From 48ccd7c68f008e9264d4ca3ab225248db5755d08 Mon Sep 17 00:00:00 2001 From: ryan Date: Fri, 3 May 2024 23:14:07 -0400 Subject: [PATCH] keyfork-derive-util: add note about potential side-channel when verifying keys --- .../keyfork-derive-util/src/extended_key/private_key.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crates/derive/keyfork-derive-util/src/extended_key/private_key.rs b/crates/derive/keyfork-derive-util/src/extended_key/private_key.rs index bfd8ca1..f13969d 100644 --- a/crates/derive/keyfork-derive-util/src/extended_key/private_key.rs +++ b/crates/derive/keyfork-derive-util/src/extended_key/private_key.rs @@ -179,6 +179,10 @@ where .into_bytes(); let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8); + // NOTE: Could potentially cause side-channel attacks, but Rust will likely optimize any + // possible comparison I could make anyways. This is kept as-is for clarity's sake, but can + // potentially leak information about the first few bytes of a key, such as if they all + // happen to be zero. assert!( !private_key.iter().all(|byte| *byte == 0), bug!("hmac function returned all-zero master key")