suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Loopless getRandomBN using extra random bits

Browse Source
This commit is contained in:
Mahrud Sayrafi 2018-02-27 13:10:52 -08:00
parent d529edfdda
commit a79acf0386
No known key found for this signature in database
GPG Key ID: C24071B956C3245F
1 changed files with 6 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/crypto/random.js
View File

@ -107,22 +107,14 @@ export default {
throw new Error('Illegal parameter value: max <= min'); throw new Error('Illegal parameter value: max <= min');
} }
let r; const modulus = max.sub(min);
const diff = max.sub(min); const bytes = modulus.byteLength();
const bits = diff.bitLength();
const bytes = diff.byteLength();
// Using a while loop is necessary to avoid bias // Using a while loop is necessary to avoid bias introduced by the mod operation.
// TODO consider using 64 extra random bits and taking mod // However, we request 64 extra random bits so that the bias is negligible.
// Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
do { const r = new BN(this.getRandomBytes(bytes + 8));
r = new BN(this.getRandomBytes(bytes)); return r.mod(modulus).add(min);
if (r.bitLength() > bits) {
r.ishrn(r.bitLength() - bits);
}
} while (r.cmp(diff) >= 0);
return r.iadd(min);
}, },
randomBuffer: new RandomBuffer() randomBuffer: new RandomBuffer()