Haveged is an entropy gathering daemon which refills the kernel's entropy pool by timing the nanoseconds a CPU takes to complete a loop. The existing haveged only supports a few architectures - I have added support for any given architecture by utilising the CLOCK_MONOTONIC_RAW introduced in kernel 2.6.28 - no doubt this does incur a performance penalty since the architecture specific code uses assembler. unfortunately reading r9 from cp0 on mips requires the cpu to be in kernel or supervisor mode.
Unlike rng-tools, using haveged ensure the entropy pool is not simply refilled from /dev/urandom - thus ensuring that evicted entropy is not recycled into the secure pool. however, I'm not entirely sure what dependencies I should be making this rely on to ensure people on say... brcm2.4 don't get it, thus if someone could take a look at it, I'd be most appreciative - the package itself works just fine, I'm using it on my WNDR3800.
Index: feeds/packages/utils/haveged/files/haveged.init
===================================================================
--- feeds/packages/utils/haveged/files/haveged.init (revision 0)
+++ feeds/packages/utils/haveged/files/haveged.init (revision 0)
@@ -0,0 +1,16 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2012 OpenWrt.org
+
+START=98
+
+HAVEGED_THRESHOLD=1024
+HAVEGED_DCACHE=32
+HAVEGED_ICACHE=32
+
+start() {
+ service_start /sbin/haveged -w $HAVEGED_THRESHOLD -d $HAVEGED_DCACHE -i $HAVEGED_ICACHE -v 1
+}
+
+stop() {
+ service_stop /sbin/haveged
+}
Index: feeds/packages/utils/haveged/patches/100-add-generic-support-to-configure.patch
===================================================================
--- feeds/packages/utils/haveged/patches/100-add-generic-support-to-configure.patch (revision 0)
+++ feeds/packages/utils/haveged/patches/100-add-generic-support-to-configure.patch (revision 0)
@@ -0,0 +1,12 @@
+--- haveged-1.3-orig/configure 2011-11-06 14:49:23.000000000 +0000
++++ haveged-1.3/configure 2012-01-12 05:03:23.317401952 +0000
+@@ -4577,8 +4577,7 @@
+ ;;
+
+ *)
+- echo "Unsupported host: $host";
+- exit 1
++ HA_CPPFLAGS="-DHAVE_ISA_GENERIC"
+ ;;
+
+ esac
Index: feeds/packages/utils/haveged/patches/200-add-generic-timer.patch
===================================================================
--- feeds/packages/utils/haveged/patches/200-add-generic-timer.patch (revision 0)
+++ feeds/packages/utils/haveged/patches/200-add-generic-timer.patch (revision 0)
@@ -0,0 +1,41 @@
+--- haveged-1.3-orig/src/havegecollect.h 2011-10-25 00:06:28.000000000 +0100
++++ haveged-1.3/src/havegecollect.h 2012-01-12 05:02:45.707983837 +0000
+@@ -24,6 +24,10 @@
+ */
+ #include "havege.h"
+ #include <sys/time.h>
++#include <time.h>
++#ifndef CLOCK_MONOTONIC_RAW
++#define CLOCK_MONOTONIC_RAW 4
++#endif
+ /**
+ ** Hardware constraints
+ */
+@@ -122,6 +126,12 @@
+ #define HARDCLOCK(x) ASM("mftb %0":"=r"(x)) /* eq. to mftb %0, 268 */
+ #endif
+
++#ifdef HAVE_ISA_GENERIC
++#define ARCH "generic"
++inline U_INT generic_rawtime();
++#define HARDCLOCK(x) x = generic_rawtime();
++#endif
++
+ #ifdef HAVE_ISA_IA64
+ #define ARCH "ia64"
+ #define CPUID(op,reg) ASM("mov %0=cpuid[%1]"\
+--- haveged-1.3-orig/src/havegecollect.c 2011-10-25 00:06:28.000000000 +0100
++++ haveged-1.3/src/havegecollect.c 2012-01-12 10:07:43.560092116 +0000
+@@ -256,3 +256,11 @@
+ offs = (U_INT)((((unsigned long)&p[4096])&0xfff)/sizeof(int));
+ return &p[4096-offs];
+ }
++#ifdef HAVE_ISA_GENERIC
++inline U_INT generic_rawtime()
++{
++ struct timespec res;
++ clock_gettime(CLOCK_MONOTONIC_RAW, &res);
++ return res.tv_nsec;
++}
++#endif
+\ No newline at end of file
Index: feeds/packages/utils/haveged/Makefile
===================================================================
--- feeds/packages/utils/haveged/Makefile (revision 0)
+++ feeds/packages/utils/haveged/Makefile (revision 0)
@@ -0,0 +1,40 @@
+#
+# Copyright (C) 2006-2012 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id: Makefile 1 2012-01-12 03:50:18Z Olipro $
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=haveged
+PKG_VERSION:=1.3a
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://www.issihosts.com/$(PKG_NAME)
+PKG_MD5SUM:=dad8b95c6eafcec7eb42eb8454e60a0d
+
+#fix this across versions
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-1.3
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/haveged
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Feeds the kernel entropy pool by timing CPU loops.
+ URL:=http://www.issihosts.com/haveged/
+endef
+
+define Package/haveged/install
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/haveged.init $(1)/etc/init.d/haveged
+ $(INSTALL_DIR) $(1)/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/haveged $(1)/sbin/
+endef
+
+$(eval $(call BuildPackage,haveged))
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
