[Cryptography] ChaCha20 DRNG
Jason Cooper
cryptography at lakedaemon.net
Fri Aug 5 11:39:13 EDT 2016
On Thu, Aug 04, 2016 at 10:38:51PM -0400, Patrick wrote:
> Stephan Mueller wrote on 08/04/2016 08:22 AM:
>
> > As part of the development of my "Linux Random Number Generator -- a new
> > approach to the Linux /dev/random" project, I implemented a DRNG based on
> > ChaCha20.
>
> I do have a question about the the syscall:
>
> do {
> ret = syscall(__NR_getrandom, buf, buflen, 0);
> if (0 < ret)
> len += ret;
> } while ((0 < ret || EINTR == errno || ERESTART == errno) && buflen > len);
>
> I haven't (yet) found any documentation on that, but it seems clear
> you're telling it to put at most buflen bytes into the buf and return
> the number of bytes it gave you in ret.
>
> You're keeping a total of the number of bytes you've gotten in len.
>
> However it seems to me that each syscall is going to start all over
> again at the beginning of the buf -- and yet you're tallying up the
> total len as if you're getting more bytes each time.
Good spot. :)
> Should len be used as a running offset into buf, with (buflen-len) as
> the requested number of bytes?
Yes.
> P.S. I'm sure by far most of the time (ret == buflen) anyway, but still.
If he's taking care to avoid assignments within conditionals:
if (0 < ret)
and he bothered to account for short writes, then I presume he would
want to do that accounting correctly.
thx,
Jason.
More information about the cryptography
mailing list