[PATCH] fastd: generate the key from urandom

mail at adrianschmutzler.de mail at adrianschmutzler.de
So Nov 19 20:00:10 CET 2017


Hab gerade mal getestet, fastd aufgebaut nach 2 min uptime.

 

Für genaueres müsste man ne Testreihe machen.

 

Für ein reviewed-by weiß ich zu wenig darüber, wo das random was im System macht.

 

Tested-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>

 

Grüße

 

Adrian

 

 

From: franken-dev [mailto:franken-dev-bounces at freifunk.net] On Behalf Of robert
Sent: Dienstag, 14. November 2017 13:22
To: franken-dev at freifunk.net
Subject: Re: [PATCH] fastd: generate the key from urandom

 

Am 14.11.2017 um 11:59 schrieb Adrian Schmutzler:

Wir hatten doch mal einen Patch mit einem neu gebauten random-Tool:
 
https://github.com/FreifunkFranken/firmware/commit/daa613722ca8b74dde508088a
baeb73b7ebad41f
 
Interferiert das irgendwie?
 
Grüße
 
Adrian
 

-----Original Message-----
From: franken-dev [mailto:franken-dev-bounces at freifunk.net] On Behalf
Of Robert Langhammer
Sent: Dienstag, 14. November 2017 01:15
To: franken-dev at freifunk.net <mailto:franken-dev at freifunk.net> 
Subject: [PATCH] fastd: generate the key from urandom
 
We do not use encrypted tunnels, so we can use urandom generating the
keys to prevent blocking due to low entropy.
 
Signed-off-by: Robert Langhammer  <mailto:rlanghammer at web.de> <rlanghammer at web.de>
---
 .../0020-fastd_generate_key_from_urandom.patch     | 33
++++++++++++++++++++++
 buildscript                                        |  3 +-
 2 files changed, 35 insertions(+), 1 deletion(-)  create mode 100644
build_patches/openwrt/fastd/0020-
fastd_generate_key_from_urandom.patch
 
diff --git a/build_patches/openwrt/fastd/0020-
fastd_generate_key_from_urandom.patch
b/build_patches/openwrt/fastd/0020-
fastd_generate_key_from_urandom.patch
new file mode 100644
index 0000000..252af39
--- /dev/null
+++ b/build_patches/openwrt/fastd/0020-
fastd_generate_key_from_urandom.p
+++ atch
@@ -0,0 +1,33 @@
+From 4a451ac5b17b1a7e8ce3d094067df7e21e61927d Mon Sep 17 00:00:00
2001
+From: Robert Langhammer  <mailto:rlanghammer at web.de> <rlanghammer at web.de>
+Date: Mon, 13 Nov 2017 21:04:55 +0100
+Subject: [PATCH] fastd_generate_key_from_urandom
+
+---
+ net/fastd/patches/001-generate_key_from_urandom.patch | 14
+++++++++++++++
+ 1 file changed, 14 insertions(+)
+ create mode 100644
+net/fastd/patches/001-generate_key_from_urandom.patch
+
+diff --git a/net/fastd/patches/001-generate_key_from_urandom.patch
+b/net/fastd/patches/001-generate_key_from_urandom.patch
+new file mode 100644
+index 00000000..47280e52
+--- /dev/null
++++ b/net/fastd/patches/001-generate_key_from_urandom.patch
+@@ -0,0 +1,14 @@
++--- a/src/protocols/ec25519_fhmqvc/util.c
+++++ b/src/protocols/ec25519_fhmqvc/util.c
++@@ -47,9 +47,9 @@ void fastd_protocol_ec25519_fhmqvc_gener
++        ecc_int256_t public_key;
++
++        if (!conf.machine_readable)
++-               pr_info("Reading 32 bytes from /dev/random...");
+++               pr_info("Reading 32 bytes from /dev/urandom...");
++
++-       fastd_random_bytes(secret_key.p, SECRETKEYBYTES, true);
+++       fastd_random_bytes(secret_key.p, SECRETKEYBYTES, false);
++        ecc_25519_gf_sanitize_secret(&secret_key, &secret_key);
++
++        ecc_25519_work_t work;
+--
+2.11.0
+
diff --git a/buildscript b/buildscript
index 2fb1794..b2030ba 100755
--- a/buildscript
+++ b/buildscript
@@ -23,7 +23,8 @@ PACKAGEURL= <https://git.lede-project.org/feed/packages.git> "https://git.lede-
project.org/feed/packages.git <https://git.lede-project.org/feed/packages.git> "
 #official openwrt packages
 OPENWRT=(openwrt
          $PACKAGEURL
-         $PACKAGEREV)
+         $PACKAGEREV
+         fastd/0020-fastd_generate_key_from_urandom.patch)
 OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl"
 
 ## Be careful: FFF uses COMPAT_VERSION 15 as default at the moment.
--
2.11.0
 
--
franken-dev mailing list
franken-dev at freifunk.net <mailto:franken-dev at freifunk.net> 
http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net

 

 

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20171119/73eeb595/attachment.html>


Mehr Informationen über die Mailingliste franken-dev