Merge pull request #127 from shinji-san/release-v0.10.1

Release v0.10.1

Fixed
- Fixed BigIntCalculator's Equals method to avoid timing attacks. The slow equal implementation is used now.

Resolves: No entry

Author: shinji-san

.github/workflows/dotnetfx.yml

@@ -19,7 +19,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Setup Nuget.exe
-        uses: nuget/setup-nuget@v1.1.1
+        uses: nuget/setup-nuget@v1.2.0
         with:
           nuget-version: latest
 
@@ -33,5 +33,5 @@ jobs:
 
       - name: Test with xUnit.net console runner
         run: |
-           cd "$Env:GITHUB_WORKSPACE\packages\xunit.runner.console.2.4.1\tools\net462"
-           .\xunit.console $Env:GITHUB_WORKSPACE\tests\bin\Release\SecretSharingDotNetTest.dll
+           cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\"
+           .\MSBuild.exe /p:Configuration=Release $Env:GITHUB_WORKSPACE\tests\SecretSharingDotNetFx4.6.2Test.csproj /t:Test

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.10.1] - 2023-05-08
+### Fixed
+- Fixed BigIntCalculator's Equals method to avoid timing attacks. The slow equal implementation is used now.
+
 ## [0.10.0] - 2022-12-24
 ### Added
 - Added .NET 7 support
@@ -178,7 +182,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added `LICENSE.md`
 - Added `README.md`
 
-[0.10.0]: https://github.com/shinji-san/SecretSharingDotNet/compare/v0.9.0...0.10.0
+[0.10.1]: https://github.com/shinji-san/SecretSharingDotNet/compare/v0.10.0...v0.10.1
+[0.10.0]: https://github.com/shinji-san/SecretSharingDotNet/compare/v0.9.0...v0.10.0
 [0.9.0]: https://github.com/shinji-san/SecretSharingDotNet/compare/v0.8.0...v0.9.0
 [0.8.0]: https://github.com/shinji-san/SecretSharingDotNet/compare/v0.7.0...v0.8.0
 [0.7.0]: https://github.com/shinji-san/SecretSharingDotNet/compare/v0.6.0...v0.7.0

README.md

@@ -74,9 +74,9 @@ An C# implementation of Shamir's Secret Sharing.
   </thead>
   <tbody>
       <tr>
-          <td rowspan=9><a href="https://github.com/shinji-san/SecretSharingDotNet/actions?query=workflow%3A%22SecretSharingDotNet+NuGet%22" target="_blank"><img src="https://github.com/shinji-san/SecretSharingDotNet/workflows/SecretSharingDotNet%20NuGet/badge.svg?branch=v0.10.0" alt="SecretSharingDotNet NuGet"/></a></td>
-          <td rowspan=9><a href="https://badge.fury.io/nu/SecretSharingDotNet" target="_blank"><img src="https://badge.fury.io/nu/SecretSharingDotNet.svg" alt="NuGet Version 0.10.0"/></a></td>
-          <td rowspan=9><a href="https://github.com/shinji-san/SecretSharingDotNet/tree/v0.10.0" target="_blank"><img src="https://img.shields.io/badge/SecretSharingDotNet-0.10.0-green.svg?logo=github&logoColor=959da5&color=2ebb4e&labelColor=2b3137" alt="Tag"/></a></td>
+          <td rowspan=9><a href="https://github.com/shinji-san/SecretSharingDotNet/actions?query=workflow%3A%22SecretSharingDotNet+NuGet%22" target="_blank"><img src="https://github.com/shinji-san/SecretSharingDotNet/workflows/SecretSharingDotNet%20NuGet/badge.svg?branch=v0.10.1" alt="SecretSharingDotNet NuGet"/></a></td>
+          <td rowspan=9><a href="https://badge.fury.io/nu/SecretSharingDotNet" target="_blank"><img src="https://badge.fury.io/nu/SecretSharingDotNet.svg" alt="NuGet Version 0.10.1"/></a></td>
+          <td rowspan=9><a href="https://github.com/shinji-san/SecretSharingDotNet/tree/v0.10.1" target="_blank"><img src="https://img.shields.io/badge/SecretSharingDotNet-0.10.1-green.svg?logo=github&logoColor=959da5&color=2ebb4e&labelColor=2b3137" alt="Tag"/></a></td>
           <td>Standard 2.0</td>
       </tr>
       <tr>
@@ -110,10 +110,10 @@ An C# implementation of Shamir's Secret Sharing.
 
 1. Open a console and switch to the directory, containing your project file.
 
-2. Use the following command to install version 0.10.0 of the SecretSharingDotNet package:
+2. Use the following command to install version 0.10.1 of the SecretSharingDotNet package:
 
     ```dotnetcli
-    dotnet add package SecretSharingDotNet -v 0.10.0 -f <FRAMEWORK>
+    dotnet add package SecretSharingDotNet -v 0.10.1 -f <FRAMEWORK>
     ```
 
 3. After the completition of the command, look at the project file to make sure that the package is successfuly installed.
@@ -122,7 +122,7 @@ An C# implementation of Shamir's Secret Sharing.
 
