Skip to content

Commit

Permalink
Merge pull request #12 from nhorman/nist-beacon
Browse files Browse the repository at this point in the history
NIST beacon support
  • Loading branch information
nhorman authored Oct 10, 2017
2 parents d91bf8b + 90310c6 commit 5457e2f
Show file tree
Hide file tree
Showing 7 changed files with 543 additions and 7 deletions.
4 changes: 4 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ addons:
apt:
packages:
libsysfs-dev
libxml2
libxml2-dev
libssl-dev
libcurl3-dev

script: ./autogen.sh && ./configure && make

11 changes: 8 additions & 3 deletions Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,12 @@ man_MANS = rngd.8 rngtest.1
noinst_LIBRARIES = librngd.a

rngd_SOURCES = rngd.h rngd.c rngd_entsource.h rngd_entsource.c \
rngd_linux.h rngd_linux.c util.c
rngd_linux.h rngd_linux.c util.c

if NISTBEACON
rngd_SOURCES += rngd_nistbeacon.c
endif

if RDRAND
rngd_SOURCES += rngd_rdrand.c rdrand_asm.S
endif
Expand All @@ -20,8 +24,9 @@ if DARN
rngd_SOURCES += rngd_darn.c
endif

rngd_LDADD = librngd.a
rngd_LDFLAGS = -lsysfs
rngd_LDADD = librngd.a -lsysfs ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS}

rngd_CFLAGS = ${libxml2_CFLAGS} ${openssl_CFLAGS}

rngtest_SOURCES = exits.h stats.h stats.c rngtest.c
rngtest_LDADD = librngd.a
Expand Down
18 changes: 18 additions & 0 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,12 @@ AC_ARG_WITH([libgcrypt],
[],
[with_libgcrypt=check]
)
AC_ARG_WITH([nistbeacon],
AS_HELP_STRING([--without-nistbeacon],
[Disable nistbeacon support. ]),
[],
[with_nistbeacon=check]
)

dnl Make sure anyone changing configure.ac/Makefile.am has a clue
AM_MAINTAINER_MODE
Expand All @@ -48,6 +54,18 @@ AS_IF([test $host_cpu = x86_64 -o $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,
AM_CONDITIONAL([DARN], [test $host_cpu = powerpc64le])
AS_IF([test $host_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])

AS_IF(
[ test "x$with_nistbeacon" != "xno"],
[
PKG_CHECK_MODULES([libcurl], [libcurl], [], [AC_MSG_ERROR([libcurl is required])])
PKG_CHECK_MODULES([libxml2], [libxml-2.0], [], [AC_MSG_ERROR([libxml2 is required])])
PKG_CHECK_MODULES([openssl], [openssl], [], [AC_MSG_ERROR([openssl is required])])
AC_DEFINE([HAVE_NISTBEACON],1,[Enable NISTBEACON])
]
)

AM_CONDITIONAL([NISTBEACON], [test "x$with_nistbeacon" != "xno"])

dnl Checks for header files.
dnl AC_HEADER_STDC
dnl AC_CHECK_HEADERS(sys/ioctl.h unistd.h)
Expand Down
42 changes: 39 additions & 3 deletions rngd.c
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@

/* Background/daemon mode */
bool am_daemon; /* True if we went daemon */

bool msg_squash = false; /* True if we want no messages on the console */
bool server_running = true; /* set to false, to stop daemon */

bool ignorefail = false; /* true if we ignore MAX_RNG_FAILURES */
Expand Down Expand Up @@ -90,6 +90,8 @@ static struct argp_option options[] = {

{ "exclude", 'x', "n", 0, "Disable the numbered entropy source specified" },

{ "include", 'n', "n", 0, "Enable the numbered entropy source specified" },

{ "list", 'l', 0, 0, "List the operational entropy sources on this system and exit" },

{ "random-device", 'o', "file", 0,
Expand Down Expand Up @@ -133,6 +135,7 @@ static enum {
ENT_TPM = 1,
ENT_RDRAND,
ENT_DARN,
ENT_NISTBEACON,
ENT_MAX
} entropy_indexes;

