Merge branch 'master' into doc-fix

CHANGELOG.md

@@ -0,0 +1,78 @@
+# Change Log
+
+## [0.3.0](https://github.com/13-37-org/infnoise/tree/0.3.0) (2018-10-09)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/0.2.6...0.3.0)
+
+**Merged pull requests:**
+
+- merge libinfnoise branch [\#12](https://github.com/13-37-org/infnoise/pull/12) ([manuel-domke](https://github.com/manuel-domke))
+- Fix apt-key add command in README [\#11](https://github.com/13-37-org/infnoise/pull/11) ([xenomachina](https://github.com/xenomachina))
+- Fix a couple of spelling errors [\#10](https://github.com/13-37-org/infnoise/pull/10) ([skitt](https://github.com/skitt))
+
+## [0.2.6](https://github.com/13-37-org/infnoise/tree/0.2.6) (2018-05-02)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/0.2.5...0.2.6)
+
+**Closed issues:**
+
+- systemd service can't be disabled [\#7](https://github.com/13-37-org/infnoise/issues/7)
+
+## [0.2.5](https://github.com/13-37-org/infnoise/tree/0.2.5) (2018-04-09)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/0.2.4...0.2.5)
+
+## [0.2.4](https://github.com/13-37-org/infnoise/tree/0.2.4) (2018-04-02)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/0.2.3...0.2.4)
+
+## [0.2.3](https://github.com/13-37-org/infnoise/tree/0.2.3) (2018-03-02)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/0.2.2...0.2.3)
+
+## [0.2.2](https://github.com/13-37-org/infnoise/tree/0.2.2) (2018-03-01)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/0.2.0...0.2.2)
+
+## [0.2.0](https://github.com/13-37-org/infnoise/tree/0.2.0) (2018-03-01)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/0.2.1...0.2.0)
+
+## [0.2.1](https://github.com/13-37-org/infnoise/tree/0.2.1) (2018-03-01)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/v0.2.1...0.2.1)
+
+## [v0.2.1](https://github.com/13-37-org/infnoise/tree/v0.2.1) (2018-03-01)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/v0.2.0...v0.2.1)
+
+**Merged pull requests:**
+
+- Version number [\#5](https://github.com/13-37-org/infnoise/pull/5) ([manuel-domke](https://github.com/manuel-domke))
+- Correct CS spelling [\#4](https://github.com/13-37-org/infnoise/pull/4) ([darrellrossman](https://github.com/darrellrossman))
+
+## [v0.2.0](https://github.com/13-37-org/infnoise/tree/v0.2.0) (2017-12-31)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/v0.1.2...v0.2.0)
+
+**Merged pull requests:**
+
+- merged captainpete's pull request \#28 from waywardgeek/infnoise [\#3](https://github.com/13-37-org/infnoise/pull/3) ([manuel-domke](https://github.com/manuel-domke))
+- merged "increased timeout and options struct" pull request from runema [\#2](https://github.com/13-37-org/infnoise/pull/2) ([manuel-domke](https://github.com/manuel-domke))
+
+## [v0.1.2](https://github.com/13-37-org/infnoise/tree/v0.1.2) (2017-11-13)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/0.1.0...v0.1.2)
+
+**Merged pull requests:**
+
+- updated readme [\#1](https://github.com/13-37-org/infnoise/pull/1) ([manuel-domke](https://github.com/manuel-domke))
+
+## [0.1.0](https://github.com/13-37-org/infnoise/tree/0.1.0) (2017-08-29)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/0.1.1...0.1.0)
+
+## [0.1.1](https://github.com/13-37-org/infnoise/tree/0.1.1) (2017-08-29)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/Fourth-OshPark-Prototype...0.1.1)
+
+## [Fourth-OshPark-Prototype](https://github.com/13-37-org/infnoise/tree/Fourth-OshPark-Prototype) (2014-11-02)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/Third-OshPark-Prototype...Fourth-OshPark-Prototype)
+
+## [Third-OshPark-Prototype](https://github.com/13-37-org/infnoise/tree/Third-OshPark-Prototype) (2014-10-15)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/Second-OshPark-Prototype...Third-OshPark-Prototype)
+
+## [Second-OshPark-Prototype](https://github.com/13-37-org/infnoise/tree/Second-OshPark-Prototype) (2014-10-12)
+[Full Changelog](https://github.com/13-37-org/infnoise/compare/First-OshPark-Prototype...Second-OshPark-Prototype)
+
+## [First-OshPark-Prototype](https://github.com/13-37-org/infnoise/tree/First-OshPark-Prototype) (2014-10-10)
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

README.md

@@ -26,7 +26,7 @@ before use in cryptography.  This should be done by continually reseeding a
 cryptographically secure hash function such as SHA-512, Blake2b, Keccak-1600 (SHA3), or a
 stream cipher such as ChaCha.  This implementation uses Keccak-1600 with cryptographically
 secure reseeding of more than 400 bits of entropy at a time, overcoming a trickle in/out
-problem present in the Linux /dev/random system.  Users who need many megabytes per second
+problem present in the GNU/Linux /dev/random system.  Users who need many megabytes per second
 of data for use in cryptography can set the outputMultiplier as high as they like, which
 causes Keccak to generate outputMultiplier\*256 bits per reseeding by the Infinite Noise
 TRNG.

software/Makefile.macos

@@ -1,3 +1,5 @@
+SHELL = /bin/bash
+
 GIT_VERSION := $(shell git --no-pager describe --tags --always)
 GIT_COMMIT  := $(shell git rev-parse --verify HEAD)
 GIT_DATE    := $(firstword $(shell git --no-pager show --date=iso-strict --format="%ad" --name-only))
@@ -6,9 +8,9 @@ PREFIX = $(DESTDIR)/usr/local
 
