├── .github └── workflows │ ├── main.yml │ ├── publish.yml │ └── update.yml ├── LICENSE.md ├── README.md ├── imports.md ├── test └── README.md ├── wit-0.3.0-draft ├── insecure-seed.wit ├── insecure.wit ├── random.wit └── world.wit └── wit ├── insecure-seed.wit ├── insecure.wit ├── random.wit └── world.wit /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | on: 3 | push: 4 | branches: [main] 5 | pull_request: 6 | branches: [main] 7 | 8 | jobs: 9 | abi-up-to-date: 10 | name: Check ABI files are up-to-date 11 | runs-on: ubuntu-latest 12 | steps: 13 | - uses: actions/checkout@v4 14 | - uses: WebAssembly/wit-abi-up-to-date@v23 15 | with: 16 | wit-bindgen: '0.37.0' 17 | all-features: 'true' -------------------------------------------------------------------------------- /.github/workflows/publish.yml: -------------------------------------------------------------------------------- 1 | name: Publish a Wasm Component package to GitHub Artifacts 2 | 3 | # Run this action whenever a new release is tagged 4 | on: 5 | push: 6 | tags: 7 | - v* 8 | workflow_dispatch: 9 | 10 | env: 11 | IMAGE_NAME: ${{ github.repository }} 12 | 13 | jobs: 14 | publish: 15 | runs-on: ubuntu-latest 16 | permissions: 17 | id-token: write 18 | packages: write 19 | contents: write 20 | 21 | steps: 22 | # Checkout the repo and install dependencies 23 | - name: Checkout repository 24 | uses: actions/checkout@v2 25 | - name: Install cargo-binstall 26 | uses: cargo-bins/cargo-binstall@v1.10.15 27 | - name: Install wkg 28 | shell: bash 29 | run: cargo binstall wkg 30 | - name: Install cosign 31 | uses: sigstore/cosign-installer@v3.7.0 32 | 33 | # To version our image we want to obtain the version from the tag 34 | - name: Get version 35 | id: meta 36 | uses: docker/metadata-action@v5 37 | with: 38 | images: ghcr.io/webassembly/wasi/random 39 | tags: | 40 | type=semver,pattern={{version}} 41 | 42 | # To upload our image to the GitHub registry, we first have to login 43 | - name: Login to the GitHub registry 44 | uses: docker/login-action@v3 45 | with: 46 | registry: ghcr.io 47 | username: ${{ github.actor }} 48 | password: ${{ secrets.ORG_PAT }} 49 | 50 | # Build our `.wit` files into a Wasm binary 51 | - name: Build 52 | shell: bash 53 | run: wkg wit build -o wasi-random.wasm 54 | 55 | # Upload the Wasm binary to the GitHub registry 56 | - name: Publish to GitHub Container Registry 57 | id: publish 58 | uses: bytecodealliance/wkg-github-action@v5 59 | with: 60 | oci-reference-without-tag: 'ghcr.io/webassembly/wasi/random' 61 | file: 'wasi-random.wasm' 62 | description: 'A WASI API for obtaining pseudo-random data.' 63 | source: 'https://github.com/webassembly/wasi' 64 | homepage: 'https://wasi.dev' 65 | version: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} 66 | licenses: 'Apache-2.0 WITH LLVM-exception' 67 | 68 | # Sign the output component 69 | - name: Sign the wasm component 70 | run: cosign sign --yes ghcr.io/webassembly/wasi/random@${{ steps.publish.outputs.digest }} 71 | -------------------------------------------------------------------------------- /.github/workflows/update.yml: -------------------------------------------------------------------------------- 1 | name: Create a PR to upgrade WIT to a new version 2 | 3 | # Manually dispatch this action from the Actions page 4 | on: 5 | workflow_dispatch: 6 | inputs: 7 | prev_version: 8 | description: 'Upgrading from version (without the v)' 9 | required: true 10 | type: string 11 | next_version: 12 | description: 'Upgrading to version (without the v)' 13 | required: true 14 | type: string 15 | 16 | permissions: 17 | pull-requests: write 18 | contents: write 19 | 20 | jobs: 21 | update-versions: 22 | runs-on: ubuntu-latest 23 | steps: 24 | # Checkout the repo and install dependencies 25 | - name: Checkout repository 26 | uses: actions/checkout@v4 27 | - name: Install cargo-binstall 28 | uses: cargo-bins/cargo-binstall@v1.10.15 29 | - name: Install wit-bindgen 30 | shell: bash 31 | run: cargo binstall wit-bindgen-cli 32 | 33 | # echo input 34 | - name: Print the versions 35 | run: echo Upgrading from ${{ inputs.prev_version }} to ${{ inputs.next_version }} 36 | 37 | # upgrade 38 | - name: Upgrade tag 39 | run: find . -type f -name "*.wit" -exec sed -i "s/${{ inputs.prev_version }}/${{ inputs.next_version }}/g" {} + 40 | - name: Generate markdown 41 | run: wit-bindgen markdown wit --html-in-md --all-features 42 | 43 | # file PR 44 | - name: Create feature branch 45 | env: 46 | FEATURE_BRANCH: release-v${{ inputs.next_version }} 47 | run: | 48 | git config user.name "github-actions[bot]" 49 | git config user.email "41898282+github-actions[bot]@users.noreply.github.com" 50 | git add . 