openentropy-core 0.10.0

Core entropy harvesting library — hardware noise sources, raw or SHA-256 conditioned
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296

//! Abstract entropy source trait and runtime state.
//!
//! Every entropy source implements the [`EntropySource`] trait, which provides
//! metadata via [`SourceInfo`], availability checking, and raw sample collection.

use std::time::Duration;

/// Category of entropy source based on physical mechanism.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum SourceCategory {
    /// Thermal noise in circuits/oscillators.
    Thermal,
    /// CPU/memory timing jitter.
    Timing,
    /// OS scheduler nondeterminism.
    Scheduling,
    /// Storage/peripheral latency variance.
    IO,
    /// Inter-process/kernel communication jitter.
    IPC,
    /// CPU microarchitecture race conditions.
    Microarch,
    /// Graphics pipeline nondeterminism.
    GPU,
    /// Network timing/signal noise.
    Network,
    /// OS counters/state.
    System,
    /// Signal processing entropy.
    Signal,
    /// Hardware sensor readings.
    Sensor,
    /// True quantum random number generators.
    Quantum,
}

impl std::fmt::Display for SourceCategory {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Thermal => write!(f, "thermal"),
            Self::Timing => write!(f, "timing"),
            Self::Scheduling => write!(f, "scheduling"),
            Self::IO => write!(f, "io"),
            Self::IPC => write!(f, "ipc"),
            Self::Microarch => write!(f, "microarch"),
            Self::GPU => write!(f, "gpu"),
            Self::Network => write!(f, "network"),
            Self::System => write!(f, "system"),
            Self::Signal => write!(f, "signal"),
            Self::Sensor => write!(f, "sensor"),
            Self::Quantum => write!(f, "quantum"),
        }
    }
}

/// Target platform for an entropy source.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum Platform {
    /// Works on any platform.
    Any,
    /// Requires macOS.
    MacOS,
    /// Requires Linux.
    Linux,
}

impl std::fmt::Display for Platform {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Any => write!(f, "any"),
            Self::MacOS => write!(f, "macos"),
            Self::Linux => write!(f, "linux"),
        }
    }
}

/// Hardware/software requirement for an entropy source.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum Requirement {
    /// GPU compute (Metal framework).
    Metal,
    /// CoreAudio (AudioUnit/AudioObject).
    AudioUnit,
    /// WiFi hardware.
    Wifi,
    /// USB subsystem.
    Usb,
    /// Camera hardware.
    Camera,
    /// Apple Silicon specific features (AMX, etc.).
    AppleSilicon,
    /// Bluetooth hardware.
    Bluetooth,
    /// IOKit framework.
    IOKit,
    /// IOSurface framework.
    IOSurface,
    /// Security framework (Keychain).
    SecurityFramework,
    /// Raw block device access (/dev/rdiskN, /dev/nvmeXnY).
    RawBlockDevice,
    /// QCicada QRNG hardware (USB serial).
    QCicada,
}

impl std::fmt::Display for Requirement {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Metal => write!(f, "metal"),
            Self::AudioUnit => write!(f, "audio_unit"),
            Self::Wifi => write!(f, "wifi"),
            Self::Usb => write!(f, "usb"),
            Self::Camera => write!(f, "camera"),
            Self::AppleSilicon => write!(f, "apple_silicon"),
            Self::Bluetooth => write!(f, "bluetooth"),
            Self::IOKit => write!(f, "iokit"),
            Self::IOSurface => write!(f, "iosurface"),
            Self::SecurityFramework => write!(f, "security_framework"),
            Self::RawBlockDevice => write!(f, "raw_block_device"),
            Self::QCicada => write!(f, "qcicada"),
        }
    }
}

impl Requirement {
    /// Emoji icon for hardware requirements.
    pub fn icon(&self) -> &'static str {
        match self {
            Self::QCicada => "🔮",
            Self::Camera => "📷",
            Self::AudioUnit => "🎤",
            Self::Metal => "🎮",
            Self::Wifi => "📶",
            Self::Bluetooth => "📡",
            Self::Usb => "🔌",
            Self::RawBlockDevice => "💾",
            _ => "", // IOKit, IOSurface, SecurityFramework, AppleSilicon — no icon
        }
    }

    /// Human-readable hardware label.
    pub fn label(&self) -> &'static str {
        match self {
            Self::QCicada => "QCicada QRNG (USB)",
            Self::Camera => "Camera",
            Self::AudioUnit => "Microphone (CoreAudio)",
            Self::Metal => "GPU (Metal)",
            Self::Wifi => "WiFi adapter",
            Self::Bluetooth => "Bluetooth",
            Self::Usb => "USB subsystem",
            Self::RawBlockDevice => "Raw block device",
            Self::AppleSilicon => "Apple Silicon",
            Self::IOKit => "IOKit",
            Self::IOSurface => "IOSurface",
            Self::SecurityFramework => "Security Framework",
        }
    }

