SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: replace modulo with bitwise mask in crypto random

Browse Source
This commit is contained in:
lockbitchat
2025-10-20 01:02:07 -04:00
parent 63a19e6a4c
commit a7a5861e0a
3 changed files with 38 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dist/app-boot.js
Vendored
+14 -29
View File
@@ -8198,36 +8198,24 @@ var EnhancedSecureWebRTCManager = class _EnhancedSecureWebRTCManager {
if (!Number.isInteger(min) || !Number.isInteger(max)) { if (!Number.isInteger(min) || !Number.isInteger(max)) {
throw new Error("getSafeRandomInt requires integer min and max"); throw new Error("getSafeRandomInt requires integer min and max");
} }
if (min >= max) {
throw new Error("min must be less than max");
}
const range = max - min + 1; const range = max - min + 1;
if (range <= 0) throw new Error("Invalid range"); const bitsNeeded = Math.ceil(Math.log2(range));
if (range <= 256) { const bytesNeeded = Math.ceil(bitsNeeded / 8);
const threshold2 = 256 - 256 % range; const mask = (1 << bitsNeeded) - 1;
let randomValue2;
do {
randomValue2 = crypto.getRandomValues(new Uint8Array(1))[0];
} while (randomValue2 >= threshold2);
return min + randomValue2 % range;
}
if (range <= 65536) {
const maxValue = 65536;
const threshold2 = maxValue - maxValue % range;
let randomValue2;
do {
const randomBytes = crypto.getRandomValues(new Uint8Array(2));
randomValue2 = randomBytes[0] << 8 | randomBytes[1];
} while (randomValue2 >= threshold2);
return min + randomValue2 % range;
}
const maxUint32 = 4294967296;
const threshold = maxUint32 - maxUint32 % range;
let randomValue; let randomValue;
do { do {
const randomBytes = crypto.getRandomValues(new Uint8Array(4)); const randomBytes = crypto.getRandomValues(new Uint8Array(bytesNeeded));
randomValue = (randomBytes[0] << 24 | randomBytes[1] << 16 | randomBytes[2] << 8 | randomBytes[3]) >>> 0; randomValue = 0;
} while (randomValue >= threshold); for (let i = 0; i < bytesNeeded; i++) {
return min + randomValue % range; randomValue = randomValue * 256 + randomBytes[i];
}
randomValue = randomValue & mask;
} while (randomValue >= range);
return min + randomValue;
} }
// Safe helper: unbiased float in [minFloat, maxFloat] with scale
getSafeRandomFloat(minFloat, maxFloat, scale = 1e3) { getSafeRandomFloat(minFloat, maxFloat, scale = 1e3) {
if (typeof minFloat !== "number" || typeof maxFloat !== "number") { if (typeof minFloat !== "number" || typeof maxFloat !== "number") {
throw new Error("getSafeRandomFloat requires numeric min and max"); throw new Error("getSafeRandomFloat requires numeric min and max");
@@ -8240,12 +8228,10 @@ var EnhancedSecureWebRTCManager = class _EnhancedSecureWebRTCManager {
const intVal = this.getSafeRandomInt(minInt, maxInt); const intVal = this.getSafeRandomInt(minInt, maxInt);
return intVal / scale; return intVal / scale;
} }
// Generate fingerprint mask
generateFingerprintMask() { generateFingerprintMask() {
const mask = { const mask = {
timingOffset: this.getSafeRandomInt(0, 1500), timingOffset: this.getSafeRandomInt(0, 1500),
sizeVariation: this.getSafeRandomFloat(0.75, 1.25, 1e3), sizeVariation: this.getSafeRandomFloat(0.75, 1.25, 1e3),
// изменен scale
noisePattern: Array.from(crypto.getRandomValues(new Uint8Array(64))), noisePattern: Array.from(crypto.getRandomValues(new Uint8Array(64))),
headerVariations: [ headerVariations: [
"X-Client-Version", "X-Client-Version",
@@ -8262,7 +8248,6 @@ var EnhancedSecureWebRTCManager = class _EnhancedSecureWebRTCManager {
], ],
noiseIntensity: this.getSafeRandomInt(50, 150), noiseIntensity: this.getSafeRandomInt(50, 150),
sizeMultiplier: this.getSafeRandomFloat(0.75, 1.25, 1e3), sizeMultiplier: this.getSafeRandomFloat(0.75, 1.25, 1e3),
// изменен scale
timingVariation: this.getSafeRandomInt(100, 1100) timingVariation: this.getSafeRandomInt(100, 1100)
