Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

Why 42? The lists account.

Hi All,

Has anyone ever tried the Infinite Noise TRNG hardware random number generator
with OpenBSD?

It's a USB stick that contains hardware to generate random numbers. See:
https://github.com/13-37-org/infnoise

I had a couple of these working with ArchLinux and would like to try using
them with OpenBSD.

Using either 6.6 or 6.7 the device is recognised at boot time:
> uftdi0 at uhub0 port 2 configuration 1 interface 0 "13-37.org Infinite Noise
> TRNG" rev 2.00/10.00 addr 3 ucom0 at uftdi0 portno 1

With libftdi1-1.4p2 installed I was able to compile the associated software
using the supplied "Makefile.freebsd". So a pretty easy start ...

> make -f Makefile.freebsd
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"  -c libinfnoise.c
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"   -c healthcheck.c
> cc -c -o KeccakF-1600-reference.o Keccak/KeccakF-1600-reference.c -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"
> ar rcs libinfnoise.a libinfnoise.o healthcheck.o KeccakF-1600-reference.o
> ranlib libinfnoise.a
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"  -fvisibility=hidden -o libinfnoise.so libinfnoise.o healthcheck.o KeccakF-1600-reference.o  -L /usr/local/lib -Wl -lftdi1 -lm -shared
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"   -c infnoise.c
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"   -c daemon.c
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"  -o infnoise infnoise.o daemon.o libinfnoise.a -lftdi1 -lm -L. -L /usr/local/lib
 
This creates an executable "driver" called infnoise which can be run as a
daemon e.g.

> doas ./infnoise -h            
> Usage: infnoise [options]
> Options are:
>     -D, --debug - turn on some debug output
>     -R, --dev-random - write entropy to /dev/random instead of stdout
>     -r, --raw - do not whiten the output
>     -m, --multiplier <value> - write 256 bits * value for each 512 bits written to
>       the Keccak sponge.  Default of 0 means write all the entropy.
>     -n, --no-output - do not write random output data
>     -p, --pidfile <file> - write process ID to file
>     -d, --daemon - run in the background
>     -s, --serial <serial> - use specified device
>     -l, --list-devices - list available devices
>     -v, --version - show version information
>     -h, --help - this help output
> ...

The "list-devices" mode works nicely:
> doas ./infnoise --list-devices
> ...
> ID: 0, Manufacturer: 13-37.org, Description: Infinite Noise TRNG, Serial: 1337-ECA4E8A6

So far, so good ... But if I try getting actual random numbers, I get "read
failed":
> doas ./infnoise
> ...
> Error: USB read failed

Any suggestions? Where am I going wrong? Maybe I shouldn't have taken that
shortcut with the freebsd makefile? Or a security issue?

Thanks in advance.

Cheers,
Robb.

Reply | Threaded
Open this post in threaded view
|

Re: Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

Nick Holland
On 2020-06-23 06:20, Why 42? The lists account. wrote:
>
> Hi All,
>
> Has anyone ever tried the Infinite Noise TRNG hardware random number generator
> with OpenBSD?

Actually...no.  Never felt any reason to.

> It's a USB stick that contains hardware to generate random numbers. See:
> https://github.com/13-37-org/infnoise
>
> I had a couple of these working with ArchLinux and would like to try using
> them with OpenBSD.
>
> Using either 6.6 or 6.7 the device is recognised at boot time:
>> uftdi0 at uhub0 port 2 configuration 1 interface 0 "13-37.org Infinite Noise
>> TRNG" rev 2.00/10.00 addr 3 ucom0 at uftdi0 portno 1

so ... looks like is is pretending to be a serial port.  ucom0.
...
> With libftdi1-1.4p2 installed I was able to compile the associated software
> using the supplied "Makefile.freebsd". So a pretty easy start ...

FreeBSD?
I'd be more surprised if this worked than if it didn't.

> This creates an executable "driver" called infnoise which can be run as a
> daemon e.g.

"driver" that runs as a "daemon".  I'm not entirely sure what that would
mean, to be honest.

>> doas ./infnoise -h            
>> Usage: infnoise [options]
...
>>     -s, --serial <serial> - use specified device
       ^^^  Might want to play with that option.  Or not.
...
> Any suggestions? Where am I going wrong? Maybe I shouldn't have taken that
> shortcut with the freebsd makefile? Or a security issue?

First of all..what are you wanting this thing to do?  Provide random
data? how about just reading /dev/cuaU0?  And then...why not just use
/dev/random?

Or are you wanting this device to contribute to the OpenBSD random number
generator by stirring the entropy pool?

Are you expecting this /FreeBSD/ driver to reach into the /OpenBSD/
entropy pool and give it a good stir directly from ... userland?  That
sounds a bit scary.


