Skip to content
Permalink
Browse files
8.0.13 release
  • Loading branch information
kjur committed Mar 31, 2020
1 parent d282c71 commit 9dcb89c57408a3d4b5b66aa9138426bd92819e73
Show file tree
Hide file tree
Showing 17 changed files with 228 additions and 28 deletions.
@@ -1,6 +1,19 @@

ChangeLog for jsrsasign

* Changes from 8.0.12 to 8.0.13 (2020-Mar-31)
- LICENSE.txt
- fixed wrong description from BSD to MIT License
- ext/ec.js
- mitigate Minerva timing attack in ECPointFp.multiply method
   https://minerva.crocs.fi.muni.cz/
- test/qunit-do-crypto-ecdsa.html
- testcase fix
- sample_node/tsr2certs added
- script to extract certificates from timestamp response or token
- npm
- ECPointFp, ECCurveFp and ECFieldElementFp are now exported.

* Changes from 8.0.11 to 8.0.12 (2018-Apr-22)
- base64x 1.1.13 to 1.1.14
- function iptohex added
@@ -21,7 +21,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

LICENSE: BSD License
LICENSE: MIT License
----

RSA and ECC in JavaScript
@@ -22,6 +22,7 @@ FILES_MIN = \
min/jwsjs-2.0.min.js

FILES_EXT_MIN = \
ext/ec-min.js \
ext/rsa-min.js \
ext/rsa2-min.js

@@ -1,6 +1,6 @@
{
"name": "kjur-jsrsasign",
"version": "8.0.12",
"version": "8.0.13",
"main": "jsrsasign-all-min.js",
"description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.",
"license": "MIT",

Some generated files are not rendered by default. Learn more.

@@ -182,16 +182,25 @@ function pointFpTwice() {

// Simple NAF (Non-Adjacent Form) multiplication algorithm
// TODO: modularize the multiplication algorithm
// UPDATE: 2020.03.30 mitigate Minerva timing attack https://minerva.crocs.fi.muni.cz/
// Constant time execution on multiply method.
function pointFpMultiply(k) {
if(this.isInfinity()) return this;
if(k.signum() == 0) return this.curve.getInfinity();

var e = k;
// initialize for multiply
var e = k; // e = k
var h = e.multiply(new BigInteger("3"));

var neg = this.negate();
var R = this;

// initialize for dummy to mitigate timing attack
var e2 = this.curve.q.subtract(k); // e2 = q - k
var h2 = e2.multiply(new BigInteger("3"));
var R2 = new ECPointFp(this.curve, this.x, this.y);
var neg2 = R2.negate();

// calculate multiply
var i;
for(i = h.bitLength() - 2; i > 0; --i) {
R = R.twice();
@@ -204,6 +213,18 @@ function pointFpMultiply(k) {
}
}

// calculate dummy to mitigate timing attack
for(i = h2.bitLength() - 2; i > 0; --i) {
R2 = R2.twice();

var h2Bit = h2.testBit(i);
var e2Bit = e2.testBit(i);

if (h2Bit != e2Bit) {
R2 = R2.add(h2Bit ? R2 : neg2);
}
}

return R;
}

1 comment on commit 9dcb89c

@kjur
Copy link
Owner Author

@kjur kjur commented on 9dcb89c Jul 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See

jsrsasign 8.0.13 release note in which Minerva issue was fixed:
https://github.com/kjur/jsrsasign/releases/tag/8.0.13

jsrsasign security advisory:
2020.03.31 ECDSA signature vulnerability of Minerva timing attack
GHSA-g753-jx37-7xwh

Please sign in to comment.