Merge pull request #31 from SecurityCze/modulo_bias

nitz · web-flow · commit 72e82f433ff5 · 2024-08-06T08:50:02.000-04:00
diff --git a/Diceware.cs b/Diceware.cs
@@ -165,7 +165,7 @@ private static void ApplyWordCasing(string[] words, WordCasingType wordCasing, C
 						break;
 					case WordCasingType.Random:
 						char[] randomized = (from c in words[scan].ToCharArray()
-											 select ((random.GetRandomUInt64() & 1) == 0
+											 select (random.CoinToss()
 												 ? char.ToUpper(c)
 												 : char.ToLower(c))
 											)
@@ -194,7 +194,7 @@ private static void ApplyL33tSpeak(string[] words, L33tSpeakType l33tSpeak, Cryp
 			for (int scan = 0; scan < words.Length; ++scan)
 			{
 				bool mutateWord = l33tSpeak.HasFlag(L33tSpeakType.AllWords)
-					|| (random.GetRandomUInt64() & 1) == 0;
+					|| random.CoinToss();
 
 				if (mutateWord == false)
 				{
@@ -237,13 +237,12 @@ private static void ApplySalt(string[] words, SaltType salt, IEnumerable<SaltSou
 			{
 				for (int scan = 0; scan < words.Length; ++scan)
 				{
-					bool skipWord = (random.GetRandomUInt64() & 1) == 0;
-					if (skipWord)
+					if (random.CoinToss()) // skip word
 					{
 						continue;
 					}
 
-					int insertAt = random.Range(0, words[scan].Length - 1);
+					int insertAt = random.AtMost(words[scan].Length);
 
 					words[scan] = words[scan].Insert(insertAt, GenerateSalt(sources, random));
 				}
@@ -283,15 +282,10 @@ private static void ApplySalt(string[] words, SaltType salt, IEnumerable<SaltSou
 						// invalid case: can't insert between a single word.
 						throw new ArgumentOutOfRangeException(nameof(words.Length), "Salt cannot be inserted between a single word.");
 					}
-					// get a random index *between* the first and last word (e.g.: 2nd to 2nd from last)
-					int targetIndex = random.Range(1, words.Length - 2);
-					// choose if the salt should go before or after the word at the selected index
-					bool before = (random.GetRandomUInt64() & 1) == 0;
-
-					words[targetIndex] = before
-						? $"{singleSalt}{separator}{words[targetIndex]}"
-						: $"{words[targetIndex]}{separator}{singleSalt}";
+					// get a random index word after which to place salt
+					int targetIndex = random.AtMost(words.Length - 2);
 
+					words[targetIndex] = $"{words[targetIndex]}{separator}{singleSalt}";
 					break;
 				default:
 					throw new ArgumentOutOfRangeException(nameof(salt));
diff --git a/Extensions.cs b/Extensions.cs
@@ -1,20 +1,109 @@
 
+using System;
+
 using KeePassLib.Cryptography;
 
 namespace KeePassDiceware
 {
 	internal static class Extensions
 	{
+		/// <summary>
+		/// Generates a pseudorandom value in range [0, <paramref name="maxInclusive"/>] (both ends are inclusive).
+		/// </summary>
+		/// <param name="maxInclusive"> maximal value (inclusive) of random number.</param>
+		/// <returns>
+		/// Pseudorandom value from [0, <paramref name="maxInclusive"/>] range.
+		/// </returns>
+		public static ulong AtMost(this CryptoRandomStream random, ulong maxInclusive)
+		{
+			const ulong RANDOM_MAX = ulong.MaxValue; // GetRandomUInt64 max return value
+			if (maxInclusive == RANDOM_MAX)
+			{
+				return random.GetRandomUInt64();
+			}
+
+			ulong modulus = maxInclusive + 1;
+			ulong ceil = RANDOM_MAX - (RANDOM_MAX % modulus);
+
+			ulong generated;
+			do
+			{
+				generated = random.GetRandomUInt64();
+			} while (generated >= ceil);
+
+			return generated % modulus;
+		}
+
+		/// <summary>
+		/// Generates a pseudorandom value in range [0, <paramref name="maxInclusive"/>] (both ends are inclusive).
+		/// </summary>
+		/// <param name="maxInclusive"> maximal value (inclusive) of random number.</param>
+		/// <returns>
+		/// Pseudorandom value from [0, <paramref name="maxInclusive"/>] range.
+		/// </returns>
+		public static int AtMost(this CryptoRandomStream random, int maxInclusive)
+		{
+			if (maxInclusive < 0)
+			{
+				throw new ArgumentOutOfRangeException(nameof(maxInclusive), $"Must be positive");
+			}
+
+			ulong val = random.AtMost(Convert.ToUInt64(maxInclusive));
+
+			return checked((int)val); // maxInclusive <= int.MaxValue -> wont throw
+		}
+
+		/// <summary>
+		/// Generates a pseudorandom value in range [<paramref name="minInclusive"/>, <paramref name="maxInclusive"/>] (both ends are inclusive).
+		/// </summary>
+		/// <param name="minInclusive"> minimal value (inclusive) of random number.</param>
+		/// <param name="maxInclusive"> maximal value (inclusive) of random number.</param>
+		/// <returns>
+		/// Pseudorandom value from [<paramref name="minInclusive"/>, <paramref name="maxInclusive"/>] range.
+		/// </returns>
+		/// <exception cref="ArgumentOutOfRangeException">
+		/// Thrown when the <paramref name="minInclusive"/> is larger than <paramref name="maxInclusive"/>.
+		/// </exception>
 		public static int Range(this CryptoRandomStream random, int minInclusive, int maxInclusive)
-			// #todo: avoid modulo bias
-			=> (int)(random.GetRandomUInt64() % (ulong)(maxInclusive - minInclusive + 1)) + minInclusive;
+		{
+			if (minInclusive > maxInclusive)
+			{
+				throw new ArgumentOutOfRangeException(nameof(minInclusive), $"Must be smaller or equal to {nameof(maxInclusive)}");
+			}
 