However, I'd start by questioning the basic premise that OpenBSD needs
more entropy to seed its random number generator.  The OpenBSD developers
have spent a lot of time (and written some really good descriptions) on the
topic.  Many DIFFERENT things in OpenBSD *use* random numbers (so even if
you knew what the next "Random" number returned was going to be -- you
don't know if what task will be the one getting it!) and many DIFFERENT
things in OpenBSD agitate the entropy pool (so you aren't likely to know
what the next number returned will be), so you don't stand much of a
prayer of predicting the next result from a call to /dev/random.

Not only is the PRNG well stirred, a lot of modern hw has on-chip true
RNG noise sources which do basically the same as your little USB plug,
and OpenBSD uses at least a few of them.  Combine that with a lot of
"incredibly difficult to predict" things like hardware I/O and lots of
/dev/random data being used by things OTHER than your app...I really doubt
you will find much benefit to adding an external noise source to OpenBSD.

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

Stuart Henderson
In reply to this post by Why 42? The lists account.
On 2020-06-23, Why 42? The lists account. <[hidden email]> wrote:

>
> Hi All,
>
> Has anyone ever tried the Infinite Noise TRNG hardware random number generator
> with OpenBSD?
>
> It's a USB stick that contains hardware to generate random numbers. See:
> https://github.com/13-37-org/infnoise
>
> I had a couple of these working with ArchLinux and would like to try using
> them with OpenBSD.
>
> Using either 6.6 or 6.7 the device is recognised at boot time:
>> uftdi0 at uhub0 port 2 configuration 1 interface 0 "13-37.org Infinite Noise
>> TRNG" rev 2.00/10.00 addr 3 ucom0 at uftdi0 portno 1
>
> With libftdi1-1.4p2 installed I was able to compile the associated software
> using the supplied "Makefile.freebsd". So a pretty easy start ...
>> make -f Makefile.freebsd
>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"  -c libinfnoise.c
>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"   -c healthcheck.c
>> cc -c -o KeccakF-1600-reference.o Keccak/KeccakF-1600-reference.c -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"
>> ar rcs libinfnoise.a libinfnoise.o healthcheck.o KeccakF-1600-reference.o
>> ranlib libinfnoise.a
>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"  -fvisibility=hidden -o libinfnoise.so libinfnoise.o healthcheck.o KeccakF-1600-reference.o  -L /usr/local/lib -Wl -lftdi1 -lm -shared
>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"   -c infnoise.c
>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"   -c daemon.c
>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"  -o infnoise infnoise.o daemon.o libinfnoise.a -lftdi1 -lm -L. -L /usr/local/lib
>  
> This creates an executable "driver" called infnoise which can be run as a
> daemon e.g.
>> doas ./infnoise -h            
>> Usage: infnoise [options]
>> Options are:
>>     -D, --debug - turn on some debug output
>>     -R, --dev-random - write entropy to /dev/random instead of stdout
>>     -r, --raw - do not whiten the output
>>     -m, --multiplier <value> - write 256 bits * value for each 512 bits written to
>>       the Keccak sponge.  Default of 0 means write all the entropy.
>>     -n, --no-output - do not write random output data
>>     -p, --pidfile <file> - write process ID to file
>>     -d, --daemon - run in the background
>>     -s, --serial <serial> - use specified device
>>     -l, --list-devices - list available devices
>>     -v, --version - show version information
>>     -h, --help - this help output
>> ...
>
> The "list-devices" mode works nicely:
>> doas ./infnoise --list-devices
>> ...
>> ID: 0, Manufacturer: 13-37.org, Description: Infinite Noise TRNG, Serial: 1337-ECA4E8A6
>
> So far, so good ... But if I try getting actual random numbers, I get "read
> failed":
>> doas ./infnoise
>> ...
>> Error: USB read failed
>
> Any suggestions? Where am I going wrong? Maybe I shouldn't have taken that
> shortcut with the freebsd makefile? Or a security issue?
>
> Thanks in advance.
>
> Cheers,
> Robb.
>
>

Disable uftdi in your kernel config (boot -c, disable uftdi, quit) and
see if that works. The device is attaching as a serial port, but libftdi
probably wants it attaching to ugen. If that helps maybe we can add a
quirk to knock out just this device. Send usbdevs -v output.

The FreeBSD makefile shouldn't be a problem. Most of the code behind the
linux --dev-random support would work too but it will need some changes
(get rid of the RNDGETENTCNT ioctl.and just use a timer) or you could
run it periodically and feed stdout into /dev/random (infnoise | cut
-c1-512 > /dev/random or similar would probably do the trick).

