From 29cb31c1fa8fbfb8170538d46bac54e259266819 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Hern=C3=A1ndez=20Serrano?= Date: Thu, 9 May 2019 09:39:12 +0200 Subject: [PATCH] Fixed issue #1 - gcd works incorrect with 0. Some extra sanitizing --- README.md | 3 +- dist/bigint-crypto-utils-latest.browser.js | 42 +++++++++++++++--- .../bigint-crypto-utils-latest.browser.min.js | 2 +- .../bigint-crypto-utils-latest.browser.mod.js | 42 +++++++++++++++--- ...int-crypto-utils-latest.browser.mod.min.js | 2 +- dist/bigint-crypto-utils-latest.node.js | 43 ++++++++++++++++--- src/main.js | 43 ++++++++++++++++--- test/browser/tests.js | 25 ++++++++++- test/gcd.js | 15 +++++++ test/modInv.js | 10 ++++- 10 files changed, 196 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 2045afa..c5d9d11 100644 --- a/README.md +++ b/README.md @@ -173,6 +173,7 @@ An iterative implementation of the extended euclidean algorithm or extended grea Take positive integers a, b as input, and return a triple (g, x, y), such that ax + by = g = gcd(a, b). **Kind**: global function +**Returns**: [egcdReturn](#egcdReturn) - A triple (g, x, y), such that ax + by = g = gcd(a, b). | Param | Type | | --- | --- | @@ -225,7 +226,7 @@ The least common multiple computed as abs(a*b)/gcd(a,b) Modular inverse. **Kind**: global function -**Returns**: bigint - the inverse modulo n +**Returns**: bigint - the inverse modulo n or NaN if it does not exist | Param | Type | Description | | --- | --- | --- | diff --git a/dist/bigint-crypto-utils-latest.browser.js b/dist/bigint-crypto-utils-latest.browser.js index 0d0246e..8823b1a 100644 --- a/dist/bigint-crypto-utils-latest.browser.js +++ b/dist/bigint-crypto-utils-latest.browser.js @@ -26,7 +26,7 @@ var bigintCryptoUtils = (function (exports) { */ function bitLength(a) { a = BigInt(a); - if (a === _ONE) + if (a === _ONE) return 1; let bits = 1; do { @@ -48,11 +48,14 @@ var bigintCryptoUtils = (function (exports) { * @param {number|bigint} a * @param {number|bigint} b * - * @returns {egcdReturn} + * @returns {egcdReturn} A triple (g, x, y), such that ax + by = g = gcd(a, b). */ function eGcd(a, b) { a = BigInt(a); b = BigInt(b); + if (a <= _ZERO | b <= _ZERO) + return NaN; // a and b MUST be positive + let x = _ZERO; let y = _ONE; let u = _ONE; @@ -88,6 +91,11 @@ var bigintCryptoUtils = (function (exports) { function gcd(a, b) { a = abs(a); b = abs(b); + if (a === _ZERO) + return b; + else if (b === _ZERO) + return a; + let shift = _ZERO; while (!((a | b) & _ONE)) { a >>= _ONE; @@ -154,6 +162,8 @@ var bigintCryptoUtils = (function (exports) { function lcm(a, b) { a = BigInt(a); b = BigInt(b); + if (a === _ZERO && b === _ZERO) + return _ZERO; return abs(a * b) / gcd(a, b); } @@ -163,12 +173,15 @@ var bigintCryptoUtils = (function (exports) { * @param {number|bigint} a The number to find an inverse for * @param {number|bigint} n The modulo * - * @returns {bigint} the inverse modulo n + * @returns {bigint} the inverse modulo n or NaN if it does not exist */ function modInv(a, n) { - let egcd = eGcd(toZn(a,n), n); + if (a == _ZERO | n <= _ZERO) + return NaN; + + let egcd = eGcd(toZn(a, n), n); if (egcd.b !