Skip to content

adamochayon/constant-time-js

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Constant-Time JavaScript

Constant-time algorithms written in TypeScript.

Support on Patreon Linux Build Status npm version

Important: This Github repository is the companion to Soatok's Guide to Side-Channel Attacks. Do not use this in production, especially if you don't have the budget for a cryptography audit.

Mind Blowing, right?

Documentation

This is just a quick outline of what each function does.

  • compare(a, b) - Compare two Uint8Array objects.
    • Explanation
    • Returns -1 if a < b
    • Returns 1 if a > b
    • Returns 0 if a === b
    • Throws an Error if a.length !== b.length
  • compare_ints(a, b) - Compare two integers.
    • Explanation
    • Returns -1 if a < b
    • Returns 1 if a > b
    • Returns 0 if a === b
  • equals(a, b) - Are these Uint8Array objects equal?
    • Explanation
    • Returns true if they are equal.
    • Returns false if they are not equal.
    • Throws an Error if a.length !== b.length
  • hmac_equals(a, b) - Are these Uint8Array objects equal? (Using HMAC to compare.)
    • Explanation
    • Returns true if they are equal.
    • Returns false if they are not equal.
    • Throws an Error if a.length !== b.length
  • intdiv(N, D) - Divide N into D, discarding remainder.
  • modulo(N, D) - Divide N into D, return the remainder.
  • resize(buf, size) - Return a resized Uint8Array object (to side-step memory access leakage)
  • select(x, a, b) - Read it as a ternary. If x is true, returns a. Otherwise, returns b.
    • Explanation
    • x must be a boolean
    • a must be a Uint8Array
    • b must be a Uint8Array
    • Throws an Error if a.length !== b.length
  • select_ints(x, a, b) - Read it as a ternary. If x is even, returns a. Otherwise, returns b. (You should pass 1 or 0 for x).
    • Explanation
    • x must be a boolean
    • a must be a number
    • b must be a number
  • trim_zeroes_left(buf)
    • Explanation
    • buf must be a Uint8Array
    • Returns a Uint8Array
  • trim_zeroes_right(buf)
    • Explanation
    • buf must be a Uint8Array
    • Returns a Uint8Array

Not Implemented From the Blog Post Yet

  • Constant-Time Integer Multiplication
  • Constant-Time Modular Inversion

Limitations

Potentially Dangerous on 32-bit Applications

32-bit v8 (and, presumably, a lot of other 32-bit implementations) do things wrong, and our implementation might be variable-time on it.

Specifically, the most significant bit of a 32-bit integer distinguishes values from pointers. As a result, accessing the highest bit of a 32-bit number in 32-bit JavaScript engines (such as v8) is potentially variable-time.

To mitigate this risk, the int32 class was created which wraps operates on 16-bit limbs (wrapping Uint16Array).

Frequently Asked Questions

But Why Though?

Mwahahahahahaha!

For science!

This is a proof-of-concept library, that will eventually implement all of the algorithms described in the accompanying blog post.

The main purpose of this library is to demonstrate the concepts in a programming language widely accessible outside of the cryptography orthodoxy (which today is largely C and sometimes Python, and hopefully soon Rust).

Can I use this in a project?

Hold off until v1.0.0 is tagged before you even think about relying on it for anything. APIs might break until then.

What's with the blue {fox, wolf}?

My fursona is a dhole, not a wolf.

You should remove your fursona from this so my manager might take it seriously.

I don't owe you anything. I don't owe your manager anything.

Besides, if anyone is bigoted against a predominantly LGBTQIA+ community, they're precisely the sort of person whose career I don't want to help.

In sum:

I will increase the thing

About

Constant-time JavaScript functions

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • TypeScript 100.0%