replaced seedFromTime with seedFromSystem

2025-10-25 11:29:45 +05:00
parent 60bc501227
commit 1b968f8b1b
7 changed files with 30 additions and 5 deletions
--- a/src/cryptography/RSA.c
+++ b/src/cryptography/RSA.c
@@ -36,7 +36,7 @@ Result(void) RSA_generateKeyPairFromTime(u32 key_size,
 {
    Deferral(8);
    br_hmac_drbg_context time_based_rng = { .vtable = &br_hmac_drbg_vtable };
-    rng_init_sha256_seedFromTime(&time_based_rng.vtable);
+    rng_init_sha256_seedFromSystem(&time_based_rng.vtable);
    try_void(RSA_generateKeyPair(key_size, sk, pk, &time_based_rng.vtable));
    Return RESULT_VOID;
 }
@@ -176,7 +176,7 @@ Result(void) RSA_parsePrivateKey_base64(const str src, br_rsa_private_key* sk){
 void EncryptorRSA_construct(EncryptorRSA* ptr, const br_rsa_public_key* pk){
    ptr->pk = pk;
    ptr->rng.vtable = &br_hmac_drbg_vtable;
-    rng_init_sha256_seedFromTime(&ptr->rng.vtable);
+    rng_init_sha256_seedFromSystem(&ptr->rng.vtable);
 }

 void EncryptorRSA_encrypt(EncryptorRSA* ptr, Array(u8) src, Array(u8) dst, u32* encrypted_size){
--- a/src/cryptography/cryptography.h
+++ b/src/cryptography/cryptography.h
@@ -24,6 +24,16 @@ void hash_password(Array(u8) password, u8* out_buffer, i32 iterations);
 //                                  rng.c                                  //
 //////////////////////////////////////////////////////////////////////////////

+/// @brief Initialize prng context with sha256 hashing algorithm 
+///         and seed from system-provided cryptographic random bytes source.
+/// @param rng_vtable_ptr pointer to vtable field in prng context. The field must be initialized.
+/// EXAMPLE:
+/// ```
+/// br_hmac_drbg_context rng_ctx = { .vtable = &br_hmac_drbg_vtable };
+/// rng_init_sha256_seedFromTime(&rng_ctx.vtable);
+/// ```
+void rng_init_sha256_seedFromSystem(const br_prng_class** rng_vtable_ptr);
+
 /// @brief Initialize prng context with sha256 hashing algorithm and seed from CLOCK_REALTIME.
 /// @param rng_vtable_ptr pointer to vtable field in prng context. The field must be initialized.
 /// EXAMPLE:
--- a/src/cryptography/rng.c
+++ b/src/cryptography/rng.c
@@ -1,8 +1,18 @@
 #include "cryptography.h"
 #include "tlibc/time.h"
+#include "assert.h"

 void rng_init_sha256_seedFromTime(const br_prng_class** rng_vtable_ptr){
    nsec_t time_now = getTimeNsec();
    const br_prng_class* rng_vtable = *rng_vtable_ptr;
    rng_vtable->init(rng_vtable_ptr, &br_sha256_vtable, &time_now, sizeof(time_now));
 }
+
+void rng_init_sha256_seedFromSystem(const br_prng_class** rng_vtable_ptr){
+    br_prng_seeder seeder = br_prng_seeder_system(NULL);
+    assert(seeder != NULL && "Can't get system random seeder. Bearssl is compiled incorrectly.");
+
+    const br_prng_class* rng_vtable = *rng_vtable_ptr;
+    rng_vtable->init(rng_vtable_ptr, &br_sha256_vtable, NULL, 0);
+    seeder(rng_vtable_ptr);
+}