New spin of the TPM patch that does not fail when TPM hardware is not present.

Package-Manager: portage-2.2_rc75/cvs/Linux x86_64

4 files changed, 352 insertions, 3 deletions

diff --git a/sys-apps/rng-tools/ChangeLog b/sys-apps/rng-tools/ChangeLog
index 5409538d584e..e7fd0cbc34a7 100644
--- a/sys-apps/rng-tools/ChangeLog
+++ b/sys-apps/rng-tools/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-apps/rng-tools
-# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/ChangeLog,v 1.27 2009/11/10 03:41:57 robbat2 Exp $
+# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/ChangeLog,v 1.28 2010/09/15 08:30:51 robbat2 Exp $
+
+*rng-tools-2-r3 (15 Sep 2010)
+
+  15 Sep 2010; Robin H. Johnson <robbat2@gentoo.org>
+  +files/rngd_tpm_support2.patch, +rng-tools-2-r3.ebuild:
+  New spin of the TPM patch that does not fail when TPM hardware is not
+  present.
 
 *rng-tools-2-r2 (10 Nov 2009)
   
diff --git a/sys-apps/rng-tools/Manifest b/sys-apps/rng-tools/Manifest
index 4734092765a7..cb62f2956c60 100644
--- a/sys-apps/rng-tools/Manifest
+++ b/sys-apps/rng-tools/Manifest
@@ -3,8 +3,10 @@ AUX 2-r2/rngd-conf 526 RMD160 5539152fa9544775cb47cb18f4b0c0e1ce113a13 SHA1 ca36
 AUX 2/rngd 1488 RMD160 eb3628986ba3896deb8dfaf6765c052cb2d673ae SHA1 ce333b36be8144f24d55397c06dbf0eea4f3563d SHA256 00f8d05292565feb750d20af4ff6ff8ee20a14ae09c0164ec7b6b4b1ee67028d
 AUX 2/rngd-conf 259 RMD160 278957b8acad462fd5c888344fb21a52dffd1c6b SHA1 a3fe13793fffe10577f94398946b20142eae0771 SHA256 4dff7a0c8406f5344f71d236e755877388e93ff6728eedfdfe6921b3de41d137
 AUX rngd_tpm_support.patch 7620 RMD160 b346d1b27edcd7cb9ad302ec870c73029e7f5276 SHA1 415115d91e823b5a74ef396d5b0bf62b8770b34b SHA256 44839db3a5dbc6d7a27d9e66ace1a68459bc532cd36e891a996b4f9dcd59f555
+AUX rngd_tpm_support2.patch 8540 RMD160 276c7805e304055fe793a6543133c8556edc64b2 SHA1 9f9bdb16aa1cd90df2c6a13dd5a431279cbd0407 SHA256 01e78c3488f30614006599728f5c8159530232edb547e6557fc72d2a1fd93cba
 DIST rng-tools-2.tar.gz 86429 RMD160 c40bc13068ffb48e28e1a8da274c0be40deb0a8a SHA1 45f43b0992b9978f9e0633d31d7f4b2a3643d293 SHA256 1126f0ecc8cab3af14a562cddc5d8ffeef47df7eba34a7aadcdee35a25ec2b1e
 EBUILD rng-tools-2-r1.ebuild 780 RMD160 04c419c84306e79aab5a9220a3657a3bbe73641e SHA1 c8b1b7113993f9d3605e982d3cc2e7e369c886ac SHA256 c807a02a07216dfbe879742ae75cc33d3870d11f07cc8a9c5de43da0b8c98e21
 EBUILD rng-tools-2-r2.ebuild 793 RMD160 8d27c06eafddadbebec93880eb4f54b1599f8511 SHA1 ff9708cc0fdbe66c7462e559448c4e2adde40ecc SHA256 d0a0f72cbec85b6eb11758732080cfc436fbfe2c2fbc8b41d58ec7241787ad8d
-MISC ChangeLog 3489 RMD160 5840513a3a7d45daa559aa2b0653ff8247d19bb8 SHA1 d0150392c3960b35a77b429eed7df7efae5d737b SHA256 ad624573c769795063940773bc38113356d8b66bc7d3f8705b9fb59681c7518d
+EBUILD rng-tools-2-r3.ebuild 794 RMD160 567a0b2fac5e1eafb9c6210a197c80d4ab81fc1b SHA1 c11a60705a07d44c407cd5fe6a4bcf7e5ec1e0e8 SHA256 36c72f22f414eda503ab4f696ee3e1c6b3d2b56b7d2fcb623bf95d927c8b1a33
+MISC ChangeLog 3715 RMD160 cf9d05ac9a5af64e0c1e796ce639c66ad8a6e693 SHA1 f1c88c2aafe13ffb625647cb4f0444d4971cedbd SHA256 5e204baf0a28a63c8c3dfb9377ee3fcded2efb2ebde8bcbd148a5697da7cf53d
 MISC metadata.xml 231 RMD160 984878f0848eaa1ef84b38196bb704d218277437 SHA1 6015bdc80c95314a6250c06380f316ca4c753770 SHA256 c9a6ce79e19aa9257b980bda6f6b6332d0fcb81f50800bb12c1a1c6d2f5cd443
