[PATCH 0/4] add μrngd: true RNG based on timing jitter

Petr Štetiar ynezz at true.cz
Mon May 27 17:29:40 EDT 2019 

Hi,

this patch series fixes some of the current urandom-seed flaws and improves
situation with low entropy in the kernel during the boot.

First, simply writing to /dev/urandom does not increase the kernel's entropy
count, this casuses processes obtaining randomness to block.  Particularly
processes using OpenSSL's RAND_bytes() will block until the kernel emits
'random: crng init done'. This can take upwards of twenty minutes.

According to random(4) the entropy count is only increased when using the
RNDADDENTROPY ioctl, which urandom-seed currently doesn't use when feeding the
kernel RNG.

Second, urandom-seed is using /etc/urandom.seed file to seed the kernel's RNG
machinery upon every boot. The problem is, that this file is created only once
during first-boot and then reused on every consecutive boot, so pretty much
static.

So this patch series adds μrngd, which is a new micro non-physical true random
number generator (system service) based on timing jitter. On devices which
provide a reliable and precise enough timer, μrngd can provide sufficient
entropy.

μrngd is using the Jitter RNG core under the hood, which provides an entropy
source that μrngd feeds into the Linux /dev/random device if its entropy runs
low.  It updates the /dev/random entropy estimator such that the newly
provided entropy unblocks /dev/random.

The seeding of /dev/random also ensures that /dev/urandom benefits from
entropy. Especially during boot time, when the entropy of Linux is low, the
Jitter RNG based μrngd provides a source of sufficient entropy.

Some RNG init time numbers from qca9563 (TP-Link Archer C7 v5):

 [   12.045693] random: crng init done        (μrngd)
 [  120.043132] random: crng init done        (urandom-seed)

μrngd binary has 4579 bytes on ath79.

I'm creating separate packages for getrandom and urandom-seed, so they can be
removed easily on platforms where either μrngd or any other hardware based RNG
provides good entropy. I'm not removing urandom-seed package from the
defaults, because during the testing of μrngd I've found out, that for example
MediaTek MT7620A ver:2 eco:6 (MIPS 24KEc V5.0) doesn't provide high precision
timer which is needed for Jitter RNG so the initialization of Jitter RNG
inside μrngd ends with following error:

 jent-rng init failed, err: 2 (ECOARSETIME)

so on such platforms it might still be probably better to stick to
urandom-seed as a fallback. The Jitter RNG implements a startup test that is
intended to detect non-appropriate timers. If it identifies such
non-appropriate timers, the Jitter RNG will deactivate. Thus, the Jitter RNG
always tries to reach a secure state.

I believe, that μrngd is going to improve entropy situation on most of current
platforms OpenWrt supports, so I would like to enable it as default.  Having
another source of reliable noise in the system doesn't hurt, it only helps.

I would like to note, that most of this stuff is based on the amazing work
done[1] by Stephan Müller, I've just bend it over and packaged it for OpenWrt.

1. http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html

Petr Štetiar (4):
  urng: add micro non-physical true RNG based on timing jitter
  ubox: move getrandom into separate getrandom package
  base-files: move urandom seed bits into separate package
  build: add urandom-seed and urngd to default packages set

 include/target.mk                                  |  2 +-
 package/base-files/Makefile                        | 11 ++++-
 package/base-files/files/etc/init.d/urandom_seed   | 12 ------
 .../base-files/files/lib/preinit/81_urandom_seed   | 24 -----------
 package/base-files/files/sbin/urandom_seed         | 20 ---------
 package/system/ubox/Makefile                       | 17 ++++++--
 package/system/urandom-seed/Makefile               | 32 +++++++++++++++
 .../urandom-seed/files/etc/init.d/urandom_seed     | 12 ++++++
 .../urandom-seed/files/lib/preinit/81_urandom_seed | 24 +++++++++++
 .../system/urandom-seed/files/sbin/urandom_seed    | 20 +++++++++
 package/system/urngd/Makefile                      | 48 ++++++++++++++++++++++
 package/system/urngd/files/urngd.init              | 21 ++++++++++
 12 files changed, 182 insertions(+), 61 deletions(-)
 delete mode 100755 package/base-files/files/etc/init.d/urandom_seed
 delete mode 100644 package/base-files/files/lib/preinit/81_urandom_seed
 delete mode 100755 package/base-files/files/sbin/urandom_seed
 create mode 100644 package/system/urandom-seed/Makefile
 create mode 100755 package/system/urandom-seed/files/etc/init.d/urandom_seed
 create mode 100644 package/system/urandom-seed/files/lib/preinit/81_urandom_seed
 create mode 100755 package/system/urandom-seed/files/sbin/urandom_seed
 create mode 100644 package/system/urngd/Makefile
 create mode 100644 package/system/urngd/files/urngd.init

-- 
1.9.1


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list