[PATCH] fastd: generate the key from urandom

Adrian Schmutzler mail at adrianschmutzler.de
Fr Dez 22 13:14:35 CET 2017 

Hab heute folgendes im Logread gefunden:

Sat Oct 28 18:32:57 2017 user.warn kernel: [   10.016531] urandom-seed: Seed
file not found (/etc/urandom.seed)
Sat Oct 28 18:32:57 2017 user.info kernel: [   10.066231] procd: - early -
Sat Oct 28 18:32:57 2017 user.info kernel: [   10.070117] procd: - watchdog
-
Sat Oct 28 18:32:57 2017 user.info kernel: [   10.625076] procd: - watchdog
-
Sat Oct 28 18:32:57 2017 user.info kernel: [   10.628601] procd: - ubus -
Sat Oct 28 18:32:57 2017 kern.notice kernel: [   10.681969] random: ubusd:
uninitialized urandom read (4 bytes read, 17 bits of entropy available)
Sat Oct 28 18:32:57 2017 kern.notice kernel: [   10.691858] random: ubusd:
uninitialized urandom read (4 bytes read, 17 bits of entropy available)
Sat Oct 28 18:32:57 2017 kern.notice kernel: [   10.701242] random: ubusd:
uninitialized urandom read (4 bytes read, 17 bits of entropy available)
Sat Oct 28 18:32:57 2017 kern.notice kernel: [   10.710979] random: ubusd:
uninitialized urandom read (4 bytes read, 17 bits of entropy available)
Sat Oct 28 18:32:57 2017 kern.notice kernel: [   10.720351] random: ubusd:
uninitialized urandom read (4 bytes read, 17 bits of entropy available)
Sat Oct 28 18:32:57 2017 kern.notice kernel: [   10.729896] random: ubusd:
uninitialized urandom read (4 bytes read, 17 bits of entropy available)
Sat Oct 28 18:32:57 2017 kern.notice kernel: [   10.739428] random: ubusd:
uninitialized urandom read (4 bytes read, 17 bits of entropy available)

Ist das so geplant?

Grüße

Adrian

> -----Original Message-----
> From: franken-dev [mailto:franken-dev-bounces at freifunk.net] On Behalf
> Of Robert Langhammer
> Sent: Dienstag, 14. November 2017 01:15
> To: franken-dev at freifunk.net
> Subject: [PATCH] fastd: generate the key from urandom
> 
> We do not use encrypted tunnels, so we can use urandom generating the
> keys to prevent blocking due to low entropy.
> 
> Signed-off-by: Robert Langhammer <rlanghammer at web.de>
> ---
>  .../0020-fastd_generate_key_from_urandom.patch     | 33
> ++++++++++++++++++++++
>  buildscript                                        |  3 +-
>  2 files changed, 35 insertions(+), 1 deletion(-)  create mode 100644
> build_patches/openwrt/fastd/0020-
> fastd_generate_key_from_urandom.patch
> 
> diff --git a/build_patches/openwrt/fastd/0020-
> fastd_generate_key_from_urandom.patch
> b/build_patches/openwrt/fastd/0020-
> fastd_generate_key_from_urandom.patch
> new file mode 100644
> index 0000000..252af39
> --- /dev/null
> +++ b/build_patches/openwrt/fastd/0020-
> fastd_generate_key_from_urandom.p
> +++ atch
> @@ -0,0 +1,33 @@
> +From 4a451ac5b17b1a7e8ce3d094067df7e21e61927d Mon Sep 17 00:00:00
> 2001
> +From: Robert Langhammer <rlanghammer at web.de>
> +Date: Mon, 13 Nov 2017 21:04:55 +0100
> +Subject: [PATCH] fastd_generate_key_from_urandom
> +
> +---
> + net/fastd/patches/001-generate_key_from_urandom.patch | 14
> +++++++++++++++
> + 1 file changed, 14 insertions(+)
> + create mode 100644
> +net/fastd/patches/001-generate_key_from_urandom.patch
> +
> +diff --git a/net/fastd/patches/001-generate_key_from_urandom.patch
> +b/net/fastd/patches/001-generate_key_from_urandom.patch
> +new file mode 100644
> +index 00000000..47280e52
> +--- /dev/null
> ++++ b/net/fastd/patches/001-generate_key_from_urandom.patch
> +@@ -0,0 +1,14 @@
> ++--- a/src/protocols/ec25519_fhmqvc/util.c
> +++++ b/src/protocols/ec25519_fhmqvc/util.c
> ++@@ -47,9 +47,9 @@ void fastd_protocol_ec25519_fhmqvc_gener
> ++ 	ecc_int256_t public_key;
> ++
> ++ 	if (!conf.machine_readable)
> ++-		pr_info("Reading 32 bytes from /dev/random...");
> +++		pr_info("Reading 32 bytes from /dev/urandom...");
> ++
> ++-	fastd_random_bytes(secret_key.p, SECRETKEYBYTES, true);
> +++	fastd_random_bytes(secret_key.p, SECRETKEYBYTES, false);
> ++ 	ecc_25519_gf_sanitize_secret(&secret_key, &secret_key);
> ++
> ++ 	ecc_25519_work_t work;
> +--
> +2.11.0
> +
> diff --git a/buildscript b/buildscript
> index 2fb1794..b2030ba 100755
> --- a/buildscript
> +++ b/buildscript
> @@ -23,7 +23,8 @@ PACKAGEURL="https://git.lede-
> project.org/feed/packages.git"
>  #official openwrt packages
>  OPENWRT=(openwrt
>           $PACKAGEURL
> -         $PACKAGEREV)
> +         $PACKAGEREV
> +         fastd/0020-fastd_generate_key_from_urandom.patch)
>  OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl"
> 
>  ## Be careful: FFF uses COMPAT_VERSION 15 as default at the moment.
> --
> 2.11.0
> 
> --
> franken-dev mailing list
> franken-dev at freifunk.net
> http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net

Mehr Informationen über die Mailingliste franken-dev