    /// Parse a requirement from its `Display` name (inverse of `to_string()`).
    pub fn from_display_name(name: &str) -> Option<Self> {
        match name {
            "metal" => Some(Self::Metal),
            "audio_unit" => Some(Self::AudioUnit),
            "wifi" => Some(Self::Wifi),
            "usb" => Some(Self::Usb),
            "camera" => Some(Self::Camera),
            "apple_silicon" => Some(Self::AppleSilicon),
            "bluetooth" => Some(Self::Bluetooth),
            "iokit" => Some(Self::IOKit),
            "iosurface" => Some(Self::IOSurface),
            "security_framework" => Some(Self::SecurityFramework),
            "raw_block_device" => Some(Self::RawBlockDevice),
            "qcicada" => Some(Self::QCicada),
            _ => None,
        }
    }

    /// Look up the icon for a requirement by its `Display` name.
    ///
    /// This is the canonical mapping used by CLI/TUI code that only has the
    /// serialised string form (e.g. from [`SourceInfoSnapshot`]).
    pub fn icon_for_display_name(name: &str) -> &'static str {
        Self::from_display_name(name).map_or("", |r| r.icon())
    }

    /// Look up the label for a requirement by its `Display` name.
    ///
    /// Returns the human-readable label if the name is recognised, or a
    /// generic `"Unknown"` for unrecognised names.
    pub fn label_for_display_name(name: &str) -> &'static str {
        Self::from_display_name(name).map_or("Unknown", |r| r.label())
    }
}

/// Returns the first non-empty icon from a requirements list.
pub fn best_icon(requirements: &[Requirement]) -> &'static str {
    requirements
        .iter()
        .map(Requirement::icon)
        .find(|icon| !icon.is_empty())
        .unwrap_or("")
}

/// Returns the first non-empty icon from a list of requirement display names.
pub fn best_icon_from_names(names: &[String]) -> &'static str {
    names
        .iter()
        .map(|n| Requirement::icon_for_display_name(n))
        .find(|icon| !icon.is_empty())
        .unwrap_or("")
}

/// Metadata about an entropy source.
///
/// Each source declares its name, a human-readable description, a physics
/// explanation of how it harvests entropy, its category, platform requirements,
/// and an estimated entropy rate in bits per sample.
#[derive(Debug, Clone)]
pub struct SourceInfo {
    /// Unique identifier (e.g. `"clock_jitter"`).
    pub name: &'static str,
    /// One-line human-readable description.
    pub description: &'static str,
    /// Physics explanation of the entropy mechanism.
    pub physics: &'static str,
    /// Source category for classification.
    pub category: SourceCategory,
    /// Target platform.
    pub platform: Platform,
    /// Hardware/software requirements beyond the platform.
    pub requirements: &'static [Requirement],
    /// Estimated entropy rate in bits per sample.
    pub entropy_rate_estimate: f64,
    /// Whether this is a composite source (combines multiple standalone sources).
    ///
    /// Composite sources don't measure a single independent entropy domain.
    /// They combine or interleave other sources. The CLI displays them
    /// separately from standalone sources.
    pub composite: bool,
    /// Whether this source collects in <2 seconds and is safe for real-time use.
    pub is_fast: bool,
}

/// Trait that every entropy source must implement.
pub trait EntropySource: Send + Sync {
    /// Source metadata.
    fn info(&self) -> &SourceInfo;

    /// Check if this source can operate on the current machine.
    fn is_available(&self) -> bool;

    /// Collect raw entropy samples. Returns a `Vec<u8>` of up to `n_samples` bytes.
    fn collect(&self, n_samples: usize) -> Vec<u8>;

    /// Convenience: name from info.
    fn name(&self) -> &'static str {
        self.info().name
    }

    /// Optional runtime configuration. Returns Err if unsupported.
    fn set_config(&self, _key: &str, _value: &str) -> Result<(), String> {
        Err("source does not support runtime configuration".into())
    }

    /// List configurable keys and their current values.
    fn config_options(&self) -> Vec<(&'static str, String)> {
        vec![]
    }
}

/// Runtime state for a registered source in the pool.
pub struct SourceState {
    pub source: std::sync::Arc<dyn EntropySource>,
    pub total_bytes: u64,
    pub failures: u64,
    pub last_entropy: f64,
    pub last_min_entropy: f64,
    pub last_autocorrelation: f64,
    pub last_collect_time: Duration,
    pub healthy: bool,
}

impl SourceState {
    pub fn new(source: Box<dyn EntropySource>) -> Self {
        Self {
            source: std::sync::Arc::from(source),
            total_bytes: 0,
            failures: 0,
            last_entropy: 0.0,
            last_min_entropy: 0.0,
            last_autocorrelation: 0.0,
            last_collect_time: Duration::ZERO,
            healthy: true,
        }
    }
}