waywardgeek / infnoise Goto Github PK
View Code? Open in Web Editor NEWThe world's easiest TRNG to get right
License: Creative Commons Zero v1.0 Universal
The world's easiest TRNG to get right
License: Creative Commons Zero v1.0 Universal
Line 14 in fc0d99f
Building on a Debian 9.4 amd64 system (up-to-date as of 3 day ago), with the official debian libftdi-dev package installed, which is at version 0.20-4. The infnoise software Makefile chose the wrong linker flag, apparently. Here's the output of make
:
/bin/sh: 1: ldconfig: not found
cc -Wall -Wextra -Werror -std=c99 -O3 -I Keccak -I /usr/include/libftdi1 -DGIT_VERSION=\"Fourth-OshPark-Prototype-250-gfc0d99f\" -DGIT_COMMIT=\"fc0d99f58fff60b5cb7dca583f4bbcc60e1f63a2\" -DGIT_DATE=\"2018-04-10T06:52:23+02:00\" -DBUILD_DATE=\"2018-04-21T01:09:01-04:00\" -o infnoise infnoise.c healthcheck.c writeentropy.c daemon.c Keccak/KeccakF-1600-reference.c -lftdi1 -lm -lrt
/usr/bin/ld: cannot find -lftdi1
collect2: error: ld returned 1 exit status
Makefile:24: recipe for target 'infnoise' failed
make: *** [infnoise] Error 1
On Debian systems, ldconfig
is found in /sbin
, which is not in my unprivileged user's path. So the invocation of ldconfig
failed, the FOUND variable was left empty, and thus the FTDI variable was set to -lftdi1
rather than -lftdi
.
I changed the invocation of ldconfig
to /sbin/ldconfig
and the compilation was successful.
I notice that libftdi-config
is installed in /usr/bin
. When I run it as libftdi-config --libs
, it prints -L/usr/lib/x86_64-linux-gnu -lftdi -lusb
. That may be a more robust way to find the linker arguments.
Thank you!
When I try to run the infnoise output through dieharder on my Ubuntu 22.04 computer I get this error:
$sudo infnoise | dieharder -g 200 -a Error: USB read failed \# stdin_input_raw(): Error: EOF
Hi, I was wondering if there is any theoretical background to this?
I'm doing something similar except I'm getting the seed entropy from user input and doing modular multiplication on that. Is there some kind of theoretical basis to this?
I use this basic randomness to compile RSA keys.
I'm attempting to build the Visual Studio project (considering modernizing / improving it) but I cannot because ADDR0 .. ADDR3
are undefined.
It looks like the definitions for these were removed some time ago - before I start working on a fix, is there some outside dependency involved now for these, or is this actually a bug?
Hi Bill,
while trying to understand how the InfiniteNoise driver works, I found that the ftdi_set_baudrate()-method in libftdi applies a factor of 4 to the set baudrate when bitbang-mode is enabled (cf. libftdi-repository). So in my understanding the driver first has to call ftdi_set_bitmode() and then ftdi_set_baudrate().
Currently in the code first the ftdi_set_baudrate() and then the ftdi_set_bitmode()-method is called.
Am I missing something?
Tobias
sudo make -f Makefile.linux throws the error:
writeentropy.c: In function ‘readNumberFromFile’:
writeentropy.c:29:29: error: comparison is always true due to limited range of data type [-Werror=type-limits]
Here's one for Gentoo
https://gist.github.com/captainpete/b5b6f2d19abae2e88f14
and one for use with upstart (Ubuntu)
https://gist.github.com/captainpete/19dab1f0dd37e7d5d8db
Would be nice to have one for systemd, still haven't written it yet.
Useful to include these?
Any way to make infnoise run as a regular user without sudo? The less we need sudo, the better.
Hi
For some reason the VS .sdf file is included in the repo and its 35MB in size. Seems like that could be avoided?
Stephen
I created a pull request a while back that poorly suggests fixing library naming differences between Debian and Fedora based distributions. My solution wasn't very graceful and another solution was proposed and implemented. Still, when I try to build on Fedora, I get the following error.
$ make
cc -Wall -std=c99 -O3 -I Keccak -I /usr/include/libftdi1 -o infnoise infnoise.c healthcheck.c writeentropy.c daemon.c Keccak/KeccakF-1600-reference.c -lftdi -lm -lrt
/usr/bin/ld: cannot find -lftdi
collect2: error: ld returned 1 exit status
Makefile:6: recipe for target 'infnoise' failed
make: *** [infnoise] Error 1
If I adjust just the -lftdi
on line 6 of Makefile to -lftdi1
, it builds successfully.
