modified HQC decaps to use constant time comparison for u, v and d

royb · royb · commit db65337dae42 · 2024-12-19T12:14:12.000-05:00
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/HQCEngine.java b/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/HQCEngine.java
@@ -248,17 +248,17 @@ public void decaps(byte[] ss, byte[] ct, byte[] sk)
 
         int result = 1;
         // Compare u, v, d
-        if (!Arrays.areEqual(u, u2Bytes))
+        if (!Arrays.constantTimeAreEqual(u, u2Bytes))
         {
             result = 0;
         }
 
-        if (!Arrays.areEqual(v, v2Bytes))
+        if (!Arrays.constantTimeAreEqual(v, v2Bytes))
         {
             result = 0;
         }
 
-        if (!Arrays.areEqual(d, dPrime))
+        if (!Arrays.constantTimeAreEqual(d, dPrime))
         {
             result = 0;
         }

Original file line number	Diff line number	Diff line change
`@@ -248,17 +248,17 @@ public void decaps(byte[] ss, byte[] ct, byte[] sk)`
`248`	`248`
`249`	`249`	`int result = 1;`
`250`	`250`	`// Compare u, v, d`
`251`		`- if (!Arrays.areEqual(u, u2Bytes))`
	`251`	`+ if (!Arrays.constantTimeAreEqual(u, u2Bytes))`
`252`	`252`	`{`
`253`	`253`	`result = 0;`
`254`	`254`	`}`
`255`	`255`
`256`		`- if (!Arrays.areEqual(v, v2Bytes))`
	`256`	`+ if (!Arrays.constantTimeAreEqual(v, v2Bytes))`
`257`	`257`	`{`
`258`	`258`	`result = 0;`
`259`	`259`	`}`
`260`	`260`
`261`		`- if (!Arrays.areEqual(d, dPrime))`
	`261`	`+ if (!Arrays.constantTimeAreEqual(d, dPrime))`
`262`	`262`	`{`
`263`	`263`	`result = 0;`
`264`	`264`	`}`