 # Against 'libftdi0' from MacOS X ports or brew
 #
-FTDILOCI = /opt/local/include
-FTDILOCL = /opt/local/lib
-FTDI=   -lftdi
+FTDILOCI = $(shell brew --prefix libftdi || echo /opt/local)/include/libftdi1
+FTDILOCL = $(shell brew --prefix libftdi || echo /opt/local)/lib
+FTDI=   -lftdi1
 
 CFLAGS = -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I $(FTDILOCI) \
  -DGIT_VERSION=\"$(GIT_VERSION)\"\
@@ -17,7 +19,7 @@ CFLAGS = -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I $(FTDILOCI) \
 
 RM=rm
 
-all: libinfnoise.a libinfnoise.so infnoise
+all: libinfnoise.a libinfnoise.so infnoise tools.stamp
 
 infnoise: libinfnoise.a infnoise.o daemon.o
 	$(CC) $(CFLAGS) -o infnoise infnoise.o daemon.o libinfnoise.a $(FTDI) -lm -L. -L $(FTDILOCL)
@@ -43,15 +45,19 @@ libinfnoise.so: libinfnoise.o healthcheck.o KeccakF-1600-reference.o
 
 libs: libinfnoise.a
 
+tools.stamp:
+	$(MAKE) -C tools all
+	touch  tools.stamp
+
 clean:
-	$(RM) -f infnoise *.o *.a *.gch *.so libinfnoise-example
+	$(RM) -f infnoise *.o *.a *.gch *.so libinfnoise-example tools.stamp
+	$(MAKE) -C tools clean
 
 install-lib: libinfnoise.so
 	install -d $(PREFIX)/include
 	install -m 0644 libinfnoise.h $(PREFIX)/include
 	install -d $(PREFIX)/lib
 	install -m 0644 libinfnoise.so $(PREFIX)/lib
-	ldconfig $(PREFIX)/lib
 
 install: infnoise
 	install -d $(PREFIX)/sbin
@@ -61,6 +67,6 @@ install: infnoise
 	install -d $(PREFIX)/lib/systemd/system
 	install -m 0644 init_scripts/infnoise.service $(PREFIX)/lib/systemd/system
 
-postinstall:
-	systemctl restart systemd-udevd
-	systemctl enable infnoise
+install-tools: install tools.stamp
+	install -d $(PREFIX)/bin
+	install -m 0755 tools/bin2hex tools/dice tools/entcheck tools/findlongest tools/flipbits tools/healthcheck tools/hex2bin tools/passgen $(PREFIX)/bin/

software/README.md

@@ -1,48 +1,42 @@
-Compiling the Driver for Windows
---------------------------------
-
-I compiled infnoise-win.exe using VisualStudio 2013 using Windows 7.  I downloaded the
-FTD2xx drivers from FTDI.  Pipes seem almost entirely broken in Windows, so the Windows
-version requires out output file to be specified on the command line.  In a cmd window,
-you can type
-
-    infnoise-win foo
-
-and let it run for a while until you have as much random data in foo as you need.
-
-The VisualStudio project for infnoise is in the infnoise/software/VisualStudio directory.
-
-Using prebuilt packages for Linux
+Releases
 ---------------------------------
 
-Precompiled binaries can be downloaded from the releases section of the 13-37-org fork:
-https://github.com/13-37-org/infnoise/releases
+Signed packages of release versions are availabe on [Github](https://github.com/13-37-org/infnoise/releases) and [13-37.org](https://13-37.org/files/).
 
-All packages are signed with the same PGP-Key (Key-ID: 0x4E730A3C) used for the repositories below. 
-Full Fingerprint: 71AE 099B 262D C0B4 93E6 EE71 975D C25C 4E73 0A3C. You can also check the 
-fingerprints at 13-37.org/pgp-keys and in the Crowd Supply campaign.
+The packages are signed with the same PGP-Key (Key-ID: `0x4E730A3C`) used for the apt repositories below. 
+Full Fingerprint: `71AE 099B 262D C0B4 93E6 EE71 975D C25C 4E73 0A3C`. You can get the keys on [13-37.org/keys](https://13-37.org/keys) and in the [Crowd Supply campaign](https://crowdsupply.com/13-37/infinite-noise-trng).
 
-Repositories for Ubuntu, Debian and Raspbian are also available. To add them follow this procedure:
+Verify the keys and add the repo:
 
     $ wget -O 13-37.org-code.asc https://13-37.org/files/pubkey.gpg 
+
     # Verify the keys fingerprint:
     # GPG1
     $ gpg --with-fingerprints 13-37.org-code.asc
     # GPG2:
     $ gpg2 --import-options import-show --dry-run --import < 13-37.org-code.asc
-    $ sudo apt-key add 13-37.org-code.asc
 
-Available for Ubuntu and Debian (x86, x64 and armhf):
+    $ sudo apt-key add 13-37.org-code.asc
 
     $ echo "deb http://repo.13-37.org/ stable main" | sudo tee /etc/apt/sources.list.d/infnoise.list
     $ sudo apt-get update
     $ sudo apt-get install infnoise
 
-Connect the Infinite Noise TRNG (if not already) and the service will be started via a udev rule.
-Check status of driver:
+Connect the Infinite Noise TRNG (if not already) and the service will be started via a udev rule. Check status of driver: 
+
     $ systemctl status infnoise
 
