removed use of boolean.

dghgit · dghgit · commit 957135908bb0 · 2025-11-19T15:43:56.000+11:00
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/mlkem/MLKEMEngine.java b/core/src/main/java/org/bouncycastle/pqc/crypto/mlkem/MLKEMEngine.java
@@ -283,22 +283,32 @@ byte[] kemDecrypt(MLKEMPrivateKeyParameters privateKey, byte[] cipherText)
 
         byte[] cmp = indCpa.encrypt(publicKey, Arrays.copyOfRange(buf, 0, KyberSymBytes), Arrays.copyOfRange(kr, KyberSymBytes, kr.length));
 
-        boolean fail = !(Arrays.constantTimeAreEqual(cipherText, cmp));
+        int fail = constantTimeZeroOnEqual(cipherText, cmp);
 
         cmov(kr, implicit_rejection, KyberSymBytes, fail);
 
         return Arrays.copyOfRange(kr, 0, sessionKeyLength);
     }
 
-    private void cmov(byte[] r, byte[] x, int xlen, boolean b)
+    private void cmov(byte[] r, byte[] x, int xlen, int fail)
     {
-        if (b)
+        int mask = (0 - fail) >> 24;
+
+        for (int i = 0; i != xlen; i++)
         {
-            System.arraycopy(x, 0, r, 0, xlen);
+            r[i] = (byte)((x[i] & mask) | (r[i] & ~mask));
         }
-        else
+    }
+
+    private int constantTimeZeroOnEqual(byte[] input, byte[] expected)
+    {
+        int result = expected.length ^ input.length;
+
+        for (int i = 0; i != expected.length; i++)
         {
-            System.arraycopy(r, 0, r, 0, xlen);
+            result |= input[i] ^ expected[i];
         }
+
+        return result & 0xff;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -283,22 +283,32 @@ byte[] kemDecrypt(MLKEMPrivateKeyParameters privateKey, byte[] cipherText)`
`283`	`283`
`284`	`284`	`byte[] cmp = indCpa.encrypt(publicKey, Arrays.copyOfRange(buf, 0, KyberSymBytes), Arrays.copyOfRange(kr, KyberSymBytes, kr.length));`
`285`	`285`
`286`		`- boolean fail = !(Arrays.constantTimeAreEqual(cipherText, cmp));`
	`286`	`+ int fail = constantTimeZeroOnEqual(cipherText, cmp);`
`287`	`287`
`288`	`288`	`cmov(kr, implicit_rejection, KyberSymBytes, fail);`
`289`	`289`
`290`	`290`	`return Arrays.copyOfRange(kr, 0, sessionKeyLength);`
`291`	`291`	`}`
`292`	`292`
`293`		`- private void cmov(byte[] r, byte[] x, int xlen, boolean b)`
	`293`	`+ private void cmov(byte[] r, byte[] x, int xlen, int fail)`
`294`	`294`	`{`
`295`		`- if (b)`
	`295`	`+ int mask = (0 - fail) >> 24;`
	`296`	`+`
	`297`	`+ for (int i = 0; i != xlen; i++)`
`296`	`298`	`{`
`297`		`- System.arraycopy(x, 0, r, 0, xlen);`
	`299`	`+ r[i] = (byte)((x[i] & mask) \| (r[i] & ~mask));`
`298`	`300`	`}`
`299`		`- else`
	`301`	`+ }`
	`302`	`+`
	`303`	`+ private int constantTimeZeroOnEqual(byte[] input, byte[] expected)`
	`304`	`+ {`
	`305`	`+ int result = expected.length ^ input.length;`
	`306`	`+`
	`307`	`+ for (int i = 0; i != expected.length; i++)`
`300`	`308`	`{`
`301`		`- System.arraycopy(r, 0, r, 0, xlen);`
	`309`	`+ result \|= input[i] ^ expected[i];`
`302`	`310`	`}`
	`311`	`+`
	`312`	`+ return result & 0xff;`
`303`	`313`	`}`
`304`	`314`	`}`