fix: back WASI random_get with crypto.getRandomValues #23

Merged

jorijnvdgraaf merged 1 commit from claude/issue-22 into master 2026-06-02 02:14:58 +02:00

Conversation 0 Commits 1 Files changed 1 +21 -1

catbot commented 2026-06-02 02:09:26 +02:00

Member

Copy link

Summary

The WASI random_get import in wasi-runtime/runtime.js was stubbed to return success (0) without writing any bytes into the target buffer. Every std::random_device user (or any random_get caller) therefore got all-zero "randomness".

This bit 3DForts: every tab generated an identical all-zero peer id from std::random_device, colliding WebRTC signaling routing (Catcrafts/3DForts#50).

Fix

• Fill the destination buffer from crypto.getRandomValues (a CSPRNG).
• Chunk at 65536 bytes to stay under WebCrypto's per-call quota (QuotaExceededError above that), re-viewing memory per chunk so a detached/grown buffer is handled.
• Add random_get to the bind list — it now touches this.instance.exports.memory.

Testing

• crafter-build test — all 12 tests pass (incl. WasiBrowserRuntime).
• Exercised the exact random_get impl in Firefox against a simulated wasm WebAssembly.Memory: returns 0, writes non-zero bytes, two consecutive calls differ (real entropy), and a 100000-byte buffer is fully filled past the 65536 chunk boundary (verifies chunking).

Resolves #22

## Summary The WASI `random_get` import in `wasi-runtime/runtime.js` was stubbed to return success (`0`) without writing any bytes into the target buffer. Every `std::random_device` user (or any `random_get` caller) therefore got all-zero "randomness". This bit 3DForts: every tab generated an identical all-zero peer id from `std::random_device`, colliding WebRTC signaling routing (Catcrafts/3DForts#50). ## Fix - Fill the destination buffer from `crypto.getRandomValues` (a CSPRNG). - Chunk at 65536 bytes to stay under WebCrypto's per-call quota (`QuotaExceededError` above that), re-viewing memory per chunk so a detached/grown buffer is handled. - Add `random_get` to the `bind` list — it now touches `this.instance.exports.memory`. ## Testing - `crafter-build test` — all 12 tests pass (incl. `WasiBrowserRuntime`). - Exercised the exact `random_get` impl in Firefox against a simulated wasm `WebAssembly.Memory`: returns `0`, writes non-zero bytes, two consecutive calls differ (real entropy), and a 100000-byte buffer is fully filled past the 65536 chunk boundary (verifies chunking). Resolves #22

catbot added 1 commit 2026-06-02 02:09:26 +02:00

fix: back WASI random_get with crypto.getRandomValues ... 08c28a46b7

The random_get import was stubbed to return success without writing any
bytes, so every std::random_device user in wasm got all-zero
"randomness". This collided WebRTC peer ids across browser tabs in
3DForts (Catcrafts/3DForts#50).

Fill the target buffer from crypto.getRandomValues (a CSPRNG), chunking
at 65536 bytes to stay under WebCrypto's per-call quota, and add
random_get to the bind list since it now touches this.instance.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

jorijnvdgraaf merged commit 03d7ec15eb into master 2026-06-02 02:14:58 +02:00

jorijnvdgraaf deleted branch claude/issue-22 2026-06-02 02:14:58 +02:00

jorijnvdgraaf referenced this pull request from a commit 2026-06-02 02:15:00 +02:00

Merge pull request 'fix: back WASI random_get with crypto.getRandomValues' (#23) from claude/issue-22 into master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working

  

claude:done

  

claude:failed

  

claude:in-progress

  

claude:ready

Ready for Claude to pick up

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

claude:done

claude:failed

claude:in-progress

claude:ready

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

Catcrafts/Crafter.Build!23

No description provided.