tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / os-specific / linux / esdm / default.nix
at fix-function-merge 128 lines 5.7 kB view raw
1{ lib 2, stdenv 3, fetchFromGitHub 4, protobufc 5, pkg-config 6, fuse3 7, meson 8, ninja 9, libselinux 10, jitterentropy 11, botan3 12, openssl 13, libkcapi 14 15# A more detailed explaination of the following meson build options can be found 16# in the source code of esdm. 17# A brief explanation is given. 18 19# general options 20, selinux ? false # enable selinux support 21, drngHashDrbg ? true # set the default drng callback 22, drngChaCha20 ? false # set the default drng callback 23, ais2031 ? false # set the seeding strategy to be compliant with AIS 20/31 24, sp80090c ? false # set compliance with NIST SP800-90C 25, cryptoBackend ? "botan" # set backend for hash and drbg operations 26, linuxDevFiles ? true # enable linux /dev/random and /dev/urandom support 27, linuxGetRandom ? true # enable linux getrandom support 28, hashSha512 ? false # set the conditioning hash: SHA2-512 29, hashSha3_512 ? true # set the conditioning hash: SHA3-512 30, openSSLRandProvider ? true # build ESDM provider for OpenSSL 3.x 31, botanRng ? true # build ESDM class for Botan 3.x 32 33# client-related options (handle with care, consult source code and meson options) 34# leave as is if in doubt 35, connectTimeoutExponent ? 28 # (1 << EXPONENT nanoseconds) 36, rxTxTimeoutExponent ? 28 # (1 << EXPONENT nanoseconds) 37, reconnectAttempts ? 10 # how often to attempt unix socket connection before giving up 38 39# entropy sources 40, esJitterRng ? true # enable support for the entropy source: jitter rng (running in user space) 41, esJitterRngEntropyRate ? 256 # amount of entropy to account for jitter rng source 42, esJitterRngKernel ? true # enable support for the entropy source: jitter rng (running in kernel space) 43, esJitterRngKernelEntropyRate ? 256 # amount of entropy to account for kernel jitter rng source 44, esCPU ? true # enable support for the entropy source: cpu-based entropy 45, esCPUEntropyRate ? 8 # amount of entropy to account for cpu rng source 46, esKernel ? true # enable support for the entropy source: kernel-based entropy 47, esKernelEntropyRate ? 128 # amount of entropy to account for kernel-based source 48, esIRQ ? false # enable support for the entropy source: interrupt-based entropy 49, esIRQEntropyRate ? 256 # amount of entropy to account for interrupt-based source (only set irq XOR sched != 0) 50, esSched ? false # enable support for the entropy source: scheduler-based entropy 51, esSchedEntropyRate ? 0 # amount of entropy to account for interrupt-based source (only set irq XOR sched != 0) 52, esHwrand ? true # enable support for the entropy source: /dev/hwrng 53, esHwrandEntropyRate ? 128 # amount of entropy to account for /dev/hwrng-based sources 54}: 55 56assert drngHashDrbg != drngChaCha20; 57assert hashSha512 != hashSha3_512; 58assert cryptoBackend == "openssl" || cryptoBackend == "botan" || cryptoBackend == "builtin" "Unsupported ESDM crypto backend"; 59 60stdenv.mkDerivation rec { 61 pname = "esdm"; 62 version = "1.1.1"; 63 64 src = fetchFromGitHub { 65 owner = "smuellerDD"; 66 repo = "esdm"; 67 rev = "v${version}"; 68 hash = "sha256-Z8cIjNI+Qi6O2e72vbEefbCCXyIA+lcEMDzWJReGrUs="; 69 }; 70 71 nativeBuildInputs = [ meson pkg-config ninja ]; 72 buildInputs = [ protobufc ] 73 ++ lib.optional (cryptoBackend == "botan" || botanRng) botan3 74 ++ lib.optional (cryptoBackend == "openssl" || openSSLRandProvider) openssl 75 ++ lib.optional selinux libselinux 76 ++ lib.optional esJitterRng jitterentropy 77 ++ lib.optional linuxDevFiles fuse3 78 ++ lib.optional esJitterRngKernel libkcapi; 79 80 mesonFlags = [ 81 (lib.mesonBool "b_lto" false) 82 (lib.mesonBool "fips140" false) 83 (lib.mesonBool "ais2031" ais2031) 84 (lib.mesonBool "sp80090c" sp80090c) 85 (lib.mesonEnable "node" true) # multiple DRNGs 86 (lib.mesonOption "threading_max_threads" (toString 64)) 87 (lib.mesonOption "crypto_backend" cryptoBackend) 88 (lib.mesonEnable "linux-devfiles" linuxDevFiles) 89 (lib.mesonEnable "linux-getrandom" linuxGetRandom) 90 (lib.mesonOption "client-connect-timeout-exponent" (toString connectTimeoutExponent)) 91 (lib.mesonOption "client-rx-tx-timeout-exponent" (toString rxTxTimeoutExponent)) 92 (lib.mesonOption "client-reconnect-attempts" (toString reconnectAttempts)) 93 (lib.mesonEnable "es_jent" esJitterRng) 94 (lib.mesonOption "es_jent_entropy_rate" (toString esJitterRngEntropyRate)) 95 (lib.mesonEnable "es_jent_kernel" esJitterRngKernel) 96 (lib.mesonOption "es_jent_kernel_entropy_rate" (toString esJitterRngKernelEntropyRate)) 97 (lib.mesonEnable "es_cpu" esCPU) 98 (lib.mesonOption "es_cpu_entropy_rate" (toString esCPUEntropyRate)) 99 (lib.mesonEnable "es_kernel" esKernel) 100 (lib.mesonOption "es_kernel_entropy_rate" (toString esKernelEntropyRate)) 101 (lib.mesonEnable "es_irq" esIRQ) 102 (lib.mesonOption "es_irq_entropy_rate" (toString esIRQEntropyRate)) 103 (lib.mesonEnable "es_sched" esSched) 104 (lib.mesonOption "es_sched_entropy_rate" (toString esSchedEntropyRate)) 105 (lib.mesonEnable "es_hwrand" esHwrand) 106 (lib.mesonOption "es_hwrand_entropy_rate" (toString esHwrandEntropyRate)) 107 (lib.mesonEnable "hash_sha512" hashSha512) 108 (lib.mesonEnable "hash_sha3_512" hashSha3_512) 109 (lib.mesonEnable "selinux" selinux) 110 (lib.mesonEnable "drng_hash_drbg" drngHashDrbg) 111 (lib.mesonEnable "drng_chacha20" drngChaCha20) 112 (lib.mesonEnable "openssl-rand-provider" openSSLRandProvider) 113 (lib.mesonEnable "botan-rng" botanRng) 114 ]; 115 116 doCheck = true; 117 118 strictDeps = true; 119 mesonBuildType = "release"; 120 121 meta = { 122 homepage = "https://www.chronox.de/esdm.html"; 123 description = "Entropy Source and DRNG Manager in user space"; 124 license = with lib.licenses; [ gpl2Only bsd3 ]; 125 platforms = lib.platforms.linux; 126 maintainers = with lib.maintainers; [ orichter thillux ]; 127 }; 128}