From patchwork Tue Nov 14 00:14:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: fastd: generate the key from urandom From: Robert Langhammer X-Patchwork-Id: 687 Message-Id: <20171114001450.7762-1-rlanghammer@web.de> To: franken-dev@freifunk.net Date: Tue, 14 Nov 2017 01:14:50 +0100 We do not use encrypted tunnels, so we can use urandom generating the keys to prevent blocking due to low entropy. Signed-off-by: Robert Langhammer Tested-by: Adrian Schmutzler Reviewed-by: Fabian Bläse --- .../0020-fastd_generate_key_from_urandom.patch | 33 ++++++++++++++++++++++ buildscript | 3 +- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 build_patches/openwrt/fastd/0020-fastd_generate_key_from_urandom.patch diff --git a/build_patches/openwrt/fastd/0020-fastd_generate_key_from_urandom.patch b/build_patches/openwrt/fastd/0020-fastd_generate_key_from_urandom.patch new file mode 100644 index 0000000..252af39 --- /dev/null +++ b/build_patches/openwrt/fastd/0020-fastd_generate_key_from_urandom.patch @@ -0,0 +1,33 @@ +From 4a451ac5b17b1a7e8ce3d094067df7e21e61927d Mon Sep 17 00:00:00 2001 +From: Robert Langhammer +Date: Mon, 13 Nov 2017 21:04:55 +0100 +Subject: [PATCH] fastd_generate_key_from_urandom + +--- + net/fastd/patches/001-generate_key_from_urandom.patch | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + create mode 100644 net/fastd/patches/001-generate_key_from_urandom.patch + +diff --git a/net/fastd/patches/001-generate_key_from_urandom.patch b/net/fastd/patches/001-generate_key_from_urandom.patch +new file mode 100644 +index 00000000..47280e52 +--- /dev/null ++++ b/net/fastd/patches/001-generate_key_from_urandom.patch +@@ -0,0 +1,14 @@ ++--- a/src/protocols/ec25519_fhmqvc/util.c +++++ b/src/protocols/ec25519_fhmqvc/util.c ++@@ -47,9 +47,9 @@ void fastd_protocol_ec25519_fhmqvc_gener ++ ecc_int256_t public_key; ++ ++ if (!conf.machine_readable) ++- pr_info("Reading 32 bytes from /dev/random..."); +++ pr_info("Reading 32 bytes from /dev/urandom..."); ++ ++- fastd_random_bytes(secret_key.p, SECRETKEYBYTES, true); +++ fastd_random_bytes(secret_key.p, SECRETKEYBYTES, false); ++ ecc_25519_gf_sanitize_secret(&secret_key, &secret_key); ++ ++ ecc_25519_work_t work; +-- +2.11.0 + diff --git a/buildscript b/buildscript index 2fb1794..b2030ba 100755 --- a/buildscript +++ b/buildscript @@ -23,7 +23,8 @@ PACKAGEURL="https://git.lede-project.org/feed/packages.git" #official openwrt packages OPENWRT=(openwrt $PACKAGEURL - $PACKAGEREV) + $PACKAGEREV + fastd/0020-fastd_generate_key_from_urandom.patch) OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl" ## Be careful: FFF uses COMPAT_VERSION 15 as default at the moment.