crypto: add randomInt function

PR-URL: #34600 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

Author: olalonde

doc/api/crypto.md

@@ -2793,6 +2793,44 @@ threadpool request. To minimize threadpool task length variation, partition
 large `randomFill` requests when doing so as part of fulfilling a client
 request.
 
+### `crypto.randomInt([min, ]max[, callback])`
+<!-- YAML
+added: REPLACEME
+-->
+
+*`min`{integer} Start of random range (inclusive). **Default**: `0`.
+*`max`{integer} End of random range (exclusive).
+*`callback`{Function} `function(err, n){}`.
+
+Return a random integer `n` such that `min <= n < max`. This
+implementation avoids [modulo bias][].
+
+The range (`max - min`) must be less than `2^48`. `min` and `max` must
+be safe integers.
+
+If the `callback` function is not provided, the random integer is
+generated synchronously.
+
+```js
+// Asynchronous
+crypto.randomInt(3, (err, n) =>{
+if (err) throw err;
+console.log(`Random number chosen from (0, 1, 2): ${n}`);
+});
+```
+
+```js
+// Synchronous
+constn=crypto.randomInt(3);
+console.log(`Random number chosen from (0, 1, 2): ${n}`);
+```
+
+```js
+// With `min` argument
+constn=crypto.randomInt(1, 7);
+console.log(`The dice rolled: ${n}`);
+```
+
 ### `crypto.scrypt(password, salt, keylen[, options], callback)`
 <!-- YAML
 added: v10.5.0
@@ -3565,6 +3603,7 @@ See the [list of SSL OP Flags][] for details.
 [NIST SP 800-131A]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf
 [NIST SP 800-132]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf
 [NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
+[modulo bias]: https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias
 [Nonce-Disrespecting Adversaries]: https://github.com/nonce-disrespect/nonce-disrespect
 [OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/man1.1.0/apps/openssl-spkac.html
 [RFC 1421]: https://www.rfc-editor.org/rfc/rfc1421.txt

lib/crypto.js

@@ -52,7 +52,8 @@ const{
 const{
  randomBytes,
  randomFill,
- randomFillSync
+ randomFillSync,
+ randomInt
 }=require('internal/crypto/random');
 const{
  pbkdf2,
@@ -184,6 +185,7 @@ module.exports ={
  randomBytes,
  randomFill,
  randomFillSync,
+ randomInt,
  scrypt,
  scryptSync,
 sign: signOneShot,

lib/internal/crypto/random.js

@@ -3,6 +3,7 @@
 const{
  MathMin,
  NumberIsNaN,
+ NumberIsSafeInteger
 }=primordials;
 
 const{ AsyncWrap, Providers }=internalBinding('async_wrap');
@@ -119,6 +120,82 @@ function randomFill(buf, offset, size, cb){
 _randomBytes(buf,offset,size,wrap);
 }
 
