Serializing ciphertext with 32-bit prefixes.

Previously, tkn20 ciphertext was encoding the ciphertext header `C1`, the envelope `env` (containing inner ciphertext), and macData using 16-bit prefixes, which caused a limitation on the maximum size allowed for encrypting plaintexts. With this change, the encoding now uses 32-bit prefixes for these three elements allowing to encrypt plaintexts longer than 2^16 bytes. So, ciphertexts produced by tkn20 package are now 6 bytes longer. Only testdata/ciphertext golden file was updated.
cloudflare · Mar 14, 2024 · 8db25b5 · 8db25b5
1 parent 9252f3f
commit 8db25b5
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 13 deletions.
diff --git a/abe/cpabe/tkn20/example_test.go b/abe/cpabe/tkn20/example_test.go
@@ -132,6 +132,6 @@ func Example() {
 	// Output:
 	// (occupation:doctor and country:US)
 	// plaintext size: 27 bytes
-	// ciphertext size: 2735 bytes
+	// ciphertext size: 2741 bytes
 	// Successfully recovered plaintext
 }
diff --git a/abe/cpabe/tkn20/internal/tkn/bk.go b/abe/cpabe/tkn20/internal/tkn/bk.go
@@ -117,16 +117,16 @@ func EncryptCCA(rand io.Reader, public *PublicParams, policy *Policy, msg []byte
 	if err != nil {
 		return nil, err
 	}
-	macData := appendLenPrefixed(nil, C1)
-	macData = appendLenPrefixed(macData, env)
+	macData := appendLen32Prefixed(nil, C1)
+	macData = appendLen32Prefixed(macData, env)
 
 	tag, err := blakeMac(macKey, macData)
 	if err != nil {
 		return nil, err
 	}
 
 	ret := appendLenPrefixed(nil, id)
-	ret = appendLenPrefixed(ret, macData)
+	ret = appendLen32Prefixed(ret, macData)
 	ret = appendLenPrefixed(ret, tag)
 
 	return ret, nil
@@ -137,19 +137,19 @@ func DecryptCCA(ciphertext []byte, key *AttributesKey) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	macData, rest, err := removeLenPrefixed(rest)
+	macData, rest, err := removeLen32Prefixed(rest)
 	if err != nil {
 		return nil, err
 	}
 	tag, _, err := removeLenPrefixed(rest)
 	if err != nil {
 		return nil, err
 	}
-	C1, envRaw, err := removeLenPrefixed(macData)
+	C1, envRaw, err := removeLen32Prefixed(macData)
 	if err != nil {
 		return nil, err
 	}
-	env, _, err := removeLenPrefixed(envRaw)
+	env, _, err := removeLen32Prefixed(envRaw)
 	if err != nil {
 		return nil, err
 	}
@@ -212,11 +212,11 @@ func CouldDecrypt(ciphertext []byte, a *Attributes) bool {
 	if err != nil {
 		return false
 	}
-	macData, _, err := removeLenPrefixed(rest)
+	macData, _, err := removeLen32Prefixed(rest)
 	if err != nil {
 		return false
 	}
-	C1, _, err := removeLenPrefixed(macData)
+	C1, _, err := removeLen32Prefixed(macData)
 	if err != nil {
 		return false
 	}
@@ -241,11 +241,11 @@ func (p *Policy) ExtractFromCiphertext(ct []byte) error {
 	if err != nil {
 		return fmt.Errorf("invalid ciphertext")
 	}
-	macData, _, err := removeLenPrefixed(rest)
+	macData, _, err := removeLen32Prefixed(rest)
 	if err != nil {
 		return fmt.Errorf("invalid ciphertext")
 	}
-	C1, _, err := removeLenPrefixed(macData)
+	C1, _, err := removeLen32Prefixed(macData)
 	if err != nil {
 		return fmt.Errorf("invalid ciphertext")
 	}

diff --git a/abe/cpabe/tkn20/internal/tkn/util.go b/abe/cpabe/tkn20/internal/tkn/util.go
@@ -42,14 +42,14 @@ func HashStringToScalar(key []byte, value string) *pairing.Scalar {
 	return s
 }
 
-func appendLenPrefixed(a []byte, b []byte) []byte {
+func appendLen16Prefixed(a []byte, b []byte) []byte {
 	a = append(a, 0, 0)
 	binary.LittleEndian.PutUint16(a[len(a)-2:], uint16(len(b)))
 	a = append(a, b...)
 	return a
 }
 
-func removeLenPrefixed(data []byte) (next []byte, remainder []byte, err error) {
+func removeLen16Prefixed(data []byte) (next []byte, remainder []byte, err error) {
 	if len(data) < 2 {
 		return nil, nil, fmt.Errorf("data too short")
 	}
@@ -60,6 +60,29 @@ func removeLenPrefixed(data []byte) (next []byte, remainder []byte, err error) {
 	return data[2 : 2+itemLen], data[2+itemLen:], nil
 }
 
+var (
+	appendLenPrefixed = appendLen16Prefixed
+	removeLenPrefixed = removeLen16Prefixed
+)
+
+func appendLen32Prefixed(a []byte, b []byte) []byte {
+	a = append(a, 0, 0, 0, 0)
+	binary.LittleEndian.PutUint32(a[len(a)-4:], uint32(len(b)))
+	a = append(a, b...)
+	return a
+}
+
+func removeLen32Prefixed(data []byte) (next []byte, remainder []byte, err error) {
+	if len(data) < 4 {
+		return nil, nil, fmt.Errorf("data too short")
+	}
+	itemLen := int(binary.LittleEndian.Uint32(data))
+	if (4 + itemLen) > len(data) {
+		return nil, nil, fmt.Errorf("data too short")
+	}
+	return data[4 : 4+itemLen], data[4+itemLen:], nil
+}
+
 func marshalBinarySortedMapMatrixG1(m map[string]*matrixG1) ([]byte, error) {
 	sortedKeys := make([]string, 0, len(m))
 	for key := range m {

diff --git a/abe/cpabe/tkn20/testdata/ciphertext b/abe/cpabe/tkn20/testdata/ciphertext