GHA Runner VM Entropy for Key Generation about openpubkey HOT 3 CLOSED

Strongly agree that OpenPubkey should support KMS and HSMs and associated RNGs. This is the ideal solution for people that use KSM or HSMs. Everything I am going to say below is thinking about how to support openpubkey for users that may not have or want to use KSM/HSMs.

rdrand, rdseed, RNDR, /dev/hwrng

I don't see any harm in using HAVAGE as an additional source of entropy. I think if we are concerned about rand.Reader not providing sufficient entropy one of the first places we should look at is the x86 rdrand and rdseed instructions. I modified your test code to show that GHA ubuntu runner has access to the rdrand and rdseed instructions.

The action output is here: https://github.com/EthanHeilman/gha-vm-rdtsc-test/actions/runs/6757557761/job/18368221015

We could use RDRAND-Tester to check if rdrand is available on the system and fail if it isn't evaluable. While rdrand and rdseed only exists on x86. we should get ARM support by using the RNDR ARM instruction.

Linux provides the /dev/hwrng device which provides a nice place to plug in hardware sources of entropy. RaspberryPI exposes their HW RNG via that device. Not sure if all ARM systems do this. Some hypervisors and emulators use /dev/hwrng as a way of exposing true random number generation to each of their host virtual machines.

Additional hardening in Github Actions

This might be overkill but we could use the SHA3(ACTIONS_ID_TOKEN_REQUEST_TOKEN), and in case of GQ signatures SHA3(OP RSA Signature), as an additional source of entropy on top of what rand.Reader provides. The preimage resistance of SHA3 should protect the value from leaking assuming the github OpenID Provider does not have an entropy generation problem and is not generating low entropy tokens and RSA signatures.

from openpubkey.

rdrand, rdseed, RNDR, /dev/hwrng

I don't see any harm in using HAVAGE as an additional source of entropy. I think if we are concerned about rand.Reader not providing sufficient entropy one of the first places we should look at is the x86 rdrand and rdseed instructions. I modified your test code to show that GHA ubuntu runner has access to the rdrand and rdseed instructions.

The action output is here: https://github.com/EthanHeilman/gha-vm-rdtsc-test/actions/runs/6757557761/job/18368221015

Very nice! It looks like the GHA runners are fairly well provisioned with entropy sources. Agreed that this will be good support for users without KMS/HSM access. Thanks for taking a look at it!

from openpubkey.

@mrjoelkamp Closing this. If you think this should be reopened please reopen.

from openpubkey.