Use secure_compare

Author: weebl2000

src/Utils.cpp

@@ -1,5 +1,6 @@
 #include "Utils.h"
 #include <AES.h>
+#include <Crypto.h>
 #include <SHA256.h>
 
 #ifdef ARDUINO
@@ -81,10 +82,7 @@ int Utils::MACThenDecrypt(const uint8_t* shared_secret, uint8_t* dest, const uin
     sha.update(src + CIPHER_MAC_SIZE, src_len - CIPHER_MAC_SIZE);
     sha.finalizeHMAC(shared_secret, PUB_KEY_SIZE, hmac, CIPHER_MAC_SIZE);
   }
-  // constant-time comparison to prevent timing side-channel attacks
-  uint8_t diff = 0;
-  for (int i = 0; i < CIPHER_MAC_SIZE; i++) diff |= hmac[i] ^ src[i];
-  if (diff == 0) {
+  if (secure_compare(hmac, src, CIPHER_MAC_SIZE)) {
     return decrypt(shared_secret, dest, src + CIPHER_MAC_SIZE, src_len - CIPHER_MAC_SIZE);
   }
   return 0; // invalid HMAC