== _ONE) { - return null; // modular inverse does not exist + return NaN; // modular inverse does not exist } else { return toZn(egcd.x, n); } @@ -185,6 +198,9 @@ var bigintCryptoUtils = (function (exports) { function modPow(a, b, n) { // See Knuth, volume 2, section 4.6.3. n = BigInt(n); + if (n === _ZERO) + return NaN; + a = toZn(a, n); b = BigInt(b); if (b < _ZERO) { @@ -218,6 +234,8 @@ var bigintCryptoUtils = (function (exports) { * @returns {Promise} A promise that resolves to a bigint probable prime of bitLength bits */ function prime(bitLength, iterations = 16) { + if (bitLength < 1) + throw new RangeError(`bitLength MUST be > 0 and it is ${bitLength}`); return new Promise((resolve) => { let workerList = []; const _onmessage = (msg, newWorker) => { @@ -292,9 +310,12 @@ var bigintCryptoUtils = (function (exports) { * @returns {Buffer|Uint8Array} A Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bits */ function randBits(bitLength, forceLength = false) { + if (bitLength < 1) + throw new RangeError(`bitLength MUST be > 0 and it is ${bitLength}`); + const byteLength = Math.ceil(bitLength / 8); let rndBytes = randBytesSync(byteLength, false); - // Fill with 0's the extra birs + // Fill with 0's the extra bits rndBytes[0] = rndBytes[0] & (2 ** (bitLength % 8) - 1); if (forceLength) { let mask = (bitLength % 8) ? 2 ** ((bitLength % 8) - 1) : 128; @@ -312,6 +333,9 @@ var bigintCryptoUtils = (function (exports) { * @returns {Promise} A promise that resolves to a Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bytes */ function randBytes(byteLength, forceLength = false) { + if (byteLength < 1) + throw new RangeError(`byteLength MUST be > 0 and it is ${byteLength}`); + let buf; { // browser return new Promise(function (resolve) { @@ -331,6 +355,9 @@ var bigintCryptoUtils = (function (exports) { * @returns {Buffer|Uint8Array} A Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bytes */ function randBytesSync(byteLength, forceLength = false) { + if (byteLength < 1) + throw new RangeError(`byteLength MUST be > 0 and it is ${byteLength}`); + let buf; { // browser buf = new Uint8Array(byteLength); @@ -351,6 +378,9 @@ var bigintCryptoUtils = (function (exports) { */ function toZn(a, n) { n = BigInt(n); + if (n <= 0) + return NaN; + a = BigInt(a) % n; return (a < 0) ? a + n : a; } diff --git a/dist/bigint-crypto-utils-latest.browser.min.js b/dist/bigint-crypto-utils-latest.browser.min.js index 2d945f4..7018675 100644 --- a/dist/bigint-crypto-utils-latest.browser.min.js +++ b/dist/bigint-crypto-utils-latest.browser.min.js @@ -1 +1 @@ -var bigintCryptoUtils=function(a){'use strict';function c(b){return b=BigInt(b),b>=r?b:-b}function d(b){if(b=BigInt(b),b===s)return 1;let c=1;do c++;while((b>>=s)>s);return c}function e(c,d){c=BigInt(c),d=BigInt(d);let e=r,f=s,g=s,h=r;for(;c!==r;){let a=d/c,b=d%c,i=e-g*a,j=f-h*a;d=c,c=b,e=g,f=h,g=i,h=j}return{b:d,x:e,y:f}}function f(d,e){d=c(d),e=c(e);let f=r;for(;!((d|e)&s);)d>>=s,e>>=s,f++;for(;!(d&s);)d>>=s;do{for(;!