Accueil Explorer Aide
Connexion
htcwl
/
SxsnPC
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 3be96aa7da
Branches Tags
SxsnPC
/
node_modules
/
node-forge
/
lib
/
prime.js

prime.js 8.6 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297 
  1. /**
    2. 

  2.  * Prime number generation API.
    3. 

  3.  *
    4. 

  4.  * @author Dave Longley
    5. 

  5.  *
    6. 

  6.  * Copyright (c) 2014 Digital Bazaar, Inc.
    7. 

  7.  */
    8. 

  8. var forge = require('./forge');
    9. 

  9. require('./util');
    10. 

  10. require('./jsbn');
    11. 

  11. require('./random');
    12. 

  12. 

  13. (function() {
    14. 

  14. 

  15. // forge.prime already defined
    16. 

  16. if(forge.prime) {
    17. 

  17.   module.exports = forge.prime;
    18. 

  18.   return;
    19. 

  19. }
    20. 

  20. 

  21. /* PRIME API */
    22. 

  22. var prime = module.exports = forge.prime = forge.prime || {};
    23. 

  23. 

  24. var BigInteger = forge.jsbn.BigInteger;
    25. 

  25. 

  26. // primes are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29
    27. 

  27. var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];
    28. 

  28. var THIRTY = new BigInteger(null);
    29. 

  29. THIRTY.fromInt(30);
    30. 

  30. var op_or = function(x, y) {return x|y;};
    31. 

  31. 

  32. /**
    33. 

  33.  * Generates a random probable prime with the given number of bits.
    34. 

  34.  *
    35. 

  35.  * Alternative algorithms can be specified by name as a string or as an
    36. 

  36.  * object with custom options like so:
    37. 

  37.  *
    38. 

  38.  * {
    39. 

  39.  *   name: 'PRIMEINC',
    40. 

  40.  *   options: {
    41. 

  41.  *     maxBlockTime: <the maximum amount of time to block the main
    42. 

  42.  *       thread before allowing I/O other JS to run>,
    43. 

  43.  *     millerRabinTests: <the number of miller-rabin tests to run>,
    44. 

  44.  *     workerScript: <the worker script URL>,
    45. 

  45.  *     workers: <the number of web workers (if supported) to use,
    46. 

  46.  *       -1 to use estimated cores minus one>.
    47. 

  47.  *     workLoad: the size of the work load, ie: number of possible prime
    48. 

  48.  *       numbers for each web worker to check per work assignment,
    49. 

  49.  *       (default: 100).
    50. 

  50.  *   }
    51. 

  51.  * }
    52. 

  52.  *
    53. 

  53.  * @param bits the number of bits for the prime number.
    54. 

  54.  * @param options the options to use.
    55. 

  55.  *          [algorithm] the algorithm to use (default: 'PRIMEINC').
    56. 

  56.  *          [prng] a custom crypto-secure pseudo-random number generator to use,
    57. 

  57.  *            that must define "getBytesSync".
    58. 

  58.  *
    59. 

  59.  * @return callback(err, num) called once the operation completes.
    60. 

  60.  */
    61. 

  61. prime.generateProbablePrime = function(bits, options, callback) {
    62. 

  62.   if(typeof options === 'function') {
    63. 

  63.     callback = options;
    64. 

  64.     options = {};
    65. 

  65.   }
    66. 

  66.   options = options || {};
    67. 

  67. 

  68.   // default to PRIMEINC algorithm
    69. 

  69.   var algorithm = options.algorithm || 'PRIMEINC';
    70. 

  70.   if(typeof algorithm === 'string') {
    71. 

  71.     algorithm = {name: algorithm};
    72. 

  72.   }
    73. 

  73.   algorithm.options = algorithm.options || {};
    74. 

  74. 

  75.   // create prng with api that matches BigInteger secure random
    76. 

  76.   var prng = options.prng || forge.random;
    77. 

  77.   var rng = {
    78. 

  78.     // x is an array to fill with bytes
    79. 

  79.     nextBytes: function(x) {
    80. 

  80.       var b = prng.getBytesSync(x.length);
    81. 

  81.       for(var i = 0; i < x.length; ++i) {
    82. 

  82.         x[i] = b.charCodeAt(i);
    83. 

  83.       }
    84. 

  84.     }
    85. 

  85.   };
    86. 

  86. 

  87.   if(algorithm.name === 'PRIMEINC') {
    88. 

  88.     return primeincFindPrime(bits, rng, algorithm.options, callback);
    89. 

  89.   }
    90. 

  90. 

  91.   throw new Error('Invalid prime generation algorithm: ' + algorithm.name);
    92. 

  92. };
    93. 

  93. 

  94. function primeincFindPrime(bits, rng, options, callback) {
    95. 

  95.   if('workers' in options) {
    96. 