-Compiling the Driver for Linux
+Compiling the Driver 
+------------------------------
+
+It's highly recommended to build from the tagged releases, as these have been [tested and verified](https://github.com/13-37-org/infnoise/tree/master/tests/results) extensively. Note that the releases are maintained in the 13-37-org fork of this project.
+
+To switch to a specific tag:
+    
+    git clone https://github.com/13-37-org/infnoise
+    git checkout tags/0.3.0
+
+GNU/Linux
 ------------------------------
 
 The infnoise application reads random data from the Infinite Noise USB key and writes
@@ -53,12 +47,17 @@ this command:
     $ sudo apt-get install libftdi-dev libusb-dev
 
 These include an open source drivers for the FT240X USB chip used on the Infinite Noise
-TRNG.  Once this is done, to compile the infnoise program, simply make it:
+TRNG.  Once this is done, to compile the infnoise program, simply make and install it:
 
     $ make -f Makefile.linux
 
-To run the infnoise application, make sure the Infinite Noise USB stick is
-plugged in, and from a shell, type:
+To install it, run:
+    
+    $ make -f Makefile.linux install
+
+This also installs a systemd service and the udev rules described below to start the driver automatically when the device is plugged in.
+
+To run the infnoise application manually, make sure the systemd service is stopped. Otherwise it will restart the daemon and disrupt you.
 
     $ sudo ./infnoise > randbytes
 
@@ -70,12 +69,12 @@ Note that there is a newer alpha version of the next release of the libftdi libr
 found it runs much slower than the current libftdi1 library in Ubuntu, so I am sticking
 with the stable release for now.
 
-Compiling the driver for macOS
+MacOS
 ------------------------------
 
 First install the dependencies, most easily done with homebrew:
 
-    $ brew install libftdi-dev libusb-dev
+    $ brew install libftdi libusb
 
 Adjust the Makefile, if necessary, to point at your ftdi directory:
 
@@ -102,41 +101,42 @@ Or you may have to unload the FTDI serial port driver:
 Alternatively, FTDI have released the [D2XXhelper](http://www.ftdichip.com/Drivers/D2XX.htm), which may prevent the
 serial driver from grabbing the Infinitenoise device.
 
-Usage
+The `--dev-random` mode is not implemented for MacOS (yet.) 
+But you can try the the Infinite Noise [OpenSSL engine](https://github.com/tinskip/infnoise-openssl) based on libinfnoise.
+
+Windows
 -----
 
-Usage: infnoise [options]
-Options are:
-    --debug - turn on some debug output
-    --dev-random - write entropy to /dev/random instead of stdout
-    --raw - do not whiten the output
-    --multiplier <value> - write 256 bits * value for each 512 bits written to the Keccak sponge
-    --no-output - do not write random output data
-    --daemon - run in the background. Output should be redirected to a file or
-    the options should be used with --dev-random. To reduce CPU-usage addition
-    af entropy is only forced after a minute rather than a second.
-    --pidfile <filename> - write the process ID to a file. If --daemon is used, it is the ID of the background process.
-    --serial <serial> - use Infinite Noise TRNG/FT240 with the given serial number (see --list-devices)
-    --list-devices - list available devices
-=======
+I compiled infnoise-win.exe using VisualStudio 2013 using Windows 7. I downloaded the FTD2xx drivers from FTDI. Pipes seem almost entirely broken in Windows, so the Windows version requires out output file to be specified on the command line. In a cmd window, you can type
+
+    infnoise-win foo
+
+and let it run for a while until you have as much random data in foo as you need.
+
+The VisualStudio project for infnoise is in the infnoise/software/VisualStudio directory.
+
+There is also a new fork https://github.com/jj1bdx/infnoise-windows compiled with VS2017.
+
 Usage
 -----
 
     Usage: infnoise [options]
     Options are:
-        --debug - turn on some debug output
-        --dev-random - write entropy to /dev/random instead of stdout
-        --raw - do not whiten the output
-        --multiplier <value> - write 256 bits * value for each 512 bits written to the Keccak sponge
-        --no-output - do not write random output data
-        --daemon - run in the background. Output should be redirected to a file or
-        the options should be used with --dev-random. To reduce CPU-usage addition
-        af entropy is only forced after a minute rather than a second.
-        --pidfile <filename> - write the process ID to a file. If --daemon is used, it is the ID of the background process.
-        --serial <serial> - use Infinite Noise TRNG/FT240 with the given serial number (see --list-devices)
-        --list-devices - list available devices
+        -D, --debug - turn on some debug output
+        -R, --dev-random - write entropy to /dev/random instead of stdout
+        -r, --raw - do not whiten the output
+        -m, --multiplier <value> - write 256 bits * value for each 512 bits written to
+            the Keccak sponge.  Default of 0 means write all the entropy.
+        -n, --no-output - do not write random output data
+        -p, --pidfile <file> - write process ID to file
+        -d, --daemon - run in the background
+        -s, --serial <serial> - use specified device
+        -l, --list-devices - list available devices
+        -v, --version - show version information
+        -h, --help - this help output
 
-Note: The options --daemon and --pidfile are only implemented in the Linux version.
+Note: The options --daemon, --dev-random and --pidfile are only implemented in the GNU/Linux version. 
+The windows version is also lacking --list-devices and --serial. 
 
 Examples
 --------
@@ -254,21 +254,22 @@ Udev rules
 This is thanks to user Abigail on github.  If you want to automatically feed
 random data into /dev/random when the TRNG is plugged in, you can ask Linux to
 do this by creating a file in etc/udev/rules.d. 
+
 It relies on the systemd service "infnoise.service" provided under init_scripts, as udev is not designed to start long-running processes. 
 
-SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6015", SYMLINK+="infnoise" 
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6015" ,TAG+="systemd", ENV{SYSTEMD_WANTS}="infnoise.service"
+    SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6015", SYMLINK+="infnoise" 
+    ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6015" ,TAG+="systemd", ENV{SYSTEMD_WANTS}="infnoise.service"
 
 This also adds a symlink so the device removal can also be reacted on.
 
 I personally run the infnoise tool by hand from a bash shell, typically to test devices like this:
 
-$ sudo ./infnoise --debug --no-output
+     $ sudo ./infnoise --debug --no-output
 
 To avoid having to type 'sudo' each time, I created the following udev rules,
 which worked on my particular Ubuntu 14.04 based laptop:
 
-$ cat 30-infnoise.rules
-SUBSYSTEM=="usb", ATTRS{idProduct}=="6015", ATTRS{idVendor}=="0403", GROUP="dialout", MODE="0664"
+    $ cat 30-infnoise.rules
+    SUBSYSTEM=="usb", ATTRS{idProduct}=="6015", ATTRS{idVendor}=="0403", GROUP="dialout", MODE="0664"
 
 Note that my username is in the dialout group.

software/build-scripts/PKGBUILD.arch

@@ -1,13 +1,23 @@
 # Maintainer: Manuel Domke <info@13-37.org>
-pkgname=infnoise
-pkgdesc='Infinite Noise TRNG'
-license=('open')
+
+_pkgname=infnoise
+
+pkgname=${_pkgname}
+pkgver=0.2.6.r86.g453234b
+pkgdesc="Infinite Noise TRNG - The world's easiest TRNG to get right"
+license=('custom:CC0')
 url='https://github.com/13-37-org/infnoise'
 depends=('libftdi-compat')
-makedepends=()
-source=('git+https://github.com/13-37-org/infnoise.git')
-md5sums=('SKIP')
+makedepends=("git")
+source=('git+https://github.com/13-37-org/infnoise')
+sha256sums=("SKIP")
 install='INSTALL'
+
+pkgver() {
+  cd "${_pkgname}"
+  git describe --long --tags | sed 's/-/.r/;s/-/./'
+}
+
 build() {
   cd "${srcdir}/infnoise/software/"
   make -f Makefile.linux
@@ -21,5 +31,3 @@ package() {
   install -Dvm644 "${srcdir}/infnoise/software/init_scripts/infnoise.conf.systemd" "${pkgdir}/etc/infnoise.conf"
   install -Dvm644 "${srcdir}/infnoise/software/init_scripts/infnoise.service.bin" "${pkgdir}/usr/lib/systemd/system/infnoise.service"
 }
-
-

software/build-scripts/build-archlinux.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh -ex
 
 VERSION=`git --no-pager describe --tags --always | cut -d'-' -f1`
 PKGREL=`git --no-pager describe --tags --always | cut -d'-' -f2`
@@ -9,43 +9,31 @@ if [ $VERSION == $PKGREL ]; then # this is a release
 	PKGREL=0
 fi
 
+SIGNPACKAGE=1
 
-SIGNPACKAGE=true
 while test $# -gt 0
 do
     case "$1" in
-        --notsigned) SIGNPACKAGE=false
+        --notsigned) SIGNPACKAGE=0
             ;;
     esac
     shift
 done
 
-
 # x86_64
 mkdir -p x86_64
 cd x86_64
 
-cp ../PKGBUILD.arch PKGBUILD
-cp ../INSTALL.arch INSTALL
+cp ../build-scripts/PKGBUILD.arch PKGBUILD
+cp ../build-scripts/INSTALL.arch INSTALL
+
 sed -i "s|.*source.*=.*(.*).*|source=('git+$GITREPO')|g" PKGBUILD
-echo "pkgver=$VERSION.$PKGREL" >> PKGBUILD
+#echo "pkgver=$VERSION.$PKGREL" >> PKGBUILD
 echo "pkgrel=1" >> PKGBUILD
 echo "arch=('x86_64')" >> PKGBUILD
-ls -lah
-if [ "$SIGNPACKAGE" = true ]; then
-  makepkg -f --sign --key 975DC25C4E730A3C
-else
-  makepkg -f
+
+makepkg -f
+
+if [ $SIGNPACKAGE -eq 1 ]; then
+	PKGEXT='.pkg.tar.xz' makepkg --packagelist  | xargs -L1 gpg --sign
 fi
-cd ..
-
-# x86
-mkdir -p x86
-cd x86
-
-cp ../PKGBUILD.arch PKGBUILD
-cp ../INSTALL.arch INSTALL
-echo "pkgver=$VERSION.$PKGREL" >> PKGBUILD
-echo "pkgrel=1" >> PKGBUILD
-echo "arch=('i686')" >> PKGBUILD
-makechrootpkg -r /x86 -U jenkins -- --sign --key 975DC25C4E730A3C

software/build-scripts/build-rpm.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh -ex
 
 VERSION=`git --no-pager describe --tags --always | cut -d'-' -f1`
 RELEASE=`git --no-pager describe --tags --always | cut -d'-' -f2`
@@ -12,15 +12,20 @@ ARCH=$2
 PATH=$PATH:/sbin/
 
 mkdir -p SOURCES
-tar -czf SOURCES/infnoise.tar.gz . --exclude="SOURCES"
-
+tar -czf SOURCES/infnoise-$VERSION.tar.gz . --exclude="SOURCES"
 mkdir -p BUILD SPECS RPMS SRPMS
 
 cp build-scripts/infnoise.spec build-scripts/infnoise-tools.spec SPECS
 sed -i -- 's/__VERSION__/'$VERSION'/g' SPECS/infnoise.spec
 sed -i -- 's/__RELEASE__/'$RELEASE'/g' SPECS/infnoise.spec
+
 sed -i -- 's/__VERSION__/'$VERSION'/g' SPECS/infnoise-tools.spec
 sed -i -- 's/__RELEASE__/'$RELEASE'/g' SPECS/infnoise-tools.spec
 
