Use constant time mac comparison

In libtextsecure and in libaxolotl.

// FREEBIE

libtextsecure/libaxolotl.js

@@ -34392,10 +34392,20 @@ window.axolotl.protocol = function(storage_interface) {
 
     var verifyMAC = function(data, key, mac) {
         return axolotlInternal.crypto.sign(key, data).then(function(calculated_mac) {
-            if (!isEqual(calculated_mac, mac, true))
+            if (calculated_mac.byteLength < mac.byteLength) {
+                throw new Error("Bad MAC length");
+            }
+            var a = new Uint8Array(calculated_mac);
+            var b = new Uint8Array(mac);
+            var result = 0;
+            for (var i=0; i < mac.byteLength; ++i) {
+                result = result | (a[i] ^ b[i]);
+            }
+            if (result !== 0) {
                 throw new Error("Bad MAC");
+            }
         });
-    }
+    };
 
     /******************************
     *** Ratchet implementation ***
@@ -34661,7 +34671,9 @@ window.axolotl.protocol = function(storage_interface) {
             throw new Error("Bad version number on WhisperMessage");
 
         var messageProto = messageBytes.substring(1, messageBytes.length - 8);
-        var mac = messageBytes.substring(messageBytes.length - 8, messageBytes.length);
+        var mac = axolotlInternal.utils.convertToArrayBuffer(
+            messageBytes.substring(messageBytes.length - 8, messageBytes.length)
+        );
 
         var message = axolotlInternal.protobuf.WhisperMessage.decode(messageProto, 'binary');
         var remoteEphemeralKey = axolotlInternal.utils.convertToArrayBuffer(message.ephemeralKey);