51 | git checkout -b $FEATURE_BRANCH 52 | git push -u origin $FEATURE_BRANCH 53 | git commit -m "Update to v${{ inputs.next_version }}" 54 | git push 55 | 56 | - name: Create pull request 57 | run: gh pr create -B main -H release-v${{ inputs.next_version }} --title 'Release v${{ inputs.next_version }}' --body 'Updates the package version to v${{ inputs.next_version }}. Thanks!' 58 | env: 59 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 60 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Copyright © 2019-2024 the Contributors to the WASI Specification, published 2 | by the [WebAssembly Community Group][cg] under the 3 | [W3C Community Contributor License Agreement (CLA)][cla]. A human-readable 4 | [summary][summary] is available. 5 | 6 | [cg]: https://www.w3.org/community/webassembly/ 7 | [cla]: https://www.w3.org/community/about/agreements/cla/ 8 | [summary]: https://www.w3.org/community/about/agreements/cla-deed/ 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # WASI Random 2 | 3 | A proposed [WebAssembly System Interface](https://github.com/WebAssembly/WASI) API. 4 | 5 | ### Current Phase 6 | 7 | WASI-random is currently in [Phase 3]. 8 | 9 | [Phase 3]: https://github.com/WebAssembly/WASI/blob/main/Proposals.md#phase-3---implementation-phase-cg--wg 10 | 11 | ### Champions 12 | 13 | - Dan Gohman 14 | 15 | ### Portability Criteria 16 | 17 | WASI random must have host implementations which can pass the testsuite 18 | on at least Windows, macOS, and Linux. 19 | 20 | WASI random must have at least two complete independent implementations. 21 | 22 | ## Table of Contents 23 | 24 | - [Introduction](#introduction) 25 | - [Goals](#goals) 26 | - [Non-goals](#non-goals) 27 | - [API walk-through](#api-walk-through) 28 | - [Use case 1](#use-case-1) 29 | - [Use case 2](#use-case-2) 30 | - [Detailed design discussion](#detailed-design-discussion) 31 | - [[Tricky design choice 1]](#tricky-design-choice-1) 32 | - [[Tricky design choice 2]](#tricky-design-choice-2) 33 | - [Considered alternatives](#considered-alternatives) 34 | - [[Alternative 1]](#alternative-1) 35 | - [[Alternative 2]](#alternative-2) 36 | - [Stakeholder Interest & Feedback](#stakeholder-interest--feedback) 37 | - [References & acknowledgements](#references--acknowledgements) 38 | 39 | ### Introduction 40 | 41 | WASI Random is a WASI API for obtaining pseudo-random data. 42 | 43 | ### Goals 44 | 45 | The primary goals of WASI Random are: 46 | - To allow users to use WASI programs to obtain high-quality low-level 47 | random data suitable for cryptography. 48 | - To allow source languages to enable DoS protection in their hash-maps 49 | in host environments that support it. 50 | 51 | ### Non-goals 52 | 53 | WASI Random is not aiming to allow programs to handle errors or to query for 54 | availability. It always succeeds (though on platforms where randomness is 55 | unavailable, programs may fail to be instantiated or may trap). 56 | 57 | WASI Random is not aiming to be a full DRBG API. Such an API could be 58 | considered in WASI, but it should be a separate proposal. 59 | 60 | WASI Random does not include facilities for feeding entropy back into 61 | the system. It is expected that most entropy that applications would observe 62 | should also be observable by the host implementation, and so there should 63 | be little need to feed it back in. There may be other uses for such an API, 64 | but they can be addressed in separate proposals. 65 | 66 | WASI Random does not have an async API. It is expected to be implemented with 67 | a CSPRNG which is expected to be sufficiently seeded. 68 | 69 | WASI Random does not have an explicit facility for domain separation or 70 | personalization messages. If such features are desired, it would make sense to 71 | define them as custom sections, rather than program data, so that they could 72 | easily be excluded from module caching and possibly also from code signing. 73 | This would make sense as a separate proposal. 74 | 75 | WASI Random does not provide an "entropy API" or a "true random" API directly. 76 | The currently expected use cases want a CSPRNG API. 77 | 78 | WASI Random does not expose an entropy estimation. It is expected to always 79 | have sufficient entropy to seed a CSPRNG. 