On 2020-06-23, Why 42? The lists account. <li...@y42.org> wrote: > > Hi All, > > Has anyone ever tried the Infinite Noise TRNG hardware random number generator > with OpenBSD? > > It's a USB stick that contains hardware to generate random numbers. See: > https://github.com/13-37-org/infnoise > > I had a couple of these working with ArchLinux and would like to try using > them with OpenBSD. > > Using either 6.6 or 6.7 the device is recognised at boot time: >> uftdi0 at uhub0 port 2 configuration 1 interface 0 "13-37.org Infinite Noise >> TRNG" rev 2.00/10.00 addr 3 ucom0 at uftdi0 portno 1 > > With libftdi1-1.4p2 installed I was able to compile the associated software > using the supplied "Makefile.freebsd". So a pretty easy start ... >> make -f Makefile.freebsd >> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >> -DGIT_DATE=\"\" -c libinfnoise.c >> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >> -DGIT_DATE=\"\" -c healthcheck.c >> cc -c -o KeccakF-1600-reference.o Keccak/KeccakF-1600-reference.c -Wall >> -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1 >> -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\" >> ar rcs libinfnoise.a libinfnoise.o healthcheck.o KeccakF-1600-reference.o >> ranlib libinfnoise.a >> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >> -DGIT_DATE=\"\" -fvisibility=hidden -o libinfnoise.so libinfnoise.o >> healthcheck.o KeccakF-1600-reference.o -L /usr/local/lib -Wl -lftdi1 -lm >> -shared >> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >> -DGIT_DATE=\"\" -c infnoise.c >> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >> -DGIT_DATE=\"\" -c daemon.c >> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I >> /usr/local/include/libftdi1 -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" >> -DGIT_DATE=\"\" -o infnoise infnoise.o daemon.o libinfnoise.a -lftdi1 -lm >> -L. -L /usr/local/lib > > This creates an executable "driver" called infnoise which can be run as a > daemon e.g. >> doas ./infnoise -h >> Usage: infnoise [options] >> Options are: >> -D, --debug - turn on some debug output >> -R, --dev-random - write entropy to /dev/random instead of stdout >> -r, --raw - do not whiten the output >> -m, --multiplier <value> - write 256 bits * value for each 512 bits >> written to >> the Keccak sponge. Default of 0 means write all the entropy. >> -n, --no-output - do not write random output data >> -p, --pidfile <file> - write process ID to file >> -d, --daemon - run in the background >> -s, --serial <serial> - use specified device >> -l, --list-devices - list available devices >> -v, --version - show version information >> -h, --help - this help output >> ... > > The "list-devices" mode works nicely: >> doas ./infnoise --list-devices >> ... >> ID: 0, Manufacturer: 13-37.org, Description: Infinite Noise TRNG, Serial: >> 1337-ECA4E8A6 > > So far, so good ... But if I try getting actual random numbers, I get "read > failed": >> doas ./infnoise >> ... >> Error: USB read failed > > Any suggestions? Where am I going wrong? Maybe I shouldn't have taken that > shortcut with the freebsd makefile? Or a security issue? > > Thanks in advance. > > Cheers, > Robb. > >
Disable uftdi in your kernel config (boot -c, disable uftdi, quit) and see if that works. The device is attaching as a serial port, but libftdi probably wants it attaching to ugen. If that helps maybe we can add a quirk to knock out just this device. Send usbdevs -v output. The FreeBSD makefile shouldn't be a problem. Most of the code behind the linux --dev-random support would work too but it will need some changes (get rid of the RNDGETENTCNT ioctl.and just use a timer) or you could run it periodically and feed stdout into /dev/random (infnoise | cut -c1-512 > /dev/random or similar would probably do the trick).
