From 01fcd2af6c24e77574ab9f83b8ba368bf653930b Mon Sep 17 00:00:00 2001 From: Robert de Vries Date: Sun, 5 Apr 2026 23:10:29 +0200 Subject: [PATCH 1/2] Add support for nonce in random number generation. --- scripts/build_ffi.py | 2 ++ tests/test_random.py | 11 +++++++++++ wolfcrypt/random.py | 8 ++++++-- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/scripts/build_ffi.py b/scripts/build_ffi.py index 4d5ad22..68df95d 100644 --- a/scripts/build_ffi.py +++ b/scripts/build_ffi.py @@ -543,6 +543,8 @@ def build_ffi(local_wolfssl, features): typedef struct { ...; } OS_Seed; int wc_InitRng(WC_RNG*); + int wc_InitRngNonce(WC_RNG*, byte*, word32); + int wc_InitRngNonce_ex(WC_RNG*, byte*, word32, void*, int); int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32); int wc_RNG_GenerateByte(WC_RNG*, byte*); int wc_FreeRng(WC_RNG*); diff --git a/tests/test_random.py b/tests/test_random.py index c95847a..bf59f4e 100644 --- a/tests/test_random.py +++ b/tests/test_random.py @@ -37,3 +37,14 @@ def test_bytes(rng): assert len(rng.bytes(1)) == 1 assert len(rng.bytes(8)) == 8 assert len(rng.bytes(128)) == 128 + +@pytest.fixture +def rng_nonce(): + return Random(b"abcdefghijklmnopqrstuv") + +def test_nonce_byte(rng_nonce): + assert len(rng_nonce.byte()) == 1 + +@pytest.mark.parametrize("length", (1, 8, 128)) +def test_nonce_bytes(rng_nonce, length): + assert len(rng_nonce.bytes(length)) == length diff --git a/wolfcrypt/random.py b/wolfcrypt/random.py index c576807..45377bf 100644 --- a/wolfcrypt/random.py +++ b/wolfcrypt/random.py @@ -31,10 +31,14 @@ class Random(object): A Cryptographically Secure Pseudo Random Number Generator - CSPRNG """ - def __init__(self): + def __init__(self, nonce=_ffi.NULL): self.native_object = _ffi.new("WC_RNG *") - ret = _lib.wc_InitRng(self.native_object) + if nonce == _ffi.NULL: + nonce_size = 0 + else: + nonce_size = len(nonce) + ret = _lib.wc_InitRngNonce(self.native_object, nonce, nonce_size) if ret < 0: # pragma: no cover self.native_object = None raise WolfCryptError("RNG init error (%d)" % ret) From 4564459a9e97359aeca2a7efd60ea717cded1e86 Mon Sep 17 00:00:00 2001 From: Robert de Vries Date: Mon, 6 Apr 2026 20:20:21 +0200 Subject: [PATCH 2/2] Prepare python interface for use of device_id callbacks. --- wolfcrypt/random.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/random.py b/wolfcrypt/random.py index 45377bf..9c9f6b6 100644 --- a/wolfcrypt/random.py +++ b/wolfcrypt/random.py @@ -31,14 +31,14 @@ class Random(object): A Cryptographically Secure Pseudo Random Number Generator - CSPRNG """ - def __init__(self, nonce=_ffi.NULL): + def __init__(self, nonce=_ffi.NULL, device_id=_lib.INVALID_DEVID): self.native_object = _ffi.new("WC_RNG *") if nonce == _ffi.NULL: nonce_size = 0 else: nonce_size = len(nonce) - ret = _lib.wc_InitRngNonce(self.native_object, nonce, nonce_size) + ret = _lib.wc_InitRngNonce_ex(self.native_object, nonce, nonce_size, _ffi.NULL, device_id) if ret < 0: # pragma: no cover self.native_object = None raise WolfCryptError("RNG init error (%d)" % ret)