fix(random): Enhance security by replacing platform-specific randomizer code with Rust's bindings#4626
Merged
sergei-boiko-trustwallet merged 9 commits intodevfrom Jan 19, 2026
Conversation
* TODO consider refactoring WASM Random.cpp
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request replaces platform-specific random number generation implementations (JNI, Swift, WASM) with a unified Rust-based solution. The changes consolidate cryptographically secure random number generation into a single implementation using rand::thread_rng(), exposed to C++ via FFI. This simplifies the codebase, improves maintainability, and provides consistent error handling across all platforms.
Changes:
- Removed platform-specific random generators (JNI/Java, Swift/SecRandom, WASM/JavaScript) in favor of Rust's
rand::thread_rng() - Added Rust FFI function
crypto_random_bufferwith comprehensive error handling and tests - Updated C++ random buffer API to return status codes and handle errors properly instead of aborting/terminating
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| wasm/src/Random.cpp | Removed WASM-specific JavaScript-based random implementation |
| swift/Sources/SecRandom.m | Removed Swift-specific SecRandom implementation |
| jni/cpp/Random.cpp | Removed JNI-specific Java SecureRandom implementation |
| src/rand.h | Updated to return status codes and use TW::Random namespace |
| src/rand.cpp | Replaced platform-specific code with Rust FFI wrapper |
| src/interface/TWPrivateKey.cpp | Updated to handle random generation errors gracefully |
| src/Keystore/ScryptParameters.cpp | Added error handling for salt generation |
| src/Keystore/PBKDF2Parameters.cpp | Added error handling for salt generation |
| src/Keystore/AESParameters.cpp | Added error handling for IV generation |
| src/FIO/Encryption.cpp | Added error handling for IV generation |
| rust/tw_memory/src/ffi/mod.rs | Registered new c_byte_array_mut module |
| rust/tw_memory/src/ffi/c_byte_array_mut.rs | Added mutable FFI byte array wrapper |
| rust/tw_crypto/src/ffi/mod.rs | Registered new crypto_random module |
| rust/tw_crypto/src/ffi/crypto_random.rs | Implemented crypto_random_buffer FFI function |
| rust/tw_crypto/src/crypto_mnemonic/mnemonic.rs | Updated to use try_fill_bytes with proper error handling |
| rust/tw_crypto/src/crypto_mnemonic/error.rs | Added RandGeneratorError variant |
| rust/tw_crypto/tests/crypto_random_ffi.rs | Added comprehensive FFI tests |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Binary size comparison➡️ aarch64-apple-ios: - 15.25 MB
+ 15.25 MB +1 KB➡️ aarch64-apple-ios-sim: 15.25 MB ➡️ aarch64-linux-android: - 20.10 MB
+ 20.10 MB +1 KB➡️ armv7-linux-androideabi: 17.31 MB ➡️ wasm32-unknown-emscripten: 14.85 MB |
davidkulman-tw
approved these changes
Jan 19, 2026
nikhil-gupta-tw
requested changes
Jan 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request refactors and unifies the implementation of cryptographically secure random number generation across the codebase. It removes platform-specific random number generator code (for JNI, Swift, and WASM), and replaces it with a single Rust-backed implementation that is exposed to C++ via FFI. The new approach improves code maintainability, error handling, and testability, and ensures consistent random byte generation across all platforms.
Key changes include:
Core random number generation refactor:
jni/cpp/Random.cpp,swift/Sources/SecRandom.m, andwasm/src/Random.cpp, consolidating all random byte generation through a new Rust FFI function (crypto_random_buffer).random_bufferimplementation with a wrapper that calls the Rust FFI function, and updated the API to return a status code (RandomResult).Rust FFI and memory handling:
crypto_random_bufferin Rust (rust/tw_crypto/src/ffi/crypto_random.rs), which usesrand::thread_rng()to fill buffers securely, and defined error codes for FFI.CByteArrayMutin Rust for safe FFI buffer handling.Error handling and usage updates:
Random::random_bufferAPI and to handle errors more robustly (throwing exceptions or returning null on failure instead of aborting or terminating).Testing:
crypto_random_bufferfunction, including edge cases for buffer validity and randomness.These changes ensure a single, secure, and consistent random number generation mechanism across all supported platforms, simplify the codebase, and improve error handling for cryptographic operations.