I still don't like my original merge, but I can't think of an easy way to cleanly make this work. Some searching suggest using automake to figure out libraries (which seems heavy-handed for such a simple difference). Still digging around and testing a bit, but I am not as comfortable as I'd like to be with building or development in general to suggest something else.
For now, I guess I am just leaving this here as a reminder to myself and others running Fedora on how to build successfully.
It seems as if on a newer Linux (5.6.3), the following is blocked forever:
poll(&pfd, 1, -1); // waits until /dev/random is in usage
The Debian package reports the following when run with the -v option
GIT VERSION - 0.3.3
GIT COMMIT - 19bb698
GIT DATE - 2023-02-14T16:25:20+00:00
This does not match any commits in this repository
Similarly to ChaosKey, support for Infnoise by the Linux kernel would be appreciated. In that case Infnoise's random data should be feeded into kernel's LRNG which does the PRNG via ChaCha20 and alike.
@waywardgeek
nice to see libinfnoise working as expected, just want to know if it will switch to blake2b (or blake2x for larger output per hash function call)
looked through the history of SHA3 competition, NIST chose keccak for it's performance in hardware implementation (they even talk about using ASIC...hmm).
For the software implementation blake gives better result (~3 times faster, reference ), let alone blake2 which is significantly faster than blake. blake2x can give up to 256 GiB hash (or up to 4GiB if XOF digest length is set), although it's not finalized but with health checker available it's still a possible choice.
Not a good look for a security-related product.
--2023-05-31 07:41:35-- https://13-37.org/files/pubkey.gpg
Resolving 13-37.org (13-37.org)... 2a01:4f9:4b:11c8::2, 135.181.73.247
Connecting to 13-37.org (13-37.org)|2a01:4f9:4b:11c8::2|:443... connected.
ERROR: The certificate of ‘13-37.org’ is not trusted.
ERROR: The certificate of ‘13-37.org’ has expired.
The certificate has expired
Hi,
s/easist/easiest/
Thanks for the detailed read!
Would it be possible to modify the board to also have a small flash drive available on the stick, that will appear as a regular storage device once its plugged in into a computer (and still be an audio source)?
The windows driver unhelpfully appends a hex 0D "character" to every instance of an 0A in the file it writes to make the familiar 0D 0A. This is a typical problem with text files shared between Linux and Windows, but the file should be defined as a binary type so this does not happen. A simple analysis of the file using HxD shows that the 0D bytes are twice as common as everything else. This ruins the entropy, of course.
The GNU/Linux version of the driver only discovers and uses the first device. Please add support for multiple devices.
Hi
Awesome project ;-). Right now infnoise compiles as a executable. Could we develop a libinfnoise target for both windows and Linux so it's easier for people to pull the TRNG streams into their user-space applications?
Stephen
How would one run the device on OSX?
The following GPG keys have expired:
This is breaking the http://repo.13-37.org APT repository due to EXPKEYSIG
.
The service for my InfiniteNoise is not starting due to dependency issues. I am running it on Fedora 33 and I have been using it for a while. It gives an error about dependencies on my system.
Here is the output from systemctl status infnoise...
Jan 11 20:13:00 xeonpwr.home systemd[1]: Dependency failed for Wayward Geek InfNoise TRNG driver.
Jan 11 20:13:00 xeonpwr.home systemd[1]: infnoise.service: Job infnoise.service/start failed with result 'dependency'.
I tried running the service myself (and with SELinux disabled)...
# ./infnoise --dev-random --daemon
Error: Can't open Infinite Noise Multiplier.
I might need assistance with getting more information from my system.
After installing on Ubuntu 20.04 (Focal, amd64
, elementary OS 6.1) using the apt repository, I saw the following message in the journal for the unit:
/usr/sbin/infnoise: error while loading shared libraries: libftdi1.so.2: cannot open shared object file: No such file or directory
By editing /etc/infnoise.conf
and adding an LD_PRELOAD
, it works:
LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libftdi1.so.2
The service subsequently starts as expected. I'm not sure why this is the case, because the directory is indeed included in /etc/ld.so.conf.d/x86_64-linux-gnu
:
# Multiarch support
/usr/local/lib/x86_64-linux-gnu
/lib/x86_64-linux-gnu
/usr/lib/x86_64-linux-gnu
I then removed the LD_PRELOAD
line, ran sudo ldconfig
, and the service was subsequently able to start. Perhaps all that needs to happen is to run ldconfig
as root after the installation of libftdi
or infnoise
.
