# HG changeset patch # User Matt Johnston # Date 1648100528 -28800 # Node ID 4a6725ac957cbd81abb169a83f12292226567ec4 # Parent 4e36e3a950841e640ace20eb24037dba49a6a9af Revert "Don't include sk keys at all in KEX list" This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72. The sk algorithms need to remain in the sigalgs list so that they are included in the server-sig-algs ext-info message sent by the server. RFC8308 for server-sig-algs requires that all algorithms are listed (though OpenSSH client 8.4p1 tested doesn't require that) diff -r 4e36e3a95084 -r 4a6725ac957c common-algo.c --- a/common-algo.c Thu Mar 24 12:26:09 2022 +0800 +++ b/common-algo.c Thu Mar 24 13:42:08 2022 +0800 @@ -239,6 +239,9 @@ algo_type sigalgs[] = { #if DROPBEAR_ED25519 {"ssh-ed25519", DROPBEAR_SIGNATURE_ED25519, NULL, 1, NULL}, +#if DROPBEAR_SK_ED25519 + {"sk-ssh-ed25519@openssh.com", DROPBEAR_SIGNATURE_SK_ED25519, NULL, 1, NULL}, +#endif #endif #if DROPBEAR_ECDSA #if DROPBEAR_ECC_256 @@ -250,6 +253,9 @@ #if DROPBEAR_ECC_521 {"ecdsa-sha2-nistp521", DROPBEAR_SIGNATURE_ECDSA_NISTP521, NULL, 1, NULL}, #endif +#if DROPBEAR_SK_ECDSA + {"sk-ecdsa-sha2-nistp256@openssh.com", DROPBEAR_SIGNATURE_SK_ECDSA_NISTP256, NULL, 1, NULL}, +#endif #endif #if DROPBEAR_RSA #if DROPBEAR_RSA_SHA256 diff -r 4e36e3a95084 -r 4a6725ac957c svr-runopts.c --- a/svr-runopts.c Thu Mar 24 12:26:09 2022 +0800 +++ b/svr-runopts.c Thu Mar 24 13:42:08 2022 +0800 @@ -687,6 +687,12 @@ any_keys = 1; } #endif +#if DROPBEAR_SK_ECDSA + disablekey(DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256); +#endif +#if DROPBEAR_SK_ED25519 + disablekey(DROPBEAR_SIGNKEY_SK_ED25519); +#endif if (!any_keys) { dropbear_exit("No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.");