Replace radsecret script to avoid new perl dependencies from universe

The freeradius update to 3.2.5 enabled a new binary and two new modules, as part of the BlastRADIUS vulnerability (CVE-2024-3596) mitigations:

+ * New upstream version 3.2.5+dfsg
+ This release adds a few hardening mitigations for the BlastRADIUS protocol
+ vulnerability (CVE-2024-3596).
+ - add new radsecret binary
+ - add new rlm_dpsk and rlm_eap_teap modules

The new libconvert-base32-perl and libcrypt-urandom-perl dependencies come from radsecret, which is this 3-liner:

#!/usr/bin/env perl
#
# A tool which generates strong shared secrets.
#
use Convert::Base32;
use Crypt::URandom();
print join('-', unpack("(A4)*", lc encode_base32(Crypt::URandom::urandom(12)))), "\n";

There has to be a different way to do this that does not involve moving these perl modules to main...

$ src/main/radsecret
voaq-pxzx-a5bc-5pvf-woua

$ src/main/radsecret
e7y3-vqwl-dd2j-bxz2-tmuq

  TBH the simplest thing to do is just to drop the rad secret program. It not used for anything, and is just a helper script.

> On Jul 16, 2024, at 1:35 PM, Andreas Hasenack <email address hidden> wrote:
>
> The freeradius update to 3.2.5 enabled a new binary and two new modules,
> as part of the BlastRADIUS vulnerability (CVE-2024-3596) mitigations:
>
> + * New upstream version 3.2.5+dfsg
> + This release adds a few hardening mitigations for the BlastRADIUS protocol
> + vulnerability (CVE-2024-3596).
> + - add new radsecret binary
> + - add new rlm_dpsk and rlm_eap_teap modules
>
> The new libconvert-base32-perl and libcrypt-urandom-perl dependencies
> come from radsecret, which is this 3-liner:
>
> #!/usr/bin/env perl
> #
> # A tool which generates strong shared secrets.
> #
> use Convert::Base32;
> use Crypt::URandom();
> print join('-', unpack("(A4)*", lc encode_base32(Crypt::URandom::urandom(12)))), "\n";
>
> There has to be a different way to do this that does not involve moving
> these perl modules to main...
>
>
> $ src/main/radsecret
> voaq-pxzx-a5bc-5pvf-woua
>
> $ src/main/radsecret
> e7y3-vqwl-dd2j-bxz2-tmuq
>
>
> ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3596
>
> --
> You received this bug notification because you are subscribed to
> freeradius in Ubuntu.
> https://bugs.launchpad.net/bugs/2073269
>
> Title:
> [MIR] libconvert-base32-perl and libcrypt-urandom-perl
>
> Status in freeradius package in Ubuntu:
> Confirmed
> Status in libconvert-base32-perl package in Ubuntu:
> Incomplete
> Status in libcrypt-urandom-perl package in Ubuntu:
> Incomplete
>
> Bug description:
> https://ubuntu-archive-team.ubuntu.com/component-mismatches-proposed.svg
> shows freeradius depending on libconvert-base32-perl and libcrypt-urandom-perl now
>
>
> Evaluate the new freeradius please if we want to file MIRs for them OR if we want to modify the dependencies.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/2073269/+subscriptions
>

We are having a small competition :)

a)
#!/usr/bin/env python3

import base64
import secrets

def generate_secret():
    # Generate 12 random bytes
    random_bytes = secrets.token_bytes(12)

    # Convert to base32
    base32_string = base64.b32encode(random_bytes).decode('utf-8').lower()

    # Split into groups of 4 characters
    grouped = [base32_string[i:i+4] for i in range(0, len(base32_string), 4)]

    # Join with hyphens and print
    print('-'.join(grouped))

if __name__ == "__main__":
    generate_secret()

b)
import os
import base64

encoded = base64.b32encode(os.urandom(12)).decode('utf-8').rstrip('=').lower()
print('-'.join([encoded[i:i+4] for i in range(0, len(encoded), 4)]))

c)
#!/bin/bash
data=$(dd if=/dev/urandom bs=1 count=12 2>/dev/null| base32 | tr 'A-Z' 'a-z')
echo ${data:0:4}-${data:4:4}-${data:8:4}-${data:12:4}-${data:16:4}

Of these three, I prefer the shell. (I know, I'm as surprised as you.)

