[PATCH] fastd: generate the key from urandom
Robert Langhammer
rlanghammer at web.de
Di Nov 14 01:14:50 CET 2017
We do not use encrypted tunnels, so we can use urandom generating the keys to prevent blocking due to low entropy.
Signed-off-by: Robert Langhammer <rlanghammer at web.de>
---
.../0020-fastd_generate_key_from_urandom.patch | 33 ++++++++++++++++++++++
buildscript | 3 +-
2 files changed, 35 insertions(+), 1 deletion(-)
create mode 100644 build_patches/openwrt/fastd/0020-fastd_generate_key_from_urandom.patch
diff --git a/build_patches/openwrt/fastd/0020-fastd_generate_key_from_urandom.patch b/build_patches/openwrt/fastd/0020-fastd_generate_key_from_urandom.patch
new file mode 100644
index 0000000..252af39
--- /dev/null
+++ b/build_patches/openwrt/fastd/0020-fastd_generate_key_from_urandom.patch
@@ -0,0 +1,33 @@
+From 4a451ac5b17b1a7e8ce3d094067df7e21e61927d Mon Sep 17 00:00:00 2001
+From: Robert Langhammer <rlanghammer at web.de>
+Date: Mon, 13 Nov 2017 21:04:55 +0100
+Subject: [PATCH] fastd_generate_key_from_urandom
+
+---
+ net/fastd/patches/001-generate_key_from_urandom.patch | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+ create mode 100644 net/fastd/patches/001-generate_key_from_urandom.patch
+
+diff --git a/net/fastd/patches/001-generate_key_from_urandom.patch b/net/fastd/patches/001-generate_key_from_urandom.patch
+new file mode 100644
+index 00000000..47280e52
+--- /dev/null
++++ b/net/fastd/patches/001-generate_key_from_urandom.patch
+@@ -0,0 +1,14 @@
++--- a/src/protocols/ec25519_fhmqvc/util.c
+++++ b/src/protocols/ec25519_fhmqvc/util.c
++@@ -47,9 +47,9 @@ void fastd_protocol_ec25519_fhmqvc_gener
++ ecc_int256_t public_key;
++
++ if (!conf.machine_readable)
++- pr_info("Reading 32 bytes from /dev/random...");
+++ pr_info("Reading 32 bytes from /dev/urandom...");
++
++- fastd_random_bytes(secret_key.p, SECRETKEYBYTES, true);
+++ fastd_random_bytes(secret_key.p, SECRETKEYBYTES, false);
++ ecc_25519_gf_sanitize_secret(&secret_key, &secret_key);
++
++ ecc_25519_work_t work;
+--
+2.11.0
+
diff --git a/buildscript b/buildscript
index 2fb1794..b2030ba 100755
--- a/buildscript
+++ b/buildscript
@@ -23,7 +23,8 @@ PACKAGEURL="https://git.lede-project.org/feed/packages.git"
#official openwrt packages
OPENWRT=(openwrt
$PACKAGEURL
- $PACKAGEREV)
+ $PACKAGEREV
+ fastd/0020-fastd_generate_key_from_urandom.patch)
OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl"
## Be careful: FFF uses COMPAT_VERSION 15 as default at the moment.
--
2.11.0
Mehr Informationen über die Mailingliste franken-dev