wg: use key_is_zero for comparing to zeros

Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

1 files changed, 12 insertions, 2 deletions

diff --git a/src/encoding.c b/src/encoding.c
index 389bbf7..3d5e94b 100644
--- a/src/encoding.c
+++ b/src/encoding.c
@@ -77,12 +77,12 @@ void key_to_hex(char hex[static WG_KEY_LEN_HEX], const uint8_t key[static WG_KEY
 
 bool key_from_hex(uint8_t key[static WG_KEY_LEN], const char *hex)
 {
-	uint8_t i, c, c_acc = 0, c_alpha0, c_alpha, c_num0, c_num, c_val, state = 0;
+	uint8_t c, c_acc = 0, c_alpha0, c_alpha, c_num0, c_num, c_val, state = 0;
 
 	if (strlen(hex) != WG_KEY_LEN_HEX - 1)
 		return false;
 
-	for (i = 0; i < WG_KEY_LEN_HEX - 1; ++i) {
+	for (unsigned int i = 0; i < WG_KEY_LEN_HEX - 1; ++i) {
 		c = (uint8_t)hex[i];
 		c_num = c ^ 48U;
 		c_num0 = (c_num - 10U) >> 8;
@@ -99,3 +99,13 @@ bool key_from_hex(uint8_t key[static WG_KEY_LEN], const char *hex)
 	}
 	return true;
 }
+
+bool key_is_zero(const uint8_t key[static WG_KEY_LEN])
+{
+	uint8_t acc = 0;
+	for (unsigned int i = 0; i < WG_KEY_LEN; ++i) {
+		acc |= key[i];
+		__asm__ ("" : "=r" (acc) : "0" (acc));
+	}
+	return acc == 0;
+}