Loading ...
Sorry, an error occurred while loading the content.
Skip to search.
 

rng-tools bugs in slugos/BE-4.8-beta

Expand Messages
  • Jimmy C. Chau
    I am using SlugOS/BE-4.8-beta. I have noticed that /etc/init.d/rng-tools has an error that prevents rngd from starting: rngd is set to /usr/local/sbin/rngd
    Message 1 of 3 , Apr 20, 2008
      I am using SlugOS/BE-4.8-beta.  I have noticed that /etc/init.d/rng-tools has an error that prevents rngd from starting: rngd is set to /usr/local/sbin/rngd instead of /usr/sbin/rngd, where it actually is.  I have corrected that on my NSLU2, but then I noticed that /dev/hwrandom did not exist; the closest match was /dev/hwrng, so I added the option "-r /dev/hwrng" to the init file.

      Now everything appears to work okay.  My remaining issues are whether the IXP422 actually has a random number generator; where does /dev/hwrng lead?  Am I improving my entropy pool by running rngd (or am I foolishly sacrificing precious memory)?  Can someone who knows more about the NSLU2 please enlighten me about this?  Thanks in advance. 

      Below is some more information.

      -Jimmy C. Chau
      <jchau@...>

      Here is the output from "ipkg info rng-tools"
      Package: rng-tools
      Version: 2-1
      Depends: update-rc.d, libgcc1 (>= 4.1.2), libc6 (>= 2.5)
      Status: install ok installed
      Section: base
      Architecture: armv5teb
      Maintainer: OpenEmbedded Team <openembedded-devel@...>
      MD5Sum: d3d0f6341a38d64ae4404a7196eedca3
      Filename: rng-tools_2-1_armv5teb.ipk
      Source: http://heanet.dl.sourceforge.net/sourceforge/gkernel/rng-tools-2.tar.gz file://init
      Description: Random number generator daemon

      Here is my modified /etc/init.d/rng-tools:
      #! /bin/sh
      #
      # This is an init script for openembedded
      # Copy it to /etc/init.d/rng-tools and type
      # > update-rc.d rng-tools defaults 60
      #

      # Modified by Jimmy C. Chau <jchau@...> 2008 Apr 20

      # The following line was edited from 'rngd=/usr/local/sbin/rngd'
      rngd=/usr/sbin/rngd
      test -x "$rngd" || exit 1

      rngd_options="-r /dev/hwrng"

      case "$1" in
        start)
          echo -n "Starting random number generator daemon"
          start-stop-daemon --start --quiet --exec $rngd -- $rngd_options
          echo "."
          ;;
        stop)
          echo -n "Stopping random number generator daemon"
          start-stop-daemon --stop --quiet -n rngd
          echo "."
          ;;
        reload|force-reload)
          echo -n "Signalling rng daemon restart"
          start-stop-daemon --stop --quiet --signal 1 --exec $rngd
          start-stop-daemon --stop --quiet --signal 1 --exec $rngd
          ;;
        restart)
          echo -n "Stopping random number generator daemon"
          start-stop-daemon --stop --quiet -n rngd
          echo "."
          echo -n "Starting random number generator daemon"
          start-stop-daemon --start --quiet --exec $rngd -- $rngd_options
          echo "."
          ;;
        *)
          echo "Usage: /etc/init.d/rng-tools {start|stop|reload|restart|force-reload}"
          exit 1
      esac

    • Jimmy C. Chau
      I ve been investigating this some more (this time with SlugOSBE-5.3-beta) and it seems like there isn t a hardware random number generator. There isn t any
      Message 2 of 3 , Nov 19, 2011
        I've been investigating this some more (this time with SlugOSBE-5.3-beta) and it seems like there isn't a hardware random number generator.  There isn't any mention of one in the datasheet that I could find for the IPX422 <http://www.alldatasheet.com/datasheet-pdf/pdf/168291/INTEL/FWIXP422BB.html>.  And if I try to read it, I get nothing even after waiting several minutes (I do get something from it initially, but subsequent reads yield nothing, even a long while later). 

        Worse, the initial junk isn't random:
        # dd if=/dev/hwrng bs=2500 count=10 | rngtest -t 1
        rngtest 2
        Copyright (c) 2004 by Henrique de Moraes Holschuh
        This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

        rngtest: starting FIPS tests...
        10+0 records in
        10+0 records out
        rngtest: entropy source drained
        rngtest: bits received from input: 200000
        rngtest: FIPS 140-2 successes: 0
        rngtest: FIPS 140-2 failures: 9
        rngtest: FIPS 140-2(2001-10-10) Monobit: 9
        rngtest: FIPS 140-2(2001-10-10) Poker: 9
        rngtest: FIPS 140-2(2001-10-10) Runs: 9
        rngtest: FIPS 140-2(2001-10-10) Long run: 0
        rngtest: FIPS 140-2(2001-10-10) Continuous run: 9
        rngtest: input channel speed: (min=1.220; avg=5.779; max=389.255)Mibits/s
        rngtest: FIPS tests speed: (min=4.023; avg=4.344; max=4.424)Mibits/s
        rngtest: Program run time: 88048 microseconds
        On the latest attempt, if I try to run rngd with it,
        # rngd -f -o /tmp/randomSample -r /dev/hwrng
        failed fips test

