[PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator

[PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator

[Piotr Azarewicz]

This patch improve generate_random_key() function by replacing rand()
function with reading from /dev/urandom.

CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
dont_call: rand should not be used for security related applications, as
linear congruential algorithms are too easy to break

Coverity issue: 120136

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
---
 examples/l2fwd-crypto/main.c |   18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index d18c813..e1f0a1e 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -45,6 +45,8 @@
 #include <ctype.h>
 #include <errno.h>
 #include <getopt.h>
+#include <fcntl.h>
+#include <unistd.h>
 
 #include <rte_atomic.h>
 #include <rte_branch_prediction.h>
@@ -581,10 +583,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid)
 static void
 generate_random_key(uint8_t *key, unsigned length)
 {
-	unsigned i;
+	int fd;
+	int ret;
+
+	fd = open("/dev/urandom", O_RDONLY);
+	if (fd < 0)
+		rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
 
-	for (i = 0; i < length; i++)
-		key[i] = rand() % 0xff;
+	ret = read(fd, key, length);
+	close(fd);
+
+	if (ret != (signed)length)
+		rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
 }
 
 static struct rte_cryptodev_sym_session *
@@ -1180,8 +1190,6 @@ l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options,
 static void
 l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 {
-	srand(time(NULL));
-
 	options->portmask = 0xffffffff;
 	options->nb_ports_per_lcore = 1;
 	options->refresh_period = 10000;
-- 
1.7.9.5

Re: [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator

[Thomas Monjalon]

2016-05-25 15:34, Piotr Azarewicz:
> This patch improve generate_random_key() function by replacing rand()
> function with reading from /dev/urandom.
> 
> CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
> dont_call: rand should not be used for security related applications, as
> linear congruential algorithms are too easy to break
> 
> Coverity issue: 120136
> 
> Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
> ---
>  examples/l2fwd-crypto/main.c |   18 +++++++++++++-----

Is it relevant for this example?

Re: [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator

[Azarewicz, PiotrX T]

> 2016-05-25 15:34, Piotr Azarewicz:
> > This patch improve generate_random_key() function by replacing rand()
> > function with reading from /dev/urandom.
> >
> > CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
> > dont_call: rand should not be used for security related applications,
> > as linear congruential algorithms are too easy to break
> >
> > Coverity issue: 120136
> >
> > Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
> > ---
> >  examples/l2fwd-crypto/main.c |   18 +++++++++++++-----
> 
> Is it relevant for this example?

Maybe not. But it don't break anything, and in the end make Coverity tool happy.

Declan, please share your opinion.

Re: [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator

[Thomas Monjalon]

2016-06-08 07:46, Azarewicz, PiotrX T:
> > 2016-05-25 15:34, Piotr Azarewicz:
> > > This patch improve generate_random_key() function by replacing rand()
> > > function with reading from /dev/urandom.
> > >
> > > CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
> > > dont_call: rand should not be used for security related applications,
> > > as linear congruential algorithms are too easy to break
> > >
> > > Coverity issue: 120136
> > >
> > > Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
> > 
> > Is it relevant for this example?
> 
> Maybe not. But it don't break anything, and in the end make Coverity tool happy.
> 
> Declan, please share your opinion.

Declan?

Re: [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator

[Declan Doherty]

On 07/11/2016 03:17 PM, Thomas Monjalon wrote:
> 2016-06-08 07:46, Azarewicz, PiotrX T:
>>> 2016-05-25 15:34, Piotr Azarewicz:
>>>> This patch improve generate_random_key() function by replacing rand()
>>>> function with reading from /dev/urandom.
>>>>
>>>> CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
>>>> dont_call: rand should not be used for security related applications,
>>>> as linear congruential algorithms are too easy to break
>>>>
>>>> Coverity issue: 120136
>>>>
>>>> Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
>>>
>>> Is it relevant for this example?
>>
>> Maybe not. But it don't break anything, and in the end make Coverity tool happy.
>>
>> Declan, please share your opinion.
>
> Declan?
>

sorry I'm missed this thread. While not strictly necessary for the 
example app, I don't see a problem applying it, as coverity points out 
it is a bad idea to use rand() for crypto purposes.

Declan

Re: [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator

[Declan Doherty]

On 05/25/2016 02:34 PM, Piotr Azarewicz wrote:
> This patch improve generate_random_key() function by replacing rand()
> function with reading from /dev/urandom.
>
> CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
> dont_call: rand should not be used for security related applications, as
> linear congruential algorithms are too easy to break
>
> Coverity issue: 120136
>
> Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
> ---
>  examples/l2fwd-crypto/main.c |   18 +++++++++++++-----
>  1 file changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
> index d18c813..e1f0a1e 100644
> --- a/examples/l2fwd-crypto/main.c
> +++ b/examples/l2fwd-crypto/main.c
> @@ -45,6 +45,8 @@
>  #include <ctype.h>
>  #include <errno.h>
>  #include <getopt.h>
> +#include <fcntl.h>
> +#include <unistd.h>
>
>  #include <rte_atomic.h>
>  #include <rte_branch_prediction.h>
> @@ -581,10 +583,18 @@ l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid)
>  static void
>  generate_random_key(uint8_t *key, unsigned length)
>  {
> -	unsigned i;
> +	int fd;
> +	int ret;
> +
> +	fd = open("/dev/urandom", O_RDONLY);
> +	if (fd < 0)
> +		rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
>
> -	for (i = 0; i < length; i++)
> -		key[i] = rand() % 0xff;
> +	ret = read(fd, key, length);
> +	close(fd);
> +
> +	if (ret != (signed)length)
> +		rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
>  }
>
>  static struct rte_cryptodev_sym_session *
> @@ -1180,8 +1190,6 @@ l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options,
>  static void
>  l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
>  {
> -	srand(time(NULL));
> -
>  	options->portmask = 0xffffffff;
>  	options->nb_ports_per_lcore = 1;
>  	options->refresh_period = 10000;
>

Acked-by: Declan Doherty <declan.doherty@intel.com>

Re: [PATCH v1 1/1] examples/l2fwd-crypto: improve random key generator

[Thomas Monjalon]

2016-07-13 16:55, Declan Doherty:
> On 05/25/2016 02:34 PM, Piotr Azarewicz wrote:
> > This patch improve generate_random_key() function by replacing rand()
> > function with reading from /dev/urandom.
> >
> > CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
> > dont_call: rand should not be used for security related applications, as
> > linear congruential algorithms are too easy to break
> >
> > Coverity issue: 120136
> >
> > Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
> 
> Acked-by: Declan Doherty <declan.doherty@intel.com>

Applied, thanks