[Cryptography] ChaCha20 DRNG

Jason Cooper cryptography at lakedaemon.net
Fri Aug 5 11:39:13 EDT 2016


On Thu, Aug 04, 2016 at 10:38:51PM -0400, Patrick wrote:
> Stephan Mueller wrote on 08/04/2016 08:22 AM:
> 
> > As part of the development of my "Linux Random Number Generator -- a new 
> > approach to the Linux /dev/random" project, I implemented a DRNG based on 
> > ChaCha20.
> 
> I do have a question about the the syscall:
> 
>     do {
>         ret = syscall(__NR_getrandom, buf, buflen, 0);
>         if (0 < ret)
>             len += ret;
>     } while ((0 < ret || EINTR == errno || ERESTART == errno) && buflen > len);
> 
> I haven't (yet) found any documentation on that, but it seems clear
> you're telling it to put at most buflen bytes into the buf and return
> the number of bytes it gave you in ret.
> 
> You're keeping a total of the number of bytes you've gotten in len.
> 
> However it seems to me that each syscall is going to start all over
> again at the beginning of the buf -- and yet you're tallying up the
> total len as if you're getting more bytes each time.

Good spot.  :)

> Should len be used as a running offset into buf, with (buflen-len) as
> the requested number of bytes?

Yes.

> P.S. I'm sure by far most of the time (ret == buflen) anyway, but still.

If he's taking care to avoid assignments within conditionals:

  if (0 < ret)

and he bothered to account for short writes, then I presume he would
want to do that accounting correctly.

thx,

Jason.


More information about the cryptography mailing list