Reply | Threaded
Open this post in threaded view
|

Re: Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

Stuart Henderson
On 2020-06-24, Stuart Henderson <[hidden email]> wrote:

> On 2020-06-23, Why 42? The lists account. <[hidden email]> wrote:
>>
>> Hi All,
>>
>> Has anyone ever tried the Infinite Noise TRNG hardware random number generator
>> with OpenBSD?
>>
>> It's a USB stick that contains hardware to generate random numbers. See:
>> https://github.com/13-37-org/infnoise
>>
>> I had a couple of these working with ArchLinux and would like to try using
>> them with OpenBSD.
>>
>> Using either 6.6 or 6.7 the device is recognised at boot time:
>>> uftdi0 at uhub0 port 2 configuration 1 interface 0 "13-37.org Infinite Noise
>>> TRNG" rev 2.00/10.00 addr 3 ucom0 at uftdi0 portno 1
>>
>> With libftdi1-1.4p2 installed I was able to compile the associated software
>> using the supplied "Makefile.freebsd". So a pretty easy start ...
>>> make -f Makefile.freebsd
>>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"  -c libinfnoise.c
>>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"   -c healthcheck.c
>>> cc -c -o KeccakF-1600-reference.o Keccak/KeccakF-1600-reference.c -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"
>>> ar rcs libinfnoise.a libinfnoise.o healthcheck.o KeccakF-1600-reference.o
>>> ranlib libinfnoise.a
>>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"  -fvisibility=hidden -o libinfnoise.so libinfnoise.o healthcheck.o KeccakF-1600-reference.o  -L /usr/local/lib -Wl -lftdi1 -lm -shared
>>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"   -c infnoise.c
>>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"   -c daemon.c
>>> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\"  -o infnoise infnoise.o daemon.o libinfnoise.a -lftdi1 -lm -L. -L /usr/local/lib
>>  
>> This creates an executable "driver" called infnoise which can be run as a
>> daemon e.g.
>>> doas ./infnoise -h            
>>> Usage: infnoise [options]
>>> Options are:
>>>     -D, --debug - turn on some debug output
>>>     -R, --dev-random - write entropy to /dev/random instead of stdout
>>>     -r, --raw - do not whiten the output
>>>     -m, --multiplier <value> - write 256 bits * value for each 512 bits written to
>>>       the Keccak sponge.  Default of 0 means write all the entropy.
>>>     -n, --no-output - do not write random output data
>>>     -p, --pidfile <file> - write process ID to file
>>>     -d, --daemon - run in the background
>>>     -s, --serial <serial> - use specified device
>>>     -l, --list-devices - list available devices
>>>     -v, --version - show version information
>>>     -h, --help - this help output
>>> ...
>>
>> The "list-devices" mode works nicely:
>>> doas ./infnoise --list-devices
>>> ...
>>> ID: 0, Manufacturer: 13-37.org, Description: Infinite Noise TRNG, Serial: 1337-ECA4E8A6
>>
>> So far, so good ... But if I try getting actual random numbers, I get "read
>> failed":
>>> doas ./infnoise
>>> ...
>>> Error: USB read failed
>>
>> Any suggestions? Where am I going wrong? Maybe I shouldn't have taken that
>> shortcut with the freebsd makefile? Or a security issue?
>>
>> Thanks in advance.
>>
>> Cheers,
>> Robb.
>>
>>
>
> Disable uftdi in your kernel config (boot -c, disable uftdi, quit) and
> see if that works. The device is attaching as a serial port, but libftdi
> probably wants it attaching to ugen. If that helps maybe we can add a
> quirk to knock out just this device. Send usbdevs -v output.

...from another little look -

If disabling the uftdi device doesn't help then run it under ktrace,
kdump to a text file, and send 1000 or so lines from before it prints
"read failed". But there's a good chance disabling uftdi will do the
trick, the code clearly has some degree of OpenBSD support already.

> The FreeBSD makefile shouldn't be a problem. Most of the code behind the
> linux --dev-random support would work too but it will need some changes
> (get rid of the RNDGETENTCNT ioctl.and just use a timer) or you could
> run it periodically and feed stdout into /dev/random (infnoise | cut
> -c1-512 > /dev/random or similar would probably do the trick).

...and actually --dev-random may just work as-is once it is able
to talk to the device.


Reply | Threaded
Open this post in threaded view
|

Re: Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

Why 42? The lists account.

On Wed, Jun 24, 2020 at 09:55:05AM -0000, Stuart Henderson wrote:
> >
> > Disable uftdi in your kernel config (boot -c, disable uftdi, quit) and
> > see if that works. The device is attaching as a serial port, but libftdi
> > probably wants it attaching to ugen. If that helps maybe we can add a
> > quirk to knock out just this device. Send usbdevs -v output.
 
