xen: support both entropy from dom0 and our weak fallback

mirage / mirage-entropy

Entropy driver for MirageOS -- this has been imported into https://github.com/mirage/mirage-crypto

http://openmirage.org/

BSD 2-Clause "Simplified" License

12 stars 11 forks source link

xen: support both entropy from dom0 and our weak fallback #8

Closed djs55 closed 9 years ago

djs55 commented 9 years ago

Support 2 kinds of entropy source:

FromHost: we receive entropy over a console from domain 0 (or whichever other privileged domain has the entropy). This should be strong, but it requires an entropy server i.e. xentropyd
Weak: we use Random.self_init and get entropy from the clock. This is weak but will work anywhere.

In future we should support RDSEED #9 and possibly entropy from interrupt timing #10

Depends on [mirage/mirage#359]

Signed-off-by: David Scott dave.scott@citrix.com

talex5 commented 9 years ago

I get:

Entropy_xen: received [You may treat everything following this message as entropy.\r\n\XXX](1024 bytes) instead of expected handshake messagestate=Connected

(where XXX is random stuff I can't paste into GitHub comments)

djs55 commented 9 years ago

Hm, 2 possibilities spring to mind:

I've not cached the 'connection' in connect: the handshake will only work once
I've not guarded it with a mutex either; two parallel threads would interfere

talex5 commented 9 years ago

I don't really see how it's supposed to work. It calls Console_xen.read to read the handshake and then calls it again to read the entropy, but there's no reason it shouldn't get some entropy with the first response. Here's my hacky workaround:

https://github.com/talex5/mirage-entropy/compare/djs55:use-xentropyd...handshake?expand=1

djs55 commented 9 years ago

ha, yes there is that too :)

djs55 commented 9 years ago

OK, the buffered reader should fix the (embarrassing) problem with the handshake message.

djs55 commented 9 years ago

I've tested the following via mirage-skeleton/entropy:

Unix still works
Xen with weak_entropy works as before
Xen with default_entropy depends on xentropyd
- it prints a message and blocks forever if xentropyd isn't running
- it connects and works if xentropyd is running

pqwy commented 9 years ago

I'm not a fan of retaining a distinction between Weak and the other option, but I'll go ahead and merge this to get more testing. And it certainly is a big improvement over what we used to have!

Thanks!

djs55 commented 9 years ago

Thanks -- hopefully we can remove the Weak option altogether soon!

On Wed, Feb 4, 2015 at 1:49 AM, David Kaloper notifications@github.com wrote:

Merged #8 https://github.com/mirage/mirage-entropy/pull/8.

— Reply to this email directly or view it on GitHub https://github.com/mirage/mirage-entropy/pull/8#event-229740848.

Dave Scott