(e&s);)e>>=s;if(d>e){let a=d;d=e,e=a}e-=d}while(e);return d<{let e=new Worker(o());e.onmessage=a=>{e.terminate(),c(a.data.isPrime)},e.onmessageerror=a=>{d(a)},e.postMessage({rnd:a,iterations:b,id:0})})}function h(b,a){let c=e(m(b,a),a);return c.b===s?m(c.x,a):null}function i(d,e,f){if(f=BigInt(f),d=m(d,f),e=BigInt(e),e min");const c=a-b;let e,f=d(c);do{let a=k(f);e=n(a)}while(e>c);return e+b}function k(a,b=!1){var c=Math.ceil;const d=c(a/8);let e=l(d,!1);if(e[0]&=2**(a%8)-1,b){let b=a%8?2**(a%8-1):128;e[0]|=b}return e}function l(a,b=!1){let c;return c=new Uint8Array(a),self.crypto.getRandomValues(c),b&&(c[0]|=128),c}function m(b,c){return c=BigInt(c),b=BigInt(b)%c,0>b?b+c:b}function n(a){let b=r;for(let c of a.values()){let a=BigInt(c);b=(b< {${a}})()`;var b=new Blob([a],{type:"text/javascript"});return window.URL.createObjectURL(b)}function q(c,b=16){if(c===t)return!0;if((c&s)===r||c===s)return!1;const e=[3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597];for(let a=0;a{let d=[];const e=(e,f)=>{if(e.isPrime){for(let a=0;ae(a.data,b),d.push(b)}for(let e=0;e=r?b:-b}function d(b){if(b=BigInt(b),b===s)return 1;let c=1;do c++;while((b>>=s)>s);return c}function e(c,d){if(c=BigInt(c),d=BigInt(d),c<=r|d<=r)return NaN;let e=r,f=s,g=s,h=r;for(;c!==r;){let a=d/c,b=d%c,i=e-g*a,j=f-h*a;d=c,c=b,e=g,f=h,g=i,h=j}return{b:d,x:e,y:f}}function f(d,e){if(d=c(d),e=c(e),d===r)return e;if(e===r)return d;let f=r;for(;!((d|e)&s);)d>>=s,e>>=s,f++;for(;!(d&s);)d>>=s;do{for(;!(e&s);)e>>=s;if(d>e){let a=d;d=e,e=a}e-=d}while(e);return d<{let e=new Worker(o());e.onmessage=a=>{e.terminate(),c(a.data.isPrime)},e.onmessageerror=a=>{d(a)},e.postMessage({rnd:a,iterations:b,id:0})})}function h(b,a){if(b==r|a<=r)return NaN;let c=e(m(b,a),a);return c.b===s?m(c.x,a):NaN}function i(d,e,f){if(f=BigInt(f),f===r)return NaN;if(d=m(d,f),e=BigInt(e),e min");const c=a-b;let e,f=d(c);do{let a=k(f);e=n(a)}while(e>c);return e+b}function k(a,b=!1){var c=Math.ceil;if(1>a)throw new RangeError(`bitLength MUST be > 0 and it is ${a}`);const d=c(a/8);let e=l(d,!1);if(e[0]&=2**(a%8)-1,b){let b=a%8?2**(a%8-1):128;e[0]|=b}return e}function l(a,b=!1){if(1>a)throw new RangeError(`byteLength MUST be > 0 and it is ${a}`);let c;return c=new Uint8Array(a),self.crypto.getRandomValues(c),b&&(c[0]|=128),c}function m(b,c){return(c=BigInt(c),0>=c)?NaN:(b=BigInt(b)%c,0>b?b+c:b)}function n(a){let b=r;for(let c of a.values()){let a=BigInt(c);b=(b< {${a}})()`;var b=new Blob([a],{type:"text/javascript"});return window.URL.createObjectURL(b)}function q(c,b=16){if(c===t)return!0;if((c&s)===r||c===s)return!1;const e=[3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597];for(let a=0;aa)throw new RangeError(`bitLength MUST be > 0 and it is ${a}`);return new Promise(c=>{let d=[];const e=(e,f)=>{if(e.isPrime){for(let a=0;ae(a.data,b),d.push(b)}for(let e=0;ea)throw new RangeError(`byteLength MUST be > 0 and it is ${a}`);let c;return new Promise(function(b){c=new Uint8Array(a),self.crypto.getRandomValues(c),b(c)})},a.randBytesSync=l,a.toZn=m,a}({}); diff --git a/dist/bigint-crypto-utils-latest.browser.mod.js b/dist/bigint-crypto-utils-latest.browser.mod.js index c17036e..f5e144a 100644 --- a/dist/bigint-crypto-utils-latest.browser.mod.js +++ b/dist/bigint-crypto-utils-latest.browser.mod.js @@ -23,7 +23,7 @@ function abs(a) { */ function bitLength(a) { a = BigInt(a); - if (a === _ONE) + if (a === _ONE) return 1; let bits = 1; do { @@ -45,11 +45,14 @@ function bitLength(a) { * @param {number|bigint} a * @param {number|bigint} b * - * @returns {egcdReturn} + * @returns {egcdReturn} A triple (g, x, y), such that ax + by = g = gcd(a, b). */ function eGcd(a, b) { a = BigInt(a); b = BigInt(b); + if (a <= _ZERO | b <= _ZERO) + return NaN; // a and b MUST be positive + let x = _ZERO; let y = _ONE; let u = _ONE; @@ -85,6 +88,11 @@ function eGcd(a, b) { function gcd(a, b) { a = abs(a); b = abs(b); + if (a === _ZERO) + return b; + else if (b === _ZERO) + return a; + let shift = _ZERO; while (!