chipsalliance · jhand2 · Sep 21, 2024
diff --git a/dpe/src/context.rs b/dpe/src/context.rs
@@ -1,6 +1,6 @@
 // Licensed under the Apache-2.0 license.
 use crate::{response::DpeErrorCode, tci::TciNodeData, U8Bool, MAX_HANDLES};
-use constant_time_eq::constant_time_eq;
+use constant_time_eq::constant_time_eq_16;
 use zerocopy::{AsBytes, FromBytes};
 use zeroize::Zeroize;
 
@@ -113,16 +113,21 @@ pub struct ContextHandle(pub [u8; ContextHandle::SIZE]);
 
 impl ContextHandle {
     pub const SIZE: usize = 16;
-    const DEFAULT: [u8; Self::SIZE] = [0; Self::SIZE];
+    const DEFAULT: ContextHandle = ContextHandle([0; Self::SIZE]);
 
     /// Returns the default context handle.
     pub const fn default() -> ContextHandle {
-        ContextHandle(Self::DEFAULT)
+        Self::DEFAULT
     }
 
     /// Whether the handle is the default context handle.
     pub fn is_default(&self) -> bool {
-        constant_time_eq(&self.0, &Self::DEFAULT)
+        self.equals(&Self::DEFAULT)
+    }
+
+    #[inline(never)]
+    pub fn equals(&self, other: &ContextHandle) -> bool {
+        constant_time_eq_16(&self.0, &other.0)
     }
 }
 

diff --git a/dpe/src/dpe_instance.rs b/dpe/src/dpe_instance.rs
@@ -20,7 +20,6 @@ use caliptra_cfi_lib_git::cfi_launder;
 #[cfg(not(feature = "no-cfi"))]
 use caliptra_cfi_lib_git::{cfi_assert, cfi_assert_eq};
 use cfg_if::cfg_if;
-use constant_time_eq::constant_time_eq;
 use crypto::{Crypto, Digest, Hasher};
 use platform::Platform;
 #[cfg(not(feature = "disable_internal_dice"))]
@@ -222,15 +221,15 @@ impl DpeInstance {
         // filter down the contexts with valid localities based on their context handle matching the input context handle
         // the locality and handle filters are separated so that we can return InvalidHandle or InvalidLocality upon getting no valid contexts accordingly
         let mut valid_handles_and_localities = valid_localities
-            .filter(|(_, context)| constant_time_eq(&context.handle.0, &handle.0))
+            .filter(|(_, context)| context.handle.equals(handle))
             .peekable();
         if valid_handles_and_localities.peek().is_none() {
             return Err(DpeErrorCode::InvalidHandle);
         }
         let (i, _) = valid_handles_and_localities
             .find(|(_, context)| {
                 context.state == ContextState::Active
-                    && constant_time_eq(&context.handle.0, &handle.0)
+                    && context.handle.equals(handle)
                     && context.locality == locality
             })
             .ok_or(DpeErrorCode::InternalError)?;
@@ -277,12 +276,7 @@ impl DpeInstance {
         for _ in 0..Self::MAX_NEW_HANDLE_ATTEMPTS {
             let mut handle = ContextHandle::default();
             env.crypto.rand_bytes(&mut handle.0)?;
-            if !handle.is_default()
-                && !self
-                    .contexts
-                    .iter()
-                    .any(|c| constant_time_eq(&c.handle.0, &handle.0))
-            {
+            if !handle.is_default() && !self.contexts.iter().any(|c| c.handle.equals(&handle)) {
                 return Ok(handle);
             }
         }