Moving sjcl_random preparation to a function.

Author: armfazh

package-lock.json

@@ -53,6 +53,6 @@
         "prettier": "3.3.3",
         "rimraf": "6.0.1",
         "typescript": "5.6.2",
-        "typescript-eslint": "8.7.0"
+        "typescript-eslint": "8.8.0"
     }
 }

package.json

@@ -24,4 +24,4 @@ ${SJCL_OUTPUT_PATH}/index.d.ts:
 	npm un -D @types/sjcl
 
 clean:
-	rm -f ${SJCL_OUTPUT_PATH}/index.d.ts ${SJCL_OUTPUT_PATH}/index.js
+	rm -f ${SJCL_OUTPUT_PATH}/index.js ${SJCL_OUTPUT_PATH}/index.d.ts

sjcl.Makefile

@@ -130,14 +130,10 @@ export function getSuiteByName<T>(
         new (params: BlindRSAParams & BlindRSAPlatformParams): T;
     },
     name: string,
-    params?: BlindRSAPlatformParams,
+    params: BlindRSAPlatformParams = { supportsRSARAW: false },
 ): T {
     for (const suiteParams of Object.values(Params)) {
         if (name.toLowerCase() === suiteParams.name.toLowerCase()) {
-            if (!params) {
-                params = { supportsRSARAW: false };
-            }
-
             return new newT({ ...suiteParams, ...params });
         }
     }

src/index.ts

@@ -15,11 +15,12 @@ import {
     random_integer_uniform,
     rsasp1,
     rsavp1,
+    inverseMod,
+    rsaRawBlingSign,
+    prepare_sjcl_random_generator,
     type BigPublicKey,
     type BigSecretKey,
     type BigKeyPair,
-    inverseMod,
-    rsaRawBlingSign,
 } from './util.js';
 import { PrepareType, type BlindRSAParams, type BlindRSAPlatformParams } from './blindrsa.js';
 
@@ -282,11 +283,7 @@ export class PartiallyBlindRSA {
         algorithm: Pick<RsaHashedKeyGenParams, 'modulusLength' | 'publicExponent' | 'hash'>,
         generateSafePrimeSync: (length: number) => sjcl.BigNumber | bigint = generateSafePrime,
     ): Promise<CryptoKeyPair> {
-        // It requires to seed the internal random number generator.
-        while (!sjcl.random.isReady(undefined)) {
-            const buffer = crypto.getRandomValues(new Uint32Array(4));
-            sjcl.random.addEntropy(Array.from(buffer), 128, 'undefined');
-        }
+        prepare_sjcl_random_generator();
 
         // 1. p = SafePrime(bits / 2)
         // 2. q = SafePrime(bits / 2)

src/partially_blindrsa.ts

@@ -346,3 +346,11 @@ export type BigSecretKey = {
 };
 
 export type BigKeyPair = { publicKey: BigPublicKey; secretKey: BigSecretKey };
+
+export function prepare_sjcl_random_generator() {
+    // It requires to seed the internal random number generator.
+    const source = 'crypto.getRandomValues';
+    while (!sjcl.random.isReady(undefined)) {
+        sjcl.random.addEntropy(Array.from(crypto.getRandomValues(new Uint32Array(4))), 128, source);
+    }
+}

src/util.ts

@@ -2,8 +2,8 @@
 // Licensed under the Apache-2.0 license found in the LICENSE file or at https://opensource.org/licenses/Apache-2.0
 
 import { jest } from '@jest/globals';
-import sjcl from '../src/sjcl/index.js';
 
+import sjcl from '../src/sjcl/index.js';
 import { i2osp } from '../src/util.js';
 import { BlindRSA, RSABSSA, getSuiteByName } from '../src/index.js';
 
@@ -131,33 +131,35 @@ describe.each(vectors)('TestVectors', (v: Vector) => {
             .mockReturnValueOnce(rBytes); // mock for random blind
     });
 
-    const params = [[], [{ supportsRSARAW: true }]];
+    const params = [undefined, { supportsRSARAW: true }];
 
-    test.each(params)(
-        `_${v.name}`,
-        async (...params) => {
-            const blindRSA = getSuiteByName(BlindRSA, v.name, ...params);
-            expect(blindRSA.toString()).toBe(v.name);
+    describe.each(params)(`_${v.name}`, (params) => {
+        test(
+            `supportsRSARAW/${params ? params.supportsRSARAW : false}`,
+            async () => {
+                const blindRSA = getSuiteByName(BlindRSA, v.name, params);
+                expect(blindRSA.toString()).toBe(v.name);
 
-            const msg = hexToUint8(v.msg);
-            const inputMsg = blindRSA.prepare(msg);
-            expect(uint8ToHex(inputMsg)).toBe(v.input_msg);
+                const msg = hexToUint8(v.msg);
+                const inputMsg = blindRSA.prepare(msg);
+                expect(uint8ToHex(inputMsg)).toBe(v.input_msg);
 
