[Cryptography] ChaCha20 DRNG
Stephan Mueller
smueller at chronox.de
Fri Aug 5 03:16:25 EDT 2016
Am Donnerstag, 4. August 2016, 22:38:51 CEST schrieb Patrick:
Hi Patrick,
> Stephan Mueller wrote on 08/04/2016 08:22 AM:
> > As part of the development of my "Linux Random Number Generator -- a new
> > approach to the Linux /dev/random" project, I implemented a DRNG based on
> > ChaCha20.
>
> I do have a question about the the syscall:
>
> do {
> ret = syscall(__NR_getrandom, buf, buflen, 0);
> if (0 < ret)
> len += ret;
> } while ((0 < ret || EINTR == errno || ERESTART == errno)
> && buflen > len);
>
> I haven't (yet) found any documentation on that, but it seems clear
> you're telling it to put at most buflen bytes into the buf and return
> the number of bytes it gave you in ret.
>
> You're keeping a total of the number of bytes you've gotten in len.
>
> However it seems to me that each syscall is going to start all over
> again at the beginning of the buf -- and yet you're tallying up the
> total len as if you're getting more bytes each time.
>
> Should len be used as a running offset into buf, with (buflen-len) as
> the requested number of bytes?
Absolutely, this should be similar to the read(/dev/random) case:
syscall(__NR_getrandom, (buf + len), (buflen - len), 0);
Thanks for the bug report.
>
>
> Thanks,
> Patrick
>
> P.S. I'm sure by far most of the time (ret == buflen) anyway, but still.
See getrandom(2) - there is a man page but no libc stub. It can break with
EINTR and ERESTART.
Ciao
Stephan
More information about the cryptography
mailing list