((a | b) & _ONE)) { a >>= _ONE; @@ -151,6 +159,8 @@ async function isProbablyPrime(w, iterations = 16) { function lcm(a, b) { a = BigInt(a); b = BigInt(b); + if (a === _ZERO && b === _ZERO) + return _ZERO; return abs(a * b) / gcd(a, b); } @@ -160,12 +170,15 @@ function lcm(a, b) { * @param {number|bigint} a The number to find an inverse for * @param {number|bigint} n The modulo * - * @returns {bigint} the inverse modulo n + * @returns {bigint} the inverse modulo n or NaN if it does not exist */ function modInv(a, n) { - let egcd = eGcd(toZn(a,n), n); + if (a == _ZERO | n <= _ZERO) + return NaN; + + let egcd = eGcd(toZn(a, n), n); if (egcd.b !== _ONE) { - return null; // modular inverse does not exist + return NaN; // modular inverse does not exist } else { return toZn(egcd.x, n); } @@ -182,6 +195,9 @@ function modInv(a, n) { function modPow(a, b, n) { // See Knuth, volume 2, section 4.6.3. n = BigInt(n); + if (n === _ZERO) + return NaN; + a = toZn(a, n); b = BigInt(b); if (b < _ZERO) { @@ -215,6 +231,8 @@ function modPow(a, b, n) { * @returns {Promise} A promise that resolves to a bigint probable prime of bitLength bits */ function prime(bitLength, iterations = 16) { + if (bitLength < 1) + throw new RangeError(`bitLength MUST be > 0 and it is ${bitLength}`); return new Promise((resolve) => { let workerList = []; const _onmessage = (msg, newWorker) => { @@ -289,9 +307,12 @@ function randBetween(max, min = _ONE) { * @returns {Buffer|Uint8Array} A Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bits */ function randBits(bitLength, forceLength = false) { + if (bitLength < 1) + throw new RangeError(`bitLength MUST be > 0 and it is ${bitLength}`); + const byteLength = Math.ceil(bitLength / 8); let rndBytes = randBytesSync(byteLength, false); - // Fill with 0's the extra birs + // Fill with 0's the extra bits rndBytes[0] = rndBytes[0] & (2 ** (bitLength % 8) - 1); if (forceLength) { let mask = (bitLength % 8) ? 2 ** ((bitLength % 8) - 1) : 128; @@ -309,6 +330,9 @@ function randBits(bitLength, forceLength = false) { * @returns {Promise} A promise that resolves to a Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bytes */ function randBytes(byteLength, forceLength = false) { + if (byteLength < 1) + throw new RangeError(`byteLength MUST be > 0 and it is ${byteLength}`); + let buf; { // browser return new Promise(function (resolve) { @@ -328,6 +352,9 @@ function randBytes(byteLength, forceLength = false) { * @returns {Buffer|Uint8Array} A Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bytes */ function randBytesSync(byteLength, forceLength = false) { + if (byteLength < 1) + throw new RangeError(`byteLength MUST be > 0 and it is ${byteLength}`); + let buf; { // browser buf = new Uint8Array(byteLength); @@ -348,6 +375,9 @@ function randBytesSync(byteLength, forceLength = false) { */ function toZn(a, n) { n = BigInt(n); + if (n <= 0) + return NaN; + a = BigInt(a) % n; return (a < 0) ? a + n : a; } diff --git a/dist/bigint-crypto-utils-latest.browser.mod.min.js b/dist/bigint-crypto-utils-latest.browser.mod.min.js index 21011bf..8a8f032 100644 --- a/dist/bigint-crypto-utils-latest.browser.mod.min.js +++ b/dist/bigint-crypto-utils-latest.browser.mod.min.js @@ -1 +1 @@ -const _ZERO=BigInt(0),_ONE=BigInt(1),_TWO=BigInt(2);function abs(b){return b=BigInt(b),b>=_ZERO?b:-b}function bitLength(b){if(b=BigInt(b),b===_ONE)return 1;let c=1;do c++;while((b>>=_ONE)>_ONE);return c}function eGcd(c,d){c=BigInt(c),d=BigInt(d);let e=_ZERO,f=_ONE,g=_ONE,h=_ZERO;for(;c!