Refactor constant-time comparison

Author: peterdettman

core/src/main/java/org/bouncycastle/pqc/crypto/hqc/HQCEngine.java

@@ -179,12 +179,12 @@ public int decaps(byte[] ss, byte[] ct, byte[] sk)
         pkeEncrypt(cKemPrimeU64, cKemPrimeV64, sk, mPrime, kThetaPrime, 32);
         hashGJ(kBar, 256, hashEkKem, sk, pkSize + SEED_BYTES, K_BYTE, ct, 0, ct.length, (byte)3);
 
-        if (!Arrays.constantTimeAreEqual(u64, cKemPrimeU64))
+        if (!Arrays.constantTimeAreEqual(N_BYTE_64, u64, 0, cKemPrimeU64, 0))
         {
             result = 1;
         }
 
-        if (!Arrays.constantTimeAreEqual(v64, cKemPrimeV64))
+        if (!Arrays.constantTimeAreEqual(N_BYTE_64, v64, 0, cKemPrimeV64, 0))
         {
             result = 1;
         }

core/src/main/java/org/bouncycastle/util/Arrays.java

@@ -149,6 +149,37 @@ public static boolean constantTimeAreEqual(int len, byte[] a, int aOff, byte[] b
         return 0 == d;
     }
 
+    public static boolean constantTimeAreEqual(int len, long[] a, int aOff, long[] b, int bOff)
+    {
+        if (null == a)
+        {
+            throw new NullPointerException("'a' cannot be null");
+        }
+        if (null == b)
+        {
+            throw new NullPointerException("'b' cannot be null");
+        }
+        if (len < 0)
+        {
+            throw new IllegalArgumentException("'len' cannot be negative");
+        }
+        if (aOff > (a.length - len))
+        {
+            throw new IndexOutOfBoundsException("'aOff' value invalid for specified length");
+        }
+        if (bOff > (b.length - len))
+        {
+            throw new IndexOutOfBoundsException("'bOff' value invalid for specified length");
+        }
+
+        long d = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            d |= (a[aOff + i] ^ b[bOff + i]);
+        }
+        return 0L == d;
+    }
+
     /**
      * A constant time equals comparison - does not terminate early if
      * comparison fails. For best results always pass the expected value