From: Chris Duncan <chris@zoso.dev>
Date: Mon, 18 Aug 2025 14:22:28 +0000 (-0700)
Subject: Fix constant time conditional multiplication.
X-Git-Tag: v0.10.5~41^2~75
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=0f97c2da34c1e30bfaf8025458953df5c39746d6;p=libnemo.git

Fix constant time conditional multiplication.
Ternary operators still create branching scenarios, and the CPU may use branch prediction to speed up processing which creates a variable-time possibility.
---

diff --git a/src/lib/crypto/nano-nacl.ts b/src/lib/crypto/nano-nacl.ts
index 9d6d1b9..f443678 100644
--- a/src/lib/crypto/nano-nacl.ts
+++ b/src/lib/crypto/nano-nacl.ts
@@ -375,7 +375,15 @@ export class NanoNaCl {
 
 		this.Square(chk, r[0])
 		this.Multiply(chk, chk, den)
-		this.Multiply(this.neq25519(chk, num) ? r[0] : new Float64Array(16), r[0], this.I)
+
+		// if neq is true, multiply r[0] by I, else multiply by 1 for a no-op
+		const neq = this.neq25519(chk, num)
+		const I = new Float64Array(this.I)
+		for (let i = 0; i < 16; i++) {
+			I[i] *= neq
+		}
+		I[0] += neq ^ 1
+		this.Multiply(r[0], r[0], I)
 
 		this.Square(chk, r[0])
 		this.Multiply(chk, chk, den)