-            const { publicKey, privateKey } = await keysFromVector(v, true);
+                const { publicKey, privateKey } = await keysFromVector(v, true);
 
-            const { blindedMsg, inv } = await blindRSA.blind(publicKey, inputMsg);
-            expect(uint8ToHex(blindedMsg)).toBe(v.blinded_msg);
-            expect(uint8ToHex(inv)).toBe(v.inv.slice(2));
+                const { blindedMsg, inv } = await blindRSA.blind(publicKey, inputMsg);
+                expect(uint8ToHex(blindedMsg)).toBe(v.blinded_msg);
+                expect(uint8ToHex(inv)).toBe(v.inv.slice(2));
 
-            const blindedSig = await blindRSA.blindSign(privateKey, blindedMsg);
-            expect(uint8ToHex(blindedSig)).toBe(v.blind_sig);
+                const blindedSig = await blindRSA.blindSign(privateKey, blindedMsg);
+                expect(uint8ToHex(blindedSig)).toBe(v.blind_sig);
 
-            const signature = await blindRSA.finalize(publicKey, inputMsg, blindedSig, inv);
-            expect(uint8ToHex(signature)).toBe(v.sig);
+                const signature = await blindRSA.finalize(publicKey, inputMsg, blindedSig, inv);
+                expect(uint8ToHex(signature)).toBe(v.sig);
 
-            const isValid = await blindRSA.verify(publicKey, signature, inputMsg);
-            expect(isValid).toBe(true);
-        },
-        20 * 1000,
-    );
+                const isValid = await blindRSA.verify(publicKey, signature, inputMsg);
+                expect(isValid).toBe(true);
+            },
+            20 * 1000,
+        );
+    });
 });

test/blindrsa.test.ts

@@ -1,10 +1,11 @@
 // Copyright (c) 2023 Cloudflare, Inc.
 // Licensed under the Apache-2.0 license found in the LICENSE file or at https://opensource.org/licenses/Apache-2.0
 
-import sjcl from '../src/sjcl/index.js';
 import { jest } from '@jest/globals';
 
 import { emsa_pss_encode, is_coprime, random_integer_uniform } from '../src/util.js';
+import sjcl from '../src/sjcl/index.js';
+
 // Test vector in file pss_test.go from: https://cs.opensource.google/go/go/+/refs/tags/go1.18.2:src/crypto/rsa/pss_test.go
 // Test vector in file pss-int.txt from: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
 import vector from './testdata/emsa_pss_vectors.json';

test/misc.test.ts

@@ -4,7 +4,7 @@
 import sjcl from '../src/sjcl/index.js';
 import { jest } from '@jest/globals';
 
-import { i2osp } from '../src/util.js';
+import { i2osp, prepare_sjcl_random_generator } from '../src/util.js';
 import { PartiallyBlindRSA, RSAPBSSA, getSuiteByName } from '../src/index.js';
 import { isSafePrime } from '../src/prime.js';
 
@@ -125,15 +125,7 @@ describe.each(vectors)('Errors-vec$#', (v: Vector) => {
 });
 
 test.each(vectors)('TestVector_$#/safePrimes', (v: Vector) => {
-    // It requires to seed the internal random number generator.
-    while (!sjcl.random.isReady(undefined)) {
-        sjcl.random.addEntropy(
-            Array.from(crypto.getRandomValues(new Uint32Array(4))),
-            128,
-            'undefined',
-        );
-    }
-
+    prepare_sjcl_random_generator();
     expect(isSafePrime(new sjcl.bn(v.p))).toBe(true);
     expect(isSafePrime(new sjcl.bn(v.q))).toBe(true);
 });

test/partially_blindrsa.test.ts

@@ -4,6 +4,7 @@
 import { jest } from '@jest/globals';
 
 import sjcl from '../src/sjcl/index.js';
+import { prepare_sjcl_random_generator } from '../src/util.js';
 
 import { generatePrime, generateSafePrime, isPrime, isSafePrime } from '../src/prime.js';
 
@@ -59,16 +60,7 @@ const SAFE_PRIMES = [
     '0x9f62917a38e8136a8d942aa6854637800713ad3bd0b58d971910c5c233',
 ];
 
-beforeEach(() => {
-    // It requires to seed the internal random number generator.
-    while (!sjcl.random.isReady(undefined)) {
-        sjcl.random.addEntropy(
-            Array.from(crypto.getRandomValues(new Uint32Array(4))),
-            128,
-            'undefined',
-        );
-    }
-});
+beforeEach(prepare_sjcl_random_generator);
 
 test.each(PRIME)('isPrime/%#', (p) => {
     expect(isPrime(new sjcl.bn(p))).toBe(true);