Add Jitter entropy source #17
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We only need to print the notification that we are initalizing sources if we are _not_ just listing those sources out Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Add a jitter entropy source that uses the jitterentropy library to gather entropy from timing inconsistoncies on the system Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Currently, the do_loop function iterates over available entropy sources, but stops iterating as soon as a viable entropy source can fulfill /dev/randoms entropy needs, and then restarts at index zero. It would be better to truly round robin the entropy sources available, so change the for loop to use a static variable that just increaases modulo ENT_MAX always Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
git submodules store empty directories that need to be populated with a git submodule update command, meaning using a directory test to enable its building can lead to false positives and build errors. Convert the autoconf test to detect the presence of jitterentropy_library/Makefile instead to ensure some buildable source is there. While we're at it, add in a notice to inform the user in the event that the library isn't present Signed-off-by:Neil Horman <nhorman@tuxdriver.com>
Update the jitterentropy-library commit in the submodule to match the parent tree. This brings in static library support which we need to rngd Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
The CI system uses an older compiler which doesn't support the -fstack-protector-strong option, which is used by the jitterentropy library, and int turn causes a failure, which prevents the CI system from running. Since, we don't do any specific test on the jitter rng, temporarily remove it from the CI environment prior to building so that we avoid the failure Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Stephan noted that xread_jitter doesn't need a while loop to fill the request buffer, because the implementation of jent_read_entropy already includes this same loop. So lets simplify that down Reported-by: Stephan Muller <smueller@chronox.de> Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
We allocate this and use it internally only so make it static Reported-by: Stephan Mueller <smueller@chronox.de> Reported-by: Neil Horman <nhorman@tuxdriver.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The CPU Jitter RNG noise source is added as a new generic noise source.
It requires the static CPU Jitter RNG library that can be obtained from
[1]. The static library can be pointed to using the configure option of
--with-libjitterentropy-prefix.
The CPU Jitter RNG noise source is extensively discussed at [1].
[1] http://www.chronox.de/jent.html