diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2010-09-15 08:30:52 +0000 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2010-09-15 08:30:52 +0000 |
| commit | aa462edbb6ff9ef909fe78bfa90940e3fcc979e4 (patch) | |
| tree | cd236914f237074009baff31432f5213f501c230 /sys-apps | |
| parent | Typo in extras USE flag description (diff) | |
| download | gentoo-2-aa462edbb6ff9ef909fe78bfa90940e3fcc979e4.tar.gz gentoo-2-aa462edbb6ff9ef909fe78bfa90940e3fcc979e4.tar.bz2 gentoo-2-aa462edbb6ff9ef909fe78bfa90940e3fcc979e4.zip | |
New spin of the TPM patch that does not fail when TPM hardware is not present.
(Portage version: 2.2_rc75/cvs/Linux x86_64)
Diffstat (limited to 'sys-apps')
| -rw-r--r-- | sys-apps/rng-tools/ChangeLog | 11 | ||||
| -rw-r--r-- | sys-apps/rng-tools/files/rngd_tpm_support2.patch | 309 | ||||
| -rw-r--r-- | sys-apps/rng-tools/rng-tools-2-r3.ebuild | 31 |
3 files changed, 349 insertions, 2 deletions
diff --git a/sys-apps/rng-tools/ChangeLog b/sys-apps/rng-tools/ChangeLog index 5409538d584e..e7fd0cbc34a7 100644 --- a/sys-apps/rng-tools/ChangeLog +++ b/sys-apps/rng-tools/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-apps/rng-tools -# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/ChangeLog,v 1.27 2009/11/10 03:41:57 robbat2 Exp $ +# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/ChangeLog,v 1.28 2010/09/15 08:30:51 robbat2 Exp $ + +*rng-tools-2-r3 (15 Sep 2010) + + 15 Sep 2010; Robin H. Johnson <robbat2@gentoo.org> + +files/rngd_tpm_support2.patch, +rng-tools-2-r3.ebuild: + New spin of the TPM patch that does not fail when TPM hardware is not + present. *rng-tools-2-r2 (10 Nov 2009) diff --git a/sys-apps/rng-tools/files/rngd_tpm_support2.patch b/sys-apps/rng-tools/files/rngd_tpm_support2.patch new file mode 100644 index 000000000000..194a2186c53e --- /dev/null +++ b/sys-apps/rng-tools/files/rngd_tpm_support2.patch @@ -0,0 +1,309 @@ +New TPM-RNG patch from http://sourceforge.net/tracker/?func=detail&aid=2882127&group_id=3242&atid=303242 + +diff -urNp --exclude-from=/home/mdomsch/excludes --minimal rng-tools-2.orig/rngd.c rng-tools-2/rngd.c +--- rng-tools-2.orig/rngd.c 2009-10-19 22:35:03.023278725 -0500 ++++ rng-tools-2/rngd.c 2009-10-19 22:49:42.100279205 -0500 +@@ -91,6 +91,8 @@ static struct argp_option options[] = { + + { "timeout", 't', "nnn", 0, + "Interval written to random-device when the entropy pool is full, in seconds (default: 60)" }, ++ { "no-tpm", 'n', "1|0", 0, ++ "do not use tpm as a source of random number input (default: 0)" }, + + { 0 }, + }; +@@ -102,6 +104,7 @@ static struct arguments default_argument + .random_step = 64, + .fill_watermark = 2048, + .daemon = 1, ++ .no_tpm = 0, + }; + struct arguments *arguments = &default_arguments; + +@@ -147,6 +150,14 @@ static error_t parse_opt (int key, char + arguments->fill_watermark = n; + break; + } ++ case 'n': { ++ int n; ++ if ((sscanf(arg,"%i", &n) == 0) || ((n | 1)!=1)) ++ argp_usage(state); ++ else ++ arguments->no_tpm=0; ++ break; ++ } + + default: + return ARGP_ERR_UNKNOWN; +@@ -158,39 +169,60 @@ static error_t parse_opt (int key, char + static struct argp argp = { options, parse_opt, NULL, doc }; + + ++static int update_kernel_random(int random_step, double poll_timeout, ++ unsigned char *buf, fips_ctx_t *fipsctx) { ++ ++ int fips; ++ unsigned char *p; ++ fips = fips_run_rng_test(fipsctx, buf); ++ if (fips) { ++ message(LOG_DAEMON|LOG_ERR, "failed fips test\n"); ++ return 1; ++ } ++ ++ for (p = buf; p + random_step <= &buf[FIPS_RNG_BUFFER_SIZE]; ++ p += random_step) { ++ random_add_entropy(p, random_step); ++ random_sleep(poll_timeout); ++ } ++ return 0; ++} ++ + static void do_loop(int random_step, + double poll_timeout) + { + unsigned char buf[FIPS_RNG_BUFFER_SIZE]; +- unsigned char *p; +- int fips; ++ int retval; + + for (;;) { +- xread(buf, sizeof buf); +- +- fips = fips_run_rng_test(&fipsctx, buf); +- +- if (fips) { +- message(LOG_DAEMON|LOG_ERR, "failed fips test\n"); +- sleep(1); +- continue; +- } +- +- for (p = buf; p + random_step <= &buf[sizeof buf]; +- p += random_step) { +- random_add_entropy(p, random_step); +- random_sleep(poll_timeout); ++ if (arguments->no_tpm == 0) { ++ retval=xread_tpm(buf, sizeof buf); ++ if (retval >= 0) ++ update_kernel_random(random_step, ++ poll_timeout, buf, &tpm_fipsctx); + } ++ retval=xread(buf, sizeof buf); ++ if (retval > 0) ++ update_kernel_random(random_step, ++ poll_timeout, buf, &fipsctx); + } + } + + + int main(int argc, char **argv) + { ++ int rc_rng, rc_tpm; + argp_parse(&argp, argc, argv, 0, 0, arguments); + + /* Init entropy source, and open TRNG device */ +- init_entropy_source(arguments->rng_name); ++ rc_rng = init_entropy_source(arguments->rng_name); ++ rc_tpm = init_tpm_entropy_source(); ++ if (rc_rng && rc_tpm) { ++ message(LOG_DAEMON|LOG_ERR, ++ "can't open entropy source(tpm or intel/amd rng)"); ++ message(LOG_DAEMON|LOG_ERR,"Maybe RNG device modules are not loaded\n"); ++ return 1; ++ } + + /* Init entropy sink and open random device */ + init_kernel_rng(arguments->random_name); +diff -urNp --exclude-from=/home/mdomsch/excludes --minimal rng-tools-2.orig/rngd_entsource.c rng-tools-2/rngd_entsource.c +--- rng-tools-2.orig/rngd_entsource.c 2004-04-15 00:06:17.000000000 -0500 ++++ rng-tools-2/rngd_entsource.c 2009-10-19 22:43:46.489263797 -0500 +@@ -42,17 +42,27 @@ + #include "rngd_entsource.h" + + +-/* Logic and contexts */ +-static int rng_fd; /* rng data source */ +-fips_ctx_t fipsctx; /* Context for the FIPS tests */ ++/* The overhead incured when tpm returns the random nos as per TCG spec ++ * it is 14 bytes.*/ ++#define TPM_GET_RNG_OVERHEAD 14 + ++/* Logic and contexts */ ++static int rng_fd; /* rng data source */ ++static const char *tpm_device="/dev/tpm0"; ++static int has_tpm; ++fips_ctx_t fipsctx; /* Context for the FIPS tests */ ++fips_ctx_t tpm_fipsctx; /* Context for the tpm FIPS tests */ + + /* Read data from the entropy source */ +-void xread(void *buf, size_t size) ++int xread(void *buf, size_t size) + { + size_t off = 0; + ssize_t r; + ++ /* Do nothing if we have no hw rng, maybe we have tpm */ ++ if (rng_fd < 0) ++ return -1; ++ + while (size > 0) { + do { + r = read(rng_fd, buf + off, size); +@@ -65,8 +75,84 @@ void xread(void *buf, size_t size) + + if (size) { + message(LOG_DAEMON|LOG_ERR, "read error\n"); +- exit(1); ++ return -1; ++ } ++ return 0; ++} ++ ++/* tpm rng read call to kernel has 13 bytes of overhead ++ * the logic to process this involves reading to a temporary_buf ++ * and copying the no generated to buf*/ ++int xread_tpm(void *buf, size_t size) ++{ ++ size_t bytes_read = 0; ++ ssize_t r; ++ int retval,tpm_fd; ++ unsigned char *temp_buf=NULL; ++ unsigned char rng_cmd[] = { ++ 0, 193, /* TPM_TAG_RQU_COMMAND */ ++ 0, 0, 0, 14, /* length */ ++ 0, 0, 0, 70, /* TPM_ORD_GetRandom */ ++ 0, 0, 0, 0, /* number of bytes to return */ ++ }; ++ char *offset; ++ ++ if (!has_tpm) ++ return -1; ++ tpm_fd=open(tpm_device, O_RDWR); ++ if (tpm_fd < 0) { ++ message(LOG_ERR|LOG_INFO, ++ "Unable to open %s: %s\n",tpm_device,strerror(errno)); ++ return -1; ++ } ++ ++ temp_buf= (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD); ++ memset(temp_buf,0,(size+TPM_GET_RNG_OVERHEAD)); ++ if (temp_buf == NULL) { ++ message(LOG_ERR|LOG_INFO,"No memory"); ++ return -1; ++ } ++ /* 32 bits has been reserved for random byte size */ ++ rng_cmd[13]=(unsigned char)(size & 0xFF); ++ rng_cmd[12]=(unsigned char)((size >> 8) & 0xFF); ++ rng_cmd[11]=(unsigned char)((size >> 16) & 0xFF); ++ rng_cmd[10]=(unsigned char)((size >> 24) & 0xFF); ++ offset=buf; ++ while (bytes_read < size) { ++ r=0; ++ while (r < sizeof(rng_cmd)) { ++ retval=write(tpm_fd,rng_cmd + r,sizeof(rng_cmd)-r); ++ if (retval < 0) { ++ message(LOG_ERR|LOG_INFO, ++ "Error writing %s\n",tpm_device); ++ retval=-1; ++ goto error_out; ++ } ++ r+=retval; ++ } ++ if (r < sizeof(rng_cmd)) { ++ message(LOG_ERR|LOG_INFO, ++ "Error writing %s\n",tpm_device); ++ retval=-1; ++ goto error_out; ++ } ++ r=read(tpm_fd,temp_buf,size); ++ r=(r - TPM_GET_RNG_OVERHEAD); ++ bytes_read=bytes_read + r; ++ if (bytes_read > size) { ++ memcpy(offset,temp_buf + TPM_GET_RNG_OVERHEAD, ++ r - (bytes_read - size)); ++ break; ++ } ++ memcpy(offset, temp_buf + TPM_GET_RNG_OVERHEAD, ++ r); ++ offset=offset+r; + } ++ retval=0; ++error_out: ++ free(temp_buf); ++ close(tpm_fd); ++ return retval; + } + + /* Initialize entropy source */ +@@ -91,16 +177,32 @@ static int discard_initial_data(void) + /* + * Open entropy source, and initialize it + */ +-void init_entropy_source(const char* sourcedev) ++int init_entropy_source(const char* sourcedev) + { + rng_fd = open(sourcedev, O_RDONLY); + if (rng_fd == -1) { +- message(LOG_DAEMON|LOG_ERR, "can't open %s: %s", +- sourcedev, strerror(errno)); +- exit(EXIT_FAIL); ++ return 1; + } +- + /* Bootstrap FIPS tests */ + fips_init(&fipsctx, discard_initial_data()); ++ return 0; ++} ++ ++/* ++ * Open tpm entropy source, and initialize it ++ */ ++int init_tpm_entropy_source(void) ++{ ++ int tpm_fd; ++ tpm_fd = open(tpm_device, O_RDONLY); ++ if (tpm_fd == -1) { ++ return 1; ++ } ++ close(tpm_fd); ++ ++ /* Bootstrap FIPS tests */ ++ fips_init(&tpm_fipsctx, 0); ++ has_tpm=1; ++ return 0; + } + +diff -urNp --exclude-from=/home/mdomsch/excludes --minimal rng-tools-2.orig/rngd_entsource.h rng-tools-2/rngd_entsource.h +--- rng-tools-2.orig/rngd_entsource.h 2004-04-15 00:04:45.000000000 -0500 ++++ rng-tools-2/rngd_entsource.h 2009-10-19 22:47:49.668279183 -0500 +@@ -28,15 +28,18 @@ + + /* Logic and contexts */ + extern fips_ctx_t fipsctx; /* Context for the FIPS tests */ ++extern fips_ctx_t tpm_fipsctx; /* Context for the tpm FIPS tests */ + + /* + * Initialize entropy source and entropy conditioning + * + * sourcedev is the path to the entropy source + */ +-extern void init_entropy_source(const char* sourcedev); ++extern int init_entropy_source(const char* sourcedev); ++extern int init_tpm_entropy_source(void); + + /* Read data from the entropy source */ +-void xread(void *buf, size_t size); ++extern int xread(void *buf, size_t size); ++extern int xread_tpm(void *buf, size_t size); + + #endif /* RNGD_ENTSOURCE__H */ +diff -urNp --exclude-from=/home/mdomsch/excludes --minimal rng-tools-2.orig/rngd.h rng-tools-2/rngd.h +--- rng-tools-2.orig/rngd.h 2004-08-24 12:53:04.000000000 -0500 ++++ rng-tools-2/rngd.h 2009-10-19 22:35:32.631263134 -0500 +@@ -42,6 +42,7 @@ struct arguments { + double poll_timeout; + + int daemon; ++ int no_tpm; + }; + extern struct arguments *arguments; + diff --git a/sys-apps/rng-tools/rng-tools-2-r3.ebuild b/sys-apps/rng-tools/rng-tools-2-r3.ebuild new file mode 100644 index 000000000000..b8a0326cd78c --- /dev/null +++ b/sys-apps/rng-tools/rng-tools-2-r3.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/rng-tools-2-r3.ebuild,v 1.1 2010/09/15 08:30:51 robbat2 Exp $ + +EAPI=2 +inherit autotools + +DESCRIPTION="Daemon to use hardware random number generators." +HOMEPAGE="http://gkernel.sourceforge.net/" +SRC_URI="mirror://sourceforge/gkernel/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~x86" +IUSE="" +DEPEND="" +RDEPEND="" + +src_prepare() { + epatch "${FILESDIR}"/rngd_tpm_support2.patch + + echo 'bin_PROGRAMS = randstat' >> contrib/Makefile.am + eautoreconf +} + +src_install() { + make DESTDIR="${D}" install || die + + dodoc AUTHORS ChangeLog + doinitd "${FILESDIR}/2-r2/rngd" + newconfd "${FILESDIR}/2-r2/rngd-conf" rngd +} |