Commit 3b95766a2dda5aadd6cb49facb6d36cd6b4b7025

Authored by Georg Hopp
1 parent 0c1c9dca

some clean up

@@ -2,7 +2,9 @@ ACLOCAL_AMFLAGS = -I m4 @@ -2,7 +2,9 @@ ACLOCAL_AMFLAGS = -I m4
2 2
3 lib_LTLIBRARIES = libmodentropy.la 3 lib_LTLIBRARIES = libmodentropy.la
4 4
5 -libmodentropy_la_SOURCES = mod_entropy.c 5 +libmodentropy_la_SOURCES = mod_entropy.c \
  6 + mod_entropy_get_entropy_bits.c \
  7 + mod_entropy_add_entropy.c
6 libmodentropy_la_LDFLAGS = -lrt -lm 8 libmodentropy_la_LDFLAGS = -lrt -lm
7 9
8 install: libmodentropy.la 10 install: libmodentropy.la
  1 +# ChangeLog for www-apache/mod_tidy
  2 +# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
  3 +
  4 +*mod_entropy-0.1.0 (10 May 2012)
  5 +
  6 + 10 May 2012; Georg Hopp <georg@steffers.org> +metadata.xml, +mod_entropy-9999.ebuild:
  7 + initial version
  8 +
  1 +<?xml version="1.0" encoding="UTF-8"?>
  2 +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
  3 +<pkgmetadata>
  4 + <herd>apache</herd>
  5 +</pkgmetadata>
  1 +EAPI=4
  2 +
  3 +inherit eutils git autotools apache-module
  4 +
  5 +DESCRIPTION="a module to greate random data from incoming requests."
  6 +SRC_URI=""
  7 +EGIT_REPO_URI="git://redminie.weird-web-workers.org/var/lib/git/mod_entropy"
  8 +
  9 +HOMEPAGE="http://redmine.weird-web-workers.org/mod_entropy/"
  10 +
  11 +LICENSE="GPL-3"
  12 +SLOT="0"
  13 +KEYWORDS="~amd64 ~x86"
  14 +IUSE=""
  15 +
  16 +need_apache2
  17 +
  18 +DOCFILES="COPYING README NEWS ChangeLog"
  19 +
  20 +src_prepare() {
  21 + eautoreconf
  22 +}
1 /** 1 /**
  2 + * \file
  3 + *
2 * this filter generates a sha1 from the current microtime and request 4 * this filter generates a sha1 from the current microtime and request
3 * useses this to fill the linux random source. 5 * useses this to fill the linux random source.
4 * 6 *
@@ -9,8 +11,22 @@ @@ -9,8 +11,22 @@
9 * 11 *
10 * Most time was spend in figuring out how to write apache modules. 12 * Most time was spend in figuring out how to write apache modules.
11 * 13 *
12 - * \author Georg Hopp <georg@steffers.org> 14 + * \author Georg Hopp <georg@steffers.org
  15 + *
  16 + * \copyright
  17 + * Copyright © 2012 Georg Hopp
  18 + * This program is free software: you can redistribute it and/or modify
  19 + * it under the terms of the GNU General Public License as published by
  20 + * the Free Software Foundation, either version 3 of the License, or
  21 + * (at your option) any later version.
  22 + * This program is distributed in the hope that it will be useful,
  23 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  24 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25 + * GNU General Public License for more details.
  26 + * You should have received a copy of the GNU General Public License
  27 + * along with this program. If not, see <http://www.gnu.org/licenses/>.
