Constant-time byte[] comparison

Author: str4d

src/net/i2p/crypto/eddsa/Utils.java

@@ -18,6 +18,18 @@ public static int equal(int b, int c) {
         return (result ^ 0x01) & 0x01;
     }
 
+    /**
+     * Constant-time byte[] comparison.
+     * @return 1 if b and c are equal, 0 otherwise.
+     */
+    public static int equal(byte[] b, byte[] c) {
+        int result = 0;
+        for (int i = 0; i < 32; i++) {
+            result |= b[i] ^ c[i];
+        }
+        return ~equal(result, 0) & 0x01;
+    }
+
     /**
      * Constant-time determine if byte is negative.
      * @param b the byte to check.

src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java

@@ -1,6 +1,7 @@
 package net.i2p.crypto.eddsa.math.ed25519;
 
 import net.i2p.crypto.eddsa.TestUtils;
+import net.i2p.crypto.eddsa.Utils;
 import net.i2p.crypto.eddsa.math.Field;
 import net.i2p.crypto.eddsa.math.FieldElement;
 
@@ -26,11 +27,7 @@ public Ed25519FieldElement(Field f, int[] t) {
 
     public boolean isNonZero() {
         byte[] s = toByteArray();
-        int result = 0;
-        for (int i = 0; i < 32; i++) {
-            result |= s[i] ^ zero[i];
-        }
-        return result != 0;
+        return Utils.equal(s, zero) == 1;
     }
 
     /**