}; };
return mask; return mask;
dist/app-boot.js.map
Vendored
+3 -3
View File
File diff suppressed because one or more lines are too long
src/network/EnhancedSecureWebRTCManager.js
+20 -35
View File
@@ -4486,45 +4486,31 @@ this._secureLog('info', '🔒 Enhanced Mutex system fully initialized and valida
if (!Number.isInteger(min) || !Number.isInteger(max)) { if (!Number.isInteger(min) || !Number.isInteger(max)) {
throw new Error('getSafeRandomInt requires integer min and max'); throw new Error('getSafeRandomInt requires integer min and max');
} }
if (min >= max) {
throw new Error('min must be less than max');
}
const range = max - min + 1; const range = max - min + 1;
if (range <= 0) throw new Error('Invalid range'); const bitsNeeded = Math.ceil(Math.log2(range));
const bytesNeeded = Math.ceil(bitsNeeded / 8);
if (range <= 256) { const mask = (1 << bitsNeeded) - 1;
const threshold = 256 - (256 % range);
let randomValue;
do {
randomValue = crypto.getRandomValues(new Uint8Array(1))[0];
} while (randomValue >= threshold);
return min + (randomValue % range);
}
if (range <= 65536) {
const maxValue = 65536;
const threshold = maxValue - (maxValue % range);
let randomValue;
do {
const randomBytes = crypto.getRandomValues(new Uint8Array(2));
randomValue = (randomBytes[0] << 8) | randomBytes[1];
} while (randomValue >= threshold);
return min + (randomValue % range);
}
const maxUint32 = 0x100000000; // 2^32
const threshold = maxUint32 - (maxUint32 % range);
let randomValue; let randomValue;
do { do {
const randomBytes = crypto.getRandomValues(new Uint8Array(4)); const randomBytes = crypto.getRandomValues(new Uint8Array(bytesNeeded));
randomValue = ((randomBytes[0] << 24) |
(randomBytes[1] << 16) |
(randomBytes[2] << 8) |
randomBytes[3]) >>> 0;
} while (randomValue >= threshold);
return min + (randomValue % range); randomValue = 0;
for (let i = 0; i < bytesNeeded; i++) {
randomValue = (randomValue * 256) + randomBytes[i];
}
randomValue = randomValue & mask;
} while (randomValue >= range);
return min + randomValue;
} }
// Safe helper: unbiased float in [minFloat, maxFloat] with scale
getSafeRandomFloat(minFloat, maxFloat, scale = 1000) { getSafeRandomFloat(minFloat, maxFloat, scale = 1000) {
if (typeof minFloat !== 'number' || typeof maxFloat !== 'number') { if (typeof minFloat !== 'number' || typeof maxFloat !== 'number') {
throw new Error('getSafeRandomFloat requires numeric min and max'); throw new Error('getSafeRandomFloat requires numeric min and max');
@@ -4539,18 +4525,17 @@ this._secureLog('info', '🔒 Enhanced Mutex system fully initialized and valida
return intVal / scale; return intVal / scale;
} }
// Generate fingerprint mask
generateFingerprintMask() { generateFingerprintMask() {
const mask = { const mask = {
timingOffset: this.getSafeRandomInt(0, 1500), timingOffset: this.getSafeRandomInt(0, 1500),
sizeVariation: this.getSafeRandomFloat(0.75, 1.25, 1000), // изменен scale sizeVariation: this.getSafeRandomFloat(0.75, 1.25, 1000),
noisePattern: Array.from(crypto.getRandomValues(new Uint8Array(64))), noisePattern: Array.from(crypto.getRandomValues(new Uint8Array(64))),
headerVariations: [ headerVariations: [
'X-Client-Version', 'X-Session-ID', 'X-Request-ID', 'X-Timestamp', 'X-Signature', 'X-Client-Version', 'X-Session-ID', 'X-Request-ID', 'X-Timestamp', 'X-Signature',
'X-Secure', 'X-Encrypted', 'X-Protected', 'X-Safe', 'X-Anonymous', 'X-Private' 'X-Secure', 'X-Encrypted', 'X-Protected', 'X-Safe', 'X-Anonymous', 'X-Private'
], ],
noiseIntensity: this.getSafeRandomInt(50, 150), noiseIntensity: this.getSafeRandomInt(50, 150),
sizeMultiplier: this.getSafeRandomFloat(0.75, 1.25, 1000), // изменен scale sizeMultiplier: this.getSafeRandomFloat(0.75, 1.25, 1000),
timingVariation: this.getSafeRandomInt(100, 1100) timingVariation: this.getSafeRandomInt(100, 1100)
}; };
return mask; return mask;