13 */ 28 */
  29 +
14 #define _POSIX_C_SOURCE 199309L 30 #define _POSIX_C_SOURCE 199309L
15 31
16 #include "httpd.h" 32 #include "httpd.h"
@@ -24,69 +40,18 @@ @@ -24,69 +40,18 @@
24 #include "apr_sha1.h" 40 #include "apr_sha1.h"
25 41
26 #include <time.h> 42 #include <time.h>
27 -#include <math.h>  
28 -#include <fcntl.h>  
29 -#include <errno.h>  
30 -#include <linux/random.h>  
31 -#include <sys/ioctl.h>  
32 -#include <sys/types.h>  
33 -#include <sys/stat.h>  
34 43
35 -#define min(x, y) ((x)<(y)?(x):(y))  
36 44
  45 +int add_entropy(unsigned char *, size_t);
37 46
38 module AP_MODULE_DECLARE_DATA entropy_module; 47 module AP_MODULE_DECLARE_DATA entropy_module;
39 48
40 -char * getData(const char *, size_t);  
41 49
42 /** 50 /**
43 - * This is taken from timer_entropyd and modified so  
44 - * that the constant 1/log(2.0) is not calculated but  
45 - * set directly.  
46 - *  
47 - * As far as i can say this correlates to the shannon  
48 - * entropy algorithm with equal probabilities  
49 - * for entropy where the entropy units are bits.  
50 - *  
51 - * But actually i am no mathemacian and my analysis capabilities  
52 - * are limited. Additionally i have not analysed the linux random  
53 - * character device code, so i trusted the code in timer_entropyd. 51 + * add header values to sha1
54 */ 52 */
55 static 53 static
56 int 54 int
57 -get_entropy(const unsigned char * data, size_t ndata)  
58 -{  
59 - size_t byte_count[256];  
60 - size_t iterator;  
61 - static double log2inv = 1.442695; //!< 1 / log(2.0): the entropy unit size  
62 - double entropy = 0.0;  
63 -  
64 - memset(byte_count, 0, sizeof(byte_count));  
65 -  
66 - /**  
67 - * first get the amount each byte occurs in the array  
68 - */  
69 - for (iterator = 0; iterator < ndata; iterator++) {  
70 - byte_count[data[iterator]]++;  
71 - }  
72 -  
73 - for (iterator = 0; iterator < 256; iterator++) {  
74 - double probability = (double)byte_count[iterator] / (double)ndata;  
75 -  
76 - if (0.0 < probability) {  
77 - entropy += probability * log2inv * (log(1.0 / probability));  
78 - }  
79 - }  
80 -  
81 - entropy *= (double)ndata;  
82 - entropy = (entropy < 0.0)? 0.0 : entropy;  
83 - entropy = min((double)(ndata * 8), entropy);  
84 -  
85 - return entropy;  
86 -}  
87 -  
88 -static  
89 -int  
90 header_do_print(void * rec, const char * key, const char * value) 55 header_do_print(void * rec, const char * key, const char * value)
91 { 56 {
92 apr_sha1_ctx_t * sha1_ctx = rec; 57 apr_sha1_ctx_t * sha1_ctx = rec;
@@ -183,59 +148,11 @@ entropy_filter_in( @@ -183,59 +148,11 @@ entropy_filter_in(
183 /** 148 /**
184 * fill /dev/random with sha1 from current request 149 * fill /dev/random with sha1 from current request
185 */ 150 */
186 - {  
187 - int i;  
188 - int entropy = get_entropy(digest, APR_SHA1_DIGESTSIZE);  
189 - int fd = open("/dev/random", O_WRONLY|O_NONBLOCK);  
190 - struct rand_pool_info * output;  
