keyfork-derive-util: black-box checking all zeroes
This commit is contained in:
parent
48ccd7c68f
commit
de4e98ae07
|
@ -179,14 +179,17 @@ where
|
||||||
.into_bytes();
|
.into_bytes();
|
||||||
let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8);
|
let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8);
|
||||||
|
|
||||||
// NOTE: Could potentially cause side-channel attacks, but Rust will likely optimize any
|
// Verify the master key is nonzero, hopefully avoiding side-channel attacks.
|
||||||
// possible comparison I could make anyways. This is kept as-is for clarity's sake, but can
|
let mut has_any_nonzero = false;
|
||||||
// potentially leak information about the first few bytes of a key, such as if they all
|
// deoptimize arithmetic smartness
|
||||||
// happen to be zero.
|
for byte in private_key.iter().map(std::hint::black_box) {
|
||||||
assert!(
|
if *byte != 0 {
|
||||||
!private_key.iter().all(|byte| *byte == 0),
|
// deoptimize break
|
||||||
bug!("hmac function returned all-zero master key")
|
has_any_nonzero = std::hint::black_box(true);
|
||||||
);
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
assert!(has_any_nonzero, bug!("hmac function returned all-zero master key"));
|
||||||
|
|
||||||
Self::from_parts(
|
Self::from_parts(
|
||||||
private_key
|
private_key
|
||||||
|
|
Loading…
Reference in New Issue