Merge pull request #92 from roberthdevries/add-support-for-random-with-nonce

Add support for nonce in random number generation.

Author: dgarske

scripts/build_ffi.py

@@ -543,6 +543,8 @@ def build_ffi(local_wolfssl, features):
         typedef struct { ...; } OS_Seed;
 
         int wc_InitRng(WC_RNG*);
+        int wc_InitRngNonce(WC_RNG*, byte*, word32);
+        int wc_InitRngNonce_ex(WC_RNG*, byte*, word32, void*, int);
         int wc_RNG_GenerateBlock(WC_RNG*, byte*, word32);
         int wc_RNG_GenerateByte(WC_RNG*, byte*);
         int wc_FreeRng(WC_RNG*);

tests/test_random.py

@@ -37,3 +37,14 @@ def test_bytes(rng):
     assert len(rng.bytes(1)) == 1
     assert len(rng.bytes(8)) == 8
     assert len(rng.bytes(128)) == 128
+
+@pytest.fixture
+def rng_nonce():
+    return Random(b"abcdefghijklmnopqrstuv")
+
+def test_nonce_byte(rng_nonce):
+    assert len(rng_nonce.byte()) == 1
+
+@pytest.mark.parametrize("length", (1, 8, 128))
+def test_nonce_bytes(rng_nonce, length):
+    assert len(rng_nonce.bytes(length)) == length

wolfcrypt/random.py

@@ -31,10 +31,14 @@ class Random(object):
     A Cryptographically Secure Pseudo Random Number Generator - CSPRNG
     """
 
-    def __init__(self):
+    def __init__(self, nonce=_ffi.NULL, device_id=_lib.INVALID_DEVID):
         self.native_object = _ffi.new("WC_RNG *")
 
-        ret = _lib.wc_InitRng(self.native_object)
+        if nonce == _ffi.NULL:
+            nonce_size = 0
+        else:
+            nonce_size = len(nonce)
+        ret = _lib.wc_InitRngNonce_ex(self.native_object, nonce, nonce_size, _ffi.NULL, device_id)
         if ret < 0:  # pragma: no cover
             self.native_object = None
             raise WolfCryptError("RNG init error (%d)" % ret)