Expand Down Expand Up @@ -173,6 +176,15 @@ static struct rng entropy_sources[ENT_MAX] = {
.disabled = true,
#endif
},
{
.rng_name = "NIST Network Entropy Beacon",
.rng_fd = -1,
#ifdef HAVE_NISTBEACON
.xread = xread_nist,
.init = init_nist_entropy_source,
#endif
.disabled = true,
},
};


Expand All @@ -198,6 +210,15 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state)
entropy_sources[idx].disabled = true;
printf("Disabling %lu: %s\n", idx, entropy_sources[idx].rng_name);
break;
case 'n':
idx = strtol(arg, NULL, 10);
if ((idx == LONG_MAX) || (idx > ENT_MAX)) {
printf("enable index is out of range: %lu\n", idx);
return -ERANGE;
}
entropy_sources[idx].disabled = false;
printf("Enabling %lu: %s\n", idx, entropy_sources[idx].rng_name);
break;
case 'l':
arguments->list = true;
break;
Expand Down Expand Up @@ -371,9 +392,24 @@ int main(int argc, char **argv)
if (argp_parse(&argp, argc, argv, 0, 0, arguments) < 0)
return 1;

if (arguments->list) {
int found = 0;
printf("Entropy sources that are available but disabled\n");
for (i=0; i < ENT_MAX; i++)
if (entropy_sources[i].init && entropy_sources[i].disabled == true) {
found = 1;
printf("%d: %s\n", i, entropy_sources[i].rng_name);
}
if (!found)
printf("None");
printf("\nInitalizing available sources\n");
msg_squash = true;
}

/* Init entropy sources */

for (i=0; i < ENT_MAX; i++) {
if (entropy_sources[i].disabled == false) {
if (entropy_sources[i].init && entropy_sources[i].disabled == false) {
if (!entropy_sources[i].init(&entropy_sources[i])) {
ent_sources++;
entropy_sources[i].fipsctx = malloc(sizeof(fips_ctx_t));
Expand All @@ -387,11 +423,11 @@ int main(int argc, char **argv)
}

if (arguments->list) {
msg_squash = false;
printf("Available entropy sources:\n");
for (i=0; i < ENT_MAX; i++)
if (entropy_sources[i].init && entropy_sources[i].disabled == false)
printf("%d: %s\n", i, entropy_sources[i].rng_name);

return 1;
}

Expand Down
3 changes: 2 additions & 1 deletion rngd.h
Original file line number Diff line number Diff line change
Expand Up @@ -76,14 +76,15 @@ struct rng {
/* Background/daemon mode */
extern bool am_daemon; /* True if we went daemon */

extern bool msg_squash;

/*
* Routines and macros
*/
#define message(priority,fmt,args...) do { \
if (am_daemon) { \
syslog((priority), fmt, ##args); \
} else { \
} else if (!msg_squash) { \
if ((LOG_PRI(priority) != LOG_DEBUG) || (arguments->debug == true)) {\
fprintf(stderr, fmt, ##args); \
fprintf(stderr, "\n"); \
Expand Down
6 changes: 6 additions & 0 deletions rngd_entsource.h
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,10 @@ extern int init_drng_entropy_source(struct rng *);
#ifdef HAVE_DARN
extern int init_darn_entropy_source(struct rng *);
#endif
#ifdef HAVE_NISTBEACON
extern int init_nist_entropy_source(struct rng *);
#endif


extern int init_tpm_entropy_source(struct rng *);

Expand All @@ -55,6 +59,8 @@ extern int xread_drng(void *buf, size_t size, struct rng *ent_src);
extern int xread_darn(void *buf, size_t size, struct rng *ent_src);
#endif

extern int xread_nist(void *buf, size_t size, struct rng *ent_src);

extern int xread_tpm(void *buf, size_t size, struct rng *ent_src);

#endif /* RNGD_ENTSOURCE__H */
Loading

0 comments on commit 5457e2f

Please sign in to comment.