==_ZERO;){let a=d/c,b=d%c,i=e-g*a,j=f-h*a;d=c,c=b,e=g,f=h,g=i,h=j}return{b:d,x:e,y:f}}function gcd(c,d){c=abs(c),d=abs(d);let e=_ZERO;for(;!((c|d)&_ONE);)c>>=_ONE,d>>=_ONE,e++;for(;!(c&_ONE);)c>>=_ONE;do{for(;!(d&_ONE);)d>>=_ONE;if(c>d){let a=c;c=d,d=a}d-=c}while(d);return c<{let e=new Worker(_isProbablyPrimeWorkerUrl());e.onmessage=a=>{e.terminate(),c(a.data.isPrime)},e.onmessageerror=a=>{d(a)},e.postMessage({rnd:a,iterations:b,id:0})})}function lcm(c,d){return c=BigInt(c),d=BigInt(d),abs(c*d)/gcd(c,d)}function modInv(b,a){let c=eGcd(toZn(b,a),a);return c.b===_ONE?toZn(c.x,a):null}function modPow(c,d,e){if(e=BigInt(e),c=toZn(c,e),d=BigInt(d),d<_ZERO)return modInv(modPow(c,abs(d),e),e);let f=_ONE,g=c;for(;0{let d=[];const e=(e,f)=>{if(e.isPrime){for(let a=0;ae(a.data,b),d.push(b)}for(let e=0;e min");const c=a-b;let d,e=bitLength(c);do{let a=randBits(e);d=fromBuffer(a)}while(d>c);return d+b}function randBits(a,b=!1){var c=Math.ceil;const d=c(a/8);let e=randBytesSync(d,!1);if(e[0]&=2**(a%8)-1,b){let b=a%8?2**(a%8-1):128;e[0]|=b}return e}function randBytes(a,b=!1){let c;return new Promise(function(b){c=new Uint8Array(a),self.crypto.getRandomValues(c),b(c)})}function randBytesSync(a,b=!1){let c;return c=new Uint8Array(a),self.crypto.getRandomValues(c),b&&(c[0]|=128),c}function toZn(b,c){return c=BigInt(c),b=BigInt(b)%c,0>b?b+c:b}function fromBuffer(a){let b=_ZERO;for(let c of a.values()){let a=BigInt(c);b=(b< {${a}})()`;var b=new Blob([a],{type:"text/javascript"});return window.URL.createObjectURL(b)}function _isProbablyPrime(c,b=16){if(c===_TWO)return!0;if((c&_ONE)===_ZERO||c===_ONE)return!1;const e=[3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597];for(let a=0;a=_ZERO?b:-b}function bitLength(b){if(b=BigInt(b),b===_ONE)return 1;let c=1;do c++;while((b>>=_ONE)>_ONE);return c}function eGcd(c,d){if(c=BigInt(c),d=BigInt(d),c<=_ZERO|d<=_ZERO)return NaN;let e=_ZERO,f=_ONE,g=_ONE,h=_ZERO;for(;c!==_ZERO;){let a=d/c,b=d%c,i=e-g*a,j=f-h*a;d=c,c=b,e=g,f=h,g=i,h=j}return{b:d,x:e,y:f}}function gcd(c,d){if(c=abs(c),d=abs(d),c===_ZERO)return d;if(d===_ZERO)return c;let e=_ZERO;for(;!((c|d)&_ONE);)c>>=_ONE,d>>=_ONE,e++;for(;!(c&_ONE);)c>>=_ONE;do{for(;!(d&_ONE);)d>>=_ONE;if(c>d){let a=c;c=d,d=a}d-=c}while(d);return c<{let e=new Worker(_isProbablyPrimeWorkerUrl());e.onmessage=a=>{e.terminate(),c(a.data.isPrime)},e.onmessageerror=a=>{d(a)},e.postMessage({rnd:a,iterations:b,id:0})})}function lcm(c,d){return c=BigInt(c),d=BigInt(d),c===_ZERO&&d===_ZERO?_ZERO:abs(c*d)/gcd(c,d)}function modInv(b,a){if(b==_ZERO|a<=_ZERO)return NaN;let c=eGcd(toZn(b,a),a);return c.b===_ONE?toZn(c.x,a):NaN}function modPow(c,d,e){if(e=BigInt(e),e===_ZERO)return NaN;if(c=toZn(c,e),d=BigInt(d),d<_ZERO)return modInv(modPow(c,abs(d),e),e);let f=_ONE,g=c;for(;0a)throw new RangeError(`bitLength MUST be > 0 and it is ${a}`);return new Promise(c=>{let d=[];const e=(e,f)=>{if(e.isPrime){for(let a=0;ae(a.data,b),d.push(b)}for(let e=0;e min");const c=a-b;let d,e=bitLength(c);do{let