+pwd
+
 rpmbuild --define "_topdir `pwd`" -ba SPECS/infnoise.spec
+
+pwd
+
 rpmbuild --define "_topdir `pwd`" -ba SPECS/infnoise-tools.spec

software/build-scripts/build.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh -ex
 
 ARCH=$1
 VERSION=`git --no-pager describe --tags --always`
@@ -30,9 +30,7 @@ if [ ! -e build/usr/sbin/infnoise ] ; then
 	exit 1;
 fi
 
-# debuild -b -uc -us
-dpkg -b build/ infnoise_${VERSION}_${ARCH}.deb
-#debbuild -uc -us
+fakeroot dpkg -b build/ infnoise_${VERSION}_${ARCH}.deb
 
 ### build infnoise-tools ###
 rm -rf build
@@ -40,7 +38,7 @@ rm -rf build
 cd tools
 mkdir -p build/usr/bin/
 
-make -f Makefile.linux
+make -f Makefile
 
 cp passgen build/usr/bin/infnoise-passgen
 cp dice build/usr/bin/infnoise-dice
@@ -56,7 +54,7 @@ cp ../build-scripts/control.debian.tools build/DEBIAN/control
 echo "Version: $VERSION" >> build/DEBIAN/control
 echo "Architecture: $ARCH" >> build/DEBIAN/control
 
-dpkg -b build/ infnoise-tools_${VERSION}_${ARCH}.deb
+fakeroot dpkg -b build/ infnoise-tools_${VERSION}_${ARCH}.deb
 
 rm -rf build
 cd ..
@@ -77,6 +75,6 @@ cp build-scripts/control.debian.lib build/DEBIAN/control
 echo "Version: $VERSION" >> build/DEBIAN/control
 echo "Architecture: $ARCH" >> build/DEBIAN/control
 
-dpkg -b build/ libinfnoise_${VERSION}_${ARCH}.deb
+fakeroot dpkg -b build/ libinfnoise_${VERSION}_${ARCH}.deb
 
 rm -rf build

software/build-scripts/infnoise-tools.spec

@@ -3,10 +3,10 @@ Version:        __VERSION__
 Release:        __RELEASE__
 Summary:        Infinite Noise TRNG
 Group:          Applications/Security
-License:        GPL
+License:        CC0
 URL:            https://github.com/13-37-org/infnoise
 Vendor:         13-37.org
-Source:		infnoise.tar.gz
+Source:		infnoise-%{version}.tar.gz
 Prefix:         %{_prefix}
 Packager: 	Manuel Domke
 BuildRoot:      %{_tmppath}/%{name}-root
@@ -14,11 +14,11 @@ BuildRoot:      %{_tmppath}/%{name}-root
 %description
 
 %prep
-tar -xzf ../SOURCES/infnoise.tar.gz
+tar -xzf ../SOURCES/infnoise-%{version}.tar.gz
 
 %build
 cd tools
-make -f Makefile.linux
+make
 
 %install
 #make DESTDIR=$RPM_BUILD_ROOT install

software/build-scripts/infnoise.spec

@@ -3,10 +3,10 @@ Version:        __VERSION__
 Release:        __RELEASE__
 Summary:        Infinite Noise TRNG
 Group:          Applications/Security
-License:        GPL
+License:        CC0
 URL:            https://github.com/manuel-domke/infnoise
 Vendor:         13-37.org
-Source:		infnoise.tar.gz
+Source:		infnoise-%{version}.tar.gz
 Prefix:         %{_prefix}
 Packager: 	Manuel Domke
 BuildRoot:      %{_tmppath}/%{name}-root
@@ -14,7 +14,7 @@ BuildRoot:      %{_tmppath}/%{name}-root
 %description
 
 %prep
-tar -xzf ../SOURCES/infnoise.tar.gz
+tar -xzf ../SOURCES/infnoise-%{version}.tar.gz
 
 %build
 make -f Makefile.linux

software/examples/README.md

@@ -16,11 +16,22 @@ This simple version just prints the serials to stdout. Call like this:
 
 #### randomserver.py
 
-A simple webserver based on the web.py framework to serve random data via a REST interface. An example is hosted at https://rng.13-37.org (running on a Raspberry Pi in Amsterdam, thanks to pcextreme.nl!)
-
-It has only two resources: `/get` and `/status`. 
+A simple webserver based on the web.py framework to serve random data via a REST interface. 
+An improved version is hosted on [rng.13-37.org](https://rng.13-37.org).
 
 ## libinfnoise
 
-TODO
+Under libinfnoise/examples you'll find two examples on how to integrate libinfnoise, which consist of the following functions:
 
+    // returns a struct of infnoise_devlist_node listing all connected FTDI FT240 devices by their USB descriptors
+    devlist_node listUSBDevices(char **message);
+
+    // initialize the Infinite Noise TRNG - must be called once before readData() works
+    bool initInfnoise(struct infnoise_context *context, char *serial, bool keccak, bool debug);
+
+    // Reads some bytes from the TRNG and stores them in the "result" byte array.
+    // The array has to be of sufficient size. Please refer to the example programs. 
+    // (64 byte for normal operation or 128byte for multiplier mode)
+    uint32_t readData(struct infnoise_context *context, uint8_t *result, bool raw, uint32_t outputMultiplier);
+
+The infnoise_context struct is also part of the interface. See [libinfnoise.h](../libinfnoise.h) for it's definition and the interface documentation.

