Hi Petr, Le lun. 20 mai 2019 à 18:14, Petr Štetiar <yn...@true.cz> a écrit : > > Hi, > > this patch series is an RFC which attempts to fix some of the current > urandom-seed based flaws. > > First, simply writing to /dev/urandom does not increase the kernel's > entropy count, this casuses processes obtaining randomness to block. > Particularly processes using OpenSSL's RAND_bytes() will block until the > kernel emits 'random: crng init done'. This can take upwards of twenty > minutes.
20 minutes seems excessive, isn't one of the process blocking boot ? > > According to random(4) the entropy count is only increased when using the > RNDADDENTROPY ioctl, which urandom-seed currently doesn't use when feeding the > kernel RNG. we could use RNDADDENTROPY, but as I'm no cryptographer, I just imitated what was done in debian before systemd and in systemd at the time (read a seed when random pool is initialized, feed it on next boot) One of the issue is that if you try to generate a new seed, you are just reading a hash of the seed you injected seconds earlier with maybe few new bits of entropy > > Second, urandom-seed is using /etc/urandom.seed file to seed the kernel's RNG > machinery upon every boot. The problem is, that this file is created only once > during first-boot and then reused on every consecutive boot, so pretty much > static. Just for the record, this is the default setting, you can change your config to generate a new one at each boot (the worry was that we would wear off the flash too fast) > > So this patch series removes urandom-seed package in favor of urngd, which is > new micro non-physical true random number generator (system service) based on > timing jitter. Having a seed file never hurts, so I would keep it > > Using the Jitter RNG core, the urngd provides an entropy source that > feeds into the Linux /dev/random device if its entropy runs low. It > updates the /dev/random entropy estimator such that the newly provided > entropy unblocks /dev/random. > > The seeding of /dev/random also ensures that /dev/urandom benefits from > entropy. Especially during boot time, when the entropy of Linux is low, > the Jitter RNGd provides a source of sufficient entropy. why not use jitterentropy RNG that is in kernel since 4.2 ? https://github.com/torvalds/linux/commit/bb5530e4082446aac3a3d69780cd4dbfa4520013 I haven't had time to read all the papers from Stephan Muller, but I don't know how safe & tested Jitter RNG is on ALL architectures For example this comment doesn't inspire me https://github.com/torvalds/linux/commit/bb5530e4082446aac3a3d69780cd4dbfa4520013#diff-8e0798e05c8dca3aa9007504c87cee73R125 > If random_get_entropy does not return a value (which is possible on, > for example, MIPS), invoke __getnstimeofday > hoping that there are timers we can work with. Regards Etienne > > > Some RNG init time numbers from qca9563 (TP-Link Archer C7 v5): > > [ 12.045693] random: crng init done (urngd) > [ 120.043132] random: crng init done (urandom-seed) > > Flash space details: > > urngd: + 4579 b > getrandom: - 1635 b > urandom-seed: - 841 b > ---------------------- > diff + 2103 b > > Cc: Stephan Mueller <smuel...@chronox.de> > Cc: Dustin Lundquist <d.lundqu...@temperednetworks.com> > > Petr Štetiar (5): > urng: add micro non-physical true RNG based on timing jitter > ubox: move getrandom into separate getrandom package > base-files: move urandom seed bits into separate package > build: add urandom-seed to the default packages set > ath79: make urngd default RNG seed source > > include/target.mk | 2 +- > package/base-files/Makefile | 11 ++++- > package/base-files/files/etc/init.d/urandom_seed | 12 ------ > .../base-files/files/lib/preinit/81_urandom_seed | 24 ----------- > package/base-files/files/sbin/urandom_seed | 20 --------- > package/system/ubox/Makefile | 17 ++++++-- > package/system/urandom-seed/Makefile | 32 +++++++++++++++ > .../urandom-seed/files/etc/init.d/urandom_seed | 12 ++++++ > .../urandom-seed/files/lib/preinit/81_urandom_seed | 24 +++++++++++ > .../system/urandom-seed/files/sbin/urandom_seed | 20 +++++++++ > package/system/urngd/Makefile | 48 > ++++++++++++++++++++++ > package/system/urngd/files/urngd.init | 21 ++++++++++ > target/linux/ath79/Makefile | 3 +- > 13 files changed, 184 insertions(+), 62 deletions(-) > delete mode 100755 package/base-files/files/etc/init.d/urandom_seed > delete mode 100644 package/base-files/files/lib/preinit/81_urandom_seed > delete mode 100755 package/base-files/files/sbin/urandom_seed > create mode 100644 package/system/urandom-seed/Makefile > create mode 100755 package/system/urandom-seed/files/etc/init.d/urandom_seed > create mode 100644 > package/system/urandom-seed/files/lib/preinit/81_urandom_seed > create mode 100755 package/system/urandom-seed/files/sbin/urandom_seed > create mode 100644 package/system/urngd/Makefile > create mode 100755 package/system/urngd/files/urngd.init > > -- > 1.9.1 > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