        failed fips test

        failed fips test

        failed fips test
        This continues for a while, and when this initial junk runs out
        failed fips test

        failed fips test

        failed fips test

        Segmentation fault

        I've tried this across a few reboots and power-downs, and the results appear to be consistent.  From this, I'm concluding that without additional hardware, rng-tools (rngd) can't really add anything useful to the entropy pool.  I'm also concluding that despite the presence of /dev/hwrng, no *working* hardware random number generator exists on the Linksys NSLU2. 

        So to reply to my old email (below), without additional hardware, I was just sacrificing precious memory by running rngd. 

        -Jimmy

        On 04/20/08 19:28, Jimmy C. Chau wrote: I am using SlugOS/BE-4.8-beta.  I have noticed that /etc/init.d/rng-tools has an error that prevents rngd from starting: rngd is set to /usr/local/sbin/rngd instead of /usr/sbin/rngd, where it actually is.  I have corrected that on my NSLU2, but then I noticed that /dev/hwrandom did not exist; the closest match was /dev/hwrng, so I added the option "-r /dev/hwrng" to the init file.

        Now everything appears to work okay.  My remaining issues are whether the IXP422 actually has a random number generator; where does /dev/hwrng lead?  Am I improving my entropy pool by running rngd (or am I foolishly sacrificing precious memory)?  Can someone who knows more about the NSLU2 please enlighten me about this?  Thanks in advance. 

        Below is some more information.

        -Jimmy C. Chau
        <jchau@...>

        Here is the output from "ipkg info rng-tools"
        Package: rng-tools
        Version: 2-1
        Depends: update-rc.d, libgcc1 (>= 4.1.2), libc6 (>= 2.5)
        Status: install ok installed
        Section: base
        Architecture: armv5teb
        Maintainer: OpenEmbedded Team <openembedded-devel@...>
        MD5Sum: d3d0f6341a38d64ae4404a7196eedca3
        Filename: rng-tools_2-1_armv5teb.ipk
        Source: http://heanet.dl.sourceforge.net/sourceforge/gkernel/rng-tools-2.tar.gz file://init
        Description: Random number generator daemon

        Here is my modified /etc/init.d/rng-tools:
        #! /bin/sh
        #
        # This is an init script for openembedded
        # Copy it to /etc/init.d/rng-tools and type
        # > update-rc.d rng-tools defaults 60
        #

        # Modified by Jimmy C. Chau <jchau@...> 2008 Apr 20

        # The following line was edited from 'rngd=/usr/local/sbin/rngd'
        rngd=/usr/sbin/rngd
        test -x "$rngd" || exit 1

        rngd_options="-r /dev/hwrng"

        case "$1" in
          start)
            echo -n "Starting random number generator daemon"
            start-stop-daemon --start --quiet --exec $rngd -- $rngd_options
            echo "."
            ;;
          stop)
            echo -n "Stopping random number generator daemon"
            start-stop-daemon --stop --quiet -n rngd
            echo "."
            ;;
          reload|force-reload)
            echo -n "Signalling rng daemon restart"
            start-stop-daemon --stop --quiet --signal 1 --exec $rngd
            start-stop-daemon --stop --quiet --signal 1 --exec $rngd
            ;;
          restart)
            echo -n "Stopping random number generator daemon"
            start-stop-daemon --stop --quiet -n rngd
            echo "."
            echo -n "Starting random number generator daemon"
            start-stop-daemon --start --quiet --exec $rngd -- $rngd_options
            echo "."
            ;;
          *)
            echo "Usage: /etc/init.d/rng-tools {start|stop|reload|restart|force-reload}"
            exit 1
        esac


      • Mike Westerhof (mwester)
        ... The IXP420 in the NSLU2 lacks the encryption unit, which is what provides the hardware random numbers. -Mike (mwester)
        Message 3 of 3 , Nov 19, 2011
          On 11/19/2011 3:39 AM, Jimmy C. Chau wrote:
          >
          > I've been investigating this some more (this time with
          > SlugOSBE-5.3-beta) and it seems like there isn't a hardware random
          > number generator. There isn't any mention of one in the datasheet that
          > I could find for the IPX422
          > <http://www.alldatasheet.com/datasheet-pdf/pdf/168291/INTEL/FWIXP422BB.html>.
          > And if I try to read it, I get nothing even after waiting several
          > minutes (I do get something from it initially, but subsequent reads
          > yield nothing, even a long while later).

          The IXP420 in the NSLU2 lacks the encryption unit, which is what
          provides the hardware random numbers.

          -Mike (mwester)
        Your message has been successfully submitted and would be delivered to recipients shortly.