a=randBits(e);d=fromBuffer(a)}while(d>c);return d+b}function randBits(a,b=!1){var c=Math.ceil;if(1>a)throw new RangeError(`bitLength MUST be > 0 and it is ${a}`);const d=c(a/8);let e=randBytesSync(d,!1);if(e[0]&=2**(a%8)-1,b){let b=a%8?2**(a%8-1):128;e[0]|=b}return e}function randBytes(a,b=!1){if(1>a)throw new RangeError(`byteLength MUST be > 0 and it is ${a}`);let c;return new Promise(function(b){c=new Uint8Array(a),self.crypto.getRandomValues(c),b(c)})}function randBytesSync(a,b=!1){if(1>a)throw new RangeError(`byteLength MUST be > 0 and it is ${a}`);let c;return c=new Uint8Array(a),self.crypto.getRandomValues(c),b&&(c[0]|=128),c}function toZn(b,c){return(c=BigInt(c),0>=c)?NaN:(b=BigInt(b)%c,0>b?b+c:b)}function fromBuffer(a){let b=_ZERO;for(let c of a.values()){let a=BigInt(c);b=(b< {${a}})()`;var b=new Blob([a],{type:"text/javascript"});return window.URL.createObjectURL(b)}function _isProbablyPrime(c,b=16){if(c===_TWO)return!0;if((c&_ONE)===_ZERO||c===_ONE)return!1;const e=[3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597];for(let a=0;a>= _ONE; @@ -161,6 +169,8 @@ async function isProbablyPrime(w, iterations = 16) { function lcm(a, b) { a = BigInt(a); b = BigInt(b); + if (a === _ZERO && b === _ZERO) + return _ZERO; return abs(a * b) / gcd(a, b); } @@ -170,12 +180,15 @@ function lcm(a, b) { * @param {number|bigint} a The number to find an inverse for * @param {number|bigint} n The modulo * - * @returns {bigint} the inverse modulo n + * @returns {bigint} the inverse modulo n or NaN if it does not exist */ function modInv(a, n) { - let egcd = eGcd(toZn(a,n), n); + if (a == _ZERO | n <= _ZERO) + return NaN; + + let egcd = eGcd(toZn(a, n), n); if (egcd.b !== _ONE) { - return null; // modular inverse does not exist + return NaN; // modular inverse does not exist } else { return toZn(egcd.x, n); } @@ -192,6 +205,9 @@ function modInv(a, n) { function modPow(a, b, n) { // See Knuth, volume 2, section 4.6.3. n = BigInt(n); + if (n === _ZERO) + return NaN; + a = toZn(a, n); b = BigInt(b); if (b < _ZERO) { @@ -225,6 +241,9 @@ function modPow(a, b, n) { * @returns {Promise} A promise that resolves to a bigint probable prime of bitLength bits */ function prime(bitLength, iterations = 16) { + if (bitLength < 1) + throw new RangeError(`bitLength MUST be > 0 and it is ${bitLength}`); + if (!_useWorkers) { let rnd = _ZERO; do { @@ -307,9 +326,12 @@ function randBetween(max, min = _ONE) { * @returns {Buffer|Uint8Array} A Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bits */ function randBits(bitLength, forceLength = false) { + if (bitLength < 1) + throw new RangeError(`bitLength MUST be > 0 and it is ${bitLength}`); + const byteLength = Math.ceil(bitLength / 8); let rndBytes = randBytesSync(byteLength, false); - // Fill with 0's the extra birs + // Fill with 0's the extra bits rndBytes[0] = rndBytes[0] & (2 ** (bitLength % 8) - 1); if (forceLength) { let mask = (bitLength % 8) ? 