  96.     return primeincFindPrimeWithWorkers(bits, rng, options, callback);
    97. 

  97.   }
    98. 

  98.   return primeincFindPrimeWithoutWorkers(bits, rng, options, callback);
    99. 

  99. }
    100. 

  100. 

  101. function primeincFindPrimeWithoutWorkers(bits, rng, options, callback) {
    102. 

  102.   // initialize random number
    103. 

  103.   var num = generateRandom(bits, rng);
    104. 

  104. 

  105.   /* Note: All primes are of the form 30k+i for i < 30 and gcd(30, i)=1. The
    106. 

  106.   number we are given is always aligned at 30k + 1. Each time the number is
    107. 

  107.   determined not to be prime we add to get to the next 'i', eg: if the number
    108. 

  108.   was at 30k + 1 we add 6. */
    109. 

  109.   var deltaIdx = 0;
    110. 

  110. 

  111.   // get required number of MR tests
    112. 

  112.   var mrTests = getMillerRabinTests(num.bitLength());
    113. 

  113.   if('millerRabinTests' in options) {
    114. 

  114.     mrTests = options.millerRabinTests;
    115. 

  115.   }
    116. 

  116. 

  117.   // find prime nearest to 'num' for maxBlockTime ms
    118. 

  118.   // 10 ms gives 5ms of leeway for other calculations before dropping
    119. 

  119.   // below 60fps (1000/60 == 16.67), but in reality, the number will
    120. 

  120.   // likely be higher due to an 'atomic' big int modPow
    121. 

  121.   var maxBlockTime = 10;
    122. 

  122.   if('maxBlockTime' in options) {
    123. 

  123.     maxBlockTime = options.maxBlockTime;
    124. 

  124.   }
    125. 

  125. 

  126.   _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback);
    127. 

  127. }
    128. 

  128. 

  129. function _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback) {
    130. 

  130.   var start = +new Date();
    131. 

  131.   do {
    132. 

  132.     // overflow, regenerate random number
    133. 

  133.     if(num.bitLength() > bits) {
    134. 

  134.       num = generateRandom(bits, rng);
    135. 

  135.     }
    136. 

  136.     // do primality test
    137. 

  137.     if(num.isProbablePrime(mrTests)) {
    138. 

  138.       return callback(null, num);
    139. 

  139.     }
    140. 

  140.     // get next potential prime
    141. 

  141.     num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0);
    142. 

  142.   } while(maxBlockTime < 0 || (+new Date() - start < maxBlockTime));
    143. 

  143. 

  144.   // keep trying later
    145. 

  145.   forge.util.setImmediate(function() {
    146. 

  146.     _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback);
    147. 

  147.   });
    148. 

  148. }
    149. 

  149. 

  150. // NOTE: This algorithm is indeterminate in nature because workers
    151. 

  151. // run in parallel looking at different segments of numbers. Even if this
    152. 

  152. // algorithm is run twice with the same input from a predictable RNG, it
    153. 

  153. // may produce different outputs.
    154. 

  154. function primeincFindPrimeWithWorkers(bits, rng, options, callback) {
    155. 

  155.   // web workers unavailable
    156. 

  156.   if(typeof Worker === 'undefined') {
    157. 

  157.     return primeincFindPrimeWithoutWorkers(bits, rng, options, callback);
    158. 

  158.   }
    159. 

  159. 

  160.   // initialize random number
    161. 

  161.   var num = generateRandom(bits, rng);
    162. 

  162. 

  163.   // use web workers to generate keys
    164. 

  164.   var numWorkers = options.workers;
    165. 

  165.   var workLoad = options.workLoad || 100;
    166. 

  166.   var range = workLoad * 30 / 8;
    167. 

  167.   var workerScript = options.workerScript || 'forge/prime.worker.js';
    168. 

  168.   if(numWorkers === -1) {
    169. 

  169.     return forge.util.estimateCores(function(err, cores) {
    170. 

  170.       if(err) {
    171. 

  171.         // default to 2
    172. 

  172.         cores = 2;
    173. 

  173.       }
    174. 

  174.       numWorkers = cores - 1;
    175. 

  175.       generate();
    176. 

  176.     });
    177. 

  177.   }
    178. 

  178.   generate();
    179. 

  179. 

  180.   function generate() {
    181. 

  181.     // require at least 1 worker
    182. 

  182.     numWorkers = Math.max(1, numWorkers);
    183. 

  183. 

  184.     // TODO: consider optimizing by starting workers outside getPrime() ...
    185. 

  185.     // note that in order to clean up they will have to be made internally
    186. 

  186.     // asynchronous which may actually be slower
    187. 

  187. 

  188.     // start workers immediately
    189. 

  189.     var workers = [];
    190. 

  190.     for(var i = 0; i < numWorkers; ++i) {
    191. 

  191.       // FIXME: fix path or use blob URLs
    192. 

