SUMMARY of Solaris random gatherer options (long)

Nils Ellmenreich Nils@infosun.fmi.uni-passau.de
Thu, 25 May 2000 16:02:03 +0200 (MEST) 

Hi all,

we've had quite some discussions on this list about the various random
"gizmos" available on Solaris 2. I'd like to summarize the possibilities
and then make a suggestion.

The need for entropy is not a domain of GnuPG alone; OpenSSH needs it as
well, and there may be others coming (BTW, I've heard rumours that the
OpenSSH folks are considering to use gpg keys instead of their own
user-level public keys. Does anyone know more details?).

There are currently three options that I am aware of:

=======================================================================

1. Entropy Gathering Daemon (EGD)

Available from http://www.lothar.com/tech/crypto/, latest release is
0.8. This is a perl script running as a daemon, providing an entropy
source through a pipe. EGD is supported by both, GnuPG and OpenSSH by
means of a configure option. The latest release even works on Solaris
8. It works very well, the only drawback being its speed: if you need a
lot of entropy (generating keys, multi-user platform), egd might be a
bottleneck. 


2. /dev/random as provided by Sun package SUNWski

This software was developed by Sun as part of the unbundled product 
Sun Webserver 2.0 on the Solaris Easy Access Server 3.0 CD. This product
was supported for Solaris 2.6 and 7, but not 8 (because Sun is now using
Apache or Netscape's web server). However, the SUNWski package still
works fine on Solaris 8, provides entropy much faster than egd (it's a
daemon written in C) and was reviewed to provide high quality entropy:

http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=95618127814224&w=2

SUNWski's /dev/random is natively supported by OpenSSH, but in order to
use it with GnuPG, you have to apply the following patch. That's because
SUNWski provides /dev/random as a pipe, and not as a character
device. The patch is relative to the current CVS snapshot of GnuPG. As
SUNWski provides only /dev/random, the patch assumes a link from
/dev/urandom to /dev/random.

diff rndlinux.c.orig rndlinux.c 
86c86,92
<     if( !S_ISCHR(sb.st_mode) )
---

>     if( !strcmp(PRINTABLE_OS_NAME, "SunOS")) {

>       /* Solaris 2 Easy Access Server -- SUNWski */

>       if( !S_ISFIFO(sb.st_mode) )

>       g10_log_fatal("invalid random device!\n" ); 

>     }else{

>       /* Linux , xBSD*/

>       if( !S_ISCHR(sb.st_mode) )

87a94

>     }


diff configure.in configure.in.orig 
447,458c447,448
<       [case "${target}" in
<        *-solaris*)
<          if test -p "$NAME_OF_DEV_RANDOM" && test -p "$NAME_OF_DEV_URANDOM" ; then
<              ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; 
<            fi
<            ;;
<          *)
<          if test -c "$NAME_OF_DEV_RANDOM" && test -c "$NAME_OF_DEV_URANDOM" ; then
<              ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; 
<            fi
<          ;;
<        esac])
---

>     [if test -c "$NAME_OF_DEV_RANDOM" && test -c "$NAME_OF_DEV_URANDOM" ; then

>       ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; fi])


You would then use the random device type "linux". However, this patch
breaks the use of the 3rd option.


3. /dev/random and /dev/urandom by Andreas Maier

This is a new port of the Linux kernel random driver to Solaris 2 as a
kernel module (what Sun should have done in the first place!) from
http://www.cosy.sbg.ac.at/~andi/. It's very new, therefore hasn't been
reviewed regarding it's entropy quality. As this is a clone from the
Linux port, both are character devices. Therefore, the GnuPG sources
don't have to be patched at all. You just select "linux" as the random
gatherer. I've tested it on Solaris 8. I didn't recompile OpenSSH for
this, but a quick look at the sources suggest that it should work there
as well. Unlike GnuPG, OpenSSH only tests for existence and readability
of /dev/random, but not whether it's a pipe or a character device. Being
a kernel module, it should be pretty fast (didn't try). Personally, I
would like to have the source reviewed by someone who knows about
entropy gatherers before I'd use it in a production system.

=======================================================================

Proposal

I'd like to see GnuPG being a bit more flexible on this issue and
therefore avoiding the need to patch it. I think that taking the OpenSSH
approach (testing for existence and readability of /dev/random and
/dev/urandom, being still happy if the latter doesn't exist, and don't
test the type of the device; suggest the use of egd if the devices don't
exist) should be OK for GnuPG as well. The naming of these random
gatheres as being "linux" is a bit unfortunate, but that's just
cosmetics :-)

Any comments?

Cheers,
Nils
-- 
Nils Ellmenreich - Fak. fuer Math./Informatik - Please use gpg - Nils @
http://www.fmi.uni-passau.de/~nils  -  Univ. Passau   -   Uni-Passau.DE