Linux/MacOSX: Add missing JitterEntropy implementation

2025-11-11 11:08:02 -06:00 · 2019-10-23 22:30:44 +02:00
parent 74e14c070f
commit 478066c607
4 changed files with 39 additions and 4 deletions
--- a/src/Core/RandomNumberGenerator.cpp
+++ b/src/Core/RandomNumberGenerator.cpp
@@ -46,6 +46,16 @@ namespace VeraCrypt

 			throw_sys_sub_if (read (random, buffer, buffer.Size()) == -1 && errno != EAGAIN, L"/dev/random");
 			AddToPool (buffer);
+			
+			/* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */
+			if (JitterRngCtx)
+			{
+				ssize_t rndLen = jent_read_entropy (JitterRngCtx, (char*) buffer.Ptr(), buffer.Size());
+				if (rndLen > 0)
+				{
+					AddToPool (buffer);
+				}
+			}
 		}
 #endif
 	}
@@ -80,6 +90,12 @@ namespace VeraCrypt
 		ScopeLock lock (AccessMutex);
 		size_t bufferLen = buffer.Size(), loopLen;
 		byte* pbBuffer = buffer.Get();
+		
+		// Initialize JitterEntropy RNG for this call
+		if (0 == jent_entropy_init ())
+		{
+			JitterRngCtx = jent_entropy_collector_alloc (1, 0);
+		}

 		// Poll system for data
 		AddSystemDataToPool (fast);
@@ -127,6 +143,12 @@ namespace VeraCrypt

 			pbBuffer += loopLen;
 		}
+		
+		if (JitterRngCtx)
+		{
+			jent_entropy_collector_free (JitterRngCtx);
+			JitterRngCtx = NULL;
+		}
 	}

 	shared_ptr <Hash> RandomNumberGenerator::GetHash ()
@@ -232,4 +254,5 @@ namespace VeraCrypt
 	size_t RandomNumberGenerator::ReadOffset;
 	bool RandomNumberGenerator::Running = false;
 	size_t RandomNumberGenerator::WriteOffset;
+	struct rand_data *RandomNumberGenerator::JitterRngCtx = NULL;
 }
--- a/src/Core/RandomNumberGenerator.h
+++ b/src/Core/RandomNumberGenerator.h
@@ -16,6 +16,7 @@
 #include "Platform/Platform.h"
 #include "Volume/Hash.h"
 #include "Common/Random.h"
+#include "Crypto/jitterentropy.h"

 namespace VeraCrypt
 {
@@ -53,6 +54,7 @@ namespace VeraCrypt
 		static size_t ReadOffset;
 		static bool Running;
 		static size_t WriteOffset;
+		static struct rand_data *JitterRngCtx;
 	};
 }

--- a/src/Crypto/jitterentropy-base-user.h
+++ b/src/Crypto/jitterentropy-base-user.h
@@ -88,7 +88,7 @@ static VC_INLINE void jent_get_nstime(__u64 *out)
 #define EAX_EDX_RET(val, low, high)     "=A" (val)
 #endif

-static VC_INLINE void jent_get_nstime(__u64 *out)
+VC_INLINE void jent_get_nstime(__u64 *out)
 {
 	DECLARE_ARGS(val, low, high);
 	asm volatile("rdtsc" : EAX_EDX_RET(val, low, high));
@@ -97,7 +97,10 @@ static VC_INLINE void jent_get_nstime(__u64 *out)

 #endif

-static VC_INLINE void *jent_zalloc(size_t len)
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE void *jent_zalloc(size_t len)
 {
 	void *tmp = NULL;
 	tmp = TCalloc(len);
@@ -111,7 +114,10 @@ static VC_INLINE void *jent_zalloc(size_t len)
 	return tmp;
 }

-static VC_INLINE void jent_zfree(void *ptr, unsigned int len)
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE void jent_zfree(void *ptr, unsigned int len)
 {
 	if (len % 8)
 		burn(ptr, len);
@@ -123,7 +129,10 @@ static VC_INLINE void jent_zfree(void *ptr, unsigned int len)
 	TCfree(ptr);
 }

-static VC_INLINE int jent_fips_enabled(void)
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE int jent_fips_enabled(void)
 {
        return 0;
 }
--- a/src/Volume/Volume.make
+++ b/src/Volume/Volume.make
@@ -80,6 +80,7 @@ OBJS += ../Crypto/GostCipher.o
 OBJS += ../Crypto/Streebog.o
 OBJS += ../Crypto/kuznyechik.o
 OBJS += ../Crypto/kuznyechik_simd.o
+OBJS += ../Crypto/jitterentropy-base.o

 OBJS += ../Common/Crc.o
 OBJS += ../Common/Endian.o