Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prefer arc4random on Apple platforms #1544

Merged
merged 2 commits into from
Sep 10, 2023
Merged

Prefer arc4random on Apple platforms #1544

merged 2 commits into from
Sep 10, 2023

Conversation

res0nance
Copy link
Contributor

On Apple platforms arc4random is always available and it never fails. This removes a possible failure mode of liboqs on Apple platforms with getentropy().

The man page for getentropy() on MacOSX also discourages its use

However, it should be noted that getentropy() is primarily intended for use in the construction and seeding of userspace PRNGs like
     arc4random(3) or CC_crypto(3).  Clients who simply require random data should use arc4random(3), CCRandomGenerateBytes() from
     CC_crypto(3), or SecRandomCopyBytes() from the Security framework instead of getentropy() or random(4)

On iOS we currently use SecRandomCopyBytes() this requires linking to the Security framework and the call can fail. We have run into issues with this call failing so we propose using arc4random_buf() as it can never fail.

  • Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from x.y.z to x.(y+1).0.)
  • Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in oqs-provider, OQS-OpenSSL, OQS-BoringSSL, and OQS-OpenSSH will also need to be ready for review and merge by the time this is merged.)

@res0nance
Prefer arc4random_buf on Apple platforms
be813b9 
We swap from getentropy() to arc4random_buf on Apple
platforms as Apple's documentation discourages its use.

This also allows us to not have to use SecCopyRandomBytes
which can fail. arc4random_buf() however never fails.
@res0nance
Remove linking to unused Security framework
ff45247
@dstebila
Copy link
Member

dstebila commented Sep 8, 2023

We don't have an iOS test platform; have you been able to test it there to confirm it builds?

@res0nance
Copy link
Contributor Author

We don't have an iOS test platform; have you been able to test it there to confirm it builds?

I have tested it on tvOS, iOS, macOS m1. They all compile fine.

Maybe we can use the file in https://github.com/leetal/ios-cmake to setup builds for the iOS / tvOS platforms? I'm assuming the licensing is fine. I can set that up in a different PR.

baentsch
baentsch requested changes Sep 9, 2023
View reviewed changes
Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the suggestion(s) and this PR to improve building on those platforms!

One concern, though

so we propose using arc4random_buf() as it can never fail.

Can you please link to documentation confirming that arc4random_buf is at least as secure as SecRandomCopyBytes? Something with "RC4" in its name doesn't create warm and fuzzy feelings about its security properties :-)

Otherwise the PR LGTM, particularly if you confirm

tested it on tvOS, iOS, macOS m1. They all compile fine.

@res0nance
Copy link
Contributor Author

res0nance commented Sep 9, 2023
edited
Loading

Thanks for the suggestion(s) and this PR to improve building on those platforms!

One concern, though

so we propose using arc4random_buf() as it can never fail.

Can you please link to documentation confirming that arc4random_buf is at least as secure as SecRandomCopyBytes? Something with "RC4" in its name doesn't create warm and fuzzy feelings about its security properties :-)

Otherwise the PR LGTM, particularly if you confirm

tested it on tvOS, iOS, macOS m1. They all compile fine.

Ah the "RC4" name is from the old days, from the manpage

The original version of this random number generator used the RC4
    (also known as ARC4) algorithm. In OS X 10.12 it was replaced with the
    NIST-approved AES cipher, and it may be replaced again in the future as
    cryptographic techniques advance

On the topic of being secure, from the manpage

These functions use a cryptographic pseudo-random number generator
    to generate high quality random bytes very quickly. One data pool is used
    for all consumers in a process, so that consumption under program flow can
    act as additional stirring. The subsystem is re-seeded from the kernel
    random number subsystem on a regular basis

It seems like the intent of apple here is to provide a simple to use cryptographically-secure random number generator that they will update as technology progresses.

@dstebila
Copy link
Member

dstebila commented Sep 9, 2023

so we propose using arc4random_buf() as it can never fail.

Can you please link to documentation confirming that arc4random_buf is at least as secure as SecRandomCopyBytes? Something with "RC4" in its name doesn't create warm and fuzzy feelings about its security properties :-)

I was worried about that too, but also found the passage that res0nance quoted saying that it's no longer specifically using RC4. So I think it's okay.

@baentsch
Copy link
Member

Maybe we can use the file in https://github.com/leetal/ios-cmake to setup builds for the iOS / tvOS platforms? I'm assuming the licensing is fine. I can set that up in a different PR.

Sounds like a nice addition to avoid regression, too. Looking forward to the PR. Any chance to run the result in CI, too (in an emulator)?

@dstebila dstebila merged commit b3b0fbb into open-quantum-safe:main Sep 10, 2023
12 checks passed
@res0nance res0nance deleted the apple-random branch September 10, 2023 15:57
@expressvpn-andre-l expressvpn-andre-l mentioned this pull request Sep 11, 2023
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dstebila dstebila dstebila approved these changes

@baentsch baentsch baentsch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@res0nance @dstebila @baentsch