80 | 81 | WASI Random does not provide any facility for replacing random data with 82 | deterministic data. It is intended to be usable in use cases where determinism 83 | would break application assumptions. Implementations may have debugging 84 | facilities which make this API deterministic, however these should only be 85 | used for debugging, and not production use. 86 | 87 | ### API walk-through 88 | 89 | #### Main API: getting cryptographically-secure pseudo-random bytes 90 | 91 | Return a list of cryptographically-secure pseudo-random bytes: 92 | 93 | ```rust 94 | let len: u32 = your_own_code_to_decide_how_many_bytes_you_want(); 95 | 96 | let bytes: Vec = get_random_bytes(len); 97 | ``` 98 | 99 | #### Main API: getting cryptographically-secure pseudo-random bytes faster 100 | 101 | Sometimes the bindings for `list` can have some overhead, so 102 | another function is available which returns the same data but as a 103 | `u64`: 104 | 105 | ```rust 106 | let data: u64 = get_random_u64(); 107 | ``` 108 | 109 | #### Insecure API: Hash-map DoS protection 110 | 111 | Return a pair of u64's that can be used to initialize a hash implementation: 112 | 113 | ```rust 114 | let init: (u64, u64) = insecure_random(); 115 | 116 | let combined: u128 = init.0 as u128 | (init.1 as u128 << 64); 117 | 118 | your_own_code_to_initialize_hash_map(combined); 119 | ``` 120 | 121 | ### Detailed design discussion 122 | 123 | ### What if the system lacks sufficient entropy during early boot? 124 | 125 | Randomness APIs which can fail, or which can be "nonblocking" and return 126 | incomplete results, are error prone and tend to lead applications to resort 127 | to fallbacks which don't tend to be well-tested. 128 | 129 | CSPRNGs are believed to be good enough that most systems in most situations 130 | can provide effectively unlimited random data. The main case where this 131 | isn't the case is on systems which have just booted and which have not yet 132 | collected sufficient entropy to initialize their CSPRNGs. In these cases, 133 | this API is designed with the belief that it's better for implementations 134 | to respond to the problem, rather than to pass the responsibility on to 135 | applications. 136 | 137 | ### What should happen on host platforms with weak or broken randomness APIs? 138 | 139 | It's implementations' responsibility to handle these situations. They may do 140 | so by supplementing the host platform APIs with data collected from other 141 | sources, they may refuse to run programs that use Random APIs, or if needed, 142 | they may trap programs dynamically to prevent programs from continuing to 143 | execute with poor data. 144 | 145 | Implementations are encouraged to perform regular reseeding (if the host 146 | platform doesn't already do so). 147 | 148 | ### Should there be a randomness resource, and should the API take a handle? 149 | 150 | Programs shouldn't need to be aware of *which* random generator they have, since 151 | the data is random and indistinguishable. 152 | 153 | WASI programs using the Random API will have imports specific to the Random API, 154 | because they are distinct from imports used for general-purpose `stream`. 155 | 156 | ### Should random data be provided as a `stream`? 157 | 158 | Reusing the `stream` type is tempting, however it's desirable for users of this 159 | API to be provided actually random data, and not the contents of arbitrary 160 | streams which might be substituted, so it doesn't turn out to be useful to unify 161 | this API with `stream`. 162 | 163 | This also ensures that programs using the Random API can be identified by 164 | their imports, as mentioned in the previous question. 165 | 166 | ### Should the API specify a number of bits of security? 167 | 168 | Best practices suggest that implementations should provide at least 196 bits of 169 | security. However, many host platforms' CSPRNG APIs do not currently document 170 | their bits of security, and it doesn't seem desirable to require wasm engines to 171 | run their own CSPRNG on a platform which already has one, so for now, the API 172 | does not specify a specific number. 173 | 174 | ### Why is insecure-random a fixed-sized return value? 175 | 176 | This limits the amount of data that can be obtained through it. Since it's 177 | insecure, it's not intended to be used as an alternative to `getrandom`. 178 | 179 | ### Stakeholder Interest & Feedback 180 | 181 | TODO before entering Phase 3. 182 | 183 | Preview1 has a random function, and it's widely exposed in toolchains. 184 | 185 | ### References & acknowledgements 186 | 187 | Many thanks for valuable feedback and advice from: 188 | 189 | - Zach Lym 190 | - Luke Wagner 191 | - Linux Weekly News' many articles about Linux random APIs including [this one]. 192 | 193 | [this one]: https://lwn.net/Articles/808575/ 194 | -------------------------------------------------------------------------------- /imports.md: -------------------------------------------------------------------------------- 1 |