software/examples/libinfnoise/example-complex.c

@@ -18,19 +18,16 @@ int main()
     struct infnoise_context context;
 
     if (!initInfnoise(&context, serial, initKeccak, debug)) {
-        fputs(context.message, stderr);
+        fprintf(stdout, "Error: %s\n", context.message);
         return 1; // ERROR
     }
 
     uint32_t resultSize;
-    if (multiplier <= 1 || initKeccak == false) {
-        resultSize = 32u;
-    } else if (multiplier==2) {
-	resultSize=64;
+    if (multiplier <= 2 || initKeccak == false) {
+        resultSize = 64u;
     } else {
         resultSize = 128u;
     }
-    fprintf(stdout, "Error: %i\n", resultSize);
 
     // read and print in a loop (until 1M is read)
     uint64_t totalBytesWritten = 0u;
@@ -47,8 +44,8 @@ int main()
             fprintf(stderr, "Error: %s\n", context.message);
             return -1;
         }
-        fprintf(stderr, "infnoise bytes read: %lu\n", (unsigned long) bytesWritten);
 	totalBytesWritten += bytesWritten;
+        fprintf(stderr, "infnoise bytes read: %lu\n", (unsigned long) totalBytesWritten);
 
         // print as many bytes as readData told us
         fwrite(result, 1, bytesWritten, stdout);

software/examples/libinfnoise/example-simple.c

@@ -17,15 +17,14 @@ int main()
     // initialize hardware and health monitor
     struct infnoise_context context;
     if (!initInfnoise(&context, serial, initKeccak, debug)) {
-        fprintf(stdout, "erri: %s\n", "");
-        fputs(context.message, stderr);
+        fprintf(stderr, "Error: %s\n", context.message);
         return 1; // ERROR
     }
 
-    // fixed result size of 512 bit (32byte)
-    uint8_t resultSize = 32u;
+    // fixed result size of 512 bit (64byte)
+    uint8_t resultSize = 64u;
 
-    // read and print in a loop (until 1M is read)
+    // read and print in a loop (until 1MB is read)
     uint64_t totalBytesWritten = 0u;
     while (totalBytesWritten < 1000000) {
         uint8_t result[resultSize];
@@ -42,13 +41,14 @@ int main()
             fprintf(stderr, "Error: %s\n", context.message);
             return -1;
         }
-        fprintf(stderr, "infnoise bytes read: %lu\n", (unsigned long) bytesWritten);
 
         // print as many bytes as readData told us
         fwrite(result, 1, bytesWritten, stdout);
 
 	// sum up
 	totalBytesWritten += bytesWritten;
+        fprintf(stderr, "bytes read: %lu\n", (unsigned long) totalBytesWritten);
+
     }
     return 0;
 }

software/healthcheck.1

@@ -0,0 +1,21 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH HEALTHCHECK 1 "June 25 2018"
+.\" Please adjust this date whenever revising the manpage.
+.SH NAME
+healthcheck \- health check
+.SH SYNOPSIS
+.B healthcheck
+.SH DESCRIPTION
+.B healthcheck
+performs a detailed health check on the values generated by the
+system's random number generator.
+.PP
+It attempts to guess the next bit based on the bits read so far, and
+adjusts the measured entropy based on the deviation from the guess.
+.PP
+Once enough data has been gathered, it outputs a detailed report
+showing the results for each value seen in the stream.
+.SH OPTIONS
+This program has no options.
+.SH SEE ALSO
+.BR infnoise (8).

software/infnoise.8

@@ -0,0 +1,74 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH INFNOISE 8 "June 25 2018"
+.\" Please adjust this date whenever revising the manpage.
+.SH NAME
+infnoise \- Infinite Noise TRNG driver
+.SH SYNOPSIS
+.B infnoise \-\-help
+.br
+.B infnoise \-\-version
+.br
+.B infnoise \-\-list\-devices
+.br
+.B infnoise
+.RB [ \-\-debug ]
+.RB [ \-\-dev\-random ]
+.RB [ \-\-raw ]
+.RB [ \-\-multiplier
+.RI < value >]
+.RB [ \-\-no\-output ]
+.RB [ \-\-pidfile
+.RI < file >]
+.RB [ \-\-daemon ]
+.RB [ \-\-serial
+.RI < serial >]
+.SH DESCRIPTION
+.B infnoise
+provides access to the Infinite Noise True Random Number Generator and
+allows the data it generates to be fed into the system's random number
+generator.
+.PP
+.B infnoise \-\-help
+shows a short summary of the options.
+.PP
+.B infnoise \-\-version
+displays the program's version information.
+.PP
+.B infnoise \-\-list\-devices
+lists all the supported TRNG devices present on the system.
+.PP
+.B infnoise
+reads random data from a TRNG and outputs filtered random data to its
+standard output. The various options control the program's behaviour.
+.SH OPTIONS
+.TP
+.B \-\-debug
+measures the quality of the data obtained from the TRNG. It is
+typically used with \-\-no\-output as a sanity test.
+.TP
+.B \-\-dev\-random
+adds the filtered data to the system's entropy pool instead of sending
+it to its standard output.
+.TP
+.B \-\-raw
+disables output whitening.
+.TP
+.BR \-\-multiplier <\fIvalue\fP>
+writes 256 bits ×
+.I value
+for every 512 bits written to the Keccak sponge; the default of 0
+means to write all the available entropy, without multiplying it.
+.TP
+.B \-\-no\-output
+disables output of random data.
+.TP
+.BR \-\-pidfile <\fIfile\fP>
+stores the process' identifier in
+.IR file .
+.TP
+.B \-\-daemon
+starts the program as a daemon.
+.TP
+.BR \-\-serial <\fIserial\fP>
+uses the device matching the specified
+.IR serial .