I came here from the Crowd Supply campaign, and was wondering if you felt comfortable (or that it was a wise idea) to post some of the results you've seen from dieharder. It'd be even cooler if they were generated by a CI server, but having any results at all would be nice.
Great project! Has anyone looked at an in-kernel version of infnoise to provide TRNG services to other parts of the kernel? It could also expose the infnoise devices in the device tree to make consumption by user-space easier?
More of a wishlist, but I don't see how to add it as a HRNGDEVICE for rngd(8). Possible?
You need to install these:
yum -y install libftdi-devel libusb-devel libusb1-devel libusb1-static libudev libudev-devel libusb-static
Then grab the latest source:
git clone https://github.com/manuel-domke/infnoise.git
You need to fix your systems usb.h as follows:
*** /home/cnd/keep/usb-180706.h 2010-08-22 18:44:27.000000000 +0000
--- /usr/include/usb.h 2018-07-06 15:35:09.953094618 +0000
***************
*** 12,15 ****
--- 12,16 ----
#define __USB_H__
+ #include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
***************
*** 64,67 ****
--- 65,71 ----
/* All standard descriptors have these 2 fields in common */
+
+ /* typedef unsigned char u_int8_t; */
+
struct usb_descriptor_header {
u_int8_t bLength;
***************
*** 239,242 ****
--- 243,249 ----
* move members and only change types if you really know what you're doing.
*/
+
+ # define PATH_MAX 1024
+
struct usb_device {
struct usb_device *next, *prev;
You need to fix the makefile like so:
*** infnoise/software/Makefile 2018-07-06 15:44:15.500740598 +0000
--- ../infnoise/software/Makefile 2018-07-06 15:36:29.278416280 +0000
***************
*** 1,9 ****
GIT_VERSION := $(shell git --no-pager describe --tags --always)
GIT_COMMIT := $(shell git rev-parse --verify HEAD)
! GIT_DATE := $(firstword $(shell git --no-pager show --date=iso-strict --format="%ad" --name-only))
PREFIX = $(DESTDIR)/usr/local
! CFLAGS = -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/include/libftdi1 \
-DGIT_VERSION=\"$(GIT_VERSION)\"\
-DGIT_COMMIT=\"$(GIT_COMMIT)\"\
--- 1,9 ----
GIT_VERSION := $(shell git --no-pager describe --tags --always)
GIT_COMMIT := $(shell git rev-parse --verify HEAD)
! GIT_DATE := $(firstword $(shell git --no-pager show --date=iso --format="%ad" --name-only))
PREFIX = $(DESTDIR)/usr/local
! CFLAGS = -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/include/libusb-1.0/ -I /usr/include -I /usr/include/libftdi1 \
-DGIT_VERSION=\"$(GIT_VERSION)\"\
-DGIT_COMMIT=\"$(GIT_COMMIT)\"\
After the above, just run "make"
Finally, you need to copy the .so file to the right place:
cp -a libinfnoise.so /usr/lib64/
Then it works:
# ./infnoise --help
Usage: infnoise [options]
Options are:
--debug - turn on some debug output
--dev-random - write entropy to /dev/random instead of stdout
--raw - do not whiten the output
--multiplier <value> - write 256 bits * value for each 512 bits written to
the Keccak sponge. Default of 0 means write all the entropy.
