[jitsi-dev] [libjitsi] Use SecureRandom instead of ZrtpFortuna in DtlsControlImpl (#113)


#1

Drop createSecureRandom()

On linux, new SecureRandom() uses /dev/urandom for nextBytes() calls
and /dev/random for generateSeed().
I've found no call to generateSeed, so no blocking calls.
I've also double checked with "strace -e trace=read -y -f <jvb command>"
and i only see /dev/urandom reads (no /dev/random)
and only for connections initialisation

We are not sure of ZrtpFortuna safety at 100%:
on my desktop dev machine ZrtpFortunaEntropyGatherer.setEntropy()
return false (audioCaptureDevice == null) which mean that no reseeding take place
Initial seeding is made with SecureRandom since
https://github.com/jitsi/zrtp4j/commit/1bd0743d9cdd1750def56ff60951a99d44db2a87

Profiling show no performance impact, so better use a know good CSPRNG

P.S:
some discussion already took place in #108 and #98
You can view, comment on, or merge this pull request online at:

  https://github.com/jitsi/libjitsi/pull/113

-- Commit Summary --

  * Use SecureRandom instead of ZrtpFortuna in DtlsControlImpl

-- File Changes --

    M src/org/jitsi/impl/neomedia/transform/dtls/DtlsControlImpl.java (46)
    M src/org/jitsi/impl/neomedia/transform/dtls/DtlsPacketTransformer.java (5)

-- Patch Links --

https://github.com/jitsi/libjitsi/pull/113.patch
https://github.com/jitsi/libjitsi/pull/113.diff

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113


#2

tests also ok here, is jenkins broken?

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199182182


#3

We still haven't done publishing the logs and results to public. But I see 9 tests fail, will check it later can it be a problem with the environment ... these are the failing:
org.jitsi.meet.test.AvatarTest.changeAvatarAndCheck
org.jitsi.meet.test.AvatarTest.avatarWhenVideoMuted
org.jitsi.meet.test.StopVideoTest.startVideoOnParticipantAndCheck
org.jitsi.meet.test.SwitchVideoTests.participantClickOnLocalVideoAndTest
org.jitsi.meet.test.ActiveSpeakerTest.testActiveSpeaker
org.jitsi.meet.test.StartMutedTest.checkboxesTest
org.jitsi.meet.test.StartMutedTest.configOptionsTest
org.jitsi.meet.test.DisplayNameTest.testChangingDisplayName
org.jitsi.meet.test.ContactListTest.testContactList

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199274043


#4

Jenkins: it's ok to test.

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199432236


#5

@champtar, I believe I shared in one of your previous PRs (with @ibauersachs if memory serves me), that I'd rather we take a global decision for Fortuna, not locally to DtlsControlImpl. I'd rather we don't merge this PR (in its current state in which it deals with Fortuna in DtlsControlImpl only).

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199442817


#6

I can re-add the removal for the rest of libjitsi, it's just not tested (zrtp and sdes), but really simple. I've extensively tested this commit and I'm sure there are no calls to /dev/random. I'm in favour of dropping Fortuna and willing to contribute all needed patches to nuke it.

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199445602


#7

Cool. Let's hear from @ibauersachs as well before we move forward.

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199448009


#8

strace is not conclusive if you only use it in Videobridge. I know that Java calls or used to call /dev/random [1] and [2]. I need to find out where (browsing Java source on GrepCode isn't my favorite thing to do at midnight) before we remove Fortuna in ZRTP and SDES. I don't mind in DTLS, as this is only used in the Videobridge anyway.

[1] http://lists.jitsi.org/pipermail/dev/2011-October/004518.html
[2] https://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html (see the note)

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199533824


#9

hi all,
i've re-read https://tersesystems.com/2015/12/17/the-right-way-to-use-securerandom/
depending on the content of java.security, some distro might use SHA1PRNG calling /dev/random to init itself.

As we are already using one SecureRandom for ZRTP seeding (https://github.com/jitsi/zrtp4j/commit/1bd0743d9cdd1750def56ff60951a99d44db2a87), what do you think about a SecureRandom singleton?

org.jitsi.util.SecureRandomProvider.getInstance()

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199710676


#10

As far as I could see yesterday, the seed of SecureRandom is already a singleton. But I need to investigate that further.

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199760520


#11

some more testing:

import java.security.SecureRandom;

public class SecureRandomTests {

    public static void main(String [ ] args) throws Exception
    {
        while (true) {
            //SecureRandom random = new SecureRandom();
            SecureRandom random = SecureRandom.getInstance("NativePRNG");
            //SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
            //random.generateSeed(40);
            byte bytes[] = new byte[1000];
            random.nextBytes(bytes);
            System.out.println("random\n");
            Thread.sleep(1000);
        }
    }
}

calling ```SecureRandom.getInstance("SHA1PRNG").nextBytes()``` multiple times only read 20 bits from ```/dev/random``` on first use (seeding), and never after.

calling ```SecureRandom.getInstance("NativePRNG").nextBytes()``` always read from ```/dev/urandom``` (same as with ```new SecureRandom()```)

calling ```generateSeed()``` always read from ```/dev/random``` (even for ```SHA1PRNG```)

Tested on centos 6 java 6/7/8, we need some testing on mac/win

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199843952


#12

@ibauersachs is it possible that your bug report from 2011 was with a prehistoric version like java 1.4?

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199849282


#13

I can't tell the Java version anymore, but definitely >= 1.5, most likely 1.6. Windows is irrelevant, there is no /dev/random (they either don't use native at all there or it is CAPI, which is never slow).

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199873076


#14

Do you remember if it was linux or mac?

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-199976851


#15

I tested on Ubuntu, most likely 11.04. Stephane, who reported it initially [1], was on 10.04.

[1] http://lists.jitsi.org/pipermail/dev/2011-October/004524.html

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-200035222


#16

hi,
just tested with ubuntu 10.04.4 (http://old-releases.ubuntu.com/releases/10.04.3/ubuntu-10.04.4-desktop-amd64.iso) and openjdk-6-jdk, same behaviour, ie ```SHA1PRNG``` read 20 bits of /dev/random only on first use (seeding), ```NativePRNG``` calls /dev/urandom

ZRTPFortuna in SDES seems to be there from day one (150fd97)

Is it easy to test SDES and ZRTP negotiation?
i can re-add my 2 patchs and we just test if it work or not

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-200248322


#17

ZrtpFortuna came in around SVN rev ~8500, i.e. before libjitsi was taken out of Jitsi (desktop). You could test ZRTP and SDES by installing Jitsi on two computers that aren't firewalled/natted between each other and set up a server-less SIP account on both.

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-200252878


#18

i've never built jitsi, is there an howto somewhere

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-200324292


#19

i've re-added missing commits

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-200328941


#20
git clone https://github.com/jitsi/jitsi
cd jitsi
ant make

Or download the .deb packages.

···

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/113#issuecomment-200334553