From: Chris Duncan <chris@zoso.dev>
Date: Mon, 18 Aug 2025 14:56:59 +0000 (-0700)
Subject: Fix constant time message open.
X-Git-Tag: v0.10.5~41^2~74
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=2c95c37e8331d41848b7052de0d505be7b8f6030;p=libnemo.git

Fix constant time message open.
---

diff --git a/src/lib/crypto/nano-nacl.ts b/src/lib/crypto/nano-nacl.ts
index f443678..f00c8e2 100644
--- a/src/lib/crypto/nano-nacl.ts
+++ b/src/lib/crypto/nano-nacl.ts
@@ -431,7 +431,8 @@ export class NanoNaCl {
 		const p: Float64Array[] = [new Float64Array(16), new Float64Array(16), new Float64Array(16), new Float64Array(16)]
 		const q: Float64Array[] = [new Float64Array(16), new Float64Array(16), new Float64Array(16), new Float64Array(16)]
 
-		let result = this.unpackneg(q, pk) ? -1 : n
+		// eventually used in returned result but allow processing to continue
+		const neg = this.unpackneg(q, pk) & 1
 
 		m.set(sm.subarray(0, n), 0)
 		m.set(pk.subarray(0, 32), 32)
@@ -444,20 +445,14 @@ export class NanoNaCl {
 		this.pack(t, p)
 
 		n -= 64
-		if (this.#vn(sm, 0, t, 0, 32)) {
-			for (let i = 0; i < n; i++) {
-				m[i] = 0
-			}
-			result = -1
-		} else {
-			for (let i = 0; i < n; i++) {
-				m[i] = m[i]
-			}
-			result = n
+
+		// if any bits unequal, zero out and return -1
+		const vn = this.#vn(sm, t) ^ 1
+		for (let i = 0; i < n; i++) {
+			m[i] = sm[i + 64] * vn
 		}
-		m.set(sm.subarray(64, n + 64), 0)
-		result = result === -1 ? -1 : n
-		return result
+		n = (n * vn) - (vn ^ 1)
+		return (n * (neg ^ 1)) - neg
 	}
 
 	/**