On 2020-06-24, Stuart Henderson <s...@spacehopper.org> wrote: > On 2020-06-23, Why 42? The lists account. <li...@y42.org> wrote: >> >> Hi All, >> >> Has anyone ever tried the Infinite Noise TRNG hardware random number >> generator >> with OpenBSD? >> >> It's a USB stick that contains hardware to generate random numbers. See: >> https://github.com/13-37-org/infnoise >> >> I had a couple of these working with ArchLinux and would like to try using >> them with OpenBSD. >> >> Using either 6.6 or 6.7 the device is recognised at boot time: >>> uftdi0 at uhub0 port 2 configuration 1 interface 0 "13-37.org Infinite Noise >>> TRNG" rev 2.00/10.00 addr 3 ucom0 at uftdi0 portno 1 >> >> With libftdi1-1.4p2 installed I was able to compile the associated software >> using the supplied "Makefile.freebsd". So a pretty easy start ... >>> make -f Makefile.freebsd >>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >>> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >>> -DGIT_DATE=\"\" -c libinfnoise.c >>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >>> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >>> -DGIT_DATE=\"\" -c healthcheck.c >>> cc -c -o KeccakF-1600-reference.o Keccak/KeccakF-1600-reference.c -Wall >>> -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1 >>> -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\" >>> ar rcs libinfnoise.a libinfnoise.o healthcheck.o KeccakF-1600-reference.o >>> ranlib libinfnoise.a >>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >>> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >>> -DGIT_DATE=\"\" -fvisibility=hidden -o libinfnoise.so libinfnoise.o >>> healthcheck.o KeccakF-1600-reference.o -L /usr/local/lib -Wl -lftdi1 -lm >>> -shared >>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >>> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >>> -DGIT_DATE=\"\" -c infnoise.c >>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >>> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >>> -DGIT_DATE=\"\" -c daemon.c >>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >>> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >>> -DGIT_DATE=\"\" -o infnoise infnoise.o daemon.o libinfnoise.a -lftdi1 -lm >>> -L. -L /usr/local/lib >> >> This creates an executable "driver" called infnoise which can be run as a >> daemon e.g. >>> doas ./infnoise -h >>> Usage: infnoise [options] >>> Options are: >>> -D, --debug - turn on some debug output >>> -R, --dev-random - write entropy to /dev/random instead of stdout >>> -r, --raw - do not whiten the output >>> -m, --multiplier <value> - write 256 bits * value for each 512 bits >>> written to >>> the Keccak sponge. Default of 0 means write all the entropy. >>> -n, --no-output - do not write random output data >>> -p, --pidfile <file> - write process ID to file >>> -d, --daemon - run in the background >>> -s, --serial <serial> - use specified device >>> -l, --list-devices - list available devices >>> -v, --version - show version information >>> -h, --help - this help output >>> ... >> >> The "list-devices" mode works nicely: >>> doas ./infnoise --list-devices >>> ... >>> ID: 0, Manufacturer: 13-37.org, Description: Infinite Noise TRNG, Serial: >>> 1337-ECA4E8A6 >> >> So far, so good ... But if I try getting actual random numbers, I get "read >> failed": >>> doas ./infnoise >>> ... >>> Error: USB read failed >> >> Any suggestions? Where am I going wrong? Maybe I shouldn't have taken that >> shortcut with the freebsd makefile? Or a security issue? >> >> Thanks in advance. >> >> Cheers, >> Robb. >> >> > > Disable uftdi in your kernel config (boot -c, disable uftdi, quit) and > see if that works. The device is attaching as a serial port, but libftdi > probably wants it attaching to ugen. If that helps maybe we can add a > quirk to knock out just this device. Send usbdevs -v output.
...from another little look - If disabling the uftdi device doesn't help then run it under ktrace, kdump to a text file, and send 1000 or so lines from before it prints "read failed". But there's a good chance disabling uftdi will do the trick, the code clearly has some degree of OpenBSD support already. > The FreeBSD makefile shouldn't be a problem. Most of the code behind the > linux --dev-random support would work too but it will need some changes > (get rid of the RNDGETENTCNT ioctl.and just use a timer) or you could > run it periodically and feed stdout into /dev/random (infnoise | cut > -c1-512 > /dev/random or similar would probably do the trick). ...and actually --dev-random may just work as-is once it is able to talk to the device.
