[rng] Add Linux entropy source using /dev/random

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/config/defaults/linux.h b/src/config/defaults/linux.h
index 6b24da48028068084f29be85c83c4c9fecd030f1..fcdf90400b31eb576914fbdc17901840ac858676 100644 (file)
--- a/src/config/defaults/linux.h
+++ b/src/config/defaults/linux.h
@@ -14,7 +14,7 @@
 #define NAP_LINUX
 #define SMBIOS_LINUX
 #define SANBOOT_NULL
-#define ENTROPY_NULL
+#define ENTROPY_LINUX
 
 #define DRIVERS_LINUX
 

diff --git a/src/include/ipxe/entropy.h b/src/include/ipxe/entropy.h
index 50ba4fc637b0387cc7b741d05de34ee34def126e..adf325e79a4162d5dc3344cb70ee186de2743918 100644 (file)
--- a/src/include/ipxe/entropy.h
+++ b/src/include/ipxe/entropy.h
@@ -54,6 +54,7 @@ typedef uint8_t entropy_sample_t;
 
 /* Include all architecture-independent entropy API headers */
 #include <ipxe/null_entropy.h>
+#include <ipxe/linux/linux_entropy.h>
 
 /* Include all architecture-dependent entropy API headers */
 #include <bits/entropy.h>

diff --git a/src/include/ipxe/errfile.h b/src/include/ipxe/errfile.h
index 050bf3fecaf1565dbf385111dd450a2cd10eb75f..bfb738a4a54a522bd5f08c973b3c60da24eed474 100644 (file)
--- a/src/include/ipxe/errfile.h
+++ b/src/include/ipxe/errfile.h
@@ -247,6 +247,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #define ERRFILE_drbg                 ( ERRFILE_OTHER | 0x00250000 )
 #define ERRFILE_entropy                      ( ERRFILE_OTHER | 0x00260000 )
 #define ERRFILE_rsa                  ( ERRFILE_OTHER | 0x00270000 )
+#define ERRFILE_linux_entropy        ( ERRFILE_OTHER | 0x00280000 )
 
 /** @} */
 

diff --git a/src/include/ipxe/linux/linux_entropy.h b/src/include/ipxe/linux/linux_entropy.h
new file mode 100644 (file)
index 0000000..bd89bd5
--- /dev/null
+++ b/src/include/ipxe/linux/linux_entropy.h
@@ -0,0 +1,32 @@
+#ifndef _IPXE_LINUX_ENTROPY_H
+#define _IPXE_LINUX_ENTROPY_H
+
+/** @file
+ *
+ * iPXE entropy API for linux
+ *
+ */
+
+FILE_LICENCE(GPL2_OR_LATER);
+
+#ifdef ENTROPY_LINUX
+#define ENTROPY_PREFIX_linux
+#else
+#define ENTROPY_PREFIX_linux __linux_
+#endif
+
+/**
+ * min-entropy per sample
+ *
+ * @ret min_entropy    min-entropy of each sample
+ */
+static inline __always_inline double
+ENTROPY_INLINE ( linux, min_entropy_per_sample ) ( void ) {
+
+       /* We read single bytes from /dev/random and assume that each
+        * contains full entropy.
+        */
+       return 8;
+}
+
+#endif /* _IPXE_LINUX_ENTROPY_H */

diff --git a/src/interface/linux/linux_entropy.c b/src/interface/linux/linux_entropy.c
new file mode 100644 (file)
index 0000000..d82aaba
--- /dev/null
+++ b/src/interface/linux/linux_entropy.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+/** @file
+ *
+ * Linux entropy source
+ *
+ */
+
+#include <stdint.h>
+#include <errno.h>
+#include <linux_api.h>
+#include <ipxe/entropy.h>
+
+/** Entropy source filename */
+static const char entropy_filename[] = "/dev/random";
+
+/** Entropy source file handle */
+static int entropy_fd;
+
+/**
+ * Enable entropy gathering
+ *
+ * @ret rc             Return status code
+ */
+static int linux_entropy_enable ( void ) {
+
+       /* Open entropy source */
+       entropy_fd = linux_open ( entropy_filename, O_RDONLY );
+       if ( entropy_fd < 0 ) {
+               DBGC ( &entropy_fd, "ENTROPY could not open %s: %s\n",
+                      entropy_filename, linux_strerror ( linux_errno ) );
+               return entropy_fd;
+       }
+
+       return 0;
+}
+
+/**
+ * Disable entropy gathering
+ *
+ */
+static void linux_entropy_disable ( void ) {
+
+       /* Close entropy source */
+       linux_close ( entropy_fd );
+}
+
+/**
+ * Get noise sample
+ *
+ * @ret noise          Noise sample
+ * @ret rc             Return status code
+ */
+static int linux_get_noise ( noise_sample_t *noise ) {
+       uint8_t byte;
+       ssize_t len;
+
+       /* Read a single byte from entropy source */
+       len = linux_read ( entropy_fd, &byte, sizeof ( byte ) );
+       if ( len < 0 ) {
+               DBGC ( &entropy_fd, "ENTROPY could not read from %s: %s\n",
+                      entropy_filename, linux_strerror ( linux_errno ) );
+               return len;
+       }
+       if ( len == 0 ) {
+               DBGC ( &entropy_fd, "ENTROPY EOF on reading from %s: %s\n",
+                      entropy_filename, linux_strerror ( linux_errno ) );
+               return -EPIPE;
+       }
+       *noise = byte;
+
+       return 0;
+}
+
+PROVIDE_ENTROPY_INLINE ( linux, min_entropy_per_sample );
+PROVIDE_ENTROPY ( linux, entropy_enable, linux_entropy_enable );
+PROVIDE_ENTROPY ( linux, entropy_disable, linux_entropy_disable );
+PROVIDE_ENTROPY ( linux, get_noise, linux_get_noise );