Saturday, November 19, 2011

[nslu2-linux] Re: rng-tools bugs in slugos/BE-4.8-beta

 

I've been investigating this some more (this time with SlugOSBE-5.3-beta) and it seems like there isn't a hardware random number generator.  There isn't any mention of one in the datasheet that I could find for the IPX422 <http://www.alldatasheet.com/datasheet-pdf/pdf/168291/INTEL/FWIXP422BB.html>.  And if I try to read it, I get nothing even after waiting several minutes (I do get something from it initially, but subsequent reads yield nothing, even a long while later). 

Worse, the initial junk isn't random:

# dd if=/dev/hwrng bs=2500 count=10 | rngtest -t 1
rngtest 2
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
10+0 records in
10+0 records out
rngtest: entropy source drained
rngtest: bits received from input: 200000
rngtest: FIPS 140-2 successes: 0
rngtest: FIPS 140-2 failures: 9
rngtest: FIPS 140-2(2001-10-10) Monobit: 9
rngtest: FIPS 140-2(2001-10-10) Poker: 9
rngtest: FIPS 140-2(2001-10-10) Runs: 9
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 9
rngtest: input channel speed: (min=1.220; avg=5.779; max=389.255)Mibits/s
rngtest: FIPS tests speed: (min=4.023; avg=4.344; max=4.424)Mibits/s
rngtest: Program run time: 88048 microseconds
On the latest attempt, if I try to run rngd with it,
# rngd -f -o /tmp/randomSample -r /dev/hwrng
failed fips test

failed fips test

failed fips test

failed fips test
This continues for a while, and when this initial junk runs out
failed fips test

failed fips test

failed fips test

Segmentation fault

I've tried this across a few reboots and power-downs, and the results appear to be consistent.  From this, I'm concluding that without additional hardware, rng-tools (rngd) can't really add anything useful to the entropy pool.  I'm also concluding that despite the presence of /dev/hwrng, no *working* hardware random number generator exists on the Linksys NSLU2. 

So to reply to my old email (below), without additional hardware, I was just sacrificing precious memory by running rngd. 

-Jimmy

On 04/20/08 19:28, Jimmy C. Chau wrote:
I am using SlugOS/BE-4.8-beta.  I have noticed that /etc/init.d/rng-tools has an error that prevents rngd from starting: rngd is set to /usr/local/sbin/rngd instead of /usr/sbin/rngd, where it actually is.  I have corrected that on my NSLU2, but then I noticed that /dev/hwrandom did not exist; the closest match was /dev/hwrng, so I added the option "-r /dev/hwrng" to the init file.

Now everything appears to work okay.  My remaining issues are whether the IXP422 actually has a random number generator; where does /dev/hwrng lead?  Am I improving my entropy pool by running rngd (or am I foolishly sacrificing precious memory)?  Can someone who knows more about the NSLU2 please enlighten me about this?  Thanks in advance. 

Below is some more information.

-Jimmy C. Chau
<jchau@bu.edu>

Here is the output from "ipkg info rng-tools"
Package: rng-tools
Version: 2-1
Depends: update-rc.d, libgcc1 (>= 4.1.2), libc6 (>= 2.5)
Status: install ok installed
Section: base
Architecture: armv5teb
Maintainer: OpenEmbedded Team <openembedded-devel@lists.openembedded.org>
MD5Sum: d3d0f6341a38d64ae4404a7196eedca3
Filename: rng-tools_2-1_armv5teb.ipk
Source: http://heanet.dl.sourceforge.net/sourceforge/gkernel/rng-tools-2.tar.gz file://init
Description: Random number generator daemon

Here is my modified /etc/init.d/rng-tools:
#! /bin/sh
#
# This is an init script for openembedded
# Copy it to /etc/init.d/rng-tools and type
# > update-rc.d rng-tools defaults 60
#

# Modified by Jimmy C. Chau <jchau@bu.edu> 2008 Apr 20

# The following line was edited from 'rngd=/usr/local/sbin/rngd'
rngd=/usr/sbin/rngd
test -x "$rngd" || exit 1

rngd_options="-r /dev/hwrng"

case "$1" in
  start)
    echo -n "Starting random number generator daemon"
    start-stop-daemon --start --quiet --exec $rngd -- $rngd_options
    echo "."
    ;;
  stop)
    echo -n "Stopping random number generator daemon"
    start-stop-daemon --stop --quiet -n rngd
    echo "."
    ;;
  reload|force-reload)
    echo -n "Signalling rng daemon restart"
    start-stop-daemon --stop --quiet --signal 1 --exec $rngd
    start-stop-daemon --stop --quiet --signal 1 --exec $rngd
    ;;
  restart)
    echo -n "Stopping random number generator daemon"
    start-stop-daemon --stop --quiet -n rngd
    echo "."
    echo -n "Starting random number generator daemon"
    start-stop-daemon --start --quiet --exec $rngd -- $rngd_options
    echo "."
    ;;
  *)
    echo "Usage: /etc/init.d/rng-tools {start|stop|reload|restart|force-reload}"
    exit 1
esac


__._,_.___
Recent Activity:
MARKETPLACE

Stay on top of your group activity without leaving the page you're on - Get the Yahoo! Toolbar now.

.

__,_._,___

1 comment:

  1. Thanks, a really interesting read – added to bookmarks so will check back for new content and to read other people’s comments. Cheers again. visit

    ReplyDelete