Ensure urandom entropy is of cryptographic quality.

The non-blocking PRNG /dev/urandom doesn't block if it has been seeded
enough, sadly (e.g., if the entropy pool is empty).  Reading a few bytes
from the *blocking* should ensure that "the kernel RNG has [...] reach
full entropy at least once, which guarantees cryptographic quality of
the rest of the /dev/urandom stream." -- Tor bug #10676

    https://trac.torproject.org/projects/tor/ticket/10676

See also urandom(4).

3 files changed, 54 insertions, 0 deletions

diff --git a/src/fripost-partman-udeb/base.sh b/src/fripost-partman-udeb/base.sh
index c23dcc1..b6770f8 100644
--- a/src/fripost-partman-udeb/base.sh
+++ b/src/fripost-partman-udeb/base.sh
@@ -52,6 +52,49 @@ wait_for_device() {
     [ -b "$device" ] || fatal "Error: $device not found!"
 }
 
+# The non-blocking PRNG /dev/urandom doesn't block if it has been seeded
+# enough, sadly (e.g., if the entropy pool is empty).  Reading a few
+# bytes from the *blocking* should ensure that "the kernel RNG has [...]
+# reach full entropy at least once, which guarantees cryptographic
+# quality of the rest of the /dev/urandom stream." -- Tor bug #10676.
+# See also urandom(4).  (XXX It's possible that the debian installer
+# does that already.)
+seed_urandom() {
+    local seed=/var/run/random-seed fifo n records dir
+    local poolfile=/proc/sys/kernel/random/poolsize bytes=512
+
+    if [ -f "$seed" ]; then
+        log "/dev/urandom has already been seeded since start-up"
+        return
+    fi
+
+    [ -r $poolfile ] && bytes=$(cat $poolfile)
+    log "Seeding /dev/urandom with $bytes bytes from /dev/random"
+    db_subst fripost/seed_urandom_progress_title BYTES $bytes
+    db_progress START 0 $bytes fripost/seed_urandom_progress_title
+    db_progress INFO fripost/seed_urandom_progress_info
+
+    fifo=$(mktemp -u)
+    /bin/mknod "$fifo" p || exit 1
+    trap 'kill $pid' EXIT
+    /bin/dd if=/dev/random bs=1 count=$bytes of=/dev/null 2> "$fifo" & pid=$!
+    heartbeat $pid USR1 &
+
+    local n records dir
+    while read -u 7 n records dir; do
+        [ "$records" = records -a "$dir" = out ] && db_progress SET ${n%+*}
+    done 7< "$fifo"
+    db_progress SET $bytes; sleep 0.25
+
+    rm -f "$fifo"
+    trap '' EXIT
+
+    db_progress STOP
+    db_unregister fripost/seed_urandom_progress_title
+    db_unregister fripost/seed_urandom_progress_info
+    touch "$seed"
+}
+
 
 ##############################################################################
 # Wipe the disk (unless d-i's 'fripost/wipe-device' is 'none')
@@ -69,6 +112,7 @@ fripost_wipe() {
     fi
 
     source="/dev/$RET"
+    [ "$source" != /dev/urandom ] || seed_urandom
     log "Want to wipe $device using source $source"
     [ -b "$device" -a -d "$blockdir" -a -c "$source" ] || \
         fatal "Invalid device $device or source $source"
@@ -211,6 +255,7 @@ fripost_encrypt() {
     keyfile=$(mktemp) || exit 1
 
     log "Encryting device $device and sets up a mapping $name"
+    seed_urandom
 
     db_input high fripost/encryption-password || true
     db_go
diff --git a/src/fripost-partman-udeb/debian/templates b/src/fripost-partman-udeb/debian/templates
index 2088e19..4f4d177 100644
--- a/src/fripost-partman-udeb/debian/templates
+++ b/src/fripost-partman-udeb/debian/templates
@@ -1,3 +1,11 @@
+Template: fripost/seed_urandom_progress_title
+Type: text
+Description: Seeding /dev/urandom with ${BYTES} bytes from /dev/random
+
+Template: fripost/seed_urandom_progress_info
+Type: text
+Description: This may take a while
+
 Template: debian-installer/fripost-partman/title
 Type: text
 Description: Partition disks using a shell script
diff --git a/src/fripost-postinst-udeb/finish-install.d/07fripost b/src/fripost-postinst-udeb/finish-install.d/07fripost
index c00e617..5a7cd73 100755
--- a/src/fripost-postinst-udeb/finish-install.d/07fripost
+++ b/src/fripost-postinst-udeb/finish-install.d/07fripost
@@ -24,6 +24,7 @@ set -ue
 
 . /lib/fripost-partman/base.sh
 import=/cdrom/include
+seed_urandom
 
 # Update the information below the progress bar. Also, log the argument.
 progress() {