World imports

2 | 11 |

Import interface wasi:random/random@0.2.5

12 |

WASI Random is a random data API.

13 |

It is intended to be portable at least between Unix-family platforms and 14 | Windows.

15 |
16 |

Functions

17 |

get-random-bytes: func

18 |

Return len cryptographically-secure random or pseudo-random bytes.

19 |

This function must produce data at least as cryptographically secure and 20 | fast as an adequately seeded cryptographically-secure pseudo-random 21 | number generator (CSPRNG). It must not block, from the perspective of 22 | the calling program, under any circumstances, including on the first 23 | request and on requests for numbers of bytes. The returned data must 24 | always be unpredictable.

25 |

This function must always return fresh data. Deterministic environments 26 | must omit this function, rather than implementing it with deterministic 27 | data.

28 |
Params
29 | 32 |
Return values
33 | 36 |

get-random-u64: func

37 |

Return a cryptographically-secure random or pseudo-random u64 value.

38 |

This function returns the same type of data as get-random-bytes, 39 | represented as a u64.

40 |
Return values
41 | 44 |

Import interface wasi:random/insecure@0.2.5

45 |

The insecure interface for insecure pseudo-random numbers.

46 |

It is intended to be portable at least between Unix-family platforms and 47 | Windows.

48 |
49 |

Functions

50 |

get-insecure-random-bytes: func

51 |

Return len insecure pseudo-random bytes.

52 |

This function is not cryptographically secure. Do not use it for 53 | anything related to security.

54 |

There are no requirements on the values of the returned bytes, however 55 | implementations are encouraged to return evenly distributed values with 56 | a long period.

57 |
Params
58 | 61 |
Return values
62 | 65 |

get-insecure-random-u64: func

66 |

Return an insecure pseudo-random u64 value.

67 |

This function returns the same type of pseudo-random data as 68 | get-insecure-random-bytes, represented as a u64.

69 |
Return values
70 | 73 |

Import interface wasi:random/insecure-seed@0.2.5

74 |

The insecure-seed interface for seeding hash-map DoS resistance.

75 |

It is intended to be portable at least between Unix-family platforms and 76 | Windows.

77 |
78 |

Functions

79 |

insecure-seed: func

80 |

Return a 128-bit value that may contain a pseudo-random value.

81 |

The returned value is not required to be computed from a CSPRNG, and may 82 | even be entirely deterministic. Host implementations are encouraged to 83 | provide pseudo-random values to any program exposed to 84 | attacker-controlled content, to enable DoS protection built into many 85 | languages' hash-map implementations.

86 |

This function is intended to only be called once, by a source language 87 | to initialize Denial Of Service (DoS) protection in its hash-map 88 | implementation.

89 |

Expected future evolution

90 |

This will likely be changed to a value import, to prevent it from being 91 | called multiple times and potentially used for purposes other than DoS 92 | protection.