diff --git a/sys-apps/rng-tools/files/rngd_tpm_support2.patch b/sys-apps/rng-tools/files/rngd_tpm_support2.patch
new file mode 100644
index 000000000000..194a2186c53e
--- /dev/null
+++ b/sys-apps/rng-tools/files/rngd_tpm_support2.patch
@@ -0,0 +1,309 @@
+New TPM-RNG patch from http://sourceforge.net/tracker/?func=detail&aid=2882127&group_id=3242&atid=303242
+
+diff -urNp --exclude-from=/home/mdomsch/excludes --minimal rng-tools-2.orig/rngd.c rng-tools-2/rngd.c
+--- rng-tools-2.orig/rngd.c	2009-10-19 22:35:03.023278725 -0500
++++ rng-tools-2/rngd.c	2009-10-19 22:49:42.100279205 -0500
+@@ -91,6 +91,8 @@ static struct argp_option options[] = {
+ 
+ 	{ "timeout", 't', "nnn", 0,
+ 	  "Interval written to random-device when the entropy pool is full, in seconds (default: 60)" },
++	{ "no-tpm", 'n', "1|0", 0,
++	  "do not use tpm as a source of random number input (default: 0)" },
+ 
+ 	{ 0 },
+ };
+@@ -102,6 +104,7 @@ static struct arguments default_argument
+ 	.random_step	= 64,
+ 	.fill_watermark = 2048,
+ 	.daemon		= 1,
++	.no_tpm		= 0,
+ };
+ struct arguments *arguments = &default_arguments;
+ 
+@@ -147,6 +150,14 @@ static error_t parse_opt (int key, char 
+ 			arguments->fill_watermark = n;
+ 		break;
+ 	}
++	case 'n': {
++		int n;
++		if ((sscanf(arg,"%i", &n) == 0) || ((n | 1)!=1))
++			argp_usage(state);
++		else
++			arguments->no_tpm=0;
++		break;
++	}
+ 
+ 	default:
+ 		return ARGP_ERR_UNKNOWN;
+@@ -158,39 +169,60 @@ static error_t parse_opt (int key, char 
+ static struct argp argp = { options, parse_opt, NULL, doc };
+ 
+ 
++static int update_kernel_random(int random_step, double poll_timeout,
++	unsigned char *buf, fips_ctx_t *fipsctx) {
++
++	int fips;
++	unsigned char *p;
++	fips = fips_run_rng_test(fipsctx, buf);
++	if (fips) {
++		message(LOG_DAEMON|LOG_ERR, "failed fips test\n");
++		return 1;
++	}
++
++	for (p = buf; p + random_step <= &buf[FIPS_RNG_BUFFER_SIZE];
++		 p += random_step) {
++		random_add_entropy(p, random_step);
++		random_sleep(poll_timeout);
++	}
++	return 0;
++}
++
+ static void do_loop(int random_step,
+ 		    double poll_timeout)
+ {
+ 	unsigned char buf[FIPS_RNG_BUFFER_SIZE];
+-	unsigned char *p;
+-	int fips;
++	int retval;
+ 
+ 	for (;;) {
+-		xread(buf, sizeof buf);
+-
+-		fips = fips_run_rng_test(&fipsctx, buf);
+-
+-		if (fips) {
+-			message(LOG_DAEMON|LOG_ERR, "failed fips test\n");
+-			sleep(1);
+-			continue;
+-		}
+-
+-		for (p = buf; p + random_step <= &buf[sizeof buf];
+-		     p += random_step) {
+-			random_add_entropy(p, random_step);
+-			random_sleep(poll_timeout);
++		if (arguments->no_tpm == 0) {
++			retval=xread_tpm(buf, sizeof buf);
++			if (retval >= 0)
++				update_kernel_random(random_step,
++						     poll_timeout, buf, &tpm_fipsctx);
+ 		}
++		retval=xread(buf, sizeof buf);
++		if (retval > 0)
++			update_kernel_random(random_step,
++				poll_timeout, buf, &fipsctx);
+ 	}
+ }
+ 
+ 
+ int main(int argc, char **argv)
+ {
++	int rc_rng, rc_tpm;
+ 	argp_parse(&argp, argc, argv, 0, 0, arguments);
+ 
+ 	/* Init entropy source, and open TRNG device */
+-	init_entropy_source(arguments->rng_name);
++	rc_rng = init_entropy_source(arguments->rng_name);
++	rc_tpm = init_tpm_entropy_source();
++	if (rc_rng && rc_tpm) {
++		message(LOG_DAEMON|LOG_ERR,
++			"can't open entropy source(tpm or intel/amd rng)");
