From e42da63c90b4221b7d427566aa05b5d330890e0a Mon Sep 17 00:00:00 2001 From: Brad Hill Date: Tue, 17 Jul 2012 19:50:40 -0400 Subject: [PATCH] Added -q and -v flags, updated help and man page -q and --quiet flags to suppress error messages from rngd.c -v and --verbose flags to list available entropy sources help and man page reflect these changes and have minor fixes --- rngd.8.in | 17 +++++++++++-- rngd.c | 62 +++++++++++++++++++++++++++++++++++++----------- rngd.h | 2 ++ rngd_entsource.c | 9 +++++++ 4 files changed, 74 insertions(+), 16 deletions(-) diff --git a/rngd.8.in b/rngd.8.in index 3575784..bbd9e3c 100644 --- a/rngd.8.in +++ b/rngd.8.in @@ -13,6 +13,9 @@ rngd \- Check and feed random data from hardware device to kernel random device [\fB\-r\fR, \fB\-\-rng-device=\fIfile\fR] [\fB\-s\fR, \fB\-\-random-step=\fInnn\fR] [\fB\-W\fR, \fB\-\-fill-watermark=\fInnn\fR] +[\fB\-n\fR, \fB\-\-no-tpm=\fI1|0\fR] +[\fB\-q\fR, \fB\-\-quiet\fR] +[\fB\-v\fR, \fB\-\-verbose\fR] [\fB\-t\fR, \fB\-\-timeout=\fInnn\fR] [\fB\-?\fR, \fB\-\-help\fR] [\fB\-V\fR, \fB\-\-version\fR] @@ -25,7 +28,7 @@ it is properly random. .PP The \fB\-f\fR or \fB\-\-foreground\fR options can be used to tell \fBrngd\fR to avoid forking on startup. This is typically used for -debugging. The \fB\-f\fR or \fB\-\-foreground\fR options, which fork and put +debugging. The \fB\-b\fR or \fB\-\-background\fR options, which fork and put \fBrngd\fR into the background automatically, are the default. .PP The \fB\-r\fR or \fB\-\-rng-device\fR options can be used to select an @@ -64,6 +67,15 @@ entropy pool. Low values will hurt system performance during entropy starves. Do not set \fIfill-watermark\fR above the size of the entropy pool (usually 4096 bits). .TP +\fB\-n\fI 1|0\fR, \fB\-\-no-tpm=\fI1|0\fR +Do not use tpm as a source of random number input (default:0) +.TP +\fB\-q\fR, \fB\-\-quiet\fR +Suppress error messages +.TP +\fB\-v\fR, \fB\-\-verbose\fR +Report available entropy sources +.TP \fB\-t\fI nnn\fR, \fB\-\-timeout=\fInnn\fR Interval written to random-device when the entropy pool is full, in seconds, or 0 to disable (default: 60) .TP @@ -79,4 +91,5 @@ Philipp Rumpf Jeff Garzik \- jgarzik@pobox.com .br Matt Sottek - +.br +Brad Hill diff --git a/rngd.c b/rngd.c index d4cf870..90232f8 100644 --- a/rngd.c +++ b/rngd.c @@ -89,8 +89,12 @@ static struct argp_option options[] = { { "fill-watermark", 'W', "n", 0, "Do not stop feeding entropy to random-device until at least n bits of entropy are available in the pool (default: 2048), 0 <= n <= 4096" }, + { "quiet", 'q', 0, 0, "Suppress error messages" }, + + { "verbose" ,'v', 0, 0, "Report available entropy sources" }, + { "timeout", 't', "nnn", 0, - "Interval written to random-device when the entropy pool is full, in seconds (default: 60)" }, + "Interval written to random-device when the entropy pool is full, in seconds, or 0 to disable (default: 60)" }, { "no-tpm", 'n', "1|0", 0, "do not use tpm as a source of random number input (default: 0)" }, @@ -104,6 +108,8 @@ static struct arguments default_arguments = { .fill_watermark = 2048, .daemon = 1, .enable_tpm = 1, + .quiet = 0, + .verbose = 0, }; struct arguments *arguments = &default_arguments; @@ -160,6 +166,12 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) arguments->fill_watermark = n; break; } + case 'q': + arguments->quiet = 1; + break; + case 'v': + arguments->verbose = 1; + break; case 'n': { int n; if ((sscanf(arg,"%i", &n) == 0) || ((n | 1)!