+// Largest integer we can read from a buffer.
+// e.g.: Buffer.from("ff".repeat(6), "hex").readUIntBE(0, 6);
+constRAND_MAX=0xFFFF_FFFF_FFFF;
+
+// Generates an integer in [min, max) range where min is inclusive and max is
+// exclusive.
+functionrandomInt(min,max,cb){
+// Detect optional min syntax
+// randomInt(max)
+// randomInt(max, cb)
+constminNotSpecified=typeofmax==='undefined'||
+typeofmax==='function';
+
+if(minNotSpecified){
+cb=max;
+max=min;
+min=0;
+}
+
+constisSync=typeofcb==='undefined';
+if(!isSync&&typeofcb!=='function'){
+thrownewERR_INVALID_CALLBACK(cb);
+}
+if(!NumberIsSafeInteger(min)){
+thrownewERR_INVALID_ARG_TYPE('min','safe integer',min);
+}
+if(!NumberIsSafeInteger(max)){
+thrownewERR_INVALID_ARG_TYPE('max','safe integer',max);
+}
+if(!(max>=min)){
+thrownewERR_OUT_OF_RANGE('max',`>= ${min}`,max);
+}
+
+// First we generate a random int between [0..range)
+constrange=max-min;
+
+if(!(range<=RAND_MAX)){
+thrownewERR_OUT_OF_RANGE(`max${minNotSpecified ? '' : ' - min'}`,
+`<= ${RAND_MAX}`,range);
+}
+
+constexcess=RAND_MAX%range;
+constrandLimit=RAND_MAX-excess;
+
+if(isSync){
+// Sync API
+while(true){
+constx=randomBytes(6).readUIntBE(0,6);
+// If x > (maxVal - (maxVal % range)), we will get "modulo bias"
+if(x>randLimit){
+// Try again
+continue;
+}
+constn=(x%range)+min;
+returnn;
+}
+}else{
+// Async API
+constpickAttempt=()=>{
+randomBytes(6,(err,bytes)=>{
+if(err)returncb(err);
+constx=bytes.readUIntBE(0,6);
+// If x > (maxVal - (maxVal % range)), we will get "modulo bias"
+if(x>randLimit){
+// Try again
+returnpickAttempt();
+}
+constn=(x%range)+min;
+cb(null,n);
+});
+};
+
+pickAttempt();
+}
+}
+
 functionhandleError(ex,buf){
 if(ex)throwex;
 returnbuf;
@@ -127,5 +204,6 @@ function handleError(ex, buf){
 module.exports={
  randomBytes,
  randomFill,
- randomFillSync
+ randomFillSync,
+ randomInt
 };