--no-output - do not write random output data
--pidfile <file> - write process ID to file
--daemon - run in the background
--serial <serial> - use specified device
--list-devices - list available devices
--version - show version information
--help - this help output
# ./infnoise --list-devices
Manufacturer: 13-37.org, Description: Infinite Noise TRNG, Serial: 1337-***
Ubuntu 20.04 LTS
Installed infnoise from the apt in version 0.3.1+dfsg-1 amd64
ID: 0, Manufacturer: 13-37.org, Description: Infinite Noise TRNG, Serial: 1337-XXXXXXXX
When launching infnoise in daemon mode :
gf@orion:~$ sudo infnoise --dev-random --daemon
The lapotp fans start running fast and the /var/log/syslog fills with hundred of the following lines per second in infinite loop until the process is killed :
Feb 18 21:16:03 orion kernel: [45949.551186] usb 3-4: usbfs: process 83592 (infnoise) did not claim interface 0 before use
Feb 18 21:16:03 orion kernel: [45949.551197] usb 3-4: usbfs: process 83592 (infnoise) did not claim interface 0 before use
Feb 18 21:16:03 orion kernel: [45949.551206] usb 3-4: usbfs: process 83592 (infnoise) did not claim interface 0 before use
Feb 18 21:16:03 orion kernel: [45949.551213] usb 3-4: usbfs: process 83592 (infnoise) did not claim interface 0 before use
Feb 18 21:16:03 orion kernel: [45949.551223] usb 3-4: usbfs: process 83592 (infnoise) did not claim interface 0 before use
Feb 18 21:16:03 orion kernel: [45949.551230] usb 3-4: usbfs: process 83592 (infnoise) did not claim interface 0 before use
Feb 18 21:16:03 orion kernel: [45949.551240] usb 3-4: usbfs: process 83592 (infnoise) did not claim interface 0 before use
Feb 18 21:16:03 orion kernel: [45949.551248] usb 3-4: usbfs: process 83592 (infnoise) did not claim interface 0 before use
Feb 18 21:16:03 orion kernel: [45949.551266] usb 3-4: usbfs: process 83592 (infnoise) did not claim interface 0 before use
Feb 18 21:16:03 orion kernel: [45949.551275] usb 3-4: usbfs: process 83592 (infnoise) did not claim interface 0 before use
After a minute this added 59650431 lines to my syslog
Adding about 6 Gb of logs...
Seems I am running the latest available version, installed through apt.
TRNG key brand new.
Line 33 in fc0d99f
The install rule of the software Makefile tries to install 75-infnoise.rules file from the infnoise/software directory, but that file is actually in infnoise/software/init_scripts. Same problem for infnoise.service
To fix, I edited the Makefile to provide the correct path to the files.
Thanks!
Compiling from commit 8edb00bb
on macOS 13.2.1 with XCode 14.2 fails with the following message:
infnoise.c:63:60: error: parameter 'entropy' set but not used [-Werror,-Wunused-but-set-parameter]
bool outputBytes(uint8_t *bytes, uint32_t length, uint32_t entropy, bool writeDevRandom, const char **message) {
^
1 error generated.
make: *** [Makefile.macos:28: infnoise.o] Error 1
I see line 92 says entropy = 0; // suppress warning
, but this looks like it's just trading one warning for another.
I was able to make it compile by adding -Wno-unused-but-set-parameter
to the CFLAGS
value in Makefile.macos
, and the resulting executable does seem to work (i.e. sudo ./infnoise | dd status=none bs=256 count=1 | hexdump -C
produces different random-looking output every time). However, I'm not sure if this is the best way to handle things.
There is a typo in the code. There is a space before the comma after ATTRS{idProduct}=="6015". It should be comma, then space before TAG+="systemd" :
SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6015", SYMLINK+="infnoise"
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6015" ,TAG+="systemd", ENV{SYSTEMD_WANTS}="infnoise.service"
https://github.com/waywardgeek/infnoise/blob/master/software/README.md#udev-rules
software/README
talks about running as a daemon, and using rngd
to add entropy from a FIFO to /dev/random
. However, it's possible to use udev
to start the daemon whenever the infnoise is plugged in, as so:
$ cat /etc/udev/rules.d/75-infnoise.rules
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6015", RUN+="/usr/local/bin/infnoise --dev-random --daemon"
Many similar software packages for hardware will ship udev rules in the repository with instructions on how to add the rules and check that they're working. I think this would be useful for infnoise, as it provides the lowest-friction way to use the infnoise.
If you think this would be useful in the repository, I can make a pull request with a rules file and instructions on how to use it (and maybe even make
rules to install infnoise and the rules).
a lot of applications use /dev/urandom as source of entropy. Offer to add switch and push data to /dev/urandom.
Any comments @waywardgeek ?
The FTDI chip USB/UART interface is a microcontroller and its firmware can be updated over USB. Could that not be a threat so when you plug the dongle in a rogue computer, it changes the FTDI firmware so it manipulates the raw random data stream before sending it over to the host computer?
I tweaked the PKGBUILD to be more inline with AUR packaging requirements. It's for a potential infnoise-git
package that someone might want to maintain on the AUR (could be me if desired).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.