[\fB\-r\fR, \fB\-\-rng-device=\fIfile\fR]
[\fB\-s\fR, \fB\-\-random-step=\fInnn\fR]
[\fB\-W\fR, \fB\-\-fill-watermark=\fInnn\fR]
+[\fB\-n\fR, \fB\-\-no-tpm=\fI1|0\fR]
+[\fB\-q\fR, \fB\-\-quiet\fR]
+[\fB\-v\fR, \fB\-\-verbose\fR]
[\fB\-t\fR, \fB\-\-timeout=\fInnn\fR]
[\fB\-?\fR, \fB\-\-help\fR]
[\fB\-V\fR, \fB\-\-version\fR]
.PP
The \fB\-f\fR or \fB\-\-foreground\fR options can be used to tell
\fBrngd\fR to avoid forking on startup. This is typically used for
-debugging. The \fB\-f\fR or \fB\-\-foreground\fR options, which fork and put
+debugging. The \fB\-b\fR or \fB\-\-background\fR options, which fork and put
\fBrngd\fR into the background automatically, are the default.
.PP
The \fB\-r\fR or \fB\-\-rng-device\fR options can be used to select an
starves. Do not set \fIfill-watermark\fR above the size of the
entropy pool (usually 4096 bits).
.TP
+\fB\-n\fI 1|0\fR, \fB\-\-no-tpm=\fI1|0\fR
+Do not use tpm as a source of random number input (default:0)
+.TP
+\fB\-q\fR, \fB\-\-quiet\fR
+Suppress error messages
+.TP
+\fB\-v\fR, \fB\-\-verbose\fR
+Report available entropy sources
+.TP
\fB\-t\fI nnn\fR, \fB\-\-timeout=\fInnn\fR
Interval written to random-device when the entropy pool is full, in seconds, or 0 to disable (default: 60)
.TP
Jeff Garzik \- jgarzik@pobox.com
.br
Matt Sottek
-
+.br
+Brad Hill
{ "fill-watermark", 'W', "n", 0,
"Do not stop feeding entropy to random-device until at least n bits of entropy are available in the pool (default: 2048), 0 <= n <= 4096" },
+ { "quiet", 'q', 0, 0, "Suppress error messages" },
+
+ { "verbose" ,'v', 0, 0, "Report available entropy sources" },
+
{ "timeout", 't', "nnn", 0,
- "Interval written to random-device when the entropy pool is full, in seconds (default: 60)" },
+ "Interval written to random-device when the entropy pool is full, in seconds, or 0 to disable (default: 60)" },
{ "no-tpm", 'n', "1|0", 0,
"do not use tpm as a source of random number input (default: 0)" },
.fill_watermark = 2048,
.daemon = 1,
.enable_tpm = 1,
+ .quiet = 0,
+ .verbose = 0,
};
struct arguments *arguments = &default_arguments;
arguments->fill_watermark = n;
break;
}
+ case 'q':
+ arguments->quiet = 1;
+ break;
+ case 'v':
+ arguments->verbose = 1;
+ break;
case 'n': {
int n;
if ((sscanf(arg,"%i", &n) == 0) || ((n | 1)!=1))
fips = fips_run_rng_test(fipsctx_in, buf);
if (fips) {
- message(LOG_DAEMON|LOG_ERR, "failed fips test\n");
+ if (!arguments->quiet)
+ message(LOG_DAEMON|LOG_ERR, "failed fips test\n");
return 1;
}
static void do_loop(int random_step, double poll_timeout)
{
unsigned char buf[FIPS_RNG_BUFFER_SIZE];
- int retval;
+ int retval = 0;
int no_work = 0;
while (no_work < 100) {
iter->failures++;
if (iter->failures == MAX_RNG_FAILURES) {
- message(LOG_DAEMON|LOG_ERR,
+ if (!arguments->quiet)
+ message(LOG_DAEMON|LOG_ERR,
"too many FIPS failures, disabling entropy source\n");
iter->disabled = true;
}
no_work++;
}
- message(LOG_DAEMON|LOG_ERR,
+ if (!arguments->quiet)
+ message(LOG_DAEMON|LOG_ERR,
"No entropy sources working, exiting rngd\n");
}
int main(int argc, char **argv)
{
- int rc_rng = 1;
- int rc_tpm = 1;
+ int rc_rng = 0;
+ int rc_tpm = 0;
+
+ openlog("rngd", 0, LOG_DAEMON);
/* Parsing of commandline parameters */
argp_parse(&argp, argc, argv, 0, 0, arguments);
rc_tpm = init_tpm_entropy_source(&rng_tpm);
if (rc_rng && rc_tpm) {
- message(LOG_DAEMON|LOG_ERR,
- "can't open entropy source(tpm or intel/amd rng)");
- message(LOG_DAEMON|LOG_ERR,
- "Maybe RNG device modules are not loaded\n");
+ if (!arguments->quiet) {
+ message(LOG_DAEMON|LOG_ERR,
+ "can't open entropy source(tpm or intel/amd rng)");
+ message(LOG_DAEMON|LOG_ERR,
+ "Maybe RNG device modules are not loaded\n");
+ }
+ return 1;
+ }
+
+ if (arguments->verbose) {
+ printf("Available entropy sources:\n");
+ if (!rc_rng)
+ printf("\tIntel/AMD hardware rng\n");
+ if (!rc_tpm)
+ printf("\tTPM\n");
+ }
+
+ if (rc_rng
+ && (rc_tpm || !arguments->enable_tpm)) {
+ if (!arguments->quiet)
+ message(LOG_DAEMON|LOG_ERR,
+ "No entropy source available, shutting down\n");
return 1;
}
am_daemon = 1;
if (daemon(0, 0) < 0) {
- fprintf(stderr, "can't daemonize: %s\n",
+ if(!arguments->quiet)
+ fprintf(stderr, "can't daemonize: %s\n",
strerror(errno));
return 1;
}
-
- openlog("rngd", 0, LOG_DAEMON);
}
do_loop(arguments->random_step,