Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1933289rwb;
        Sat, 19 Nov 2022 06:09:22 -0800 (PST)
X-Google-Smtp-Source: AA0mqf54br+8DhoprpG7Igy8Z8elLEcXFNOSSFtZGd8z8Zm17/1vNzkgBPoXfqRG7tSD8c4NdoFr
X-Received: by 2002:a05:6a00:2b4:b0:537:51d3:db1b with SMTP id q20-20020a056a0002b400b0053751d3db1bmr2177217pfs.42.1668866962152;
        Sat, 19 Nov 2022 06:09:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668866962; cv=none;
        d=google.com; s=arc-20160816;
        b=IWWbT10Ummnq1g9Au6nLHDdXUWPd+rl84T4rsuk/bECX8Y0ljw49LaRM8mCnL0fNtL
         68y8j+w5b0JT0BuGohHQNGvGiLRFykFU67kIdRVzV/GGY5D0XAfjoyBCVOiB68N8RMjs
         S5YD3DEFZjZ+J+3lOQ35wOdbsxz88aB+BBniLwGqvfAFyBGZWjbz3tF+z1ISQDC57jHg
         MEGS5U6pN/blg7b3ie6Zp73PtxbdEy/M4HS/5wYTAF1Tvi9JKBR3XG5YBXualL1t7uJ7
         KUQL23CBnBvMoZm8G7f65gpBhrgMBv+guMW/LRRfh3yDq+eJx3JfRlROp/K+y5NEjX5F
         xoGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=sNjUH9YYxs+T2CdAZKiMZPcLV7XYZEO0+q+grRvvYi4=;
        b=KdFLwt4y1hJzfYxyOI51sFhrNJ7ZPUhocKi82Ma2AWcj8sNLICgVo9bjA/moIiPDQv
         BkSFCXzbcnCnBAX4ZnwU+F91oPHoALc3oGY5L9E2My98LJ91dcx06ErWou0aXFavxy2E
         HxrOC2Fv7qf9kQn+mC2VBwh2XSn+nPassFxX1Q7cOo1s6Rsgce8vU2PQvDfPxn79C2GE
         OYPM/bktU/zmIcfdzqYi9ReHuU50v9dUzzokaBdL9hCbrJqrfJGfoJ4QhFm8od/4ae7F
         TEE44pwqVBmlP/NLezMQ8R7t2U8lR0ON0hovX/9LpwSuh8z4WR9XOPiWh54cj5q9MUS1
         zBNg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=L8WRt3rP;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ot17-20020a17090b3b5100b00213dce992c1si6758769pjb.7.2022.11.19.06.08.55;
        Sat, 19 Nov 2022 06:09:22 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=L8WRt3rP;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231445AbiKSNnQ (ORCPT <rfc822;logchen2009@gmail.com>
        + 99 others); Sat, 19 Nov 2022 08:43:16 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46822 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229592AbiKSNnP (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Sat, 19 Nov 2022 08:43:15 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC72B83EBB
        for <linux-crypto@vger.kernel.org>; Sat, 19 Nov 2022 05:43:14 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 6EF2C60A6E
        for <linux-crypto@vger.kernel.org>; Sat, 19 Nov 2022 13:43:14 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id F2D05C433C1;
        Sat, 19 Nov 2022 13:43:12 +0000 (UTC)
Authentication-Results: smtp.kernel.org;
        dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="L8WRt3rP"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105;
        t=1668865390;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding;
        bh=sNjUH9YYxs+T2CdAZKiMZPcLV7XYZEO0+q+grRvvYi4=;
        b=L8WRt3rP4VI0qjaFz/qNoRuPGBNx2gAsLFnfX3DnrIESuFcJRwcsCZ9WhrJQMa1HDwnL/Z
        LiAGpAKRj8xNXHR1gdhjgUE7xJzVcS30+RIfvxU44ADRT2mjluJDleUEioHQpdqggTPiZ9
        H5QG88aPU81HyRr2ExLRq8KnvIrSSio=
Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 8e760f35 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
        Sat, 19 Nov 2022 13:43:10 +0000 (UTC)
From:   "Jason A. Donenfeld" <Jason@zx2c4.com>
To:     herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org
Cc:     "Jason A. Donenfeld" <Jason@zx2c4.com>,
        Andrej Shadura <andrew.shadura@collabora.co.uk>,
        Jiri Kosina <jkosina@suse.cz>
Subject: [PATCH] hwrng: u2fzero - account for high quality RNG
Date:   Sat, 19 Nov 2022 14:42:59 +0100
Message-Id: <20221119134259.2969204-1-Jason@zx2c4.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
        RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

The U2F zero apparently has a real TRNG in it with maximum quality, not
one with quality of "1", which was likely a misinterpretation of the
field as a boolean. So remove the assignment entirely, so that we get
the default quality setting.

In the u2f-zero firmware, the 0x21 RNG command used by this driver is
handled as such [1]:

  case U2F_CUSTOM_GET_RNG:
    if (atecc_send_recv(ATECC_CMD_RNG,ATECC_RNG_P1,ATECC_RNG_P2,
      NULL, 0,
      appdata.tmp,
      sizeof(appdata.tmp), &res) == 0 )
    {
      memmove(msg->pkt.init.payload, res.buf, 32);
      U2FHID_SET_LEN(msg, 32);
      usb_write((uint8_t*)msg, 64);
    }
    else
    {
      U2FHID_SET_LEN(msg, 0);
      usb_write((uint8_t*)msg, 64);
    }

This same call to `atecc_send_recv(ATECC_CMD_RNG,ATECC_RNG_P1,
ATECC_RNG_P2,...)` is then also used in the token's cryptographically
critical "u2f_new_keypair" function, as its rather straightforward
source of random bytes [2]:

  int8_t u2f_new_keypair(uint8_t * handle, uint8_t * appid, uint8_t * pubkey)
  {
    struct atecc_response res;
    uint8_t private_key[36];
    int i;

    watchdog();

    if (atecc_send_recv(ATECC_CMD_RNG,ATECC_RNG_P1,ATECC_RNG_P2,
      NULL, 0,
      appdata.tmp,
      sizeof(appdata.tmp), &res) != 0 )
    {
      return -1;
    }

So it seems rather plain that the ATECC RNG is considered to provide
good random numbers.

[1] https://github.com/conorpp/u2f-zero/blob/master/firmware/src/custom.c
[2] https://github.com/conorpp/u2f-zero/blob/master/firmware/src/u2f_atecc.c

Cc: Andrej Shadura <andrew.shadura@collabora.co.uk>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 drivers/hid/hid-u2fzero.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/hid/hid-u2fzero.c b/drivers/hid/hid-u2fzero.c
index ad489caf53ad..744a91e6e78c 100644
--- a/drivers/hid/hid-u2fzero.c
+++ b/drivers/hid/hid-u2fzero.c
@@ -261,7 +261,6 @@ static int u2fzero_init_hwrng(struct u2fzero_device *dev,
 
 	dev->hwrng.name = dev->rng_name;
 	dev->hwrng.read = u2fzero_rng_read;
-	dev->hwrng.quality = 1;
 
 	return devm_hwrng_register(&dev->hdev->dev, &dev->hwrng);
 }
-- 
2.38.1