forked from freifunk-franken/firmware
fastd: generate the key from urandom
We do not use encrypted tunnels, so we can use urandom generating the keys to prevent blocking due to low entropy. Signed-off-by: Robert Langhammer <rlanghammer@web.de> Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Reviewed-by: Fabian Bläse <fabian@blaese.de>
This commit is contained in:
parent
8e5e7cba47
commit
95507d1728
|
@ -0,0 +1,33 @@
|
||||||
|
From 4a451ac5b17b1a7e8ce3d094067df7e21e61927d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robert Langhammer <rlanghammer@web.de>
|
||||||
|
Date: Mon, 13 Nov 2017 21:04:55 +0100
|
||||||
|
Subject: [PATCH] fastd_generate_key_from_urandom
|
||||||
|
|
||||||
|
---
|
||||||
|
net/fastd/patches/001-generate_key_from_urandom.patch | 14 ++++++++++++++
|
||||||
|
1 file changed, 14 insertions(+)
|
||||||
|
create mode 100644 net/fastd/patches/001-generate_key_from_urandom.patch
|
||||||
|
|
||||||
|
diff --git a/net/fastd/patches/001-generate_key_from_urandom.patch b/net/fastd/patches/001-generate_key_from_urandom.patch
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..47280e52
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/net/fastd/patches/001-generate_key_from_urandom.patch
|
||||||
|
@@ -0,0 +1,14 @@
|
||||||
|
+--- a/src/protocols/ec25519_fhmqvc/util.c
|
||||||
|
++++ b/src/protocols/ec25519_fhmqvc/util.c
|
||||||
|
+@@ -47,9 +47,9 @@ void fastd_protocol_ec25519_fhmqvc_gener
|
||||||
|
+ ecc_int256_t public_key;
|
||||||
|
+
|
||||||
|
+ if (!conf.machine_readable)
|
||||||
|
+- pr_info("Reading 32 bytes from /dev/random...");
|
||||||
|
++ pr_info("Reading 32 bytes from /dev/urandom...");
|
||||||
|
+
|
||||||
|
+- fastd_random_bytes(secret_key.p, SECRETKEYBYTES, true);
|
||||||
|
++ fastd_random_bytes(secret_key.p, SECRETKEYBYTES, false);
|
||||||
|
+ ecc_25519_gf_sanitize_secret(&secret_key, &secret_key);
|
||||||
|
+
|
||||||
|
+ ecc_25519_work_t work;
|
||||||
|
--
|
||||||
|
2.11.0
|
||||||
|
|
|
@ -23,7 +23,8 @@ PACKAGEURL="https://git.lede-project.org/feed/packages.git"
|
||||||
#official openwrt packages
|
#official openwrt packages
|
||||||
OPENWRT=(openwrt
|
OPENWRT=(openwrt
|
||||||
$PACKAGEURL
|
$PACKAGEURL
|
||||||
$PACKAGEREV)
|
$PACKAGEREV
|
||||||
|
fastd/0020-fastd_generate_key_from_urandom.patch)
|
||||||
OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl"
|
OPENWRT_PKGS="gpioctl-sysfs libugpio fastd haserl"
|
||||||
|
|
||||||
## Be careful: FFF uses COMPAT_VERSION 15 as default at the moment.
|
## Be careful: FFF uses COMPAT_VERSION 15 as default at the moment.
|
||||||
|
|
Loading…
Reference in New Issue