public
/
keyfork
5
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Projects Releases Wiki Activity

keyfork-derive-util: add note about potential side-channel when verifying keys

This commit is contained in:
Ryan Heywood 2024-05-03 23:14:07 -04:00
parent d04989ef30
commit 48ccd7c68f
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crates/derive/keyfork-derive-util/src/extended_key/private_key.rs
View File

@ -179,6 +179,10 @@ where
.into_bytes(); .into_bytes();
let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8); let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8);
// NOTE: Could potentially cause side-channel attacks, but Rust will likely optimize any
// possible comparison I could make anyways. This is kept as-is for clarity's sake, but can
// potentially leak information about the first few bytes of a key, such as if they all
// happen to be zero.
assert!( assert!(
!private_key.iter().all(|byte| *byte == 0), !private_key.iter().all(|byte| *byte == 0),
bug!("hmac function returned all-zero master key") bug!("hmac function returned all-zero master key")