curve.n missing _move method in proto

[benediamond]

In short weierstrass curves, the member curve.n is missing _move from its prototype:

var BN = require('bn.js')
var EC = require('elliptic')

var curve = new EC.ec('secp256k1'); // e.g.---same problem for other curves

curve.n._move // undefined
new BN(curve.n.toString(16), 16)._move // defined

If n is then used to initialize a reduction context, calling redNeg causes _move to drop, which leads to crashes:

var q = BN.red(curve.n) // bad
var temp = new BN(1234).toRed(q)
temp.redNeg()._move // undefined
temp.redNeg().redMul(temp) // crashes

and yet,

var q = BN.red(new BN(curve.n.toString(16), 16))
var temp = new BN(1234).toRed(q)
temp.redNeg()._move // now defined
temp.redNeg().redMul(temp) // this works

Here is the stacktrace:

TypeError: a.umod(...)._forceRed(...)._move is not a function
    at Red.imod (/Users/benediamond/node_modules/bn.js/lib/bn.js:3190:36)
    at Red.mul (/Users/benediamond/node_modules/bn.js/lib/bn.js:3254:17)
    at BN.redMul (/Users/benediamond/node_modules/elliptic/node_modules/bn.js/lib/bn.js:2883:21)

This issue only happens when bn.js version v5.0.0 is used! elliptic version is 6.5.0. @fanatid

[benediamond]

@StuartH1

[benediamond]

@indutny if you could take a look at this as well...?

[indutny]

Does this happen during some API call? What's the test case?

[benediamond]

The minimal working example is as indicated in the original post.

Indeed, curve.n is a natural argument with which to initialize a reduction context—in order to conduct modular computation in the exponent.

Turns out that calling redNeg on any such exponent will lead to crashes.

(As a workaround, you can always use new BN(curve.n.toString(16), 16) instead, as in the example. Shouldn't be necessary though.)

[benediamond]

In other words, the test case is

var q = BN.red(curve.n)
var temp = new BN(1234).toRed(q)
temp.redNeg().redMul(temp) // shouldn't crash

[indutny]

I think the problem is happening because elliptic uses bn.js@4 and you're using the latest bn.js .

[indutny]

cc @fanatid @calvinmetcalf : should we update bn.js in elliptic? What issues could it cause in browserify-crypto?

[fanatid]

Problem is that new version of bn.js have _move while elliptic still uses bn.js@4.
Fore reference, _move was introduced in indutny/bn.js#178

I started check modules which used by crypto-browserify and where bn.js is used. But then I though, even if package ok with bn.js@4 it does not matter, it would be better update to bn.js@5 because if we update only elliptic bundling code (browserify/webpack/etc) which uses crypto-browserify will cause adding 2 different major bn.js versions.
If you ok with updating browserify-sign, browserify-rsa, elliptic, bn.js, create-ecdh, diffie-hellman, miller-rabin, public-encrypt I can submit PR's.

I also found that some package uses deprecated Buffer API (new Buffer), should be this updated too? Buffer.from was added from node 5.10, I do not think that older versions should be supported.

[fanatid]

@calvinmetcalf @indutny are you okay with updating bn.js everywhere to version 5?

[indutny]

I'm more than happy with this, as long as there is a coordination with crypto-browserify. cc @jprichardson

[jprichardson]

I'm in full support 👍

[fanatid]

Great, I'll add it to my list.

List of packages for update (in order for update):

• create-ecdh fix(deprecation): use Buffer.from instead of constructor browserify/createECDH#13 bump bn.js to 5.0.0 browserify/createECDH#15
• diffie-hellman switch to safe-buffer browserify/diffie-hellman#31 bump bn to 5.0.0 browserify/diffie-hellman#32
• public-encrypt Update bn.js to address Buffer constructor deprecation browserify/publicEncrypt#20
• miller-rabin Update bn.js to address Buffer constructor deprecation miller-rabin#11
• browserify-rsa Address Buffer constructor deprecation browserify/browserify-rsa#12 bump bn.js to 5.0.0 browserify/browserify-rsa#13
• asn1.js Buffer constructor runtime deprecation - this package emits a warning on Node 10 asn1.js#102 Use Buffer.(from|alloc) instead of deprecated Buffer API asn1.js#103 fix: address buffer constructor deprecation asn1.js#116 bump bn.js to 5.0.0 asn1.js#118
• browserify-sign Fix buffer deprecation. browserify/browserify-sign#45 bump bn.js to 5.0.0 browserify/browserify-sign#47
• elliptic Update bn.js to address Buffer deprecation #197 bump bn.js to 5.0.0 #210

`yarn why bn.js` output:

=> Found "bn.js@4.11.8"
info Reasons this module exists
   - "browserify#crypto-browserify#create-ecdh" depends on it
   - Hoisted from "browserify#crypto-browserify#create-ecdh#bn.js"
   - Hoisted from "browserify#crypto-browserify#diffie-hellman#bn.js"
   - Hoisted from "browserify#crypto-browserify#public-encrypt#bn.js"
   - Hoisted from "browserify#crypto-browserify#browserify-sign#bn.js"
   - Hoisted from "browserify#crypto-browserify#diffie-hellman#miller-rabin#bn.js"
   - Hoisted from "browserify#crypto-browserify#browserify-sign#browserify-rsa#bn.js"
   - Hoisted from "browserify#crypto-browserify#browserify-sign#elliptic#bn.js"
   - Hoisted from "browserify#crypto-browserify#browserify-sign#parse-asn1#asn1.js#bn.js"