Skip to content

Commit

Permalink
feat: added selection of entropy crate
Browse files Browse the repository at this point in the history
Added ability to select between `rand` and
`aws-lc-rs` crates for entropy device.

Signed-off-by: Egor Lazarchuk <[email protected]>
  • Loading branch information
ShadowCurse committed Jun 9, 2023
1 parent 038c0e0 commit 5a94c57
Show file tree
Hide file tree
Showing 6 changed files with 32 additions and 5 deletions.
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion src/cpu-template-helper/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ serde = { version = "1.0.136", features = ["derive"] }
serde_json = "1.0.78"
thiserror = "1.0.32"

vmm = { path = "../vmm" }
vmm = { path = "../vmm", features = ["rng-rand"] }

[dev-dependencies]
utils = { path = "../utils" }
7 changes: 6 additions & 1 deletion src/firecracker/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@ license = "Apache-2.0"
name = "firecracker"
bench = false

[features]
default = ["rng-aws-lc-rs"]
rng-aws-lc-rs = ["vmm/rng-aws-lc-rs"]
rng-rand = ["vmm/rng-rand"]

[dependencies]
event-manager = "0.3.0"
libc = "0.2.117"
Expand All @@ -24,7 +29,7 @@ mmds = { path = "../mmds" }
seccompiler = { path = "../seccompiler" }
snapshot = { path = "../snapshot" }
utils = { path = "../utils" }
vmm = { path = "../vmm" }
vmm = { path = "../vmm", default-features = false }

[dev-dependencies]
cargo_toml = "0.15.2"
Expand Down
8 changes: 7 additions & 1 deletion src/vmm/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,14 @@ license = "Apache-2.0"
[lib]
bench = false

[features]
default = []
rng-aws-lc-rs = ["dep:aws-lc-rs"]
rng-rand = ["dep:rand"]

[dependencies]
aws-lc-rs = "1.0.2"
aws-lc-rs = { version = "1.0.2", optional = true }
rand = { version = "0.8.5", optional = true }
bitflags = "2.0.2"
derive_more = { version = "0.99.17", default-features = false, features = ["from", "display"] }
event-manager = "0.3.0"
Expand Down
5 changes: 5 additions & 0 deletions src/vmm/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -127,4 +127,9 @@ fn cpuid() {
all(target_arch = "x86_64", not(target_env = "sgx"))
))]
println!("cargo:rustc-cfg=cpuid");

#[cfg(
not(any(feature="rng-aws-lc-rs", feature="rng-rand")) // If neither are enabled
)]
compile_error!("Please enable the feature \"rng-aws-lc-rs\" OR the feature \"rng-rand\".");
}
14 changes: 12 additions & 2 deletions src/vmm/src/devices/virtio/rng/device.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,11 @@ use std::io;
use std::sync::atomic::AtomicUsize;
use std::sync::Arc;

use aws_lc_rs::rand;
#[cfg(feature = "rng-aws-lc-rs")]
use aws_lc_rs::{error::Unspecified as RandomError, rand};
use logger::{debug, error, IncMetric, METRICS};
#[cfg(all(feature = "rng-rand", not(feature = "rng-aws-lc-rs")))]
use rand::{rngs::OsRng, Error as RandomError, RngCore};
use rate_limiter::{RateLimiter, TokenType};
use utils::eventfd::EventFd;
use utils::vm_memory::{GuestMemoryError, GuestMemoryMmap};
Expand All @@ -27,7 +30,7 @@ pub enum Error {
#[error("Bad guest memory buffer: {0}")]
GuestMemory(#[from] GuestMemoryError),
#[error("Could not get random bytes: {0}")]
Random(#[from] aws_lc_rs::error::Unspecified),
Random(#[from] RandomError),
}

type Result<T> = std::result::Result<T, Error>;
Expand Down Expand Up @@ -109,10 +112,17 @@ impl Entropy {
}

let mut rand_bytes = vec![0; iovec.len()];

#[cfg(feature = "rng-aws-lc-rs")]
rand::fill(&mut rand_bytes).map_err(|err| {
METRICS.entropy.host_rng_fails.inc();
err
})?;
#[cfg(all(feature = "rng-rand", not(feature = "rng-aws-lc-rs")))]
OsRng.try_fill_bytes(&mut rand_bytes).map_err(|err| {
METRICS.entropy.host_rng_fails.inc();
err
})?;

// It is ok to unwrap here. We are writing `iovec.len()` bytes at offset 0.
Ok(iovec.write_at(&rand_bytes, 0).unwrap().try_into().unwrap())
Expand Down

0 comments on commit 5a94c57

Please sign in to comment.