Hi Stuart,

That's most helpful, thanks for the support.

Unfortunately ... I fell at the first fence :(. After I enter 'boot -c' I
get several lines of output followed by a prompt. But the cursor is
flickering wildly and I can't enter any further input.

At this point the first line, at the top of the screen, is an error:
    'kbc: cmd word write error'

(This is with boot version: BOOTX64 3.52)

A quick search on the net didn't show much, apart from a suggestion that
a USB keyboard won't work at this point because the USB subsystem hasn't
yet been discovered (that was back in 2015 though). I'm using both a USB
keyboard and mouse.

Something is definitely faffing about with the USB bus though, every time
I press a key at the flickering cursor, the LEDs in my mouse light up ...

I'll try the ktrace approach instead.

Thanks again.

Cheers,
Robb.

Reply | Threaded
Open this post in threaded view
|

Re: Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

Stuart Henderson
On 2020-06-25, Why 42? The lists account. <[hidden email]> wrote:

>
> On Wed, Jun 24, 2020 at 09:55:05AM -0000, Stuart Henderson wrote:
>> >
>> > Disable uftdi in your kernel config (boot -c, disable uftdi, quit) and
>> > see if that works. The device is attaching as a serial port, but libftdi
>> > probably wants it attaching to ugen. If that helps maybe we can add a
>> > quirk to knock out just this device. Send usbdevs -v output.
>  
> Hi Stuart,
>
> That's most helpful, thanks for the support.
>
> Unfortunately ... I fell at the first fence :(. After I enter 'boot -c' I
> get several lines of output followed by a prompt. But the cursor is
> flickering wildly and I can't enter any further input.
>
> At this point the first line, at the top of the screen, is an error:
>     'kbc: cmd word write error'
>
> (This is with boot version: BOOTX64 3.52)
>
> A quick search on the net didn't show much, apart from a suggestion that
> a USB keyboard won't work at this point because the USB subsystem hasn't
> yet been discovered (that was back in 2015 though). I'm using both a USB
> keyboard and mouse.
>
> Something is definitely faffing about with the USB bus though, every time
> I press a key at the flickering cursor, the LEDs in my mouse light up ...
>
> I'll try the ktrace approach instead.
>
> Thanks again.
>
> Cheers,
> Robb.
>
>

# config -ef /bsd
disable uftdi
quit


Reply | Threaded
Open this post in threaded view
|

Re: Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

Chris Bennett-4
In reply to this post by Why 42? The lists account.
On Thu, Jun 25, 2020 at 09:41:41PM +0200, Why 42? The lists account. wrote:
>
> A quick search on the net didn't show much, apart from a suggestion that
> a USB keyboard won't work at this point because the USB subsystem hasn't
> yet been discovered (that was back in 2015 though). I'm using both a USB
> keyboard and mouse.

That is correct. Just to make sure everybody knows this. It is not
related to your problem.
Stuart's suggestion solves that problem. I have put that (for a
different problem) into my /etc/rc.shutdown. Which survives moving to a
newer snapshot or release.

Chris


Reply | Threaded
Open this post in threaded view
|

Re: Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

Why 42? The lists account.
In reply to this post by Stuart Henderson
Hi Again,

Sorry about the delay in responding. I disabled the uftdi using config as
described.

(also added it to /etc/shutdown.rc as mentioned by Chris Bennett. Seemed
like a good idea.)

It does now seem to be disabled, the boottime message has changed to show
"ugen" rather than "uftdi" i.e.
> ugen1 at uhub0 port 2 "13-37.org Infinite Noise TRNG" rev 2.00/10.00 addr 3

Unfortunately the behaviour seems unchanged:
> mjoelnir:software 1.07 17:39:16 # ./infnoise
> Error: USB read failed

FYI, "usbdevs -v" reports these two device using/being driven by ugen:

> ...
> Controller /dev/usb0:
> addr 01: 8086:0000 Intel, xHCI root hub
>          super speed, self powered, config 1, rev 1.00
>          driver: uhub0
> addr 02: 1050:0407 Yubico, Yubikey 4 OTP+U2F+CCID
>          full speed, power 30 mA, config 1, rev 4.37
>          driver: uhidev0
>          driver: uhidev1
>          driver: ugen0
> addr 03: 0403:6015 13-37.org, Infinite Noise TRNG
>          full speed, power 10 mA, config 1, rev 10.00, iSerial 1337-ECA4E8A6
>          driver: ugen1
> ...

If it is of interest, I also uploaded the output of kdump here:
https://paste.c-net.org/HallwaysFeliz

It's the complete trace, about 2700 lines. I wasn't sure about adding a
1000 lines to my message here.

Cheers,
Robb.