Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cpabe: Serializing ciphertext with 32-bit prefixes. #490

Merged
merged 4 commits into from
Apr 24, 2024
Merged

cpabe: Serializing ciphertext with 32-bit prefixes. #490

merged 4 commits into from
Apr 24, 2024

Conversation

armfazh
Copy link
Contributor

@armfazh armfazh commented Mar 14, 2024
edited
Loading

Serializing ciphertext with 32-bit prefixes.

Previously, tkn20 ciphertext was encoding the ciphertext header C1, the envelope env (containing inner ciphertext), and macData using 16-bit prefixes, which caused a limitation on the maximum size allowed for encrypting plaintexts.

With this change, the encoding now uses 32-bit prefixes for these three elements allowing to encrypt plaintexts longer than 2^16 bytes. So, ciphertexts produced by tkn20 package are now 12 bytes longer.

Changes are backwards compatible, meaning that ciphertexts in the previous format are still decryptable. The following functions are backwards-compatible:
- AttributeKey.Decrypt
- Attributes.CouldDecrypt
- Policy.ExtractFromCiphertext

Note: Since the format of ciphertexts is changed, we need to release a version, once this gets merged.

Fixes #484

@armfazh armfazh added fix-A-bug code that fix a bug tests Include new tests on the code labels Mar 14, 2024
@armfazh armfazh self-assigned this Mar 14, 2024
@armfazh
Serializing ciphertext with 32-bit prefixes.
696c01c 
Notice about ciphertext change and testing format.

Previously, tkn20 ciphertext was encoding the ciphertext header
`C1`, the envelope `env` (containing inner ciphertext), and
macData using 16-bit prefixes, which caused a limitation on
the maximum size allowed for encrypting plaintexts.

With this change, the encoding now uses 32-bit prefixes for
these three elements allowing to encrypt plaintexts longer
than 2^16 bytes. So, ciphertexts produced by tkn20 package are
now 12 bytes longer.

Ciphertexts in the previous format are still decryptable.
The following functions are backwards-compatible:
 - AttributeKey.Decrypt
 - Attributes.CouldDecrypt
 - Policy.ExtractFromCiphertext
@armfazh armfazh requested a review from bwesterb April 15, 2024 23:49
@armfazh armfazh merged commit 4bb5601 into cloudflare:main Apr 24, 2024
10 checks passed
@armfazh armfazh deleted the docABE_pt_len branch April 24, 2024 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bwesterb bwesterb bwesterb approved these changes

@Lekensteyn Lekensteyn Awaiting requested review from Lekensteyn

@cjpatton cjpatton Awaiting requested review from cjpatton

Assignees

@armfazh armfazh

Labels
fix-A-bug code that fix a bug tests Include new tests on the code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cp-abe: plaintext exceeding a certain length will fail during decryption
2 participants
@armfazh @bwesterb