cybersecurity · intermediate · ~15 min
Avoid the early-exit you'd see in `memcmp`; XOR-accumulate the diff.
Implement int ct_equals(const unsigned char *a, const unsigned char *b, size_t n) that compares n bytes in constant time — its execution time must not depend on where (or whether) a and b differ. Return 1 if equal, 0 otherwise.
Constant-time compares are how to defeat timing attacks on secret-equal-secret checks (HMAC, hash tags, etc.).
#include <stddef.h>
int ct_equals(const unsigned char *a, const unsigned char *b, size_t n) {
/* TODO */
return 0;
}
Solve this exercise in the browser editor — compile and run against the test harness, no setup required.