Add qrypt as an entropy source

Qrypt provides a nist-beacon like entropy source for people who want to
use server based entropy beacons.  Like NIST, it should likely not be
used directly in cryptographic operation, as the entropy may be
intercepted over a network, but can provide copius amounts of entropy
for non-crypto purposes

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>

Makefile.am

@@ -31,6 +31,10 @@ if RTLSDR
 rngd_SOURCES	+= rngd_rtlsdr.c
 endif
 
+if QRYPT
+rngd_SOURCES	+= rngd_qrypt.c
+endif
+
 rngd_LDADD	= librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} ${libcap_LIBS} $(PTHREAD_LIBS)
 
 if DARN

configure.ac

@@ -36,6 +36,13 @@ AC_ARG_WITH([nistbeacon],
 	[with_nistbeacon=check]
 )
 
+AC_ARG_WITH([qrypt],
+	AS_HELP_STRING([--without-qrypt],
+		[Disable qrypt support. ]),
+	[],
+	[with_qrypt=check]
+)
+
 AC_ARG_WITH([pkcs11],
 	AS_HELP_STRING([--without-pkcs11],
 		[Disable pkcs11 support. ]),
@@ -110,13 +117,28 @@ AC_CHECK_DECL(pthread_attr_setaffinity_np,
 AS_IF(
 	[ test "x$with_nistbeacon" != "xno"],
 	[
-		PKG_CHECK_MODULES([libcurl], [libcurl], [], [AC_MSG_ERROR([libcurl is required])])
 		PKG_CHECK_MODULES([libxml2], [libxml-2.0], [], [AC_MSG_ERROR([libxml2 is required])])
-                PKG_CHECK_MODULES([jansson], [jansson], [], [AC_MSG_ERROR([libjansson is required])])
 		AC_DEFINE([HAVE_NISTBEACON],1,[Enable NISTBEACON])
 	]
 )
 
+AS_IF(
+	[ test "x$with_qrypt" != "xno" ],
+	[
+		AC_DEFINE([HAVE_QRYPT],1,[Enable QRYPT])
+	]
+)
+
+AM_CONDITIONAL([QRYPT], [test "x$with_qrypt" != "xno"])
+
+AS_IF(
+	[ test "x$with_nistbeacon" != "xno" -o "x$with_qrypt" != "xno" ],
+	[
+		PKG_CHECK_MODULES([libcurl], [libcurl], [], [AC_MSG_ERROR([libcurl is required])])
+                PKG_CHECK_MODULES([jansson], [jansson], [], [AC_MSG_ERROR([libjansson is required])])
+	]
+)
+
 AS_IF(
 	[ test "x$with_pkcs11" != "xno"],
 	[

rngd.c

@@ -165,6 +165,7 @@ static enum {
 	ENT_JITTER,
 	ENT_PKCS11,
 	ENT_RTLSDR,
+	ENT_QRYPT,
 	ENT_MAX
 } entropy_indexes __attribute__((used));
 
@@ -294,6 +295,17 @@ static struct rng_option rtlsdr_options[] = {
 	}
 };
 
+static struct rng_option qrypt_options[] = {
+	[QRYPT_OPT_TOKEN_FILE] = {
+		.key = "tokenfile",
+		.type = VAL_STRING,
+		.str_val = "/etc/qrypt.token",
+	},
+	{
+		.key = NULL,
+	}
+};
+
 static struct rng entropy_sources[ENT_MAX] = {
 	/* Note, the special char dev must be the first entry */
 	{
@@ -416,6 +428,17 @@ static struct rng entropy_sources[ENT_MAX] = {
 		.disabled       = true,
 #endif
 		.rng_options    = rtlsdr_options,
+	},
+	{
+		.rng_name	= "Qrypt quantum entropy beacon",
+		.rng_sname	= "qrypt",
+		.rng_fd		= -1,
+		.flags		= { 0 },
+		.xread		= xread_qrypt,
+		.init		= init_qrypt_entropy_source,
+		.close		= close_qrypt_entropy_source,
+		.disabled	= true,
+		.rng_options	= qrypt_options,
 	}
 
 };

rngd.h

@@ -124,6 +124,14 @@ enum {
 	RTLSDR_OPT_MAX,
 };
 
+/*
+ * QRYPT options
+ */
+enum {
+	QRYPT_OPT_TOKEN_FILE = 0,
+	QRYPT_OPT_MAX,
+};
+
 enum option_val_type {
 	VAL_INT = 0,
 	VAL_STRING = 1,

rngd_entsource.h

@@ -61,6 +61,10 @@ extern void close_pkcs11_entropy_source(struct rng *);
 extern int init_rtlsdr_entropy_source(struct rng *);
 extern void close_rtlsdr_entropy_source(struct rng *);
 #endif
+#ifdef HAVE_QRYPT
+extern int init_qrypt_entropy_source(struct rng *);
+extern void close_qrypt_entropy_source(struct rng *);
+#endif
 
 extern int init_tpm_entropy_source(struct rng *);
 
@@ -90,6 +94,10 @@ extern int xread_pkcs11(void *buf, size_t size, struct rng *ent_src);
 extern int xread_rtlsdr(void *buf, size_t size, struct rng *ent_src);
 #endif
 
+#ifdef HAVE_QRYPT
+extern int xread_qrypt(void *buf, size_t size, struct rng *ent_src);
+#endif
+
 extern int xread_nist(void *buf, size_t size, struct rng *ent_src);
 
 extern int xread_tpm(void *buf, size_t size, struct rng *ent_src);