Backport fix #34. Closes #35

.gitignore

@@ -1,18 +1,9 @@
-.idea
-*.iml
-npm-debug.log
-dump.rdb
-node_modules
-results.tap
-results.xml
-npm-shrinkwrap.json
-config.json
-.DS_Store
-*/.DS_Store
-*/*/.DS_Store
-._*
-*/._*
-*/*/._*
+**/node_modules
+**/package-lock.json
+
 coverage.*
-lib-cov
 
+**/.DS_Store
+**/._*
+
+**/*.pem

.travis.yml

@@ -1,9 +1,9 @@
 language: node_js
 
 node_js:
-  - "4"
   - "6"
-  - "7"
+  - "8"
+  - "10"
   - "node"
 
 sudo: false

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2014-2017, Eran Hammer and Project contributors
+Copyright (c) 2014-2018, Eran Hammer and Project contributors
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -22,7 +22,3 @@ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-                                  *   *   *
-
-The complete list of contributors can be found at: https://github.com/hueniverse/cryptiles/graphs/contributors

lib/index.js

@@ -3,6 +3,7 @@
 // Load modules
 
 const Crypto = require('crypto');
+
 const Boom = require('boom');
 
 
@@ -29,17 +30,30 @@ exports.randomString = function (size) {
 
 exports.randomDigits = function (size) {
 
-    const buffer = exports.randomBits(size * 8);
-    if (buffer instanceof Error) {
-        return buffer;
-    }
+    try {
+        const digits = [];
 
-    const digits = [];
-    for (let i = 0; i < buffer.length; ++i) {
-        digits.push(Math.floor(buffer[i] / 25.6));
-    }
+        let buffer = internals.random(size * 2);            // Provision twice the amount of bytes needed to increase chance of single pass
+        let pos = 0;
+
+        while (digits.length < size) {
+            if (pos >= buffer.length) {
+                buffer = internals.random(size * 2);
+                pos = 0;
+            }
 
-    return digits.join('');
+            if (buffer[pos] < 250) {
+                digits.push(buffer[pos] % 10);
+            }
+
+            ++pos;
+        }
+
+        return digits.join('');
+    }
+    catch (err) {
+        return err;
+    }
 };
 
 
@@ -55,10 +69,10 @@ exports.randomBits = function (bits) {
 
     const bytes = Math.ceil(bits / 8);
     try {
-        return Crypto.randomBytes(bytes);
+        return internals.random(bytes);
     }
     catch (err) {
-        return Boom.internal('Failed generating random bits: ' + err.message);
+        return err;
     }
 };
 
@@ -67,22 +81,21 @@ exports.randomBits = function (bits) {
 
 exports.fixedTimeComparison = function (a, b) {
 
-    if (typeof a !== 'string' ||
-        typeof b !== 'string') {
-
+    try {
+        return Crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+    }
+    catch (err) {
         return false;
     }
+};
 
-    let mismatch = (a.length === b.length ? 0 : 1);
-    if (mismatch) {
-        b = a;
-    }
 
-    for (let i = 0; i < a.length; ++i) {
-        const ac = a.charCodeAt(i);
-        const bc = b.charCodeAt(i);
-        mismatch |= (ac ^ bc);
-    }
+internals.random = function (bytes) {
 
-    return (mismatch === 0);
+    try {
+        return Crypto.randomBytes(bytes);
+    }
+    catch (err) {
+        throw Boom.internal('Failed generating random bits: ' + err.message);
+    }
 };

package.json

@@ -10,7 +10,7 @@
     "utilites"
   ],
   "engines": {
-    "node": ">=4.0.0"
+    "node": ">=6.14.4"
   },
   "dependencies": {
     "boom": "5.x.x"
@@ -20,8 +20,8 @@
     "lab": "13.x.x"
   },
   "scripts": {
-    "test": "lab -a code -t 100 -L",
-    "test-cov-html": "lab -a code -r html -o coverage.html"
+    "test": "lab -a code -t 100 -I SharedArrayBuffer,Atomics -m 5000",
+    "test-cov-html": "lab -a code -I SharedArrayBuffer,Atomics -m 5000 -r html -o coverage.html"
   },
   "license": "BSD-3-Clause"
 }

test/index.js

@@ -51,6 +51,20 @@ describe('randomDigits()', () => {
         done();
     });
 
+    it('generates equal digits distribution', (done) => {
+
+        const digits = { 0: 0, 1: 0, 2: 0, 3: 0, 4: 0, 5: 0, 6: 0, 7: 0, 8: 0, 9: 0 };
+        for (let i = 0; i < 1000000; ++i) {
+            digits[Cryptiles.randomDigits(1)] += 1;
+        }
+
+        for (const digit in digits) {
+            expect(digits[digit]).to.be.between(99000, 101000);
+        }
+
+        done()
+    });
+
     it('returns an error on invalid bits size', (done) => {
 
         expect(Cryptiles.randomDigits(99999999999999999999).message).to.match(/Failed generating random bits/);