Please use this version, unless there's a compelling reason to prefer Python:

#!/bin/bash
data=$(dd if=/dev/urandom bs=1 count=13 2>/dev/null| base32 | tr 'A-Z' 'a-z')
echo ${data:0:4}-${data:4:4}-${data:8:4}-${data:12:4}-${data:16:4}

Why I prefer the shell version, and an important change I made to it:

The shell script executes in roughly 20% the time of the python scripts. (4s vs 22s for 1000 iterations.)

We should be selecting 13 bytes, not 12, from /dev/urandom. (I'll show why near the end.)

The very long python script has an unexpected behavior, so if this is the version that is selected, it needs the same .rstrip('=') treatment as the short one:

$ ./uuid1.py
376y-fuyc-d5a7-6sjz-uhwa-====

When playing with the shell script I thought I noticed patterns in the last character of the output so I investigated further to make sure that these are actually emitting roughly what we expect:

$ for i in `seq 1 10000`; do ./uuid ; done | ent -c
Value Char Occurrences Fraction
 10 10000 0.040000
 45 - 40000 0.160000
 50 2 6056 0.024224
 51 3 5860 0.023440
 52 4 5946 0.023784
 53 5 6102 0.024408
 54 6 5951 0.023804
 55 7 5731 0.022924
 97 a 10761 0.043044
 98 b 5887 0.023548
 99 c 5847 0.023388
100 d 5938 0.023752
101 e 5929 0.023716
102 f 5936 0.023744
103 g 5922 0.023688
104 h 5934 0.023736
105 i 5940 0.023760
106 j 5834 0.023336
107 k 5997 0.023988
108 l 6005 0.024020
109 m 5940 0.023760
110 n 6026 0.024104
111 o 6081 0.024324
112 p 5909 0.023636
113 q 10947 0.043788
114 r 5918 0.023672
115 s 5892 0.023568
116 t 5908 0.023632
117 u 6033 0.024132
118 v 5912 0.023648
119 w 5934 0.023736
120 x 6067 0.024268
121 y 5892 0.023568
122 z 5965 0.023860

Total: 250000 1.000000

$ for i in `seq 1 10000`; do ./uuid1.py ; done | ent -c
Value Char Occurrences Fraction
 10 10000 0.033333
 45 - 50000 0.166667
 50 2 5953 0.019843
 51 3 5972 0.019907
 52 4 5893 0.019643
 53 5 5943 0.019810
 54 6 5940 0.019800
 55 7 5770 0.019233
 61 = 40000 0.133333 # ====
 97 a 10872 0.036240
 98 b 6011 0.020037
 99 c 5957 0.019857
100 d 5879 0.019597
101 e 5840 0.019467
102 f 5888 0.019627
103 g 5890 0.019633
104 h 5827 0.019423
105 i 5979 0.019930
106 j 5921 0.019737
107 k 5987 0.019957
108 l 5953 0.019843
109 m 6083 0.020277
110 n 5886 0.019620
111 o 6054 0.020180
112 p 5856 0.019520
113 q 10923 0.036410
114 r 6013 0.020043
115 s 5894 0.019647
116 t 6021...

On Jul 16, 2024, at 4:14 PM, Seth Arnold <email address hidden> wrote:
> When playing with the shell script I thought I noticed patterns in the last character of the output so I investigated further to make sure that these are actually emitting roughly what we expect:

  Due to the way that base64 works, the last character of the output contains only 4 bits of the input randomness. That's fine, because we're depending on all of the 12 bytes from /dev/urandom for entropy. We don't need the output base64 stuff to look completely random. And it won't look random, because it's using a limited character set: base64.

Alan, would you be ok for me to propose this change upstream, with the bash script? Then debian could also take it, and we wouldn't have a delta between debian and ubuntu.

Update: I created https://github.com/FreeRADIUS/freeradius-server/pull/5375 for your consideration

This bug was fixed in the package freeradius - 3.2.5+dfsg-2ubuntu1

---------------
freeradius (3.2.5+dfsg-2ubuntu1) oracular; urgency=medium

  * Don't depend on perl modules from universe (LP: #2073269):
    - d/p/replace-radsecret.patch: replace radsecret, which is in perl,
      with a Bash variant, to avoid pulling in two new perl dependencies
      which are in Universe
    - d/control: drop explicit dependency on libconvert-base32-perl and
      libcrypt-urandom-perl

 -- Andreas Hasenack <email address hidden> Tue, 16 Jul 2024 16:30:16 -0300