Class EntropyProvider.

Inherits Connection

An EGD (entropy gathering device) for cryptlib.

Cryptlib doesn't feel happy running in a constrained environment such as the chroot Archiveopteryx uses. It wants to run ntptrace and other commands to get entropy, and those commands aren't available.

As a workaround, Archiveopteryx provides this EGD-compatible server which provides entropy from the Entropy class, and instructs Cryptlib that it can obtain entropy from this server via the EDG protocol.

EntropyProvider::EntropyProvider( int fd )

Constructs an entropy provider serving fd.

void EntropyProvider::process()

Serves the EGD protocol (as gleaned from egd.pl sources):

Client sends a null byte to request the amount of entropy available. Archiveopteryx answers with 0x00 0x08 0x00, to say 2048 bytes. This is a straight lie, motivated by a desire to have cryptlib work the same way as Archiveopteryx. If entropy-source is set to /dev/urandom (this is the default) Archiveopteryx will use true entropy if available, and fall back to using something weaker, but it will never block, not even if Cryptlib asks for it.

Client sends 0x01 0xNN. Archiveopteryx answers with 0xNN followed by 0xNN bytes of entropy. (Unlike EGD, Archiveopteryx always provide as much data as Cryptlib wants.)

Client sends 0x02 0xNN. Archiveopteryx behaves as for 0x01.

Client sends 0x03 0xMM 0xLL, followed by 0xNN bytes of data. Archiveopteryx disregards it all.

Client sends 0x04. Archiveopteryx returns 0x01 0x30 (a single "0", since we don't care to talk about PIDs).

This web page based on source code belonging to The Archiveopteryx Developers. All rights reserved.