openentropy-core 0.12.3

Core entropy harvesting library — hardware noise sources, raw or SHA-256 conditioned
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329

//! CameraNoiseSource — Camera sensor noise (read noise dominated).
//!
//! Captures frames from the camera via ffmpeg's avfoundation backend as raw
//! grayscale video, then extracts the lower 4 bits of each pixel value.
//! In dark frames at typical webcam exposures, these LSBs are dominated by
//! read noise from the amplifier (~95%+), with small contributions from dark
//! current and dark current shot noise.
//!
//! A persistent ffmpeg subprocess streams frames continuously so the camera
//! LED stays solid instead of flickering on/off every collection cycle.

use std::io::Read;
use std::process::{Child, Command, Stdio};
use std::sync::{Arc, Mutex};
use std::thread::{self, JoinHandle};

use crate::source::{EntropySource, Platform, Requirement, SourceCategory, SourceInfo};

use crate::sources::helpers::{command_exists, pack_nibbles};

const FRAME_WIDTH: usize = 320;
const FRAME_HEIGHT: usize = 240;
const FRAME_SIZE: usize = FRAME_WIDTH * FRAME_HEIGHT; // 76800 bytes per gray frame

static CAMERA_NOISE_INFO: SourceInfo = SourceInfo {
    name: "camera_noise",
    description: "Camera sensor noise (read noise + dark current) via ffmpeg",
    physics: "Captures frames from the camera sensor in darkness. Noise sources: (1) read \
              noise from the amplifier \u{2014} classical analog noise, dominates at short \
              exposures (~95%+ of variance); (2) dark current from thermal carrier generation \
              in silicon \u{2014} classical at sensor operating temperatures; (3) dark current \
              shot noise (Poisson counting) \u{2014} ~1-5% of variance in typical webcams. \
              The LSBs of pixel values mix all three components.",
    category: SourceCategory::Sensor,
    platform: Platform::MacOS,
    requirements: &[Requirement::Camera],
    entropy_rate_estimate: 5.0,
    composite: false,
    is_fast: false,
};

/// Configuration for camera device selection.
pub struct CameraNoiseConfig {
    /// AVFoundation video device index (e.g., 0, 1, 2).
    /// `None` means try common selectors in fallback order.
    pub device_index: Option<u32>,
}

impl Default for CameraNoiseConfig {
    fn default() -> Self {
        let device_index = std::env::var("OPENENTROPY_CAMERA_DEVICE")
            .ok()
            .and_then(|s| s.parse().ok());
        Self { device_index }
    }
}

// ---------------------------------------------------------------------------
// Persistent ffmpeg subprocess
// ---------------------------------------------------------------------------

/// A long-lived ffmpeg process that continuously streams grayscale frames.
///
/// A reader thread reads exactly `FRAME_SIZE` bytes per frame from ffmpeg's
/// stdout and stores the latest frame in shared memory. `collect()` just
/// clones the most recent frame, avoiding the LED flicker caused by
/// spawning a new process every second.
struct PersistentCamera {
    child: Child,
    latest_frame: Arc<Mutex<Option<Vec<u8>>>>,
    _reader: JoinHandle<()>,
}

impl PersistentCamera {
    /// Try to spawn a persistent ffmpeg process for camera capture.
    ///
    /// Tries each avfoundation input selector in order. For the first one
    /// that produces a frame within 2 seconds, returns a `PersistentCamera`.
    /// Returns `None` if no device works.
    fn spawn(device_index: Option<u32>) -> Option<Self> {
        let inputs: Vec<String> = match device_index {
            Some(n) => vec![format!("{n}:none")],
            None => vec![
                "default:none".into(),
                "0:none".into(),
                "1:none".into(),
                "0:0".into(),
            ],
        };

        for input in &inputs {
            if let Some(cam) = Self::try_spawn(input) {
                return Some(cam);
            }
        }
        None
    }

    /// Attempt to spawn ffmpeg with a single avfoundation input selector.
    ///
    /// Waits up to 2 seconds for the first frame. If no frame arrives
    /// (permission denied, device busy, wrong selector), kills the process
    /// and returns `None`.
    fn try_spawn(input: &str) -> Option<Self> {
        let size = format!("{}x{}", FRAME_WIDTH, FRAME_HEIGHT);
        let mut child = Command::new("ffmpeg")
            .args([
                "-hide_banner",
                "-loglevel",
                "error",
                "-nostdin",
                "-f",
                "avfoundation",
                "-framerate",
                "30",
                "-video_size",
                &size,
                "-i",
                input,
                "-f",
                "rawvideo",
                "-pix_fmt",
                "gray",
                "pipe:1",
            ])
            .stdin(Stdio::null())
            .stdout(Stdio::piped())
            .stderr(Stdio::null())
            .spawn()
            .ok()?;

        let stdout = child.stdout.take()?;
        let latest_frame: Arc<Mutex<Option<Vec<u8>>>> = Arc::new(Mutex::new(None));
        let frame_ref = Arc::clone(&latest_frame);

        let reader = thread::spawn(move || {
            Self::reader_loop(stdout, frame_ref);
        });

