From 2f2f56fc0c1c6540f79b895654ea6f6849423e39 Mon Sep 17 00:00:00 2001
From: fettpl <38704082+fettpl@users.noreply.github.com>
Date: Sun, 15 Feb 2026 00:30:23 +0100
Subject: [PATCH] fix: use branchless operations in constant_time_eq

- Use bitwise & instead of && to avoid short-circuit timing leak
- Use get().unwrap_or(&0) instead of if/else for branchless byte access

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/security/pairing.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/security/pairing.rs b/src/security/pairing.rs
index f9a9a05..e176d38 100644
--- a/src/security/pairing.rs
+++ b/src/security/pairing.rs
@@ -190,11 +190,11 @@ pub fn constant_time_eq(a: &str, b: &str) -> bool {
     let max_len = a.len().max(b.len());
     let mut byte_diff = 0u8;
     for i in 0..max_len {
-        let x = if i < a.len() { a[i] } else { 0 };
-        let y = if i < b.len() { b[i] } else { 0 };
+        let x = *a.get(i).unwrap_or(&0);
+        let y = *b.get(i).unwrap_or(&0);
         byte_diff |= x ^ y;
     }
-    len_diff == 0 && byte_diff == 0
+    (len_diff == 0) & (byte_diff == 0)
 }
 
 /// Check if a host string represents a non-localhost bind address.