feeds-publisher: Use a secure random number generator for nonces
Verification of pub/sub subscriptions requires a nonce to be exchanged between the two peers.
https://www.w3.org/TR/websub/#h-hub-verifies-intent
In order to guarantee security, this needs to be unpredictable. However, the code was previously using rand() seeded by the current time, which is entirely predictable. Instead, it should be using random values read from /dev/urandom
Ideally, we would read a single seed value from /dev/urandom, and use that to see a secure PRNG within libgrss, which we would generate nonces from. However, that means implementing a PRNG (or adding a dependency), which is a bit over the top for some nonces. The number of nonces generated should be fairly small (reverification intervals are on the order of hours) and the size of each nonce is small (50B), so it should be OK to read from /dev/urandom each time.
The code for handling /dev/urandom was copied from libscram, which is copyright 2014 Collabora, Ltd.; and it’s licensed under LGPLv2.1+, which is compatible with libgrss’ license (LGPLv3+).
https://gitlab.com/libscram/libscram/blob/master/authentication.c
Coverity ID: 1351003
Signed-off-by: Philip Withnall philip@tecnocode.co.uk