From patchwork Sun Nov 19 19:00:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: fastd: generate the key from urandom From: Adrian Schmutzler X-Patchwork-Id: 696 Message-Id: <008701d36168$9fb74ec0$df25ec40$@adrianschmutzler.de> To: "'robert'" , Date: Sun, 19 Nov 2017 20:00:10 +0100 Hab gerade mal getestet, fastd aufgebaut nach 2 min uptime. Für genaueres müsste man ne Testreihe machen. Für ein reviewed-by weiß ich zu wenig darüber, wo das random was im System macht. Tested-by: Adrian Schmutzler Grüße Adrian From: franken-dev [mailto:franken-dev-bounces@freifunk.net] On Behalf Of robert Sent: Dienstag, 14. November 2017 13:22 To: franken-dev@freifunk.net Subject: Re: [PATCH] fastd: generate the key from urandom Am 14.11.2017 um 11:59 schrieb Adrian Schmutzler: Wir hatten doch mal einen Patch mit einem neu gebauten random-Tool: https://github.com/FreifunkFranken/firmware/commit/daa613722ca8b74dde508088a baeb73b7ebad41f Interferiert das irgendwie? Grüße Adrian -----Original Message----- From: franken-dev [mailto:franken-dev-bounces@freifunk.net] On Behalf Of Robert Langhammer Sent: Dienstag, 14. November 2017 01:15 To: franken-dev@freifunk.net Subject: [PATCH] fastd: generate the key from urandom We do not use encrypted tunnels, so we can use urandom generating the keys to prevent blocking due to low entropy. Signed-off-by: Robert Langhammer --- .../0020-fastd_generate_key_from_urandom.patch | 33 ++++++++++++++++++++++ buildscript | 3 +- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 build_patches/openwrt/fastd/0020- fastd_generate_key_from_urandom.patch diff --git a/build_patches/openwrt/fastd/0020- fastd_generate_key_from_urandom.patch b/build_patches/openwrt/fastd/0020- fastd_generate_key_from_urandom.patch new file mode 100644 index 0000000..252af39 --- /dev/null +++ b/build_patches/openwrt/fastd/0020- fastd_generate_key_from_urandom.p +++ atch @@ -0,0 +1,33 @@ +From 4a451ac5b17b1a7e8ce3d094067df7e21e61927d Mon Sep 17 00:00:00 2001 +From: Robert Langhammer +Date: Mon, 13 Nov 2017 21:04:55 +0100 +Subject: [PATCH] fastd_generate_key_from_urandom + +--- + net/fastd/patches/001-generate_key_from_urandom.patch | 14 +++++++++++++++ + 1 file changed, 14 insertions(+) + create mode 100644 +net/fastd/patches/001-generate_key_from_urandom.patch + +diff --git a/net/fastd/patches/001-generate_key_from_urandom.patch +b/net/fastd/patches/001-generate_key_from_urandom.patch +new file mode 100644 +index 00000000..47280e52 +--- /dev/null ++++ b/net/fastd/patches/001-generate_key_from_urandom.patch +@@ -0,0 +1,14 @@ ++--- a/src/protocols/ec25519_fhmqvc/util.c +++++ b/src/protocols/ec25519_fhmqvc/util.c ++@@ -47,9 +47,9 @@ void fastd_protocol_ec25519_fhmqvc_gener ++ ecc_int256_t public_key; ++ ++ if (!conf.machine_readable) ++- pr_info("Reading 32 bytes from /dev/random..."); +++ pr_info("Reading 32 bytes from /dev/urandom..."); ++ ++- fastd_random_bytes(secret_key.p, SECRETKEYBYTES, true); +++ fastd_random_bytes(secret_key.p, SECRETKEYBYTES, false); ++ ecc_25519_gf_sanitize_secret(&secret_key, &secret_key); ++ ++ ecc_25519_work_t work; +-- +2.11.0 + ## Be careful: FFF uses COMPAT_VERSION 15 as default at the moment. -- 2.11.0 -- franken-dev mailing list franken-dev@freifunk.net http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net diff --git a/buildscript b/buildscript index 2fb1794..b2030ba 100755 --- a/buildscript +++ b/buildscript @@ -23,7 +23,8 @@ PACKAGEURL= "https://git.lede- project.org/feed/packages.git " #official openwrt packages OPENWRT=(openwrt $PACKAGEURL - $PACKAGEREV) + $PACKAGEREV + fastd/0020-fastd_generate_key_from_urandom.patch) OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl"