Page MenuHome GnuPG
Create Task
Maniphest T5523

jitter entropy RNG update
Closed, ResolvedPublic
Actions

Description

http://www.chronox.de/jent.html has new version.

It will be good for libgcrypt to import new version.

Revisions and Commits

rC libgcrypt
rC78ce1f9e0afe random: Add missing header file to the release tarball
rCa44301f6d205 jitterentropy: use wipememory for jent_memset_secure
rCc38ebc3b6c7d jitterentropy: fix building on Win32
rC1183ffdd7a24 tests: Remove tweak for FIPS enabled.
rC85cb7375fec3 jitternetropy: Put our local change to use non-secure memory.
rC2101da04924b jitterentropy: Use jent_read_entropy_safe for rndjent.
rCd0fcb4da98a0 Fix jent_read_entropy for JENT_CPU_JITTERENTROPY_SECURE_MEMORY.
rCd5ae5229db70 jitterentropy: Fix building rndjent.
rC964c9c5eee30 jitterentropy: Disable use of pthread.
rC3bacdac611b9 jitterentropy: Merge from jitterentropy-library-3.3.0.
rCcf85258e6aff jitterentropy: Fix for C90 compiler.

Related Objects

Event Timeline

gniibe created this task.Jul 12 2021, 11:36 AM
werner triaged this task as Normal priority.Aug 16 2021, 11:08 AM
werner added a project: FIPS.
Jakuje added a comment.Aug 18 2021, 7:24 PM

For Linux and FIPS, we should be actually fine with using /dev/random or getrandom().

I also noticed the file random/random-fips.c, which looks like some outdated version of fips random number, which was not updated for ages. Would it make sense to remove it? I think it is not used anywhere.

werner added a subscriber: werner.Aug 23 2021, 11:34 AM

Yes, it makes sense to remove it.

werner added a comment.Aug 23 2021, 11:38 AM

I think the last user of random-fips was removed with rCed57fed6de1465e02ec5e3bc0affeabdd35e2eb7

Jakuje added a comment.Aug 23 2021, 12:46 PM

We should update jitterentropy to 3.0.2 or newer, which should be easier to get through certification, if we will go this way. From FIPS perspective, we should be fine with either going through getrandom only or with jitter entropy, but the bottom-line was that we should probably keep both as we do now.

We do it with the following patch:

https://src.fedoraproject.org/rpms/libgcrypt/blob/rawhide/f/libgcrypt-1.8.5-getrandom.patch

I see this patch has already some history, but the latest bug I was able to find related to this patch was https://bugzilla.redhat.com/show_bug.cgi?id=1380866 which handles the libgcrypt preventing boot of the system. It will probably require some clarifications, so please ask.

werner claimed this task.Sep 6 2021, 11:19 AM
werner moved this task from Backlog to Next on the FIPS board.
werner reassigned this task from werner to gniibe.Oct 25 2021, 11:25 AM
gniibe added a comment.Oct 29 2021, 8:05 AM

I work on gniibe/jitterent branch.
I realized that full featured jitterentropy now requires pthread. Timer-less mode uses threads for entropy. This is not good for libgcrypt use.

thesamesam added a subscriber: thesamesam.Oct 29 2021, 8:35 PM
gniibe added a comment.Nov 1 2021, 6:47 AM

Its copyright notice in upstream now refers LICENSE file, which requires some arrangement.

Jakuje added a comment.Nov 3 2021, 2:39 PM

If I read it right, the version 3.1.0 adds the pthread requirement. Using 3.0.2 should be fine for us.

gniibe added a comment.EditedNov 9 2021, 6:41 AM

I decided to use 3.3.0 disabling pthread feature.

I tried to use internal SHA-3 implementation of libgcrypt, but it looks like it's better to keep using jitterentropy-sha3.c, for the sake of "less surprise".

In 2.1.0, it was LFSR. In 3.3.0, it uses SHA-3.

werner added a comment.Nov 9 2021, 11:33 AM

Yes, keep the internal SHA-3.

gniibe added a project: Restricted Project.Nov 17 2021, 7:03 AM

Pushed to master.

gniibe added a commit: rCd5ae5229db70: jitterentropy: Fix building rndjent..Nov 17 2021, 7:04 AM
gniibe added a commit: rC964c9c5eee30: jitterentropy: Disable use of pthread..
gniibe added a commit: rC3bacdac611b9: jitterentropy: Merge from jitterentropy-library-3.3.0..
gniibe added a commit: rCcf85258e6aff: jitterentropy: Fix for C90 compiler..
gniibe added a commit: rCd0fcb4da98a0: Fix jent_read_entropy for JENT_CPU_JITTERENTROPY_SECURE_MEMORY..
gniibe added a commit: rC2101da04924b: jitterentropy: Use jent_read_entropy_safe for rndjent..
gniibe added a comment.Nov 18 2021, 7:33 AM

It found that newer jitterentropy uses larger mem (128KiB), while older uses 2KiB.

This means that, it doesn't work well with secure memory, as its standard size is 32KiB.

Currently, _gcry_rndjent_poll always fails, because of no allocation of secmem.

gniibe added a comment.Nov 18 2021, 7:56 AM

->mem is just used to measure the difference of memory access.

So, I think that it's totally no problem to use normal memory instead of secure mem.

gniibe added a commit: rC85cb7375fec3: jitternetropy: Put our local change to use non-secure memory..Nov 18 2021, 8:06 AM
gniibe added a commit: rC1183ffdd7a24: tests: Remove tweak for FIPS enabled..Nov 18 2021, 8:11 AM
gniibe added a comment.Nov 18 2021, 8:12 AM

Fixed, with using normal memory for ->mem.

jukivili added a commit: rCc38ebc3b6c7d: jitterentropy: fix building on Win32.Nov 18 2021, 6:55 PM
jukivili added a commit: rCa44301f6d205: jitterentropy: use wipememory for jent_memset_secure.
Jakuje added a comment.Dec 2 2021, 12:32 PM

I went through some more testing and noticed one missing file in the release tarball, that prevents building libgcrypt now. Should be fixed with the attached patch.

libgcrypt-jent-header.patch914 BDownload

gniibe added a comment.Dec 3 2021, 8:24 AM

Thank you, applied.

gniibe added a commit: rC78ce1f9e0afe: random: Add missing header file to the release tarball.Dec 3 2021, 8:25 AM
gniibe moved this task from Next to Ready for release on the FIPS board.Dec 14 2021, 11:19 AM
werner mentioned this in T5691: Release libgcrypt 1.10.0.Feb 1 2022, 9:49 PM
gniibe closed this task as Resolved.Feb 2 2022, 1:21 AM
gniibe removed a project: Restricted Project.