        // Wait up to 2 seconds for the first frame to confirm the device works.
        let deadline = std::time::Instant::now() + std::time::Duration::from_secs(2);
        loop {
            if std::time::Instant::now() >= deadline {
                // No frame arrived — kill and bail.
                let _ = child.kill();
                let _ = child.wait();
                // Reader thread will exit when pipe closes.
                return None;
            }
            {
                let guard = latest_frame.lock().unwrap();
                if guard.is_some() {
                    break;
                }
            }
            thread::sleep(std::time::Duration::from_millis(25));
        }

        Some(PersistentCamera {
            child,
            latest_frame,
            _reader: reader,
        })
    }

    /// Continuously read frames from ffmpeg stdout.
    ///
    /// Each frame is exactly `FRAME_SIZE` bytes of raw grayscale pixels.
    /// On EOF or error (ffmpeg died), sets `latest_frame` to `None` so
    /// `collect()` knows to respawn.
    fn reader_loop(
        mut stdout: std::process::ChildStdout,
        latest_frame: Arc<Mutex<Option<Vec<u8>>>>,
    ) {
        let mut buf = vec![0u8; FRAME_SIZE];
        loop {
            match stdout.read_exact(&mut buf) {
                Ok(()) => {
                    let mut guard = latest_frame.lock().unwrap();
                    *guard = Some(buf.clone());
                }
                Err(_) => {
                    // EOF or broken pipe — ffmpeg exited.
                    let mut guard = latest_frame.lock().unwrap();
                    *guard = None;
                    return;
                }
            }
        }
    }

    /// Returns the most recent frame, or `None` if ffmpeg has died.
    fn take_frame(&self) -> Option<Vec<u8>> {
        let guard = self.latest_frame.lock().unwrap();
        guard.clone()
    }

    /// Returns `true` if the reader thread has signaled that ffmpeg died.
    fn is_dead(&self) -> bool {
        let guard = self.latest_frame.lock().unwrap();
        guard.is_none()
    }
}

impl Drop for PersistentCamera {
    fn drop(&mut self) {
        let _ = self.child.kill();
        let _ = self.child.wait();
        // Reader thread will exit naturally when the pipe closes.
    }
}

// ---------------------------------------------------------------------------
// CameraNoiseSource
// ---------------------------------------------------------------------------

/// Entropy source that harvests sensor noise from camera dark frames.
pub struct CameraNoiseSource {
    pub config: CameraNoiseConfig,
    camera: Mutex<Option<PersistentCamera>>,
}

impl Default for CameraNoiseSource {
    fn default() -> Self {
        Self {
            config: CameraNoiseConfig::default(),
            camera: Mutex::new(None),
        }
    }
}

impl EntropySource for CameraNoiseSource {
    fn info(&self) -> &SourceInfo {
        &CAMERA_NOISE_INFO
    }

    fn is_available(&self) -> bool {
        cfg!(target_os = "macos") && command_exists("ffmpeg")
    }

    fn collect(&self, n_samples: usize) -> Vec<u8> {
        let mut guard = self.camera.lock().unwrap();

        // Lazy-init: spawn persistent camera on first call.
        if guard.is_none() {
            *guard = PersistentCamera::spawn(self.config.device_index);
        }

        // If spawn failed (no camera / no ffmpeg), nothing to do.
        let cam = match guard.as_ref() {
            Some(c) => c,
            None => return Vec::new(),
        };

        // Grab the latest frame from the reader thread.
        let raw_frame = match cam.take_frame() {
            Some(frame) if !frame.is_empty() => frame,
            _ => {
                // ffmpeg died — drop so next call respawns.
                if cam.is_dead() {
                    *guard = None;
                }
                return Vec::new();
            }
        };

        // Extract the lower 4 bits of each pixel value and pack nibbles.
        let nibbles = raw_frame.iter().map(|pixel| pixel & 0x0F);
        pack_nibbles(nibbles, n_samples)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn camera_noise_info() {
        let src = CameraNoiseSource::default();
        assert_eq!(src.name(), "camera_noise");
        assert_eq!(src.info().category, SourceCategory::Sensor);
        assert_eq!(src.info().entropy_rate_estimate, 5.0);
        assert!(!src.info().composite);
    }

    #[test]
    fn camera_config_default_is_none() {
        // With no env var set, device_index should be None.
        let config = CameraNoiseConfig { device_index: None };
        assert!(config.device_index.is_none());
    }

    #[test]
    fn camera_config_explicit_device() {
        let src = CameraNoiseSource {
            config: CameraNoiseConfig {
                device_index: Some(1),
            },
            camera: Mutex::new(None),
        };
        assert_eq!(src.config.device_index, Some(1));
    }

    #[test]
    #[cfg(target_os = "macos")]
    #[ignore] // Requires camera and ffmpeg
    fn camera_noise_collects_bytes() {
        let src = CameraNoiseSource::default();
        if src.is_available() {
            let data = src.collect(64);
            assert!(!data.is_empty());
            assert!(data.len() <= 64);
        }
    }

    #[test]
    fn camera_source_is_send_sync() {
        fn assert_send_sync<T: Send + Sync>() {}
        assert_send_sync::<CameraNoiseSource>();
    }

    #[test]
    fn persistent_camera_constants() {
        assert_eq!(FRAME_WIDTH, 320);
        assert_eq!(FRAME_HEIGHT, 240);
        assert_eq!(FRAME_SIZE, 320 * 240);
        assert_eq!(FRAME_SIZE, 76800);
    }
}