test/parallel/test-crypto-random.js

@@ -315,3 +315,183 @@ assert.throws(
 assert.strictEqual(desc.writable,true);
 assert.strictEqual(desc.enumerable,false);
 });
+
+
+{
+// Asynchronous API
+constrandomInts=[];
+for(leti=0;i<100;i++){
+crypto.randomInt(3,common.mustCall((err,n)=>{
+assert.ifError(err);
+assert.ok(n>=0);
+assert.ok(n<3);
+randomInts.push(n);
+if(randomInts.length===100){
+assert.ok(!randomInts.includes(-1));
+assert.ok(randomInts.includes(0));
+assert.ok(randomInts.includes(1));
+assert.ok(randomInts.includes(2));
+assert.ok(!randomInts.includes(3));
+}
+}));
+}
+}
+{
+// Synchronous API
+constrandomInts=[];
+for(leti=0;i<100;i++){
+constn=crypto.randomInt(3);
+assert.ok(n>=0);
+assert.ok(n<3);
+randomInts.push(n);
+}
+
+assert.ok(!randomInts.includes(-1));
+assert.ok(randomInts.includes(0));
+assert.ok(randomInts.includes(1));
+assert.ok(randomInts.includes(2));
+assert.ok(!randomInts.includes(3));
+}
+{
+// Positive range
+constrandomInts=[];
+for(leti=0;i<100;i++){
+crypto.randomInt(1,3,common.mustCall((err,n)=>{
+assert.ifError(err);
+assert.ok(n>=1);
+assert.ok(n<3);
+randomInts.push(n);
+if(randomInts.length===100){
+assert.ok(!randomInts.includes(0));
+assert.ok(randomInts.includes(1));
+assert.ok(randomInts.includes(2));
+assert.ok(!randomInts.includes(3));
+}
+}));
+}
+}
+{
+// Negative range
+constrandomInts=[];
+for(leti=0;i<100;i++){
+crypto.randomInt(-10,-8,common.mustCall((err,n)=>{
+assert.ifError(err);
+assert.ok(n>=-10);
+assert.ok(n<-8);
+randomInts.push(n);
+if(randomInts.length===100){
+assert.ok(!randomInts.includes(-11));
+assert.ok(randomInts.includes(-10));
+assert.ok(randomInts.includes(-9));
+assert.ok(!randomInts.includes(-8));
+}
+}));
+}
+}
+{
+
+['10',true,NaN,null,{},[]].forEach((i)=>{
+constinvalidMinError={
+code: 'ERR_INVALID_ARG_TYPE',
+name: 'TypeError',
+message: 'The "min" argument must be safe integer.'+
+`${common.invalidArgTypeHelper(i)}`,
+};
+constinvalidMaxError={
+code: 'ERR_INVALID_ARG_TYPE',
+name: 'TypeError',
+message: 'The "max" argument must be safe integer.'+
+`${common.invalidArgTypeHelper(i)}`,
+};
+
+assert.throws(
+()=>crypto.randomInt(i,100),
+invalidMinError
+);
+assert.throws(
+()=>crypto.randomInt(i,100,common.mustNotCall()),
+invalidMinError
+);
+assert.throws(
+()=>crypto.randomInt(i),
+invalidMaxError
+);
+assert.throws(
+()=>crypto.randomInt(i,common.mustNotCall()),
+invalidMaxError
+);
+assert.throws(
+()=>crypto.randomInt(0,i,common.mustNotCall()),
+invalidMaxError
+);
+assert.throws(
+()=>crypto.randomInt(0,i),
+invalidMaxError
+);
+});
+
+constmaxInt=Number.MAX_SAFE_INTEGER;
+constminInt=Number.MIN_SAFE_INTEGER;
+
+crypto.randomInt(minInt,minInt+5,common.mustCall());
+crypto.randomInt(maxInt-5,maxInt,common.mustCall());
+
+assert.throws(
+()=>crypto.randomInt(minInt-1,minInt+5,common.mustNotCall()),
+{
+code: 'ERR_INVALID_ARG_TYPE',
+name: 'TypeError',
+message: 'The "min" argument must be safe integer.'+
+`${common.invalidArgTypeHelper(minInt-1)}`,
+}
+);
+
+assert.throws(
+()=>crypto.randomInt(maxInt+1,common.mustNotCall()),
+{
+code: 'ERR_INVALID_ARG_TYPE',
+name: 'TypeError',
+message: 'The "max" argument must be safe integer.'+
+`${common.invalidArgTypeHelper(maxInt+1)}`,
+}
+);
+
+crypto.randomInt(0,common.mustCall());
+crypto.randomInt(0,0,common.mustCall());
+assert.throws(()=>crypto.randomInt(-1,common.mustNotCall()),{
+code: 'ERR_OUT_OF_RANGE',
+name: 'RangeError',
+message: 'The value of "max" is out of range. It must be >= 0. Received -1'
+});
+
+constMAX_RANGE=0xFFFF_FFFF_FFFF;
+crypto.randomInt(MAX_RANGE,common.mustCall());
+crypto.randomInt(1,MAX_RANGE+1,common.mustCall());
+assert.throws(
+()=>crypto.randomInt(1,MAX_RANGE+2,common.mustNotCall()),
+{
+code: 'ERR_OUT_OF_RANGE',
+name: 'RangeError',
+message: 'The value of "max - min" is out of range. '+
+`It must be <= ${MAX_RANGE}. `+
+'Received 281_474_976_710_656'
+}
+);
+
+assert.throws(()=>crypto.randomInt(MAX_RANGE+1,common.mustNotCall()),{
+code: 'ERR_OUT_OF_RANGE',
+name: 'RangeError',
+message: 'The value of "max" is out of range. '+
+`It must be <= ${MAX_RANGE}. `+
+'Received 281_474_976_710_656'
+});
+
+[true,NaN,null,{},[],10].forEach((i)=>{
+constcbError={
+code: 'ERR_INVALID_CALLBACK',
+name: 'TypeError',
+message: `Callback must be a function. Received ${inspect(i)}`
+};
+assert.throws(()=>crypto.randomInt(0,1,i),cbError);
+});
+}