replaced seedFromTime with seedFromSystem

.vscode/c_cpp_properties.json

@@ -6,6 +6,7 @@
             "includePath": [
                 "src",
                 "dependencies/BearSSL/inc",
+                "dependencies/BearSSL/src",
                 "dependencies/tlibc/include",
                 "${default}"
             ],

dependencies/BearSSL

@@ -1 +1 @@
-Subproject commit 3c040368f6791553610e362401db1efff4b4c5b8
+Subproject commit 3d9be2f60b7764e46836514bcd6e453abdfa864a

src/client/ServerConnection.c

@@ -56,9 +56,8 @@ Result(ServerConnection*) ServerConnection_open(ClientCredential* client_credent
     
     conn->session_key = Array_alloc_size(__AES_SESSION_KEY_SIZE);
     br_hmac_drbg_context key_rng = { .vtable = &br_hmac_drbg_vtable };
-    rng_init_sha256_seedFromTime(&key_rng.vtable);
+    rng_init_sha256_seedFromSystem(&key_rng.vtable);
     br_hmac_drbg_generate(&key_rng, conn->session_key.data, conn->session_key.size);
-    // TODO: add more entropy to the key to prevent easy key cracking when attacker knows the time when connection request was sent to a server
 
     printf("connecting to server %s\n", server_link_cstr);
     try(conn->system_socket, i, socket_open_TCP());

src/cryptography/RSA.c

@@ -36,7 +36,7 @@ Result(void) RSA_generateKeyPairFromTime(u32 key_size,
 {
     Deferral(8);
     br_hmac_drbg_context time_based_rng = { .vtable = &br_hmac_drbg_vtable };
-    rng_init_sha256_seedFromTime(&time_based_rng.vtable);
+    rng_init_sha256_seedFromSystem(&time_based_rng.vtable);
     try_void(RSA_generateKeyPair(key_size, sk, pk, &time_based_rng.vtable));
     Return RESULT_VOID;
 }
@@ -176,7 +176,7 @@ Result(void) RSA_parsePrivateKey_base64(const str src, br_rsa_private_key* sk){
 void EncryptorRSA_construct(EncryptorRSA* ptr, const br_rsa_public_key* pk){
     ptr->pk = pk;
     ptr->rng.vtable = &br_hmac_drbg_vtable;
-    rng_init_sha256_seedFromTime(&ptr->rng.vtable);
+    rng_init_sha256_seedFromSystem(&ptr->rng.vtable);
 }
 
 void EncryptorRSA_encrypt(EncryptorRSA* ptr, Array(u8) src, Array(u8) dst, u32* encrypted_size){

src/cryptography/cryptography.h

@@ -24,6 +24,16 @@ void hash_password(Array(u8) password, u8* out_buffer, i32 iterations);
 //                                  rng.c                                  //
 //////////////////////////////////////////////////////////////////////////////
 
+/// @brief Initialize prng context with sha256 hashing algorithm 
+///         and seed from system-provided cryptographic random bytes source.
+/// @param rng_vtable_ptr pointer to vtable field in prng context. The field must be initialized.
+/// EXAMPLE:
+/// ```
+/// br_hmac_drbg_context rng_ctx = { .vtable = &br_hmac_drbg_vtable };
+/// rng_init_sha256_seedFromTime(&rng_ctx.vtable);
+/// ```
+void rng_init_sha256_seedFromSystem(const br_prng_class** rng_vtable_ptr);
+
 /// @brief Initialize prng context with sha256 hashing algorithm and seed from CLOCK_REALTIME.
 /// @param rng_vtable_ptr pointer to vtable field in prng context. The field must be initialized.
 /// EXAMPLE:

src/cryptography/rng.c

@@ -1,8 +1,18 @@
 #include "cryptography.h"
 #include "tlibc/time.h"
+#include "assert.h"
 
 void rng_init_sha256_seedFromTime(const br_prng_class** rng_vtable_ptr){
     nsec_t time_now = getTimeNsec();
     const br_prng_class* rng_vtable = *rng_vtable_ptr;
     rng_vtable->init(rng_vtable_ptr, &br_sha256_vtable, &time_now, sizeof(time_now));
 }
+
+void rng_init_sha256_seedFromSystem(const br_prng_class** rng_vtable_ptr){
+    br_prng_seeder seeder = br_prng_seeder_system(NULL);
+    assert(seeder != NULL && "Can't get system random seeder. Bearssl is compiled incorrectly.");
+
+    const br_prng_class* rng_vtable = *rng_vtable_ptr;
+    rng_vtable->init(rng_vtable_ptr, &br_sha256_vtable, NULL, 0);
+    seeder(rng_vtable_ptr);
+}

src/main.c

@@ -13,6 +13,11 @@ typedef enum ProgramMode {
 int main(const int argc, cstr const* argv){
     Deferral(32);
 
+    if(br_prng_seeder_system(NULL) == NULL){
+        printfe("Can't get system random seeder. Bearssl is compiled incorrectly.");
+        return 1;
+    }
+
     ProgramMode mode = Client;
     cstr server_endpoint_cstr;
     u32 key_size = 0;