     ```xml
     <ItemGroup>
-      <PackageReference Include="SecretSharingDotNet" Version="0.10.0" />
+      <PackageReference Include="SecretSharingDotNet" Version="0.10.1" />
     </ItemGroup>
     ```
 ## Remove SecretSharingDotNet package

src/Math/BigIntCalculator.cs

@@ -35,6 +35,7 @@ namespace SecretSharingDotNet.Math
     using System.Collections.Generic;
     using System.Collections.ObjectModel;
     using System.Numerics;
+    using System.Runtime.CompilerServices;
 
     /// <summary>
     /// <see cref="Calculator"/> implementation of <see cref="System.Numerics.BigInteger"/>
@@ -53,6 +54,29 @@ public BigIntCalculator(BigInteger val) : base(val) { }
         /// <param name="data">byte stream representation of numeric value</param>
         public BigIntCalculator(byte[] data) : base(new BigInteger(data)) { }
 
+        /// <summary>
+        /// Determines whether this instance and an <paramref name="other"/> specified <see cref="Calculator{BigInteger}"/> instance are equal.
+        /// </summary>
+        /// <param name="other">The <see cref="Calculator{BigInteger}"/> instance to compare</param>
+        /// <returns><see langword="true"/> if the value of the <paramref name="other"/> parameter is the same as the value of this instance; otherwise <see langword="false"/>.
+        /// If <paramref name="other"/> is <see langword="null"/>, the method returns <see langword="false"/>.</returns>
+        /// <remarks>This is a Slow Equal Implementation to avoid a timing attack. See the reference for more details:
+        /// https://bryanavery.co.uk/cryptography-net-avoiding-timing-attack/</remarks>
+        [MethodImpl(MethodImplOptions.NoOptimization)]
+        public override bool Equals(Calculator<BigInteger> other)
+        {
+            var valueLeft = this.Value.ToByteArray();
+            var valueRight = other?.Value.ToByteArray() ?? Array.Empty<byte>();
+
+            var diff = (uint)valueLeft.Length ^ (uint)valueRight.Length;
+            for (var i = 0; i < valueLeft.Length && i < valueRight.Length; i++)
+            {
+                diff |= (uint)(valueLeft[i] ^ valueRight[i]);
+            }
+
+            return diff == 0;
+        }
+
         /// <summary>
         /// This method represents the Greater Than operator.
         /// </summary>

src/Math/Calculator`1.cs

@@ -299,7 +299,7 @@ public static implicit operator Calculator<TNumber>(TNumber number)
         /// <param name="other">The <see cref="Calculator{TNumber}"/> instance to compare</param>
         /// <returns><see langword="true"/> if the value of the <paramref name="other"/> parameter is the same as the value of this instance; otherwise <see langword="false"/>.
         /// If <paramref name="other"/> is <see langword="null"/>, the method returns <see langword="false"/>.</returns>
-        public bool Equals(Calculator<TNumber> other)
+        public virtual bool Equals(Calculator<TNumber> other)
         {
             return other != null && this.Value.Equals(other.Value);
         }

src/Properties/AssemblyInfo.cs

@@ -15,8 +15,8 @@
 
 [assembly: Guid("1c21b99c-2de4-4ca5-b4ce-bc95cf89369e")]
 
-[assembly: AssemblyVersion("0.10.0")]
-[assembly: AssemblyFileVersion("0.10.0")]
+[assembly: AssemblyVersion("0.10.1")]
+[assembly: AssemblyFileVersion("0.10.1")]
 [assembly: NeutralResourcesLanguage("en")]
 
 [assembly: System.CLSCompliant(true)]

src/SecretSharingDotNet.csproj

@@ -10,14 +10,14 @@
     <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
     <PackageId>SecretSharingDotNet</PackageId>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
-    <PackageReleaseNotes>Changelog: https://github.com/shinji-san/SecretSharingDotNet/blob/0.10.0/CHANGELOG.md</PackageReleaseNotes>
+    <PackageReleaseNotes>Changelog: https://github.com/shinji-san/SecretSharingDotNet/blob/v0.10.1/CHANGELOG.md</PackageReleaseNotes>
     <PackageDescription>An C# implementation of Shamir's Secret Sharing</PackageDescription>
     <PackageReadmeFile>README.md</PackageReadmeFile>
     <PackageTags>secret sharing;shamir secret sharing;cryptography</PackageTags>
     <PackageProjectUrl>https://github.com/shinji-san/SecretSharingDotNet</PackageProjectUrl>
     <RepositoryUrl>https://github.com/shinji-san/SecretSharingDotNet</RepositoryUrl>
     <RepositoryType>git</RepositoryType>
-    <Version>0.10.0</Version>
+    <Version>0.10.1</Version>
     <Authors>Sebastian Walther</Authors>
     <Company>Private Person</Company>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>

tests/SecretSharingDotNet6Test.csproj

@@ -10,7 +10,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.5.0" />
     <PackageReference Include="xunit" Version="2.4.2" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.5">
       <PrivateAssets>all</PrivateAssets>

tests/SecretSharingDotNet7Test.csproj

@@ -10,8 +10,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.2.0" />
-    <PackageReference Include="xunit" Version="2.4.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.5.0" />
+    <PackageReference Include="xunit" Version="2.4.2" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.5">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>