsa-sha2-nistp256@openssh.com
+
+config DROPBEAR_ED25519_SK
+ bool "Ed25519-SK support"
+ default y
+ depends on DROPBEAR_U2F && DROPBEAR_ED25519
+ help
+ This enables the following public key algorithm:
+ sk-ssh-ed25519@openssh.com
+
+config DROPBEAR_ZLIB
+ bool "Enable compression"
+ help
+ Enables compression using shared zlib library.
+
+ Increases binary size by about 0.1 kB (MIPS) and requires
+ additional 62 kB (MIPS) for a shared zlib library.
+
+config DROPBEAR_UTMP
+ bool "Utmp support"
+ depends on BUSYBOX_CONFIG_FEATURE_UTMP
+ help
+ This enables dropbear utmp support, the file /var/run/utmp is
+ used to track who is currently logged in.
+
+config DROPBEAR_PUTUTLINE
+ bool "Pututline support"
+ depends on DROPBEAR_UTMP
+ help
+ Dropbear will use pututline() to write the utmp structure into
+ the utmp file.
+
+config DROPBEAR_DBCLIENT
+ bool "Build dropbear with dbclient"
+ default y
+
+config DROPBEAR_ASKPASS
+ bool "Enable askpass helper support"
+ depends on DROPBEAR_DBCLIENT
+ help
+ This enables support for ssh-askpass helper in dropbear client
+ in order to authenticate on remote hosts.
+
+ Increases binary size by about 0.1 kB (MIPS).
+
+config DROPBEAR_DBCLIENT_AGENTFORWARD
+ bool "Enable agent forwarding in dbclient [LEGACY/SECURITY]"
+ default y
+ depends on DROPBEAR_DBCLIENT
+ help
+ Increases binary size by about 0.1 kB (MIPS).
+
+ Security notes:
+
+ SSH agent forwarding might cause security issues (locally and
+ on the jump machine).
+
+ Hovewer, it's enabled by default for compatibility with
+ previous OpenWrt/dropbear releases.
+
+ Consider DISABLING this option if you're building own OpenWrt
+ image.
+
+ Also see DROPBEAR_AGENTFORWARD (agent forwarding in dropbear
+ server itself).
+
+config DROPBEAR_SCP
+ bool "Build dropbear with scp"
+ default y
+
+config DROPBEAR_AGENTFORWARD
+ bool "Enable agent forwarding [LEGACY/SECURITY]"
+ default y
+ help
+ Increases binary size by about 0.1 kB (MIPS).
+
+ Security notes:
+
+ SSH agent forwarding might cause security issues (locally and
+ on the jump machine).
+
+ Hovewer, it's enabled by default for compatibility with
+ previous OpenWrt/dropbear releases.
+
+ Consider DISABLING this option if you're building own OpenWrt
+ image.
+
+ Also see DROPBEAR_DBCLIENT_AGENTFORWARD (agent forwarding in
+ dropbear client) if DROPBEAR_DBCLIENT is selected.
+
+config DROPBEAR_MODERN_ONLY
+ bool "Use modern crypto only [BREAKS COMPATIBILITY]"
+ select DROPBEAR_ED25519
+ select DROPBEAR_CURVE25519
+ select DROPBEAR_CHACHA20POLY1305
+ help
+ This option enables:
+ - Chacha20-Poly1305
+ - Curve25519
+ - Ed25519
+ and disables:
+ - AES
+ - RSA
+
+ Reduces binary size by about 64 kB (MIPS) from default
+ configuration.
+
+ Consider enabling this option if you're building own OpenWrt
+ image and using modern SSH software everywhere.
+
+endmenu