software/infnoise.c

@@ -20,7 +20,6 @@
 #include <getopt.h>
 #include "infnoise.h"
 #include "libinfnoise.h"
-#include "KeccakF-1600-interface.h"
 
 static void initOpts(struct opt_struct *opts) {
     opts->outputMultiplier = 0u;
@@ -250,7 +249,7 @@ int main(int argc, char **argv) {
         close(devRandomFD);
 #endif
 #if defined(__APPLE__)
-        message = "dev/random not supported on macOS";
+        context.message = "dev/random not supported on macOS";
         fprintf(stderr, "Error: %s\n", context.message);
         return 1;
 #endif

software/init_scripts/infnoise.service.8

@@ -0,0 +1,23 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH INFNOISE.SERVICE 1 "June 25 2018"
+.\" Please adjust this date whenever revising the manpage.
+.SH NAME
+infnoise.service \- systemd service for infnoise
+.SH SYNOPSIS
+.B systemctl
+.BR start | status | restart | stop
+.B infnoise
+.SH DESCRIPTION
+.B infnoise.service
+allows systemd to manage the
+.B infnoise
+daemon.
+.SH FILES
+.TP
+.B /etc/infnoise.conf
+service configuration file
+.TP
+.B /var/run/infnoise.pid
+service process identifier
+.SH SEE ALSO
+.BR infnoise (8).

software/libinfnoise.c

@@ -337,7 +337,7 @@ uint32_t readData(struct infnoise_context *context, uint8_t *result, bool raw, u
 
         context->bytesWritten += bytesToWrite;
         context->numBits -= bytesToWrite * 8u;
-        return 1024/8u;
+        return bytesToWrite;
     } else { // collect new entropy
         uint8_t inBuf[BUFLEN];
         struct timespec start;

software/libinfnoise.h

@@ -36,7 +36,7 @@ struct infnoise_devlist_node {
 typedef struct infnoise_devlist_node *devlist_node;
 
 /*
- * returns a struct of infnoise_devlist_node listing all connected FTDI FT240 devices by its USB descriptors,
+ * returns a struct of infnoise_devlist_node listing all connected FTDI FT240 devices by their USB descriptors
  *
  * parameters:
  *  - message: pointer for error message
@@ -45,9 +45,8 @@ typedef struct infnoise_devlist_node *devlist_node;
  */
 devlist_node listUSBDevices(char **message);
 
-
 /*
- * initialize the Infinite Noise TRNG - must be called once before readData() works.
+ * initialize the Infinite Noise TRNG - must be called once before readData() works
  *
  * parameters:
  *  - context: pointer to infnoise_context struct
@@ -61,10 +60,12 @@ bool initInfnoise(struct infnoise_context *context, char *serial, bool keccak, b
 /*
  * Reads some bytes from the TRNG and stores them in the "result" byte array.
  * The array has to be of sufficient size. Please refer to the example programs. 
+ * (64 byte for normal operation or 128byte for multiplier mode)
  *
- * After each read operation, the infnoise_context's errorFlag must be checked,
- * and the data from this call has to be discarded!
- * Detailed error messages can be found in context->message.
+ * After every read operation, the infnoise_context's errorFlag must be checked,
+ * and the data from this call has to be discarded when it returns true!
+ *
+ * Detailed error messages can then be found in context->message.
  *
  * parameters:
  *  - context: infnoise_context struct with device pointer and state variables
@@ -72,6 +73,6 @@ bool initInfnoise(struct infnoise_context *context, char *serial, bool keccak, b
  *  - raw: boolean flag for raw or whitened output
  *  - outputMultiplier: only used for whitened output
  *
- * returns: number of bytes written to the array
+ * returns: number of bytes written to the byte-array
 */
 uint32_t readData(struct infnoise_context *context, uint8_t *result, bool raw, uint32_t outputMultiplier);

software/tools/Makefile

@@ -1,4 +1,10 @@
-CFLAGS=-Wall -Wextra -Werror -std=c99 -O3
+CFLAGS=-Wall -Wextra -Werror -std=c99 -O3 -I $(shell brew --prefix libftdi || echo /usr)/include/libftdi1
+UNAME_S := $(shell uname -s)
+ifeq ($(UNAME_S),Darwin)
+    LIBRT=
+else
+    LIBRT=-lrt
+endif
 
 all: passgen healthcheck findlongest entcheck hex2bin bin2hex flipbits dice
 
@@ -6,10 +12,10 @@ passgen: passgen.c
 	$(CC) $(CFLAGS) -o passgen passgen.c -lm
 
 healthcheck: ../healthcheck.c
-	$(CC) $(CFLAGS) -D TEST_HEALTHCHECK -o healthcheck ../healthcheck.c -lm -lrt
+	$(CC) $(CFLAGS) -D TEST_HEALTHCHECK -o healthcheck ../healthcheck.c -lm $(LIBRT)
 
 entcheck: entcheck.c
-	$(CC) $(CFLAGS) -o entcheck entcheck.c -lm -lrt
+	$(CC) $(CFLAGS) -o entcheck entcheck.c -lm $(LIBRT)
 
 findlongest: findlongest.c
 	$(CC) $(CFLAGS) -o findlongest findlongest.c

software/tools/bin2hex.1

@@ -0,0 +1,16 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH BIN2HEX 1 "June 22 2018"
+.\" Please adjust this date whenever revising the manpage.
+.SH NAME
+bin2hex \- display binary content as hexadecimal
+.SH SYNOPSIS
+.B bin2hex
+.SH DESCRIPTION
+.B bin2hex
+reads from its standard input, and outputs the value of each byte it
+reads as a hexadecimal pair.
+.PP
+.SH OPTIONS
+This program has no options.
+.SH SEE ALSO
+.BR infnoise (8).