191 -  
192 - output = (struct rand_pool_info *)malloc(  
193 - sizeof(struct rand_pool_info) + APR_SHA1_DIGESTSIZE);  
194 -  
195 - output->entropy_count = entropy;  
196 - output->buf_size = APR_SHA1_DIGESTSIZE;  
197 - memcpy(output->buf, digest, APR_SHA1_DIGESTSIZE);  
198 -  
199 - fprintf(stderr, "sha1 so far: ");  
200 - for (i=0; i<APR_SHA1_DIGESTSIZE; i++) {  
201 - fprintf(stderr, "%02x", digest[i]);  
202 - }  
203 - fprintf(stderr, "\n");  
204 - fprintf(stderr, "entropy bits: %d\n", entropy);  
205 -  
206 - if (ioctl(fd, RNDADDENTROPY, output) == -1) {  
207 - switch(errno) {  
208 - case EBADF:  
209 - fprintf(stderr, "ioctl failed: no valid file descriptor %d\n", fd);  
210 - break;  
211 -  
212 - case EFAULT:  
213 - fprintf(stderr, "ioctl failed: invalid argument: %p\n", output);  
214 - break;  
215 -  
216 - case EINVAL:  
217 - fprintf(stderr, "ioctl failed: invalid request\n", errno);  
218 - break;  
219 -  
220 - case ENOTTY:  
221 - fprintf(stderr, "ioctl failed: discriptor not associated to character device\n", errno);  
222 - break;  
223 -  
224 - case EPERM:  
225 - fprintf(stderr, "ioctl failed: invalid permissions\n", errno);  
226 - break;  
227 -  
228 - default:  
229 - fprintf(stderr, "ioctl(RNDADDENTROPY) failed: %d\n", errno);  
230 - break;  
231 - }  
232 - }  
233 -  
234 - free(output);  
235 - close(fd);  
236 - }  
237 - fflush(stderr); 151 + add_entropy(digest, APR_SHA1_DIGESTSIZE);
238 152
  153 + /**
  154 + * after we are done remove us from filter queue
  155 + */
239 ap_remove_input_filter(filter); 156 ap_remove_input_filter(filter);
240 157
241 return status; 158 return status;
  1 +/**
  2 + * \file
  3 + *
  4 + * This adds the generated random bytes (sha1 hash of request) to the
  5 + * /dev/random
  6 + *
  7 + * \author Georg Hopp <georg@steffers.org
  8 + *
  9 + * \copyright
  10 + * Copyright © 2012 Georg Hopp
  11 + * This program is free software: you can redistribute it and/or modify
  12 + * it under the terms of the GNU General Public License as published by
  13 + * the Free Software Foundation, either version 3 of the License, or
  14 + * (at your option) any later version.
  15 + * This program is distributed in the hope that it will be useful,
  16 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18 + * GNU General Public License for more details.
  19 + * You should have received a copy of the GNU General Public License
  20 + * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21 + */
  22 +
  23 +#include <fcntl.h>
  24 +#include <errno.h>
  25 +#include <stdlib.h>
  26 +#include <string.h>
  27 +#include <linux/random.h>
  28 +#include <sys/ioctl.h>
  29 +#include <sys/types.h>
  30 +#include <sys/stat.h>
  31 +
  32 +int get_entropy_bits(unsigned char *, size_t);
  33 +
  34 +/**
  35 + * fill /dev/random with sha1 from current request
  36 + *
  37 + * \todo add error handling...
