keyfork-derive-util: black-box checking all zeroes

This commit is contained in:
Ryan Heywood 2024-05-03 23:27:13 -04:00
parent 48ccd7c68f
commit de4e98ae07
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 11 additions and 8 deletions

View File

@ -179,14 +179,17 @@ where
.into_bytes(); .into_bytes();
let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8); let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8);
// NOTE: Could potentially cause side-channel attacks, but Rust will likely optimize any // Verify the master key is nonzero, hopefully avoiding side-channel attacks.
// possible comparison I could make anyways. This is kept as-is for clarity's sake, but can let mut has_any_nonzero = false;
// potentially leak information about the first few bytes of a key, such as if they all // deoptimize arithmetic smartness
// happen to be zero. for byte in private_key.iter().map(std::hint::black_box) {
assert!( if *byte != 0 {
!private_key.iter().all(|byte| *byte == 0), // deoptimize break
bug!("hmac function returned all-zero master key") has_any_nonzero = std::hint::black_box(true);
); }
}
assert!(has_any_nonzero, bug!("hmac function returned all-zero master key"));
Self::from_parts( Self::from_parts(
private_key private_key