93 |
Return values
94 | 97 | -------------------------------------------------------------------------------- /test/README.md: -------------------------------------------------------------------------------- 1 | # Testing guidelines 2 | 3 | TK fill in testing guidelines 4 | 5 | ## Installing the tools 6 | 7 | TK fill in instructions 8 | 9 | ## Running the tests 10 | 11 | TK fill in instructions 12 | -------------------------------------------------------------------------------- /wit-0.3.0-draft/insecure-seed.wit: -------------------------------------------------------------------------------- 1 | package wasi:random@0.3.0; 2 | /// The insecure-seed interface for seeding hash-map DoS resistance. 3 | /// 4 | /// It is intended to be portable at least between Unix-family platforms and 5 | /// Windows. 6 | @since(version = 0.3.0) 7 | interface insecure-seed { 8 | /// Return a 128-bit value that may contain a pseudo-random value. 9 | /// 10 | /// The returned value is not required to be computed from a CSPRNG, and may 11 | /// even be entirely deterministic. Host implementations are encouraged to 12 | /// provide pseudo-random values to any program exposed to 13 | /// attacker-controlled content, to enable DoS protection built into many 14 | /// languages' hash-map implementations. 15 | /// 16 | /// This function is intended to only be called once, by a source language 17 | /// to initialize Denial Of Service (DoS) protection in its hash-map 18 | /// implementation. 19 | /// 20 | /// # Expected future evolution 21 | /// 22 | /// This will likely be changed to a value import, to prevent it from being 23 | /// called multiple times and potentially used for purposes other than DoS 24 | /// protection. 25 | @since(version = 0.3.0) 26 | insecure-seed: func() -> tuple; 27 | } 28 | -------------------------------------------------------------------------------- /wit-0.3.0-draft/insecure.wit: -------------------------------------------------------------------------------- 1 | package wasi:random@0.3.0; 2 | /// The insecure interface for insecure pseudo-random numbers. 3 | /// 4 | /// It is intended to be portable at least between Unix-family platforms and 5 | /// Windows. 6 | @since(version = 0.3.0) 7 | interface insecure { 8 | /// Return `len` insecure pseudo-random bytes. 9 | /// 10 | /// This function is not cryptographically secure. Do not use it for 11 | /// anything related to security. 12 | /// 13 | /// There are no requirements on the values of the returned bytes, however 14 | /// implementations are encouraged to return evenly distributed values with 15 | /// a long period. 16 | @since(version = 0.3.0) 17 | get-insecure-random-bytes: func(len: u64) -> list; 18 | 19 | /// Return an insecure pseudo-random `u64` value. 20 | /// 21 | /// This function returns the same type of pseudo-random data as 22 | /// `get-insecure-random-bytes`, represented as a `u64`. 23 | @since(version = 0.3.0) 24 | get-insecure-random-u64: func() -> u64; 25 | } 26 | -------------------------------------------------------------------------------- /wit-0.3.0-draft/random.wit: -------------------------------------------------------------------------------- 1 | package wasi:random@0.3.0; 2 | /// WASI Random is a random data API. 3 | /// 4 | /// It is intended to be portable at least between Unix-family platforms and 5 | /// Windows. 6 | @since(version = 0.3.0) 7 | interface random { 8 | /// Return `len` cryptographically-secure random or pseudo-random bytes. 9 | /// 10 | /// This function must produce data at least as cryptographically secure and 11 | /// fast as an adequately seeded cryptographically-secure pseudo-random 12 | /// number generator (CSPRNG). It must not block, from the perspective of 13 | /// the calling program, under any circumstances, including on the first 14 | /// request and on requests for numbers of bytes. The returned data must 15 | /// always be unpredictable. 16 | /// 17 | /// This function must always return fresh data. Deterministic environments 18 | /// must omit this function, rather than implementing it with deterministic 19 | /// data. 20 | @since(version = 0.3.0) 21 | get-random-bytes: func(len: u64) -> list; 22 | 23 | /// Return a cryptographically-secure random or pseudo-random `u64` value. 24 | /// 25 | /// This function returns the same type of data as `get-random-bytes`, 26 | /// represented as a `u64`. 