keyfork-derive-util: black-box checking all zeroes

crates/derive/keyfork-derive-util/src/extended_key/private_key.rs

@@ -179,14 +179,17 @@ where
             .into_bytes();
         let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8);
 
-        // NOTE: Could potentially cause side-channel attacks, but Rust will likely optimize any
+        // Verify the master key is nonzero, hopefully avoiding side-channel attacks.
-        // possible comparison I could make anyways. This is kept as-is for clarity's sake, but can
+        let mut has_any_nonzero = false;
-        // potentially leak information about the first few bytes of a key, such as if they all
+        // deoptimize arithmetic smartness
-        // happen to be zero.
+        for byte in private_key.iter().map(std::hint::black_box) {
-        assert!(
+            if *byte != 0 {
-            !private_key.iter().all(|byte| *byte == 0),
+                // deoptimize break
-            bug!("hmac function returned all-zero master key")
+                has_any_nonzero = std::hint::black_box(true);
-        );
+            }
+        }
+
+        assert!(has_any_nonzero, bug!("hmac function returned all-zero master key"));
 
         Self::from_parts(
             private_key