+			int randomValue = AtMost(random, maxInclusive - minInclusive);
+			
+			return randomValue + minInclusive;
+		}
+
+		/// <summary>
+		/// Selects a pseudorandom element from <paramref name="array"/>.
+		/// </summary>
+		/// <param name="array"> array from which to select the random element.</param>
+		/// <returns>
+		/// A pseudorandom element from <paramref name="array"/>.
+		/// </returns>
+		/// <exception cref="ArgumentException">
+		/// Thrown when <paramref name="array"/> is empty.
+		/// </exception>
 		public static T SelectRandom<T>(this T[] array, CryptoRandomStream random)
 		{
-			int choice = random.Range(0, array.Length - 1);
+			if (array.Length <= 0)
+			{
+				throw new ArgumentException(nameof(array), $"Unable to select a random member of empty object.");
+			}
+
+			int choice = random.AtMost(array.Length - 1);
+
 			return array[choice];
 		}
 
-		public static bool CoinToss(this CryptoRandomStream random) => (random.GetRandomUInt64() & 1) == 0;
+		/// <summary>
+		/// Return TRUE with 50% probability. Simulates a perfect coin toss.
+		/// </summary>
+		/// <returns>
+		/// TRUE / FALSE with equal probabilities.
+		/// </returns>
+		public static bool CoinToss(this CryptoRandomStream random) => (random.GetRandomBytes(1)[0] & 1) == 0;
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -165,7 +165,7 @@ private static void ApplyWordCasing(string[] words, WordCasingType wordCasing, C`
`165`	`165`	`break;`
`166`	`166`	`case WordCasingType.Random:`
`167`	`167`	`char[] randomized = (from c in words[scan].ToCharArray()`
`168`		`- select ((random.GetRandomUInt64() & 1) == 0`
	`168`	`+ select (random.CoinToss()`
`169`	`169`	`? char.ToUpper(c)`
`170`	`170`	`: char.ToLower(c))`
`171`	`171`	`)`
`@@ -194,7 +194,7 @@ private static void ApplyL33tSpeak(string[] words, L33tSpeakType l33tSpeak, Cryp`
`194`	`194`	`for (int scan = 0; scan < words.Length; ++scan)`
`195`	`195`	`{`
`196`	`196`	`bool mutateWord = l33tSpeak.HasFlag(L33tSpeakType.AllWords)`
`197`		`- \|\| (random.GetRandomUInt64() & 1) == 0;`
	`197`	`+ \|\| random.CoinToss();`
`198`	`198`
`199`	`199`	`if (mutateWord == false)`
`200`	`200`	`{`
`@@ -237,13 +237,12 @@ private static void ApplySalt(string[] words, SaltType salt, IEnumerable<SaltSou`
`237`	`237`	`{`
`238`	`238`	`for (int scan = 0; scan < words.Length; ++scan)`
`239`	`239`	`{`
`240`		`- bool skipWord = (random.GetRandomUInt64() & 1) == 0;`
`241`		`- if (skipWord)`
	`240`	`+ if (random.CoinToss()) // skip word`
`242`	`241`	`{`
`243`	`242`	`continue;`
`244`	`243`	`}`
`245`	`244`
`246`		`- int insertAt = random.Range(0, words[scan].Length - 1);`
	`245`	`+ int insertAt = random.AtMost(words[scan].Length);`
`247`	`246`
`248`	`247`	`words[scan] = words[scan].Insert(insertAt, GenerateSalt(sources, random));`
`249`	`248`	`}`
`@@ -283,15 +282,10 @@ private static void ApplySalt(string[] words, SaltType salt, IEnumerable<SaltSou`
`283`	`282`	`// invalid case: can't insert between a single word.`
`284`	`283`	`throw new ArgumentOutOfRangeException(nameof(words.Length), "Salt cannot be inserted between a single word.");`
`285`	`284`	`}`
`286`		`- // get a random index between the first and last word (e.g.: 2nd to 2nd from last)`
`287`		`- int targetIndex = random.Range(1, words.Length - 2);`
`288`		`- // choose if the salt should go before or after the word at the selected index`
`289`		`- bool before = (random.GetRandomUInt64() & 1) == 0;`
`290`		`-`
`291`		`- words[targetIndex] = before`
`292`		`- ? $"{singleSalt}{separator}{words[targetIndex]}"`
`293`		`- : $"{words[targetIndex]}{separator}{singleSalt}";`
	`285`	`+ // get a random index word after which to place salt`
	`286`	`+ int targetIndex = random.AtMost(words.Length - 2);`
`294`	`287`
	`288`	`+ words[targetIndex] = $"{words[targetIndex]}{separator}{singleSalt}";`
`295`	`289`	`break;`
`296`	`290`	`default:`
`297`	`291`	`throw new ArgumentOutOfRangeException(nameof(salt));`