  192.       workers[i] = new Worker(workerScript);
    193. 

  193.     }
    194. 

  194.     var running = numWorkers;
    195. 

  195. 

  196.     // listen for requests from workers and assign ranges to find prime
    197. 

  197.     for(var i = 0; i < numWorkers; ++i) {
    198. 

  198.       workers[i].addEventListener('message', workerMessage);
    199. 

  199.     }
    200. 

  200. 

  201.     /* Note: The distribution of random numbers is unknown. Therefore, each
    202. 

  202.     web worker is continuously allocated a range of numbers to check for a
    203. 

  203.     random number until one is found.
    204. 

  204. 

  205.     Every 30 numbers will be checked just 8 times, because prime numbers
    206. 

  206.     have the form:
    207. 

  207. 

  208.     30k+i, for i < 30 and gcd(30, i)=1 (there are 8 values of i for this)
    209. 

  209. 

  210.     Therefore, if we want a web worker to run N checks before asking for
    211. 

  211.     a new range of numbers, each range must contain N*30/8 numbers.
    212. 

  212. 

  213.     For 100 checks (workLoad), this is a range of 375. */
    214. 

  214. 

  215.     var found = false;
    216. 

  216.     function workerMessage(e) {
    217. 

  217.       // ignore message, prime already found
    218. 

  218.       if(found) {
    219. 

  219.         return;
    220. 

  220.       }
    221. 

  221. 

  222.       --running;
    223. 

  223.       var data = e.data;
    224. 

  224.       if(data.found) {
    225. 

  225.         // terminate all workers
    226. 

  226.         for(var i = 0; i < workers.length; ++i) {
    227. 

  227.           workers[i].terminate();
    228. 

  228.         }
    229. 

  229.         found = true;
    230. 

  230.         return callback(null, new BigInteger(data.prime, 16));
    231. 

  231.       }
    232. 

  232. 

  233.       // overflow, regenerate random number
    234. 

  234.       if(num.bitLength() > bits) {
    235. 

  235.         num = generateRandom(bits, rng);
    236. 

  236.       }
    237. 

  237. 

  238.       // assign new range to check
    239. 

  239.       var hex = num.toString(16);
    240. 

  240. 

  241.       // start prime search
    242. 

  242.       e.target.postMessage({
    243. 

  243.         hex: hex,
    244. 

  244.         workLoad: workLoad
    245. 

  245.       });
    246. 

  246. 

  247.       num.dAddOffset(range, 0);
    248. 

  248.     }
    249. 

  249.   }
    250. 

  250. }
    251. 

  251. 

  252. /**
    253. 

  253.  * Generates a random number using the given number of bits and RNG.
    254. 

  254.  *
    255. 

  255.  * @param bits the number of bits for the number.
    256. 

  256.  * @param rng the random number generator to use.
    257. 

  257.  *
    258. 

  258.  * @return the random number.
    259. 

  259.  */
    260. 

  260. function generateRandom(bits, rng) {
    261. 

  261.   var num = new BigInteger(bits, rng);
    262. 

  262.   // force MSB set
    263. 

  263.   var bits1 = bits - 1;
    264. 

  264.   if(!num.testBit(bits1)) {
    265. 

  265.     num.bitwiseTo(BigInteger.ONE.shiftLeft(bits1), op_or, num);
    266. 

  266.   }
    267. 

  267.   // align number on 30k+1 boundary
    268. 

  268.   num.dAddOffset(31 - num.mod(THIRTY).byteValue(), 0);
    269. 

  269.   return num;
    270. 

  270. }
    271. 

  271. 

  272. /**
    273. 

  273.  * Returns the required number of Miller-Rabin tests to generate a
    274. 

  274.  * prime with an error probability of (1/2)^80.
    275. 

  275.  *
    276. 

  276.  * See Handbook of Applied Cryptography Chapter 4, Table 4.4.
    277. 

  277.  *
    278. 

  278.  * @param bits the bit size.
    279. 

  279.  *
    280. 

  280.  * @return the required number of iterations.
    281. 

  281.  */
    282. 

  282. function getMillerRabinTests(bits) {
    283. 

  283.   if(bits <= 100) return 27;
    284. 

  284.   if(bits <= 150) return 18;
    285. 

  285.   if(bits <= 200) return 15;
    286. 

  286.   if(bits <= 250) return 12;
    287. 

  287.   if(bits <= 300) return 9;
    288. 

  288.   if(bits <= 350) return 8;
    289. 

  289.   if(bits <= 400) return 7;
    290. 

  290.   if(bits <= 500) return 6;
    291. 

  291.   if(bits <= 600) return 5;
    292. 

  292.   if(bits <= 800) return 4;
    293. 

  293.   if(bits <= 1250) return 3;
    294. 

  294.   return 2;
    295. 

  295. }
    296. 

  296. 

  297. })();
    298.