From 3521b586907e5a0844690ec1e42622a36fe5b1fb Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Thu, 24 Mar 2022 13:42:08 +0800
Subject: [PATCH] Revert "Don't include sk keys at all in KEX list"

This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
---
 common-algo.c | 6 ++++++
 svr-runopts.c | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/common-algo.c b/common-algo.c
index 275969e..b9ad4ae 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -239,6 +239,9 @@ algo_type ssh_nocompress[] = {
 algo_type sigalgs[] = {
 #if DROPBEAR_ED25519
 	{"ssh-ed25519", DROPBEAR_SIGNATURE_ED25519, NULL, 1, NULL},
+#if DROPBEAR_SK_ED25519
+	{"sk-ssh-ed25519@openssh.com", DROPBEAR_SIGNATURE_SK_ED25519, NULL, 1, NULL},
+#endif
 #endif
 #if DROPBEAR_ECDSA
 #if DROPBEAR_ECC_256
@@ -250,6 +253,9 @@ algo_type sigalgs[] = {
 #if DROPBEAR_ECC_521
 	{"ecdsa-sha2-nistp521", DROPBEAR_SIGNATURE_ECDSA_NISTP521, NULL, 1, NULL},
 #endif
+#if DROPBEAR_SK_ECDSA
+	{"sk-ecdsa-sha2-nistp256@openssh.com", DROPBEAR_SIGNATURE_SK_ECDSA_NISTP256, NULL, 1, NULL},
+#endif
 #endif
 #if DROPBEAR_RSA
 #if DROPBEAR_RSA_SHA256
diff --git a/svr-runopts.c b/svr-runopts.c
index ada2e08..ac43db1 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -687,6 +687,12 @@ void load_all_hostkeys() {
 		any_keys = 1;
 	}
 #endif
+#if DROPBEAR_SK_ECDSA
+	disablekey(DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256);
+#endif 
+#if DROPBEAR_SK_ED25519
+	disablekey(DROPBEAR_SIGNKEY_SK_ED25519);
+#endif
 
 	if (!any_keys) {
 		dropbear_exit("No hostkeys available. 'dropbear -R' may be useful or run dropbearkey.");