++		message(LOG_DAEMON|LOG_ERR,"Maybe RNG device modules are not loaded\n");
++		return 1;
++	}
+ 
+ 	/* Init entropy sink and open random device */
+ 	init_kernel_rng(arguments->random_name);
+diff -urNp --exclude-from=/home/mdomsch/excludes --minimal rng-tools-2.orig/rngd_entsource.c rng-tools-2/rngd_entsource.c
+--- rng-tools-2.orig/rngd_entsource.c	2004-04-15 00:06:17.000000000 -0500
++++ rng-tools-2/rngd_entsource.c	2009-10-19 22:43:46.489263797 -0500
+@@ -42,17 +42,27 @@
+ #include "rngd_entsource.h"
+ 
+ 
+-/* Logic and contexts */
+-static int rng_fd;			/* rng data source */
+-fips_ctx_t fipsctx;			/* Context for the FIPS tests */
++/* The overhead incured when tpm returns the random nos as per TCG spec 
++ * it is 14 bytes.*/
++#define TPM_GET_RNG_OVERHEAD	14
+ 
++/* Logic and contexts */
++static int rng_fd;	/* rng data source */
++static const char *tpm_device="/dev/tpm0";
++static int has_tpm;
++fips_ctx_t fipsctx;	/* Context for the FIPS tests */
++fips_ctx_t tpm_fipsctx;	/* Context for the tpm FIPS tests */
+ 
+ /* Read data from the entropy source */
+-void xread(void *buf, size_t size)
++int xread(void *buf, size_t size)
+ {
+ 	size_t off = 0;
+ 	ssize_t r;
+ 
++	/* Do nothing if we have no hw rng, maybe we have tpm */
++	if (rng_fd < 0)
++		return -1;
++
+ 	while (size > 0) {
+ 		do {
+ 			r = read(rng_fd, buf + off, size);
+@@ -65,8 +75,84 @@ void xread(void *buf, size_t size)
+ 
+ 	if (size) {
+ 		message(LOG_DAEMON|LOG_ERR, "read error\n");
+-		exit(1);
++		return -1;
++	}
++	return 0;
++}
++
++/* tpm rng read call to kernel has 13 bytes of overhead
++ * the logic to process this involves reading to a temporary_buf
++ * and copying the no generated to buf*/
++int xread_tpm(void *buf, size_t size)
++{
++	size_t bytes_read = 0;
++	ssize_t r;
++	int retval,tpm_fd;
++	unsigned char *temp_buf=NULL;
++	unsigned char rng_cmd[] = {
++		0, 193,            /* TPM_TAG_RQU_COMMAND */
++		0, 0, 0, 14,       /* length */
++		0, 0, 0, 70,       /* TPM_ORD_GetRandom */
++		0, 0, 0, 0,        /* number of bytes to return */
++	};
++	char *offset;
++
++	if (!has_tpm)
++		return -1;
++	tpm_fd=open(tpm_device, O_RDWR);
++	if (tpm_fd < 0) {
++		message(LOG_ERR|LOG_INFO,
++			"Unable to open %s: %s\n",tpm_device,strerror(errno));
++		return -1;
++	}
++
++	temp_buf= (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD);
++	memset(temp_buf,0,(size+TPM_GET_RNG_OVERHEAD));
++	if (temp_buf == NULL) {
++		message(LOG_ERR|LOG_INFO,"No memory");
++		return -1;
++	}
++	/* 32 bits has been reserved for random byte size */
++	rng_cmd[13]=(unsigned char)(size & 0xFF);
++	rng_cmd[12]=(unsigned char)((size >> 8) & 0xFF);
++	rng_cmd[11]=(unsigned char)((size >> 16) & 0xFF);
++	rng_cmd[10]=(unsigned char)((size >> 24) & 0xFF);
++	offset=buf;
++	while (bytes_read < size) {
++		r=0;
++		while (r < sizeof(rng_cmd)) {
++			retval=write(tpm_fd,rng_cmd + r,sizeof(rng_cmd)-r);
++			if (retval < 0) {
++				message(LOG_ERR|LOG_INFO,
++					"Error writing %s\n",tpm_device);
++				retval=-1;
++				goto error_out;
++			}
++			r+=retval;
++		}
++		if (r < sizeof(rng_cmd)) {
++			message(LOG_ERR|LOG_INFO,
++				"Error writing %s\n",tpm_device);
++			retval=-1;
++			goto error_out;
++		}
++		r=read(tpm_fd,temp_buf,size);
++		r=(r - TPM_GET_RNG_OVERHEAD);
++		bytes_read=bytes_read + r;
++		if (bytes_read > size) {