software/tools/dice.1

@@ -0,0 +1,29 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH DICE 1 "June 22 2018"
+.\" Please adjust this date whenever revising the manpage.
+.SH NAME
+dice \- roll dice
+.SH SYNOPSIS
+.B dice
+.RI < file >
+.RI < dice >
+.RI < sides >
+.SH DESCRIPTION
+.B dice
+simulates a dice roll, using data from
+.I file
+to roll
+.I dice
+dice with
+.I sides
+sides each.
+.PP
+A common value for
+.I file
+is
+.BR /dev/random .
+.PP
+.SH OPTIONS
+This program has no options.
+.SH SEE ALSO
+.BR infnoise (8).

software/tools/entcheck.1

@@ -0,0 +1,37 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH ENTCHECK 1 "June 22 2018"
+.\" Please adjust this date whenever revising the manpage.
+.SH NAME
+entcheck \- estimates the entropy of a stream
+.SH SYNOPSIS
+.B entcheck
+.RB [ \-N
+.RI < bits >]
+.RB [ \-s
+.RI < streams >]
+.SH DESCRIPTION
+.B entcheck
+estimates the entropy of its standard input.
+It uses the previous
+.I bits
+bits (16 by default) to predict the next bit, and estimates the
+entropy based on the level of surprise, that is to say the base-2
+logarithm of the probability of seeing the given string of bits.
+.PP
+In some scenarios, such as the output of an 8-bit DAC, some bits are
+special: entropy then needs to be predicted per bit over the width of
+the input data. The
+.B \-s
+option sets the width of the input data in this case.
+.PP
+.SH OPTIONS
+.TP
+.BR \-N " <\fIbits\fP>"
+specifies the number of
+.I bits
+to use to predict the next bit.
+.TP
+.BR \-s " <\fIstreams\fP>"
+specifies the number of streams to use.
+.SH SEE ALSO
+.BR infnoise (8).

software/tools/findlongest.1

@@ -0,0 +1,25 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH FINDLONGEST 1 "June 25 2018"
+.\" Please adjust this date whenever revising the manpage.
+.SH NAME
+findlongest \- finds the longest repeating sequence
+.SH SYNOPSIS
+.B findlongest \-\-test
+.br
+.B findlongest
+.RI < file >
+.SH DESCRIPTION
+.B findlongest
+finds the longest repeating sequence of bits in the given
+.IR file ,
+up to 34
+bits in length.
+.PP
+.SH OPTIONS
+.TP
+.B \-\-test
+generates random data (using
+.BR rand (3))
+instead of reading data from a file.
+.SH SEE ALSO
+.BR infnoise (8).

software/tools/flipbits.1

@@ -0,0 +1,19 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH FLIPBITS 1 "June 24 2018"
+.\" Please adjust this date whenever revising the manpage.
+.SH NAME
+flipbits \- flip bits
+.SH SYNOPSIS
+.B flipbits
+.RI [ width ]
+.SH DESCRIPTION
+.B infnoise-flipbits
+flips the bits in its input data (from standard input),
+.I width
+bits at a time (8 by default), and outputs the result to standard
+output.
+.PP
+.SH OPTIONS
+This program has no options.
+.SH SEE ALSO
+.BR infnoise (8).

software/tools/hex2bin.1

@@ -0,0 +1,19 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH HEX2BIN 1 "June 22 2018"
+.\" Please adjust this date whenever revising the manpage.
+.SH NAME
+hex2bin \- convert hexadecimal to the encoded values
+.SH SYNOPSIS
+.B hex2bin
+.SH DESCRIPTION
+.B hex2bin
+reads from its standard input, ignoring any byte which isn’t a valid
+hexadecimal digit, and combines any two successive hexadecimal digits
+into the corresponding byte, which it outputs to its standard output.
+Only complete bytes are output, so an odd number of hexadecimal digits
+as input will drop the last digit.
+.PP
+.SH OPTIONS
+This program has no options.
+.SH SEE ALSO
+.BR infnoise (8).

software/tools/passgen.1

@@ -0,0 +1,19 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH PASSGEN 1 "June 25 2018"
+.\" Please adjust this date whenever revising the manpage.
+.SH NAME
+passgen \- generates passwords by rolling dice
+.SH SYNOPSIS
+.B passgen
+.RI < file >
+.RI < size >
+.SH DESCRIPTION
+.B passgen
+generates an alphabetic password by rolling a 26-sided die, fed from
+.IR file ,
+.I size
+times.
+.SH OPTIONS
+This program has no options.
+.SH SEE ALSO
+.BR infnoise (8).

tests/README.md

@@ -37,7 +37,7 @@ resulting in 100.000 FIPS blocks with 20.000 bit each - and took two weeks.
 
 Make sure you have the following tools installed:
 
-- rng-tools
+- rng-tools (make sure to stop rngd during the test and uninstall/disable afterwards)
 - ent
 - dieharder
 - pv
@@ -76,3 +76,5 @@ Directory structure created by a test run:
 	    - <testcase>-<multiplier>-<kbytes>K.log: 			log output of the infnoise utility
 	    - <testcase>-<multiplier>-<kbytes>K-pv.log: 		log output of pv
 	    - <testcase>-<multiplier>-<kbytes>K.out:			random data produced in the test run
+
+In the already existing results folder you'll find results for major driver [releases] (https://github.com/13-37-org/infnoise/releases).