# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1648100528 -28800
# Node ID 4a6725ac957cbd81abb169a83f12292226567ec4
# Parent  4e36e3a950841e640ace20eb24037dba49a6a9af
Revert "Don't include sk keys at all in KEX list"

This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)

diff -r 4e36e3a95084 -r 4a6725ac957c common-algo.c
--- a/common-algo.c	Thu Mar 24 12:26:09 2022 +0800
+++ b/common-algo.c	Thu Mar 24 13:42:08 2022 +0800
@@ -239,6 +239,9 @@
 algo_type sigalgs[] = {
 #if DROPBEAR_ED25519
 	{"ssh-ed25519", DROPBEAR_SIGNATURE_ED25519, NULL, 1, NULL},
+#if DROPBEAR_SK_ED25519
+	{"sk-ssh-ed25519@openssh.com", DROPBEAR_SIGNATURE_SK_ED25519, NULL, 1, NULL},
+#endif
 #endif
 #if DROPBEAR_ECDSA
 #if DROPBEAR_ECC_256
@@ -250,6 +253,9 @@
 #if DROPBEAR_ECC_521
 	{"ecdsa-sha2-nistp521", DROPBEAR_SIGNATURE_ECDSA_NISTP521, NULL, 1, NULL},
 #endif
+#if DROPBEAR_SK_ECDSA
+	{"sk-ecdsa-sha2-nistp256@openssh.com", DROPBEAR_SIGNATURE_SK_ECDSA_NISTP256, NULL, 1, NULL},
+#endif
 #endif
 #if DROPBEAR_RSA
 #if DROPBEAR_RSA_SHA256
diff -r 4e36e3a95084 -r 4a6725ac957c svr-runopts.c
--- a/svr-runopts.c	Thu Mar 24 12:26:09 2022 +0800
+++ b/svr-runopts.c	Thu Mar 24 13:42:08 2022 +0800
@@ -687,6 +687,12 @@
 		any_keys = 1;
 	}
 #endif
+#if DROPBEAR_SK_ECDSA
+	disablekey(DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256);
+#endif 
+#if DROPBEAR_SK_ED25519
+	disablekey(DROPBEAR_SIGNKEY_SK_ED25519);
+#endif
 
 	if (!any_keys) {
 		dropbear_exit("No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.");