++			memcpy(offset,temp_buf + TPM_GET_RNG_OVERHEAD,
++				r - (bytes_read - size));
++			break;
++		}
++		memcpy(offset, temp_buf + TPM_GET_RNG_OVERHEAD,
++			r);
++		offset=offset+r;
+ 	}
++	retval=0;
++error_out:
++	free(temp_buf);
++	close(tpm_fd);
++	return retval;
+ }
+ 
+ /* Initialize entropy source */
+@@ -91,16 +177,32 @@ static int discard_initial_data(void)
+ /*
+  * Open entropy source, and initialize it
+  */
+-void init_entropy_source(const char* sourcedev)
++int init_entropy_source(const char* sourcedev)
+ {
+ 	rng_fd = open(sourcedev, O_RDONLY);
+ 	if (rng_fd == -1) {
+-		message(LOG_DAEMON|LOG_ERR, "can't open %s: %s",
+-			sourcedev, strerror(errno));
+-		exit(EXIT_FAIL);
++		return 1;
+ 	}
+-
+ 	/* Bootstrap FIPS tests */
+ 	fips_init(&fipsctx, discard_initial_data());
++	return 0;
++}
++
++/*
++ * Open tpm entropy source, and initialize it
++ */
++int init_tpm_entropy_source(void)
++{
++	int tpm_fd;
++	tpm_fd = open(tpm_device, O_RDONLY);
++	if (tpm_fd == -1) {
++		return 1;
++	}
++	close(tpm_fd);
++
++	/* Bootstrap FIPS tests */
++	fips_init(&tpm_fipsctx, 0);
++	has_tpm=1;
++	return 0;
+ }
+ 
+diff -urNp --exclude-from=/home/mdomsch/excludes --minimal rng-tools-2.orig/rngd_entsource.h rng-tools-2/rngd_entsource.h
+--- rng-tools-2.orig/rngd_entsource.h	2004-04-15 00:04:45.000000000 -0500
++++ rng-tools-2/rngd_entsource.h	2009-10-19 22:47:49.668279183 -0500
+@@ -28,15 +28,18 @@
+ 
+ /* Logic and contexts */
+ extern fips_ctx_t fipsctx;		/* Context for the FIPS tests */
++extern fips_ctx_t tpm_fipsctx;	/* Context for the tpm FIPS tests */
+ 
+ /*
+  * Initialize entropy source and entropy conditioning
+  *
+  * sourcedev is the path to the entropy source
+  */
+-extern void init_entropy_source(const char* sourcedev);
++extern int init_entropy_source(const char* sourcedev);
++extern int init_tpm_entropy_source(void);
+ 
+ /* Read data from the entropy source */
+-void xread(void *buf, size_t size);
++extern int xread(void *buf, size_t size);
++extern int xread_tpm(void *buf, size_t size);
+ 
+ #endif /* RNGD_ENTSOURCE__H */
+diff -urNp --exclude-from=/home/mdomsch/excludes --minimal rng-tools-2.orig/rngd.h rng-tools-2/rngd.h
+--- rng-tools-2.orig/rngd.h	2004-08-24 12:53:04.000000000 -0500
++++ rng-tools-2/rngd.h	2009-10-19 22:35:32.631263134 -0500
+@@ -42,6 +42,7 @@ struct arguments {
+ 	double poll_timeout;
+ 
+ 	int daemon;
++	int no_tpm;
+ };
+ extern struct arguments *arguments;
+ 
diff --git a/sys-apps/rng-tools/rng-tools-2-r3.ebuild b/sys-apps/rng-tools/rng-tools-2-r3.ebuild
new file mode 100644
index 000000000000..b8a0326cd78c
--- /dev/null
+++ b/sys-apps/rng-tools/rng-tools-2-r3.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rng-tools/rng-tools-2-r3.ebuild,v 1.1 2010/09/15 08:30:51 robbat2 Exp $
+
+EAPI=2
+inherit autotools
+
+DESCRIPTION="Daemon to use hardware random number generators."
+HOMEPAGE="http://gkernel.sourceforge.net/"
+SRC_URI="mirror://sourceforge/gkernel/${P}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~x86"
+IUSE=""
+DEPEND=""
+RDEPEND=""
+
+src_prepare() {
+	epatch "${FILESDIR}"/rngd_tpm_support2.patch
+
+	echo 'bin_PROGRAMS = randstat' >> contrib/Makefile.am
+	eautoreconf
+}
+
+src_install() {
+	make DESTDIR="${D}" install || die
+
+	dodoc AUTHORS ChangeLog
+	doinitd "${FILESDIR}/2-r2/rngd"
+	newconfd "${FILESDIR}/2-r2/rngd-conf" rngd
+}