Skip to main content

KeychainTimingSource

openentropy_core::sources::frontier

Struct KeychainTimingSource 

Source 
pub struct KeychainTimingSource {
    pub config: KeychainTimingConfig,
}
Expand description

Harvests timing jitter from Security.framework keychain operations.

§What it measures

Nanosecond timing of keychain operations (SecItemCopyMatching or SecItemAdd/Delete) that traverse the full Apple security stack.

§Why it’s entropic

Every keychain operation travels through multiple independent physical domains:

  1. XPC IPC to securityd — scheduling/dispatch jitter
  2. securityd processing — SQLite database lookup, access control evaluation
  3. Kernel scheduling — context switches between our process and securityd
  4. Database I/O — SQLite page reads from the keychain database file

The write path additionally involves APFS copy-on-write and NVMe controller timing. The read path may or may not traverse the Secure Enclave depending on the item’s access control policy.

§What makes it unique

No prior work has used keychain operation timing as an entropy source. The round-trip through XPC IPC, securityd scheduling, and database I/O aggregates jitter from multiple independent domains in a single measurement.

§Caveats

  • High autocorrelation at lag-1 (~0.43): variance extraction mitigates this
  • Warm-up effect: first ~500 reads are slower due to securityd cold caches
  • Slow: ~0.6ms per sample, not suitable for high-throughput collection

§Configuration

See KeychainTimingConfig for tunable parameters.

Fields§

§config: KeychainTimingConfig

Source configuration. Use Default::default() for recommended settings.

Trait Implementations§

Source§

impl Default for KeychainTimingSource

Source§

fn default() -> KeychainTimingSource

Returns the “default value” for a type. Read more
Source§

impl EntropySource for KeychainTimingSource

Source§

fn info(&self) -> &SourceInfo

Source metadata.
Source§

fn is_available(&self) -> bool

Check if this source can operate on the current machine.
Source§

fn collect(&self, n_samples: usize) -> Vec<u8>

Collect raw entropy samples. Returns a Vec<u8> of up to n_samples bytes.
Source§

fn name(&self) -> &'static str

Convenience: name from info.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V