changed public key check to constant time.

dghgit · dghgit · commit 88c3a55449a2 · 2024-11-12T15:21:51.000+11:00
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mldsa/MLDSAKeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mldsa/MLDSAKeyFactorySpi.java
@@ -133,7 +133,7 @@ public PrivateKey engineGeneratePrivate(
                 byte[] publicData = spec.getPublicData();
                 if (publicData != null)
                 {
-                    if (!Arrays.areEqual(publicData, params.getPublicKey()))
+                    if (!Arrays.constantTimeAreEqual(publicData, params.getPublicKey()))
                     {
                         throw new InvalidKeySpecException("public key data does not match private key data");
                     }
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mlkem/MLKEMKeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mlkem/MLKEMKeyFactorySpi.java
@@ -125,7 +125,7 @@ public PrivateKey engineGeneratePrivate(
                 byte[] publicKeyData = spec.getPublicData();
                 if (publicKeyData != null)
                 {
-                    if (!Arrays.areEqual(publicKeyData, params.getPublicKey()))
+                    if (!Arrays.constantTimeAreEqual(publicKeyData, params.getPublicKey()))
                     {
                         throw new InvalidKeySpecException("public key data does not match private key data");
                     }

Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ public PrivateKey engineGeneratePrivate(`
`133`	`133`	`byte[] publicData = spec.getPublicData();`
`134`	`134`	`if (publicData != null)`
`135`	`135`	`{`
`136`		`- if (!Arrays.areEqual(publicData, params.getPublicKey()))`
	`136`	`+ if (!Arrays.constantTimeAreEqual(publicData, params.getPublicKey()))`
`137`	`137`	`{`
`138`	`138`	`throw new InvalidKeySpecException("public key data does not match private key data");`
`139`	`139`	`}`
Original file line number	Diff line number	Diff line change
`@@ -125,7 +125,7 @@ public PrivateKey engineGeneratePrivate(`
`125`	`125`	`byte[] publicKeyData = spec.getPublicData();`
`126`	`126`	`if (publicKeyData != null)`
`127`	`127`	`{`
`128`		`- if (!Arrays.areEqual(publicKeyData, params.getPublicKey()))`
	`128`	`+ if (!Arrays.constantTimeAreEqual(publicKeyData, params.getPublicKey()))`
`129`	`129`	`{`
`130`	`130`	`throw new InvalidKeySpecException("public key data does not match private key data");`
`131`	`131`	`}`