pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / os-specific / linux / esdm / default.nix
at 24.05-pre 129 lines 5.7 kB view raw
1{ lib 2, stdenv 3, fetchFromGitHub 4, fetchpatch 5, protobufc 6, pkg-config 7, fuse3 8, meson 9, ninja 10, libselinux 11, jitterentropy 12, botan3 13, openssl 14, libkcapi 15 16# A more detailed explaination of the following meson build options can be found 17# in the source code of esdm. 18# A brief explanation is given. 19 20# general options 21, selinux ? false # enable selinux support 22, drngHashDrbg ? true # set the default drng callback 23, drngChaCha20 ? false # set the default drng callback 24, ais2031 ? false # set the seeding strategy to be compliant with AIS 20/31 25, sp80090c ? false # set compliance with NIST SP800-90C 26, cryptoBackend ? "botan" # set backend for hash and drbg operations 27, linuxDevFiles ? true # enable linux /dev/random and /dev/urandom support 28, linuxGetRandom ? true # enable linux getrandom support 29, hashSha512 ? false # set the conditioning hash: SHA2-512 30, hashSha3_512 ? true # set the conditioning hash: SHA3-512 31, openSSLRandProvider ? true # build ESDM provider for OpenSSL 3.x 32, botanRng ? true # build ESDM class for Botan 3.x 33 34# client-related options (handle with care, consult source code and meson options) 35# leave as is if in doubt 36, connectTimeoutExponent ? 28 # (1 << EXPONENT nanoseconds) 37, rxTxTimeoutExponent ? 28 # (1 << EXPONENT nanoseconds) 38, reconnectAttempts ? 10 # how often to attempt unix socket connection before giving up 39 40# entropy sources 41, esJitterRng ? true # enable support for the entropy source: jitter rng (running in user space) 42, esJitterRngEntropyRate ? 256 # amount of entropy to account for jitter rng source 43, esJitterRngKernel ? true # enable support for the entropy source: jitter rng (running in kernel space) 44, esJitterRngKernelEntropyRate ? 256 # amount of entropy to account for kernel jitter rng source 45, esCPU ? true # enable support for the entropy source: cpu-based entropy 46, esCPUEntropyRate ? 8 # amount of entropy to account for cpu rng source 47, esKernel ? true # enable support for the entropy source: kernel-based entropy 48, esKernelEntropyRate ? 128 # amount of entropy to account for kernel-based source 49, esIRQ ? false # enable support for the entropy source: interrupt-based entropy 50, esIRQEntropyRate ? 256 # amount of entropy to account for interrupt-based source (only set irq XOR sched != 0) 51, esSched ? false # enable support for the entropy source: scheduler-based entropy 52, esSchedEntropyRate ? 0 # amount of entropy to account for interrupt-based source (only set irq XOR sched != 0) 53, esHwrand ? true # enable support for the entropy source: /dev/hwrng 54, esHwrandEntropyRate ? 128 # amount of entropy to account for /dev/hwrng-based sources 55}: 56 57assert drngHashDrbg != drngChaCha20; 58assert hashSha512 != hashSha3_512; 59assert cryptoBackend == "openssl" || cryptoBackend == "botan" || cryptoBackend == "builtin" "Unsupported ESDM crypto backend"; 60 61stdenv.mkDerivation rec { 62 pname = "esdm"; 63 version = "1.0.0"; 64 65 src = fetchFromGitHub { 66 owner = "smuellerDD"; 67 repo = "esdm"; 68 rev = "v${version}"; 69 sha256 = "sha256-q6TGL1agltV9CFfcA6hZszVwGIBBngs22ZqhQgc9FeM="; 70 }; 71 72 nativeBuildInputs = [ meson pkg-config ninja ]; 73 buildInputs = [ protobufc ] 74 ++ lib.optional (cryptoBackend == "botan" || botanRng) botan3 75 ++ lib.optional (cryptoBackend == "openssl" || openSSLRandProvider) openssl 76 ++ lib.optional selinux libselinux 77 ++ lib.optional esJitterRng jitterentropy 78 ++ lib.optional linuxDevFiles fuse3 79 ++ lib.optional esJitterRngKernel libkcapi; 80 81 mesonFlags = [ 82 (lib.mesonBool "b_lto" false) 83 (lib.mesonBool "fips140" false) 84 (lib.mesonBool "ais2031" ais2031) 85 (lib.mesonBool "sp80090c" sp80090c) 86 (lib.mesonEnable "node" true) # multiple DRNGs 87 (lib.mesonOption "threading_max_threads" (toString 64)) 88 (lib.mesonOption "crypto_backend" cryptoBackend) 89 (lib.mesonEnable "linux-devfiles" linuxDevFiles) 90 (lib.mesonEnable "linux-getrandom" linuxGetRandom) 91 (lib.mesonOption "client-connect-timeout-exponent" (toString connectTimeoutExponent)) 92 (lib.mesonOption "client-rx-tx-timeout-exponent" (toString rxTxTimeoutExponent)) 93 (lib.mesonOption "client-reconnect-attempts" (toString reconnectAttempts)) 94 (lib.mesonEnable "es_jent" esJitterRng) 95 (lib.mesonOption "es_jent_entropy_rate" (toString esJitterRngEntropyRate)) 96 (lib.mesonEnable "es_jent_kernel" esJitterRngKernel) 97 (lib.mesonOption "es_jent_kernel_entropy_rate" (toString esJitterRngKernelEntropyRate)) 98 (lib.mesonEnable "es_cpu" esCPU) 99 (lib.mesonOption "es_cpu_entropy_rate" (toString esCPUEntropyRate)) 100 (lib.mesonEnable "es_kernel" esKernel) 101 (lib.mesonOption "es_kernel_entropy_rate" (toString esKernelEntropyRate)) 102 (lib.mesonEnable "es_irq" esIRQ) 103 (lib.mesonOption "es_irq_entropy_rate" (toString esIRQEntropyRate)) 104 (lib.mesonEnable "es_sched" esSched) 105 (lib.mesonOption "es_sched_entropy_rate" (toString esSchedEntropyRate)) 106 (lib.mesonEnable "es_hwrand" esHwrand) 107 (lib.mesonOption "es_hwrand_entropy_rate" (toString esHwrandEntropyRate)) 108 (lib.mesonEnable "hash_sha512" hashSha512) 109 (lib.mesonEnable "hash_sha3_512" hashSha3_512) 110 (lib.mesonEnable "selinux" selinux) 111 (lib.mesonEnable "drng_hash_drbg" drngHashDrbg) 112 (lib.mesonEnable "drng_chacha20" drngChaCha20) 113 (lib.mesonEnable "openssl-rand-provider" openSSLRandProvider) 114 (lib.mesonEnable "botan-rng" botanRng) 115 ]; 116 117 doCheck = true; 118 119 strictDeps = true; 120 mesonBuildType = "release"; 121 122 meta = { 123 homepage = "https://www.chronox.de/esdm.html"; 124 description = "Entropy Source and DRNG Manager in user space"; 125 license = with lib.licenses; [ gpl2Only bsd3 ]; 126 platforms = lib.platforms.linux; 127 maintainers = with lib.maintainers; [ orichter thillux ]; 128 }; 129}