Bug 778796 – feeds-publisher: Use a secure random number generator for nonces

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 778796 - feeds-publisher: Use a secure random number generator for nonces


Summary:	feeds-publisher: Use a secure random number generator for nonces


Status:	RESOLVED INCOMPLETE

Product:	libgrss
Classification:	Other
Component:	General
Version:	unspecified
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Libgrss Maintainers
QA Contact:	Libgrss Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2017-02-16 22:35 UTC by Philip Withnall
Modified:	2021-04-22 09:30 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
feeds-publisher: Fix old-style function definitions (2.15 KB, patch) 2017-02-16 22:35 UTC, Philip Withnall	committed	Details \| Review
feeds-publisher: Use a secure random number generator for nonces (8.88 KB, patch) 2017-02-16 22:35 UTC, Philip Withnall	none	Details \| Review

Description Philip Withnall 2017-02-16 22:35:37 UTC

See the commit messages for details.

Comment 1 Philip Withnall 2017-02-16 22:35:41 UTC

Created attachment 346020 [details] [review]
feeds-publisher: Fix old-style function definitions

These functions accept no arguments, not an undefined set of arguments.

Signed-off-by: Philip Withnall <philip@tecnocode.co.uk>

Comment 2 Philip Withnall 2017-02-16 22:35:46 UTC

Created attachment 346021 [details] [review]
feeds-publisher: Use a secure random number generator for nonces

Verification of pub/sub subscriptions requires a nonce to be exchanged
between the two peers.

https://www.w3.org/TR/websub/#h-hub-verifies-intent

In order to guarantee security, this needs to be unpredictable.
However, the code was previously using rand() seeded by the current
time, which is entirely predictable. Instead, it should be using
random values read from /dev/urandom

Ideally, we would read a single seed value from /dev/urandom, and use
that to see a secure PRNG within libgrss, which we would generate nonces
from. However, that means implementing a PRNG (or adding a dependency),
which is a bit over the top for some nonces. The number of nonces
generated should be fairly small (reverification intervals are on the
order of hours) and the size of each nonce is small (50B), so it should
be OK to read from /dev/urandom each time.

The code for handling /dev/urandom was copied from libscram, which is
copyright 2014 Collabora, Ltd.; and it’s licensed under LGPLv2.1+, which
is compatible with libgrss’ license (LGPLv3+).

https://gitlab.com/libscram/libscram/blob/master/authentication.c

Coverity ID: 1351003

Signed-off-by: Philip Withnall <philip@tecnocode.co.uk>

Comment 3 Igor Gnatenko 2017-02-17 10:46:42 UTC

Review of attachment 346020 [details] [review]:

lgtm

Comment 4 Philip Withnall 2017-02-17 11:02:20 UTC

A note about attachment #346021 [details]: I wasn’t able to test it at runtime, so I can’t be sure the integration actually works. I know the random_string() code works (it comes from another project which has unit tests), but I have no idea how to test the pubsubhub code in practice. Are you able to?

Comment 5 Philip Withnall 2017-02-17 11:03:20 UTC

Comment on attachment 346020 [details] [review]
feeds-publisher: Fix old-style function definitions

Attachment 346020 [details] pushed as 3fda353 - feeds-publisher: Fix old-style function definitions

Comment 6 Philip Withnall 2021-04-22 09:30:25 UTC

I’ve moved the remaining patch to Gitlab as https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/6.