hmac: Factor out XOR function into constant_time.

briansmith · Jan 9, 2025 · f81812f · f81812f
1 parent cb93d60
commit f81812f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/src/constant_time.rs b/src/constant_time.rs
@@ -48,6 +48,11 @@ pub(crate) fn xor_16(a: [u8; 16], b: [u8; 16]) -> [u8; 16] {
     r.to_ne_bytes()
 }
 
+#[inline(always)]
+pub(crate) fn xor_assign<'a>(a: impl IntoIterator<Item = &'a mut u8>, b: u8) {
+    a.into_iter().for_each(|a| *a ^= b);
+}
+
 /// XORs the first N bytes of `b` into `a`, where N is
 /// `core::cmp::min(a.len(), b.len())`.
 #[inline(always)]

diff --git a/src/hmac.rs b/src/hmac.rs
@@ -259,9 +259,7 @@ impl Key {
 
         // Remove the `IPAD` masking, leaving the unmasked padded key, then
         // mask with `OPAD`, all in one step.
-        for b in padded_key.iter_mut() {
-            *b ^= IPAD ^ OPAD;
-        }
+        constant_time::xor_assign(&mut padded_key[..], IPAD ^ OPAD);
         let leftover = key.outer.update(padded_key, cpu_features);
         debug_assert_eq!(leftover.len(), 0);