  38 + */
  39 +void
  40 +add_entropy(const unsigned char * data, size_t ndata)
  41 +{
  42 + int i;
  43 + int fd;
  44 + int entropy = get_entropy_bits(data, ndata);
  45 + struct rand_pool_info * output;
  46 +
  47 + output = (struct rand_pool_info *)malloc(
  48 + sizeof(struct rand_pool_info) + ndata);
  49 +
  50 + output->entropy_count = entropy;
  51 + output->buf_size = ndata;
  52 + memcpy(output->buf, data, ndata);
  53 +
  54 + fd = open("/dev/random", O_WRONLY|O_NONBLOCK);
  55 +
  56 + if (ioctl(fd, RNDADDENTROPY, output) == -1) {
  57 + switch(errno) {
  58 + case EBADF:
  59 + fprintf(stderr,
  60 + "ioctl failed: no valid file descriptor %d\n",
  61 + fd);
  62 + break;
  63 +
  64 + case EFAULT:
  65 + fprintf(stderr,
  66 + "ioctl failed: invalid argument: %p\n",
  67 + output);
  68 + break;
  69 +
  70 + case EINVAL:
  71 + fprintf(stderr,
  72 + "ioctl failed: invalid request\n",
  73 + errno);
  74 + break;
  75 +
  76 + case ENOTTY:
  77 + fprintf(stderr,
  78 + "ioctl failed: discriptor not associated to "
  79 + "character device\n",
  80 + errno);
  81 + break;
  82 +
  83 + case EPERM:
  84 + fprintf(stderr,
  85 + "ioctl failed: invalid permissions\n",
  86 + errno);
  87 + break;
  88 +
  89 + default:
  90 + fprintf(stderr,
  91 + "ioctl(RNDADDENTROPY) failed: %d\n",
  92 + errno);
  93 + break;
  94 + }
  95 + }
  96 +
  97 + fflush(stderr);
  98 + free(output);
  99 + close(fd);
  100 +}
  101 +
  102 +// vim: set ts=4 sw=4:
  1 +/**
  2 + * \file
  3 + *
  4 + * calculate the available entropy. This is taken from timed_entropyd.
  5 + *
  6 + * \author Georg Hopp <georg@steffers.org
  7 + *
  8 + * \copyright
  9 + * Copyright © 2012 Georg Hopp
  10 + * This program is free software: you can redistribute it and/or modify
  11 + * it under the terms of the GNU General Public License as published by
  12 + * the Free Software Foundation, either version 3 of the License, or
  13 + * (at your option) any later version.
  14 + * This program is distributed in the hope that it will be useful,
  15 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17 + * GNU General Public License for more details.
  18 + * You should have received a copy of the GNU General Public License
  19 + * along with this program. If not, see <http://www.gnu.org/licenses/>.
  20 + */
  21 +
  22 +#include <math.h>
  23 +
  24 +#define min(x, y) ((x)<(y)?(x):(y))
  25 +
  26 +/**
  27 + * This is taken from timer_entropyd and modified so
  28 + * that the constant 1/log(2.0) is not calculated but
  29 + * set directly.
  30 + *
  31 + * As far as i can say this correlates to the shannon
  32 + * entropy algorithm with equal probabilities
  33 + * for entropy where the entropy units are bits.
  34 + *
  35 + * But actually i am no mathemacian and my analysis capabilities
  36 + * are limited. Additionally i have not analysed the linux random
  37 + * character device code, so i trusted the code in timer_entropyd.
  38 + */
  39 +int
  40 +get_entropy_bits(const unsigned char * data, size_t ndata)
  41 +{
  42 + size_t byte_count[256];
  43 + size_t iterator;
  44 + static double log2inv = 1.442695; //!< 1 / log(2.0): the entropy unit size
  45 + double entropy = 0.0;
  46 +
  47 + memset(byte_count, 0, sizeof(byte_count));
  48 +
  49 + /**
  50 + * first get the amount each byte occurs in the array
  51 + */
  52 + for (iterator = 0; iterator < ndata; iterator++) {
  53 + byte_count[data[iterator]]++;
  54 + }
  55 +
  56 + /**
  57 + * calculate the entropy value
  58 + */
  59 + for (iterator = 0; iterator < 256; iterator++) {
  60 + double probability = (double)byte_count[iterator] / (double)ndata;
  61 +
  62 + if (0.0 < probability) {
  63 + entropy += probability * log2inv * (log(1.0 / probability));
  64 + }
  65 + }
  66 +
  67 + /**
  68 + * prepare for use with linux kernel ioctl RNDADDENTROPY
  69 + */
  70 + entropy *= (double)ndata;
  71 + entropy = (entropy < 0.0)? 0.0 : entropy;
  72 + entropy = min((double)(ndata * 8), entropy);
  73 +
  74 + return entropy;
  75 +}
  76 +
  77 +// vim: set ts=4 sw=4:
Please register or login to post a comment