Re: [Buildroot] [PATCH v3] package/urandom-scripts: actually credit seed files via seedrng

From: David Laight <David.Laight@ACULAB.COM>
To: "'Jason A. Donenfeld'" <Jason@zx2c4.com>,
	James Hilliard <james.hilliard1@gmail.com>,
	Arnout Vandecappelle <arnout@mind.be>,
	"Yann E. MORIN" <yann.morin.1998@free.fr>,
	buildroot <buildroot@buildroot.org>
Subject: Re: [Buildroot] [PATCH v3] package/urandom-scripts: actually credit seed files via seedrng
Date: Tue, 29 Mar 2022 06:12:41 +0000	[thread overview]
Message-ID: <cc188e7013f94bb5a39f87e78c2e697b@AcuMS.aculab.com> (raw)
In-Reply-To: <20220329050401.110856-1-Jason@zx2c4.com>

From: Jason A. Donenfeld
> Sent: 29 March 2022 06:04
> 
> The RNG can't actually be seeded from a shell script, due to the
> reliance on ioctls. For this reason, the seedrng project provides a
> basic script meant to be copy and pasted into projects like buildroot
> and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>.
> 
> This commit imports it into buildroot and wires up the init scripts to
> call it. This also is a significant improvement over the current init
> script, which doesn't credit entropy and whose hashing in shell scripts
> is sort of fragile.
> 
> As seedrng.c is a short tiny C program, we include this here in the
> package, like a few other packages do. Later we'll investigate adding
> this to busybox, but for now, this is a good start and a positive step
> in the right direction.

It isn't that tiny, this bloats out to quite a lot of code.

> +#define G(r, i, a, b, c, d) do { \
> +	a += b + m[blake2s_sigma[r][2 * i + 0]]; \
> +	d = ror32(d ^ a, 16); \
> +	c += d; \
> +	b = ror32(b ^ c, 12); \
> +	a += b + m[blake2s_sigma[r][2 * i + 1]]; \
> +	d = ror32(d ^ a, 8); \
> +	c += d; \
> +	b = ror32(b ^ c, 7); \
> +} while (0)
> +
> +#define ROUND(r) do { \
> +	G(r, 0, v[0], v[ 4], v[ 8], v[12]); \
> +	G(r, 1, v[1], v[ 5], v[ 9], v[13]); \
> +	G(r, 2, v[2], v[ 6], v[10], v[14]); \
> +	G(r, 3, v[3], v[ 7], v[11], v[15]); \
> +	G(r, 4, v[0], v[ 5], v[10], v[15]); \
> +	G(r, 5, v[1], v[ 6], v[11], v[12]); \
> +	G(r, 6, v[2], v[ 7], v[ 8], v[13]); \
> +	G(r, 7, v[3], v[ 4], v[ 9], v[14]); \
> +} while (0)
> +		ROUND(0);
> +		ROUND(1);
> +		ROUND(2);
> +		ROUND(3);
> +		ROUND(4);
> +		ROUND(5);
> +		ROUND(6);
> +		ROUND(7);
> +		ROUND(8);
> +		ROUND(9);

I've not looked at why the code is doing this.
If you are feeding data that has come from the RNG back in
as state/entropy why does it contain a copy of blake2?

I was expecting to see a program that copied stdin to /dev/urandom
in a manner that actually credited entropy.
About 10 lines of code.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot