Same idea as the code I wrote a few years ago, except for the latest version of Monocypher and it actually works.
The tl;dr of the last time I did this is that OS entropy APIs are annoying because that have vaguely defined failure conditions, and moving it to userspace sidesteps all of that. We still need to seed it with kernel entropy, which we'll do with ggentropy.
The code is way simpler this time:
u8 entropy[ u8 ];
u64 ctr;
bool Init() {
if( !ggentropy( entropy, sizeof( entropy ) ) )
return false;
ctr = 0;
return true;
}
void Shutdown() {
crypto_wipe( entropy, sizeof( entropy ) );
}
void CSPRNG( void * buf, size_t n ) {
ctr = crypto_chacha_ctr( ( u8 * ) buf, NULL, n, entropy, entropy + 32, ctr );
}
although not foolproof:
Init succeeded. Abort if it was first
init, you can maybe just print a warning if doing periodic reseedingpthread_atfork. This can fail but so can fork so it's not
making it worse