27 | @since(version = 0.3.0) 28 | get-random-u64: func() -> u64; 29 | } 30 | -------------------------------------------------------------------------------- /wit-0.3.0-draft/world.wit: -------------------------------------------------------------------------------- 1 | package wasi:random@0.3.0; 2 | 3 | @since(version = 0.3.0) 4 | world imports { 5 | @since(version = 0.3.0) 6 | import random; 7 | 8 | @since(version = 0.3.0) 9 | import insecure; 10 | 11 | @since(version = 0.3.0) 12 | import insecure-seed; 13 | } 14 | -------------------------------------------------------------------------------- /wit/insecure-seed.wit: -------------------------------------------------------------------------------- 1 | package wasi:random@0.2.5; 2 | /// The insecure-seed interface for seeding hash-map DoS resistance. 3 | /// 4 | /// It is intended to be portable at least between Unix-family platforms and 5 | /// Windows. 6 | @since(version = 0.2.0) 7 | interface insecure-seed { 8 | /// Return a 128-bit value that may contain a pseudo-random value. 9 | /// 10 | /// The returned value is not required to be computed from a CSPRNG, and may 11 | /// even be entirely deterministic. Host implementations are encouraged to 12 | /// provide pseudo-random values to any program exposed to 13 | /// attacker-controlled content, to enable DoS protection built into many 14 | /// languages' hash-map implementations. 15 | /// 16 | /// This function is intended to only be called once, by a source language 17 | /// to initialize Denial Of Service (DoS) protection in its hash-map 18 | /// implementation. 19 | /// 20 | /// # Expected future evolution 21 | /// 22 | /// This will likely be changed to a value import, to prevent it from being 23 | /// called multiple times and potentially used for purposes other than DoS 24 | /// protection. 25 | @since(version = 0.2.0) 26 | insecure-seed: func() -> tuple; 27 | } 28 | -------------------------------------------------------------------------------- /wit/insecure.wit: -------------------------------------------------------------------------------- 1 | package wasi:random@0.2.5; 2 | /// The insecure interface for insecure pseudo-random numbers. 3 | /// 4 | /// It is intended to be portable at least between Unix-family platforms and 5 | /// Windows. 6 | @since(version = 0.2.0) 7 | interface insecure { 8 | /// Return `len` insecure pseudo-random bytes. 9 | /// 10 | /// This function is not cryptographically secure. Do not use it for 11 | /// anything related to security. 12 | /// 13 | /// There are no requirements on the values of the returned bytes, however 14 | /// implementations are encouraged to return evenly distributed values with 15 | /// a long period. 16 | @since(version = 0.2.0) 17 | get-insecure-random-bytes: func(len: u64) -> list; 18 | 19 | /// Return an insecure pseudo-random `u64` value. 20 | /// 21 | /// This function returns the same type of pseudo-random data as 22 | /// `get-insecure-random-bytes`, represented as a `u64`. 23 | @since(version = 0.2.0) 24 | get-insecure-random-u64: func() -> u64; 25 | } 26 | -------------------------------------------------------------------------------- /wit/random.wit: -------------------------------------------------------------------------------- 1 | package wasi:random@0.2.5; 2 | /// WASI Random is a random data API. 3 | /// 4 | /// It is intended to be portable at least between Unix-family platforms and 5 | /// Windows. 6 | @since(version = 0.2.0) 7 | interface random { 8 | /// Return `len` cryptographically-secure random or pseudo-random bytes. 9 | /// 10 | /// This function must produce data at least as cryptographically secure and 11 | /// fast as an adequately seeded cryptographically-secure pseudo-random 12 | /// number generator (CSPRNG). It must not block, from the perspective of 13 | /// the calling program, under any circumstances, including on the first 14 | /// request and on requests for numbers of bytes. The returned data must 15 | /// always be unpredictable. 16 | /// 17 | /// This function must always return fresh data. Deterministic environments 18 | /// must omit this function, rather than implementing it with deterministic 19 | /// data. 20 | @since(version = 0.2.0) 21 | get-random-bytes: func(len: u64) -> list; 22 | 23 | /// Return a cryptographically-secure random or pseudo-random `u64` value. 24 | /// 25 | /// This function returns the same type of data as `get-random-bytes`, 26 | /// represented as a `u64`. 27 | @since(version = 0.2.0) 28 | get-random-u64: func() -> u64; 29 | } 30 | -------------------------------------------------------------------------------- /wit/world.wit: -------------------------------------------------------------------------------- 1 | package wasi:random@0.2.5; 2 | 3 | @since(version = 0.2.0) 4 | world imports { 5 | @since(version = 0.2.0) 6 | import random; 7 | 8 | @since(version = 0.2.0) 9 | import insecure; 10 | 11 | @since(version = 0.2.0) 12 | import insecure-seed; 13 | } 14 | --------------------------------------------------------------------------------