kjur
diff --git a/‎ChangeLog.txt
Lines changed: 13 additions & 0 deletions b/‎ChangeLog.txt
Lines changed: 13 additions & 0 deletions
diff --git a/‎LICENSE.txt
Lines changed: 1 addition & 1 deletion b/‎LICENSE.txt
Lines changed: 1 addition & 1 deletion
diff --git a/‎Makefile
Lines changed: 1 addition & 0 deletions b/‎Makefile
Lines changed: 1 addition & 0 deletions
diff --git a/‎bower.json
Lines changed: 1 addition & 1 deletion b/‎bower.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎ext/ec-min.js
Lines changed: 1 addition & 1 deletion b/‎ext/ec-min.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎ext/ec.js
Lines changed: 23 additions & 2 deletions b/‎ext/ec.js
Lines changed: 23 additions & 2 deletions
@@ -1,6 +1,19 @@
 
 ChangeLog for jsrsasign
 
+* Changes from 8.0.12 to 8.0.13 (2020-Mar-31)
+  - LICENSE.txt
+    - fixed wrong description from BSD to MIT License
+  - ext/ec.js
+    - mitigate Minerva timing attack in ECPointFp.multiply method
+　　　https://minerva.crocs.fi.muni.cz/
+  - test/qunit-do-crypto-ecdsa.html
+    - testcase fix
+  - sample_node/tsr2certs added
+    - script to extract certificates from timestamp response or token
+  - npm
+    - ECPointFp, ECCurveFp and ECFieldElementFp are now exported.
+
 * Changes from 8.0.11 to 8.0.12 (2018-Apr-22)
   - base64x 1.1.13 to 1.1.14
     - function iptohex added
 
@@ -21,7 +21,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
-LICENSE: BSD License
+LICENSE: MIT License
 ----
 
 RSA and ECC in JavaScript
 
@@ -22,6 +22,7 @@ FILES_MIN = \
 	min/jwsjs-2.0.min.js
 
 FILES_EXT_MIN = \
+	ext/ec-min.js \
 	ext/rsa-min.js \
 	ext/rsa2-min.js
 
 
@@ -1,6 +1,6 @@
 {
   "name": "kjur-jsrsasign",
-  "version": "8.0.12",
+  "version": "8.0.13",
   "main": "jsrsasign-all-min.js",
   "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.",
   "license": "MIT",
 
@@ -182,16 +182,25 @@ function pointFpTwice() {
 
 // Simple NAF (Non-Adjacent Form) multiplication algorithm
 // TODO: modularize the multiplication algorithm
+// UPDATE: 2020.03.30 mitigate Minerva timing attack https://minerva.crocs.fi.muni.cz/
+//                    Constant time execution on multiply method.
 function pointFpMultiply(k) {
     if(this.isInfinity()) return this;
     if(k.signum() == 0) return this.curve.getInfinity();
 
-    var e = k;
+    // initialize for multiply
+    var e = k; // e = k
     var h = e.multiply(new BigInteger("3"));
-
     var neg = this.negate();
     var R = this;
 
+    // initialize for dummy to mitigate timing attack
+    var e2 = this.curve.q.subtract(k); // e2 = q - k
+    var h2 = e2.multiply(new BigInteger("3"));
+    var R2 = new ECPointFp(this.curve, this.x, this.y);
+    var neg2 = R2.negate();
+
+    // calculate multiply
     var i;
     for(i = h.bitLength() - 2; i > 0; --i) {
 	R = R.twice();
@@ -204,6 +213,18 @@ function pointFpMultiply(k) {
 	}
     }
 
+    // calculate dummy to mitigate timing attack
+    for(i = h2.bitLength() - 2; i > 0; --i) {
+	R2 = R2.twice();
+
+	var h2Bit = h2.testBit(i);
+	var e2Bit = e2.testBit(i);
+
+	if (h2Bit != e2Bit) {
+	    R2 = R2.add(h2Bit ? R2 : neg2);
+	}
+    }
+
     return R;
 }
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "kjur-jsrsasign",`
`3`		`- "version": "8.0.12",`
	`3`	`+ "version": "8.0.13",`
`4`	`4`	`"main": "jsrsasign-all-min.js",`
`5`	`5`	`"description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.",`
`6`	`6`	`"license": "MIT",`