2 ** ((bitLength % 8) - 1) : 128; @@ -327,6 +349,9 @@ function randBits(bitLength, forceLength = false) { * @returns {Promise} A promise that resolves to a Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bytes */ function randBytes(byteLength, forceLength = false) { + if (byteLength < 1) + throw new RangeError(`byteLength MUST be > 0 and it is ${byteLength}`); + let buf; { // node const crypto = require('crypto'); @@ -349,6 +374,9 @@ function randBytes(byteLength, forceLength = false) { * @returns {Buffer|Uint8Array} A Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bytes */ function randBytesSync(byteLength, forceLength = false) { + if (byteLength < 1) + throw new RangeError(`byteLength MUST be > 0 and it is ${byteLength}`); + let buf; { // node const crypto = require('crypto'); @@ -370,6 +398,9 @@ function randBytesSync(byteLength, forceLength = false) { */ function toZn(a, n) { n = BigInt(n); + if (n <= 0) + return NaN; + a = BigInt(a) % n; return (a < 0) ? a + n : a; } diff --git a/src/main.js b/src/main.js index f44759e..0df2711 100644 --- a/src/main.js +++ b/src/main.js @@ -25,7 +25,7 @@ export function abs(a) { */ export function bitLength(a) { a = BigInt(a); - if (a === _ONE) + if (a === _ONE) return 1; let bits = 1; do { @@ -47,11 +47,14 @@ export function bitLength(a) { * @param {number|bigint} a * @param {number|bigint} b * - * @returns {egcdReturn} + * @returns {egcdReturn} A triple (g, x, y), such that ax + by = g = gcd(a, b). */ export function eGcd(a, b) { a = BigInt(a); b = BigInt(b); + if (a <= _ZERO | b <= _ZERO) + return NaN; // a and b MUST be positive + let x = _ZERO; let y = _ONE; let u = _ONE; @@ -87,6 +90,11 @@ export function eGcd(a, b) { export function gcd(a, b) { a = abs(a); b = abs(b); + if (a === _ZERO) + return b; + else if (b === _ZERO) + return a; + let shift = _ZERO; while (!((a | b) & _ONE)) { a >>= _ONE; @@ -178,6 +186,8 @@ export async function isProbablyPrime(w, iterations = 16) { export function lcm(a, b) { a = BigInt(a); b = BigInt(b); + if (a === _ZERO && b === _ZERO) + return _ZERO; return abs(a * b) / gcd(a, b); } @@ -187,12 +197,15 @@ export function lcm(a, b) { * @param {number|bigint} a The number to find an inverse for * @param {number|bigint} n The modulo * - * @returns {bigint} the inverse modulo n + * @returns {bigint} the inverse modulo n or NaN if it does not exist */ export function modInv(a, n) { - let egcd = eGcd(toZn(a,n), n); + if (a == _ZERO | n <= _ZERO) + return NaN; + + let egcd = eGcd(toZn(a, n), n); if (egcd.b !== _ONE) { - return null; // modular inverse does not exist + return NaN; // modular inverse does not exist } else { return toZn(egcd.x, n); } @@ -209,6 +222,9 @@ export function modInv(a, n) { export function modPow(a, b, n) { // See Knuth, volume 2, section 4.6.3. n = BigInt(n); + if (n === _ZERO) + return NaN; + a = toZn(a, n); b = BigInt(b); if (b < _ZERO) { @@ -242,6 +258,9 @@ export function modPow(a, b, n) { * @returns {Promise} A promise that resolves to a bigint probable prime of bitLength bits */ export function prime(bitLength, iterations = 16) { + if (bitLength < 1) + throw new RangeError(`bitLength MUST be > 0 and it is ${bitLength}`); + if (!process.browser && !_useWorkers) { let rnd = _ZERO; do { @@ -331,9 +350,12 @@ export function randBetween(max, min = _ONE) { * @returns {Buffer|Uint8Array} A Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bits */ export function randBits(bitLength, forceLength = false) { + if (bitLength < 1) + throw new RangeError(`bitLength MUST be > 0 and it is ${bitLength}`); + const byteLength = Math.ceil(bitLength / 8); let rndBytes = randBytesSync(byteLength, false); - // Fill with 0's the extra birs + // Fill with 0's the extra bits rndBytes[0] = rndBytes[0] & (2 ** (bitLength % 8) - 1); if (forceLength) { let mask = (bitLength % 8) ? 