=1)) @@ -187,7 +199,8 @@ static int update_kernel_random(int random_step, double poll_timeout, fips = fips_run_rng_test(fipsctx_in, buf); if (fips) { - message(LOG_DAEMON|LOG_ERR, "failed fips test\n"); + if (!arguments->quiet) + message(LOG_DAEMON|LOG_ERR, "failed fips test\n"); return 1; } @@ -202,7 +215,7 @@ static int update_kernel_random(int random_step, double poll_timeout, static void do_loop(int random_step, double poll_timeout) { unsigned char buf[FIPS_RNG_BUFFER_SIZE]; - int retval; + int retval = 0; int no_work = 0; while (no_work < 100) { @@ -231,7 +244,8 @@ static void do_loop(int random_step, double poll_timeout) iter->failures++; if (iter->failures == MAX_RNG_FAILURES) { - message(LOG_DAEMON|LOG_ERR, + if (!arguments->quiet) + message(LOG_DAEMON|LOG_ERR, "too many FIPS failures, disabling entropy source\n"); iter->disabled = true; } @@ -241,14 +255,17 @@ static void do_loop(int random_step, double poll_timeout) no_work++; } - message(LOG_DAEMON|LOG_ERR, + if (!arguments->quiet) + message(LOG_DAEMON|LOG_ERR, "No entropy sources working, exiting rngd\n"); } int main(int argc, char **argv) { - int rc_rng = 1; - int rc_tpm = 1; + int rc_rng = 0; + int rc_tpm = 0; + + openlog("rngd", 0, LOG_DAEMON); /* Parsing of commandline parameters */ argp_parse(&argp, argc, argv, 0, 0, arguments); @@ -259,10 +276,28 @@ int main(int argc, char **argv) rc_tpm = init_tpm_entropy_source(&rng_tpm); if (rc_rng && rc_tpm) { - message(LOG_DAEMON|LOG_ERR, - "can't open entropy source(tpm or intel/amd rng)"); - message(LOG_DAEMON|LOG_ERR, - "Maybe RNG device modules are not loaded\n"); + if (!arguments->quiet) { + message(LOG_DAEMON|LOG_ERR, + "can't open entropy source(tpm or intel/amd rng)"); + message(LOG_DAEMON|LOG_ERR, + "Maybe RNG device modules are not loaded\n"); + } + return 1; + } + + if (arguments->verbose) { + printf("Available entropy sources:\n"); + if (!rc_rng) + printf("\tIntel/AMD hardware rng\n"); + if (!rc_tpm) + printf("\tTPM\n"); + } + + if (rc_rng + && (rc_tpm || !arguments->enable_tpm)) { + if (!arguments->quiet) + message(LOG_DAEMON|LOG_ERR, + "No entropy source available, shutting down\n"); return 1; } @@ -273,12 +308,11 @@ int main(int argc, char **argv) am_daemon = 1; if (daemon(0, 0) < 0) { - fprintf(stderr, "can't daemonize: %s\n", + if(!arguments->quiet) + fprintf(stderr, "can't daemonize: %s\n", strerror(errno)); return 1; } - - openlog("rngd", 0, LOG_DAEMON); } do_loop(arguments->random_step, diff --git a/rngd.h b/rngd.h index bcc6f59..60a9861 100644 --- a/rngd.h +++ b/rngd.h @@ -45,6 +45,8 @@ struct arguments { int fill_watermark; double poll_timeout; + int quiet; + int verbose; int daemon; int enable_tpm; }; diff --git a/rngd_entsource.c b/rngd_entsource.c index 9d07691..0b2bb59 100644 --- a/rngd_entsource.c +++ b/rngd_entsource.c @@ -125,6 +125,13 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src) goto error_out; } r = read(ent_src->rng_fd, temp_buf,size); + if (r <= 0) { + message(LOG_ERR|LOG_INFO, + "Error reading from TPM, no entropy gathered"); + retval = -1; + goto error_out; + } + r = (r - TPM_GET_RNG_OVERHEAD); bytes_read = bytes_read + r; if (bytes_read > size) { @@ -184,6 +191,8 @@ int init_tpm_entropy_source(struct rng *ent_src) { ent_src->rng_fd = open(ent_src->rng_name, O_RDWR); if (ent_src->rng_fd == -1) { + message(LOG_ERR|LOG_INFO,"Unable to open file: %s", + ent_src->rng_name); return 1; } src_list_add(ent_src); -- 2.39.2