2 ** ((bitLength % 8) - 1) : 128; @@ -351,6 +373,9 @@ export function randBits(bitLength, forceLength = false) { * @returns {Promise} A promise that resolves to a Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bytes */ export function randBytes(byteLength, forceLength = false) { + if (byteLength < 1) + throw new RangeError(`byteLength MUST be > 0 and it is ${byteLength}`); + let buf; if (!process.browser) { // node const crypto = require('crypto'); @@ -379,6 +404,9 @@ export function randBytes(byteLength, forceLength = false) { * @returns {Buffer|Uint8Array} A Buffer/UInt8Array (Node.js/Browser) filled with cryptographically secure random bytes */ export function randBytesSync(byteLength, forceLength = false) { + if (byteLength < 1) + throw new RangeError(`byteLength MUST be > 0 and it is ${byteLength}`); + let buf; if (!process.browser) { // node const crypto = require('crypto'); @@ -403,6 +431,9 @@ export function randBytesSync(byteLength, forceLength = false) { */ export function toZn(a, n) { n = BigInt(n); + if (n <= 0) + return NaN; + a = BigInt(a) % n; return (a < 0) ? a + n : a; } diff --git a/test/browser/tests.js b/test/browser/tests.js index 5e098ea..28c57d4 100644 --- a/test/browser/tests.js +++ b/test/browser/tests.js @@ -78,6 +78,21 @@ const inputs$2 = [ b: BigInt(1), gcd: BigInt(1) }, + { + a: BigInt(0), + b: BigInt(189), + gcd: BigInt(189) + }, + { + a: BigInt(189), + b: BigInt(0), + gcd: BigInt(189) + }, + { + a: BigInt(0), + b: BigInt(0), + gcd: BigInt(0) + }, { a: BigInt(1), b: BigInt('14546149867129487614601346814'), @@ -244,16 +259,22 @@ const inputs$4 = [ a: BigInt(-2), n: BigInt(5), modInv: BigInt(2) + }, + { + a: BigInt(2), + n: BigInt(4), + modInv: NaN } ]; describe('modInv', function () { + let ret; for (const input of inputs$4) { - let ret; describe(`modInv(${input.a}, ${input.n})`, function () { it(`should return ${input.modInv}`, function () { ret = bigintCryptoUtils.modInv(input.a, input.n); - chai.expect(ret).to.equal(input.modInv); + // chai.assert( String(ret) === String(input.modInv) ); + chai.expect(String(ret)).to.be.equal(String(input.modInv)); }); }); } diff --git a/test/gcd.js b/test/gcd.js index 7657e2c..49d1fb7 100644 --- a/test/gcd.js +++ b/test/gcd.js @@ -11,6 +11,21 @@ const inputs = [ b: BigInt(1), gcd: BigInt(1) }, + { + a: BigInt(0), + b: BigInt(189), + gcd: BigInt(189) + }, + { + a: BigInt(189), + b: BigInt(0), + gcd: BigInt(189) + }, + { + a: BigInt(0), + b: BigInt(0), + gcd: BigInt(0) + }, { a: BigInt(1), b: BigInt('14546149867129487614601346814'), diff --git a/test/modInv.js b/test/modInv.js index 6437170..11a6bcd 100644 --- a/test/modInv.js +++ b/test/modInv.js @@ -20,16 +20,22 @@ const inputs = [ a: BigInt(-2), n: BigInt(5), modInv: BigInt(2) + }, + { + a: BigInt(2), + n: BigInt(4), + modInv: NaN } ]; describe('modInv', function () { + let ret; for (const input of inputs) { - let ret; describe(`modInv(${input.a}, ${input.n})`, function () { it(`should return ${input.modInv}`, function () { ret = bigintCryptoUtils.modInv(input.a, input.n); - chai.expect(ret).to.equal(input.modInv); + // chai.assert( String(ret) === String(input.modInv) ); + chai.expect(String(ret)).to.be.equal(String(input.modInv)); }); }); }